Jan 14, 2023 Unacknowledged SYNs by country

It’s sometimes interesting to look at how different a single day might be versus the longer-term trends. And to see what happens when you make changes to your pf rules.

I added all RU networks I was blocking from ssh to the list blocked for everything. I also fired up a torrent client on my desktop.

RU moving up the list versus the previous 5 days is no surprise; a good portion of traffic I receive from RU is port scanning. But I’ll have to look to see what caused the CZ numbers to climb.

I think the only interesting thing about the torrent client is that I should do something to track UDP in a similar manner as I track TCP. If I have a torrent client running, I will wind up with a lot of UDP traffic (much of it directed to port 6881 on this day), and will respond with ICMP port unreachable. To some extent this is a burden on my outbound bandwidth, but on the other hand it will allow me to add an easy new tracker to mcflowd: “to whom am I sending ICMP port unreachables?”. Of course, UDP is trivially spoofed, so I don’t truly know the source of the UDP.

Sports thoughts of the day

Jan 5, 2023

Texas fired Chris Beard after a felony domestic violence charge. Maybe Texas Tech and Texas can now agree that Chris Beard might be a scumbag. And probably hangs out with scumbags.

Here’s the sign I want to see at games from both schools: “Chris Beard bites!!!”. See the police report. Yikes.

There are scumbags in all walks of life. But I’d like to see us be less forgiving of scumbags on big stages with positions of leader/teacher/mentor. And any men who bite their domestic partner in anger. That’s just crazy, right? As my friend Andy put it, “Biting Hall of Fame: Marv Albert, Mike Tyson, Hannibal Lecter.” All bat-poop-crazy in their own way.

Kudos to Texas for doing the right thing here. Boos for taking 3 weeks to do it.

I’d like the coach of my alum to be fired (Juwan Howard) for his inability to maintain a professional demeanor. He hasn’t advanced to scumbag status though, at least not yet. There’s the rub: yet. I don’t hate Howard, I just don’t trust him. Ticking time bomb. I miss John Beilein, a lot.

I put Harbaugh in the untrustworthy bucket too. He’s been there a long time, bu† the hypocritical righteousness while violating NCAA rules is the one that really rubs me the wrong way. Not to mention the stupidity. If you bought a hamburger for a recruit at the Brown Jug, it’s downright stupid to lie about it to an investigation committee. We’re not talking about fancy food here; Wendy’s makes better burgers. In fact, at my age, you’d have to pay me to eat a burger at the Brown Jug. It’s a college campus dive. I spent my fair share of time at the Brown Jug as a student, mostly eating eggs and pancakes late at night after a long study session with friends. But it’s not a place you take someone to impress them or sway them. It’s not even the institution that Crazy Jim’s or the Fleetwood is, never mind a fantastic food place like Zingerman’s.

Mac Studio M1 Ultra: The Decision

I’ve needed a macOS desktop for many years. My hackintosh, built when Apple had no current hardware to do what I needed to do, is more than 10 years of age. It’s my primary desktop. It’s behind on OS updates (WAY behind). It’s old. To be honest, I’m quite surprised it still runs at all. Especially the AIO CPU cooler.

The urgency was amplified when Apple silicon for macOS hit the streets. Apple is in transition, and at some point in the future, there will be no support for macOS on Intel. They’ve replaced Intel in the laptops, there’s an M1 iMac and an M1 mini, and now the Mac Studio. We’ve yet to see an Apple silicon Mac Pro, and while I’m sure it’s coming, I can’t say when nor anything about the pricing. If I assume roughly 2X multicore performance versus the M1 Ultra SOC, plus reasonable PCIe expansion, it’ll likely be out of my price range.

Fortunately, for today and the foreseeable future, the Mac Studio fits my needs. In terms of time == money, my main use is compiling C++ and C code. While single-core performance helps, so does multi-core for any build that has many units that can be compiled in parallel. So, for example, the Mac Studio with M1 Ultra has 20 CPU cores. Meaning my builds can compile 20 compilation units in parallel. Obviously there are points in my builds where I need to invoke the archiver or the linker on the result of many compiles. Meaning that for parts of the build, we’ll be single-core for a short period unless the tool itself (archiver, linker, etc.) uses multiple threads.

It’s important to note that a modern C++ compiler is, in general, a memory hog. It’s pretty common for me to see clang using 1G of RAM (resident!). Run 20 instances, that’s 20G of RAM. In other words, the 20 cores need at least 1G each to run without swapping. Add on all the apps I normally have running, and 32G is not enough RAM for me to make really effective use of the 20 cores, day in and day out.

