Filler

It is difficult for me to make friends. In general, my friends have come from my place of work or from my lady introducing me to people.

I make the effort when I’m out. I just don’t like people enough to be out and about.

I’ve been watching the pain that Ally has been going through as she has realized that she is now right of center.

It hurts her.

People on the left lives in such a self – created bubble that anything that threatens that bubble is unacceptable.

One of our acquaintances is full on TDS. At a recent event, they were going on and on about how horrible Trump is. But, they stepped way over the line when they attacked anybody who voted for him or supports him. They announced, proudly, that people who voted for, or support Trump will not be accepted around her.

The fear that exists and the need to not offend means that nobody who disagreed with her spoke up. This was a friendly gathering. To take up arms (or words) against her would have been unacceptable. Those that don’t have TDS just grit their teeth and stay silent.

The other day I was talking about an event in congress where a representative intentionally “misgendered” a trans person.

For me, it was a big middle finger to the “Trans Agenda”.

I took joy in that gesture. For Ally, my glee was hurtful to her. She still runs on emotion with a strong backdrop of facts and reasoning.

She was also hurting because this representative had an R after her name. She would rather not support somebody who she thought was being hurtful to somebody. She felt she was being forced to support this representative because she now was a conservative.

No, she didn’t have to support that person. This isn’t the left.

The jackals out there are eating their own. Everyone who doesn’t agree with them is evil. Everyone who isn’t in lockstep with them is a fascist. Everyone who isn’t attacking Elon and Trump must be a NAZI.

In a short skit I watched the other day, the person says they are leaving the Democrat party. They say how they are still the same person, but that the Democrat party no longer represents them. That they will still be friends with their former friends. That this doesn’t change anything between them, that they had been friends since kindergarten, they will be friends long into the future.

The “democrat” responds with, “The last time I looked, I’m not friends with Nazi’s”.

There are a few servers that are too old. There is a need for a few more servers to get a room level redundancy. These things can be expensive.

As I’m cheap, I’ve been using older servers that accept 3.5″ disk drives. Some except 2 drives, some 6, some could accept more, but the case doesn’t.

The fix I chose was to move to some four bay NAS enclosures. This is a reasonable size that balances with the network I/O capability.

These enclosures all take the Mini-ITX motherboard.

These motherboards are nothing short of amazing. In the middle tier, they have all the things a full-size motherboard has. Some have 4 memory slots, some only 2. They come with 1, 2, 4 Ethernet ports. Some have SFP ports. Some have SATA ports. The number of SATA ports ranges from 1 to 6. Some come with PCIe slots.

Depending on what your needs are, there is a motherboard for you.

Since this was going to be a NAS, the motherboard I selected had to have 4 SATA ports, an NVMe slot, and SFP+.

Yep, this exists. They don’t exist at the price point I wanted to pay. It finally clicked with me. I can just put an SFP+ PCIe card into the machine.

Thus, I picked a motherboard with 4 SATA, 1 Ethernet, 1 USB3, 1 PCIe slot, enough memory and 2 M.2 slots.

Some NAS enclosures do not have the opening for a PCI slot, so it was important to pick a case that had the card opening.

When I got the enclosure I was impressed.

It is a sturdy, thick steel case. There is no plastic on the entire thing. There are for hot swap disk bays plus mounting space for 2 2.5″ drives. Exactly what I was looking for.

When I went to install the motherboard, I was shocked to find that the CPU cooler didn’t fit. I ordered a low profile. I’m impressed with that as well.

I get the board mounted. It looks nice. I go to close the case and the cover won’t fit on. The cover has a folded U channel that goes over the bottom rail of the case to lock the case closed.

The problem is that there isn’t enough space between the edge of the motherboard and the bottom rail for the U channel to fit.

My first real use of the right-angle die grinder. I don’t have a cut-off wheel for it, so I just ground the edge away and it worked.

Of course, I gave myself a frost burn because I was too busy to put gloves on to handle the die grinder.

Back to the worktable, the cover now goes on. I plug a wireless USB dongle into the USB 3.0 and boot. Nothing.

It took me a couple of days before I figured it out. The case came with no documentation. The front panel connector has both a USB 3 plug and a USB 3 plug. I plugged both in. You are only supposed to plug in one. Fixed.

The installation happens, I’m happy. It is fast enough, it is responsive enough. I just need to get it put in place with the fiber configured.

I take the cover off the back slot. Go to put the PCI card in.

The (many bad words) slot does not line up with the opening in the back of the case.

The open in the back is off by 0.8 inches.

I consider cutting another card opening in the back. That won’t work. The card would be half out of the side of the case.

I ordered the cutoff wheels for the die grinder, I know I’m going to need them.