So 64G would my target. And given that the CPU and GPU share that memory, that’s a good target for me. However…

Availability of Mac Studios with the exact configuration I wanted has been abysmal since… well… introduction. I wanted M1 Ultra with 64-core GPU, 64G RAM, 2TB storage. Apple’s lead time for this or anything close: 12 weeks. I’m assuming that a lot of this is the ongoing supply chain issues, COVID and possibly yield issues for the M1 Ultra. Apple is missing out on revenue here, so it’s not some sort of intentional move on their part, as near as I can tell. While I think there are M2 Pro and M2 Max on the horizon for the MacBook Pro (I dunno, 1H2023?), I think it’ll be a year before I see something clearly better for my use than the M1 Ultra. I can’t wait a year, unfortunately. I also can’t wait 3 months.

In fact, since I’m closing in on finishing the den, and need to move my office there, this is now urgent just from a space and aesthetics perspective. I intentionally designed the desk overbridges in the den to comfortably accommodate a Mac Studio (or Mac Mini) underneath either side. I DON’T want my hackintosh in this room! I want quiet, aesthetically pleasing, small, inconspicuous, efficient, and not a major source of heat. I need 10G ethernet. Fortunately, the Mac Studio ticks all of the boxes.

Today I picked up what was available, not exactly what I wanted. It’s an open box and hence $500 off: a Mac Studio with M1 Ultra, 64-core GPU, 128G of RAM and 1TB storage. The only thing from my wishlist not met here: 2TB storage. However, I’m only using 45% of the space on my 1TB drive in my hackintosh, and I haven’t tried to clean up much. I don’t keep music and movies on my desktop machine, but if I wanted to with the Mac Studio, I could plug in Thunderbolt 4 storage.

I’m much more excited about moving into the den than I am about the new computer. That’s unlikely to change, since the den remodeling is the culmination of a lot of work. And I know that I’m going to have to fiddle to make the new Mac Studio work well with my Dell U3818DW display. Assuming that goes well, I’m sure I’ll have a positive reaction to the Mac Studio. The Geekbench single-core scores are double that of my hackintosh. The multi-core scores are 7 times higher. This just gives me confidence that I’ll notice the speed when using it for my work. Especially since the storage is roughly a decimal order of magnitude faster. The 2TB is faster, but the jump will be huge from SATA to NVMe for my desktop. I notice this in my Threadripper machine and I’ll notice it here.

My main concern long-term is the cooling system. Being a custom solution from Apple, I don’t have options when the blower fans fail. Hopefully Apple will extend repairability beyond my first 3 years of AppleCare+. I like keeping my main desktop for more than 3 years. While in some ways it’s the easiest one to replace since it’s not rackmounted and isn’t critical to other infrastructure, it’s also my primary interface to all of my other machines: the Threadripper workstation for Linux and Windows development, my network storage machine, my web server, my gateway, and of course the web, Messages, email, Teams, Discord, etc. It saves me time and money if it lasts awhile.

mcweather first pass completed

I’ve completed my first pass at ‘mcweather’, a caching weather server and command line client.

The main thrust here was to decouple weather condition and forecast fetching from qmcrover (a GUI client that is part of mcrover). I wanted a single server at home to fetch the weather information and provide it to local clients (command line and qmcrover). This avoids unnecessary traffic to the NWS (National Weather Service) web sites from local clients. This makes it faster as a consequence, since the local clients get the information from the local server.

It is secured using libDwmCredence. I changed qmcrover to use it, and in the process I updated two of my Raspberry Pis from buster to bullseye. One hurdle I encountered here: I was previously using a hand-built version of Qt 5.12. I didn’t want to continue doing so with bullseye, because Qt is very big and takes a long time to build. But the Raspberry Pi repositories don’t have two of the Qt libraries I need: libqt5webengine5 and libqt5webenginewidgets5. I hence added the debian repository to my list of apt repositories by adding it to /etc/apt/source.list:

deb http://deb.debian.org/debian bullseye main contrib non-free

I also created /etc/apt/preferences:

Package: *
Pin: origin raspbian.raspberrypi.org
Pin-Priority: 800

Package: *
Pin: origin deb.debian.org
Pin-Priority: 600

So far, so good. I’m running the server (mcweatherd) on the Raspberry Pi 4 that runs qmcrover in full screen mode in my office.

dwm@pi4e:/home/dwm% psg mcweatherd
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 8877 0.0 0.2 32832 8680 ? Sl 01:10 0:02 /usr/local/sbin/mcweatherd

2021 end of year ramblings

Another year of COVID-19 pandemic. Tragic, yes. Much of it preventable, yes (get vaccinated, please). But as the year closes, now is as good a time as any to reflect…

I was recently reminded of the “Why am I here?” question. It’s not as if it isn’t always staring us in the face. It is in fact central to being an adult human being. Mortality is real. But some have seen a lot of mortality this year.