I decided to cut the back opening wider. This will leave an opening that can be taped closed on the PCI side. It allows me to use the existing slot with retaining hardware. I good idea.

All I need to do is unscrew the standoffs, drill and tap four holes in the right place, and I’m done.

Except… Those standoffs are pressed into place. They don’t unscrew.

No problem. I have a set of standoffs. I’ll just cut the existing standoffs off. Drill and tap holes in the right place and use my standoffs.

Except… My standoffs are the normal length. These standoffs are a custom length. I can’t do that.

Tools to the rescue

First stop, the arbor press. It is a small 2 ton press. I have no problems pushing out the standoffs. The press also removes the bulge from removing the standoffs.

Next step, the milling machine. Using the gage pins, I found the size of the holes is 0.197-0.198. Measuring the standoffs, I get 0.208. I settled on 0.201 for the hole size. I should have gone a 64th smaller.

There is no way to clamp this thing in the vise. I do have strap clamps. The case is quickly put into position.

The first hold is located, then drilled. No issues.

Except I don’t have enough travel to reach the other three holes. I reposition the case on the table and go for it.

I go back to the arbor press to put the standoffs back in. I don’t have enough height to support the case while installing the standoffs.

Back to the mill. Square to ends of a hunk of aluminum. Punch a 3/8in hole in it. Work on the mill vise and get the standoffs put back in place.

In the middle of this, I have an alarm, fearing that I put the standoffs in the wrong place. I do a quick test fit and everything is perfect.

It takes me a good hour to put the case back together with all the case mods done. It looks good. I’m happy with how it came out.

Today is search day. I have to find the 8 meter OM-4 fiber for this NAS, and I have to find the box of screws that came with the case for the hard drives. Once I have those, this can go into production.

I know what to look for on NAS cases. I’ll be building out a few more of these boxes over the coming months. First to replace two boxes which are too old. One for the redundancy.

The world will be good, or I’ll punch it again and again until it is good.

P.S. This is filler, the article about Trump’s win in the D.C. District court was taking to long.

We are in the process of moving from the image above to the image below.

At least in terms of what the infrastructure looks like.

Today I decommissioned an EdgeRouter 4 which features a “fanless router with a four-core, 1 GHz MIPS64 processor, 3 1Gbit RJ45 ports, and 1G SFP port.”

When they say “MIPS64” you can think of it as being in the same class as an ARM processor. Not a problem for what it is.

The issue was that there are only 1Gb interfaces. That and I’ve come to hate the configuration language.

This has been replaced with a pfSense router running on a TopTon “thing.” I call it a thing because it is from China and intended to be rebranded. It doesn’t have a real SKU.

It is based on an N100 with 4 cores and 8 threads. 2 2.5Gb Ethernet ports, 2 10Gb SFP+ ports. It can be upgraded and has multiple extras.

Besides the hardware, this is an entirely different animal in terms of what it can do. It is first, and foremost, a firewall. Everything else it does is above and beyond.

It is running NTP with a USB GPS unit attached. It runs DHCP, DNS, HAProxy, OSPF and a few other packages. The IDS/IPS system is running in notify mode at this time. That will be changed to full functionality very shortly.

So what’s the issue? The issue is that everything changed.

On the side, as I was replacing the router, I jiggled one of the Ceph servers. Jiggling it caused it to use just a few watts more, and the power supply gave out. It is a non-standard power supply, so it will be a day or two before the replacement arrives.

When I went to plug the fiber in, the fiber was too short. This required moving slack from the other end of the fiber back towards the router to have enough length where it was needed.

Having done this, plugging in the fiber gave me a dark result. I did a bit of diagnostic testing, isolated the issue to that one piece of fiber. I ran spare fiber to a different switch that was on the correct subnet, flashy lights.

Turns out that I had to degrade the fiber from the other router to work with the EdgeRouter 4. Once I took that off, the port did light off. But that was a few steps down the road.

Now the issue is that all the Wi-Fi access points have gone dark. Seems that they are not happy. This required reinstalling the control software and moving them from the old control software instance to the new one. Once that was done, I could see the error message from the access point complaining about a bad DHCP server.

After fighting this for far too long, I finally figured out that the pseudo Cisco like router was not forwarding DHCP packets within the same VLAN. I could not make it work. So I disabled the DHCP server on the new router/firewall and moved it back to the Cisco like router. Finally, Wi-Fi for the phones and everything seems to be working.

At which point I can’t log into the Vine of Liberty.

I can see the pages, I can’t log into the admin side. It is timing out.

3 hours later, I figured out that there was a bad DNS setting on the servers. The software reaches out to an external site for multiple reasons. The DNS lookup was taking so long that the connection was dropping.

I think this is an issue that I have just resolved.

But there’s more.

Even after I got the DNS cleaned up, many servers couldn’t touch base with the external monitoring servers. Why?

Routing all looked good, until things hit the firewall. Then it stopped.

Checking the rules, everything looks good. Checking from my box, everything works. It is only these servers.

Was it routing? Nope, that was working fine.

That was one thing that just worked. When I turned down the old router, the new router distributed routing information correctly and took over instantly.

So the issue is that pfSense “just works.” That is, there are default configurations that do the right thing out of the box.

One of those things is outbound firewall rules.

Anything on the LAN network is properly filtered and works.

But what is the definition of the LAN network? It is the subnet directly connected to the LAN interface(s).

Because I knew that I would need to be able to access the routers if routing goes wrong, my computer has a direct connection to the LAN Network attached to the routers. The Wi-Fi access points live in on the same subnet. So everything for my machine and the wireless devices “just worked”

The rest of the servers are on isolating subnets. That are part of the building LAN but they are not part of the “LAN Network”.

I know this, I defined an alias that contains all the building networks.

Once I added that to the firewall rules, it just worked.

Tomorrow’s tasks include more DHCP fights and moving away from Traefik. Which means making better use of the Ingress network.

For the most part, I’ve stopped writing or reporting on “mass shootings”. They happen. My initial takes are normally wrong. The information that we are fed is designed to tell a story. I hate being a conspiracy guy.

My biggest error, so far, has been my initial analysis of the Trump shooting.

Having said that, it is difficult not to have questions when something stinks.

Part of critical thinking is to ask questions. To verify answers. To put answers to the test.

Example: We had a breaker pop on Friday. I knew what the cause was instantly, the wife was running her space heater.

When I got to the living room, she’s sitting on the sofa. Within seconds, I determined that she had left the heater on, even after she left the room.

Wife and Ally are telling me that it couldn’t be the fault of the heater because it had been running for a while and hadn’t blown the circuit.

Yeah, that was before we had that extra bit of draw on the circuit from the wife turning on the TV and side table light and other loads.

They used critical thinking to eliminate the heater. I used more knowledge to rule the heater in.

That circuit is rated at 1650 watts. The heater, in low mode, draws 750 watts. The lights left on, the misc. stuff plugged into the walls, the bathroom light and fan easily reaches 300 watts. My computer has a 750 watt power supply in it. The switch and other “stuff” plugged into the same circuit. All of that is a significant load. Thus, popped breaker.

While rated at 1650 watts, those circuits will actually run for a bit over that limit until they pop.

When you look at a fact set, you have to evaluate all the parts to be able to reach a logical conclusion. Upon reaching that conclusion, you still need to have an open mind for more data that might change your analysis.

Security Analysis

Doing a security analysis of a location or situation has risk. I’m reminded of a sales analysis I did and provided to our sales manager for Cray.

The short of the analysis was that they were asking for millions of dollars from the client for a drive system which they could buy from other sources for under $100 thousand. I gave him this analysis so that he would have the ability to answer these types of questions before they were asked of him.

The sales manager reported me for “attempting to sabotage the sale”. I listened and reported back to my chain of command. The customer didn’t need me to tell them what their options were, they already knew.

Security analyses are like that. Telling a potential target of an observed weakness is more likely to get you in trouble and harassed than it is to get the institution to budge.

I’ve gamed out some options against institutional targets. I don’t ever talk about those analyses because I do not want something to happen to those targets and me becoming a person of interest.

Even the language I use would get me in trouble. I learned it from working for the military. Everything we analyzed was a “target”. It didn’t matter whether it was a T-90 from Russia or a Leopard II from Germany or an XM-1 from the US. They are all targets.

Most people don’t get it. So I don’t use those terms.

Questions

A veteran from the US Special Forces has decided to do “bad things.” He is going to detonate a bomb to cause damage to a Trump Hotel.

For some reason, he decides to take his passport with him on this mission.

The heat from the detonation is so intense, his weapons melt. Likely just the plastic furniture, but his passport and IDs survive.

What protected those IDs from the heat?

He rented a Tesla truck to do this in. What advantages does a Tesla truck have over an Econvan?

With extensive training on IEDs and making explosives, his device was pretty much a dud. What was the explosive used? Why didn’t he use a real explosive?

See TM 31–210 (HQ Department of the Army, 1969) pages 7 through 72 contains extensive information on primary and secondary explosives from field expedient sources.

Pages 194 through 223 cover making Fuses, detonators, and delay mechanisms.

A revised version was released in 2007.

So SF dude, who has been trained in all of this, messes up a simple bomb?

This man was likely highly trained in how to perform one man operations that were extremely successful. Why did he forget so much of his training?