Before I go to my main topic, I just want to say that my heart goes out to those who’ve endured day after day of preventable tragedies in 2021. Health care workers in particular. To those who’ve been pushed to questioning their hippocratic oath and other ethics: thank you, and stand strong. You are not alone; far from it. I’ll give you my hand if you’ll take it.

“Why am I here?”

For me, the simple answer: to build things. The complete answer is much more complex, but…

One day the remnants of humanity on this planet will just be a layer of remains. It’ll likely be a thin layer; we haven’t been here very long and I suspect our presence here will be shorter than the dinosaurs. However, we’ll leave behind an interesting layer.

Some of it utterly confounding in the grand scheme of things. Ungodly amounts of empty plastic containers. Megatons of polymer cases with silicon, glass, rare earth metals, etc. inside. Paper and more paper. An odd carbon transfer.

Some of it fascinating. Music in some form. Mathematics. Literature. Law. Medicine. Computing. Science in general. AI.

Some of it sad. Greed. Avarice. War. Poverty. Starvation. Exploitation. We’ve a long list of evils.

What do you want to leave behind? There’s a saying among software craftspeople, “Leave the code better than you found it.”. It’s attributed to Bob Martin. I’ve read a lot of Bob’s work, and listened to most of his publicly available talks. I’d be stunned if he claimed to have invented this idea. This idea predates software by… I don’t know, several millennia? It’s as old as the craftsperson, and is not specific to software. But it’s definitely a really good thing to do in software. Just as it is in plumbing, carpentry, medicine, law, etc.

I want to leave behind good, useful things that wouldn’t have existed without me. It’s weird. It feels humble and prideful at the same time.

Making my own office furniture: Part 5

The under-desk rack cabinet is done except for the porcelain top insert. I haven’t yet decided which marble-look porcelain I want to use here. For the foreseeable future, this top won’t even be visible, which argues for low cost. On the other side is my penchant for “do things once, do them right” and “cry once now, or cry a lot later”. Thus far I’ve kept to “if you can make a decision late, do so”.

I’ve assembled the base of the first desk. My friend Randy Forbes noted that the feet of the legs are overkill. He then said, “I miss you.”. Having friends that appreciate who you are (and knowing that you’re gonna be that person even if it’s quirky/annoying/spooky) is SUCH a wonderful thing!

Now that I have the base of the first desk assembled and what I know is a solid desk design (with overkill thrown in), I thought I’d reflect a moment. This is after all a design/engineering/craftsmanship/whatever web site.

I’m not a fine woodworker. It’s not that I don’t have the patience (I do); I don’t have the time. Maybe someday.

My woodworking creations lean heavily toward utilitarian. I tend to choose function over form. My desk design reflects it. It’s sort of mission/craftsman style, but I have a LOT of fasteners that are NOT in those styles and none that typically are. I’ve got dowels, pocket hole screws, threaded inserts, long bolts going into dowel nuts, guide pins and leaded bronze guide bushings. No mortises or tenons, no biscuits, no dominos. The only time I’ve used my chisels thus far is to scrape off half-dried glue. Nevermind the 1″ thick Delrin feet or the single piece of porcelain for most of the top. I’m gonna call it “my style”. Which is again, utilitarian. It’s VERY strong; the base will likely easily hold 1,000 pounds. It has gaps for cabling. It’s designed to be able to be disassembled into 4 parts, since it’ll be heavy in total. The thick Derlin feet will allow me to slide it easily on the porcelain floor, and they can be replaced since they’re bolted to threaded inserts in the legs. Maybe someone will be using these desks long after I’m gone.

In terms of artistry, it’s not that far from a some-assembly-required MDF desk. Just with much nicer materials and beefier fastening. On the other hand, it has some qualities of a commissioned work: it’s designed specifically for the space it will inhabit and the people who will be using it. It’s actually designed by its primary user. In software and other technology fields, we call this dogfooding. I’ll be using what I’ve created.

Facebook… go away

I don’t think I’ve ever seen such a disingenuous paragraph in a full-page newspaper ad as this one from Facebook in their ongoing attack on Apple:

Apple’s change will limit their ability to run personalized ads. To make ends meet, many will have to start charging you subscription fees or adding more in-app purchases, making the internet much more expensive and reducing high-quality free content.