Finally, why did he choose to use a Desert Eagle in 50 cal to off himself?

Another dog whistle that only leftists can hear.

This was in reply to a moron who claimed that this was just par for the course because “…he tried to have a rally on Juneteenth in Tulsa.”

The original post:

I don’t even want to go looking for what the accusation actually is. They have a clip of Trump saying something, but I don’t trust anything posted until I can examine it in context.

Resiliency is a goal. I’m not sure if we ever actually reach it.

In my configuration, I’ve decided that the loss of a single node should be tolerated. This means that any hardware failure that takes a node of line is considered to be within the redundancy tolerance of the data center.

This means that while every node has at least two network interfaces, I am not going to require separate PSUs with dual NIC’s, each with two 10Gbit interfaces. Instead, each node has two 10Gbit interfaces and a management port at 1 to 2.5 gigabits RJ45 copper.

Each node is connected to two switches. Each switch has a separate fiber, run via a separate path, back to a primary router. Those primary routers are cross connected with two fibers, via two different paths.

Each of the primary routers has a fiber link to each of the egress points. I.e., two paths in/out of the DC.

The NAS is a distributed system where we can lose any room and not lose access to any data. We can lose any fiber, and it will have NO effect on the NAS. We can lose any switch and not have it affect the NAS.

We can lose any one router and not impact the NAS.

So far, so good.

Each compute node (hypervisor and/or swarm member) is connected to the NAS for shared disk storage. Each compute node is part of the “work” OVN network. This means that the compute nodes are isolated from the physical network design.

Our load balancer runs as a virtual machine with two interfaces, one is an interface on the physical network. The other is on the OVN work network.

This means that the VM can migrate to any of the hypervisors with no network disruption. Tested and verified. The hypervisor are monitored, if the load balancer becomes unavailable, they automaticity reboot the load balancer on another hypervisor.

So what’s the issue?

That damn Load Balancer can’t find the workers if one specific node goes down. The LB is still there. It is still responding. It just stops giving answers.

I am so frustrated.

So I’m going to throw some hardware at it.

We’ll pick up a pair of routers running pfSense. pfSense will be augmented with FRR and HAProxy to provide load balancing.

Maybe, just maybe, that will stabilize this issue.

This is a problem I will be able to resolve, once I can spend time running diagnostics without having clients down.

Christmas is past for another year. It was better than expected.

Watching movies with the family was good. My wife insists on “A Christmas Story”, as it is her favorite. I picked “Red One” on a recommendation from Scott Adams on X. The final movie was “A Christmas Story Christmas”.

This last hit a bit hard.

Regardless, friends came through, and we were able to give back to our friends.

My wife’s best friend’s husband passed earlier this month. We had her over for Christmas Eve dinner (tacos) and Christmas Dinner (Turkey with fixings).

Our tradition is to go around the table and each person gives thanks for something that happened that day. Sometimes it leads to discussions, sometimes it is just a little thing, “Thank you for a dinner, I really like.”

The goal is to stop perseverating on the bad that is happening around you, the things that are getting you down, and to acknowledge, to search for, the good that you have.

My friend from the NVL called on Christmas Eve. That was a good talk. The only bobble was when he let his distrust of Elon slip out. We have agreed not to talk politics. We are still friends.

My best friend died in November 2000. I don’t think I ever recovered from that day. He was not only my friend, he was my mentor.

He was the first person I met that could program better than I could. He was a better man than I, by far.

I found myself competing with him in programming to be better. He never competed with me. He just won. After a while, it stopped being a competition and became a lifelong friendship.

Through Mike, I met Max. Max called me on Christmas Eve. Talking to him made me feel better. Friends can do that.

So on this day, after you have finished with what’s under the tree, had the first of a week’s worth of leftovers, take a moment to reach out to a friend and let them know what they mean to you.

Sunday was supposed to be the day I migrated a couple of machines. I have a new physical device which is described as a Level 2 switch with SFP+ ports.

The idea is to replace my small mixed routers, 2 SFP+ ports plus some RJ45 ports with either a L2 SFP+ only switch or an L3 SFP+ only routers. This allows me to move some servers around and to increase the bandwidth from nodes to the backbone.

The switch arrived with a nice little instruction manual which claims I can find a web interface at 192.168.2.1 while the website claims there is no management interface.

Plugging it into an Ethernet port with an Ethernet SFP module gives me nothing on 192.168.2.1 and nothing on 192.168.2.x/24 but for my machine. It looks like it is unmanaged.

This means, it should be a simple plug in replacement for my tiny switch, giving an upgraded data path to the backbone.

It didn’t work.

So now I have to do some more testing. I’ll figure this out, one way or another, but it is another bottleneck in my path to full conversion to fiber from copper.