Let’s be clear here. For one… there is literally NO free content on Facebook. And very little of it is high-quality. That which is, does not come from Facebook. They are not a company of journalists and writers.

Newsflash for those who’ve been under a rock for the last 25 years… the Internet has always been expensive. The real issues here:

1) who’s profiting?

2) in what currency?

3) is the transaction clear and transparent?

There are many companies profiting from the existing model of ‘free’ Internet. But it’s not small businesses. It’s Google, Facebook and a trove of others (Apple included).

On the currency and transparency… Facebook is far and away the worst here. They despise transparency. Apple wants to expose their users to what Facebook is collecting from you, the product, and let you choose whether or not you’d like to participate. You can choose to opt in. Facebook is worried that many will opt out once they understand what Facebook is doing. Not an unjust fear, but it’s yet to be seen how it will play out.

Apple’s motivation is coming from its customers. They (and I’m one of them) want these options. They’re one of the reasons we choose to buy iOS devices instead of Android devices. I don’t want targeted advertising. In fact, at this point I’ve been using the Internet for 30 years and I’m essentially blind to all online advertising; my brain has a highly-trained ad-ignoring filter. I don’t want large corporations tracking my every move online. Especially without transparency. Heaven forbid that I be willing to pay Apple for a device that allows me to protect some of my privacy!

Facebook’s motivations are at least partly coming from their customers too. But you, the end user, are NOT their customer. The advertisers are their customers. You are their product. I don’t quite get why Facebook tries to deny this; without you (the end user) and all the data they collect on you… they have no product to sell to advertisers. They’d have to change their business model. Perhaps charge a subscription fee. And for most of us… Facebook is definitely not something we’d knowingly pay ‘real’ money to use. But if you’re a Facebook user, you ARE paying for it. With your privacy and your time. And possibly your mental health. And maybe even your data plan.

And Facebook knows this to be true.

Beyond hurting apps and websites, many in the small business community say this change will be devastating for them too, at a time when they face enormous challenges. They need to be able to effectively reach the people most interested in their products and services to grow.

LMAO. “Hurting apps and websites”. Could you be more ambiguous? Oh, I see… you mean facebook.com. Sorry, I forgot for a moment that Google and Facebook have _decimated_ many small businesses as well as some large ones (news broadcasters, journalists, ad agencies, large newspapers, local sign makers…).

Again… you, the end user, are not the customer. The advertisers are the customers.

Forty-four percent of small to medium businesses started or increased their usage of personalized ads on social media during the pandemic, according to a new Deloitte study. Without personalized ads, Facebook data shows that the average small business advertiser stands to see a cut of over 60% in their sales for every dollar they spend.

In other words… once users understand what Facebook is doing, most will opt out?

Update May 12, 2021: it looks like the answer is a resounding ‘yes’. In the first week of 14.5 rollout, 96% of users are choosing to opt out. Should I feign surprise?

AMZL US sucks, Amazon no longer my preferred online store

It appears that Amazon’s greed is continuing to degrade the customer experience.

Many areas of the US have had AMZL US become the primary logistics and delivery service for Amazon Prime shipments over the last couple of years. The problem is that for many of us, it has largely eliminated the incentive for Prime membership: fast, ‘free’ shipping. Of course it’s NOT free, since Prime membership is not free. But the bigger problem is that for many of us, AMZL US is dreadfully bad compared to USPS, UPS, FedEx or DHL.

I’d estimate that most of the Prime orders delivered to my home via AMZL US have not met the Prime promise. They’re often not on time, or even close to on time. 2 days becomes 4 to 7 days. On many occasions the final tracking record says “handed to resident” when in fact that was not true (no one was home, package was left in driveway). And recently, a package arrived with the outer box intact, and the product’s box (inside the outer box) intact but EMPTY. And all of my recent AMZL deliveries have been late by at least a day. Today’s notice is typical of what I’ve seen lately:



Note that ‘Wednesday’ is 5 days after I ordered. This is a small Prime item (would easily fit in my mailbox and hence USPS would be inexpensive), as was the item that didn’t arrive (the empty box shipment). And these are just a couple of the recent issues. Less than 20 percent of my AMZL shipments have been completely logistically correct. All of my recent shipments have found their way into the abyss above; delayed on the day they were supposed to arrive, at which point they can’t tell you when it will arrive or when they’ll even ATTEMPT to deliver it. This isn’t how FedEx, UPS or even the USPS do things. They have actual logistics, while AMZL apparently does not. AMZL can not reliably deliver packages on time, nor reliably track them. And of course, the day they expected to deliver it was a Sunday. Umm, I don’t need or even want Sunday deliveries. Especially if it triggers the “we no longer know when we’ll deliver your package” tracking status when that Sunday passes.

This is what happens when a company decides it would like to leverage its increasingly monopolistic position to make higher margins. As near as I can tell from stories from AMZL drivers, former AMZL logistics employees, other customers and my own experiences, AMZL is a logistics morass. And the last mile, arguably the most critical, is essentially slave labor. As the old adage goes, you get what you pay for. This isn’t open capitalist markets choosing the winner; as near as I can tell, there are almost no customers who prefer AMZL over USPS, UPS, FedEx, DHL, etc. And there are many stories of customers dropping their Prime membership because they can’t control who is used as a courier and get stuck with AMZL. This is Amazon deciding that they’d like to squeeze a few more pennies from their business by underpaying for courier services. Who suffers initially? Amazon Prime customers, and those who think they might build a profitable business delivering products sold by Amazon (good luck; the last time I ran the numbers, it was worse than trying to make a living as an Uber driver). Who suffers in the long run? Amazon and its shareholders. When Walmart and BestBuy start looking like significantly better options to your customers, you know you’re in the running in the race to the bottom.

This isn’t a bottom-up problem. While I’m sure there are some bad apples in the driver and contract courier company ranks, the real cause is much more likely the pricing demanded by Amazon. This is an Amazon initiative, and from my narrow view, very poorly implemented. I’m quickly becoming an alienated customer, and it’s been made clear that they don’t really give a rat’s ass about it since I can’t blacklist their AMZL service. Prime is now mostly a contract that’s regularly broken by one party (Amazon).

It’s unlikely that I’ll renew my Prime membership when it comes due. Nearly everything I buy from Amazon is available elsewhere, with free shipping from a RELIABLE courier service, and often at a lower price. Since 2005 I’ve been preferring Amazon because my Prime membership yielded fast, reliable delivery (via UPS or FedEx). That’s no longer true, and I have no recourse other than ditching my Prime membership and shopping elsewhere. Amazon doesn’t allow me to blacklist their lousy AMZL delivery service. The time alone that I’ve spent chasing down AMZL delivery issues costs more than the annual Prime subscription.

Today I spent $240 at my local BestBuy on an item I had intended to buy from Amazon (exact same price). And I generally hate BestBuy. But… walking out of a brick and mortar with product in hand is orders of magnitude better than waiting 5 to 7 days for something to POSSIBLY arrive and paying extra (Prime membership fee) for that ‘privilege’.

Who will get more of my business? For technology, the usual suspects: NewEgg, B&H, Adorama, Microcenter and BestBuy. For tools, Home Depot, Lowe’s, Menard’s, Performance Line Tool Center, Tooltopia and others.

To be clear, I’m not oblivious to the problems of scale with respect to Amazon delivery. And I’m _far_ from a luddite; I strongly believe in technological advancement and don’t need a human to hand me a package. But AMZL has been around since 2014 and it still sucks for many of us. I didn’t sign up for this experiment; I signed up (and paid for) 2-day delivery. If you ask me, a smarter move on Amazon’s part would have been to use AMZL as the free (as in Prime membership not required) delivery service, and kept the reliable courier services as the only ones used for Prime membership. And been willing to invest more in making AMZL viable before forcing it on customers who are paying extra for 2-day delivery service.

creating FreeBSD packages without ports: part 2

I believe I now have an effective FreeBSD package manifest creator. It will be included in the next release of libDwm.

I need this for the cases where I want to build a FreeBSD package for distribution without using ports. I have my own needs for this, but there are other cases where it makes sense to have this kind of functionality. For example, when you need to distribute data or configuration files. Heck, even packaging your shell initialization and other rc files from your home directory. Or in my case, packaging small things on a Raspberry Pi where I don’t have ports installed.

The program inside libDwm is called ‘mkfbsdmnfst’. It’s in libDwm because I intend to use it for packaging libDwm and the support classes are in libDwm.

It will read a template manifest file before reading files from a staging directory. This template file is in manifest format, though it also allows comments. Having the template allows the stuff that doesn’t change to be put in one place. Another benefit is that you can prepopulate parts of the ‘files:’ section. For example, when you have a binary that you want to be setuid root when the package is installed, you can use a line like this in the ‘files:’ section:

/usr/local/sbin/evilsetuidprog:{uname:root,gname:wheel,perm:04555}

I check that all files in the manifest exist in the staging directory, so that you will receive an error message if you have a manifest with files that don’t exist.

More in a later post after I’ve written the manpage.