Yes, I’m a Socialist

I’m a socialist, with everything that goes with it. Wage labor is required for capitalism and wage labor is exploitation. Therefore, exploitation is central to capitalism. I don’t think that the primary result of our economy should be the increased wealth of the upper class. We have the ability to ensure that no one lives in poverty and I feel that we have the moral obligation to do so. This doesn’t mean that I don’t support measures that improve lives while keeping capitalism.

If you’d like to push for a living wage, I’m all for that. While I believe that we need universal income, pushing for a living wage will be a massive positive effect on a huge section of our population. In fact, everyone does better when people earn a living wage except for the capitalists. People are freer to start businesses when they have more money. People are more willing to spend money in said businesses when they have more money. That economic action generates more revenue due to sales tax, payroll and other such taxes. This isn’t hard to figure out.

I believe that universal healthcare should be something that everyone should get behind. While the Affordable Care Act is a massive improvement over what we had previously, we can do better. We pay more our healthcare and end up with worse results. Even for people with insurance, people need to hope that they don’t end up with a major medical condition. It is not moral to leave people with the possibility of losing everything due to an illness. We already have two socialized insurances and they are both well regarded, they just aren’t available to everyone: Medicare and Tricare.

If you’d like to reform the criminal justice system, I’m all for that. I believe that we need to end the war on drugs. Frankly, it is primarily used to put people of color in jail. Furthermore, as the legalization of marijuana in a few states, as shown, it can be a huge source of revenue for the state. This money can be used for many things: addiction treatment and education to name a couple. Moving on from drugs, we need to make it an issue if police kill people. The situations in which I think it is justifiable for police to fire a lethal weapon are very few. In particular, the way that everyone just looks the other way when the police execute a black person needs to change.

I’m fully willing to make changes for the benefit of all even within the capitalist system. For a more complete listing of my views, see my beliefs. The only things that I won’t work on are things that will make people’s lives worse or that will prevent future progress.

Get Out and Organize

It goes without saying that many people in the United States are having a rough time. This administration’s agenda is tailor-made to hurt people of color. Undocumented immigrants are being rounded up, those people that look like they may be Muslim have great difficulty passing through customs (regardless of whether they are US citizens or not). The damage is just beginning. I have gone through periods where I thought things were hopeless yet, there is something we can do. Get out into our communities and organize.

I recently started doing just this. I’ve found this to be an awe-inspiring experience. There are many people that you will meet that have been working hard against larger obstacles than you. Every time that I meet up with people, I get more inspired ant motivated to get to work, working towards what’s right. I can’t help it, I have a lot of work to do in order to catch up with those that have already been doing the work.

It is also the only way to make things happen. While you can call your congress people or state government, it isn’t likely to result in action if you’re the only one doing it. Things like 5 calls are great but, if you don’t have people calling with the same message, all of you could be wasting your time. Getting things done in the state and even more so, the local level is much easier and will likely result in a larger gain in people’s lives.

If you’re upset at the current state of affairs, you need to get out and organize. If you’re unable to, do what you can. You can organize online as well but, I’ve found that doing it in person results in a big boost to your psyche. It is an empowering experience, it becomes so clear just how big of an impact that you can have on people’s lives in your community. I’m only saddened by how long it took me to get involved.

2016 – The Tools I Use

This year is quite a big change from previous years. I’m no longer using MacOS, this year I’ve switched to using Arch Linux.

Desktop

  • vim – not a whole lot to say here.
  • mutt & offlineimap – I’ve grown tired of graphical email clients. This combination really works for me.
  • pass – pass uses files encrypted with your pgp key. It’s a good way to store credentials that you need in your shell. I’ve written a shell script to securely handle my aws credentials. I also use it to encrypt my mail credentials.
  • ejrnl – I previously used Day One but, I wanted something that I could use on Linux and that encrypted my journal entries. I wasn’t able to find something that really fit what I was looking for so, I built it.
  • Zeal – zeal is a clone of Dash for Linux. It works pretty well. It isn’t nearly as nice as Dash but, it does the job
  • LibreOffice Fresh – Again, there isn’t a whole to say here. An office suite is a nearly universal requirement. LibreOffice is ok, it gets the job done.
  • Ansible – I’ve been using ansible as my primary configuration management tool for quite a while. There are a large number of things that I don’t like about it but, out of the options, it feels the best to me.

iPhone

  • Tweetbot – Tweetbot is a pretty good twitter client
  • Signal – signal is a secure messaging application.
  • Daedalus – Daedalus is a text editor. I don’t like it very much but, there aren’t many text editors that sync over WebDAV.
  • Prompt 2 – Prompt is an ssh client for iOS. There are a couple of them available for iOS but prompt is the best.
  • Transmit – Transmit is an sftp client for iOS. It works pretty great and makes editing remote files not quite so painful.
  • Working Copy – Working Copy is a git app for iOS. It works pretty well.

Multiple

  • Enpass – Enpass is a password manager. It’s a decent looking app that actually has a Linux version. It also syncs over WebDAV.
  • Amazon Music – it has pretty good selection and web client.

Server

  • WordPress – this site runs on WordPress. I don’t like it but it works well. I’m not happy about it but, it works.
  • nextcloud – it’s a bit hard to explain what nextcloud is. It’s a variety of software that is usually hosted in the cloud. It does file syncing, has a calendar app, a todo app, and contacts.
  • plex – I’ve written about plex before. It’s a great way to manage you videos.

ejrnl

About a year ago, I was a heavy user of Day One. I think that journaling is very beneficial. I stopped because I didn’t feel comfortable with having my private thoughts so readily available to employees or hackers. Initially, I needed to trust Dropbox but, I definitely don’t anymore. More recently, Day One set up their own sync solution and they’ve been working on adding encryption but, it still hasn’t been released. I also no longer utilize MacOS, so I needed something else. I couldn’t find something that worked exactly how I wanted it, so I built it myself. I called it ejrnl, for encrypted journal.

ejrnl is a command line utility for creating encrypted journals. It is written in Go and it utilizes Go’s standard library’s implementation of cryptography. It utilizes scrypt for generating the encryption key and it utilizes authenticated encryption with aes-128 being the algorithm. It should work on any un*xy system.

I put a lot of thought into designing the file format. It is designed to be synced between machines using some sort external process, i.e. Dropbox. I happen to use Nextcloud but any sync service should work fine. Due to this, I tried to design the storage system around problems that I’ve experienced in the past. Typically, what I’ve seen is file syncing being delayed or conflicting edits. Therefore, the format is designed to reduce the chance of conflicts. As such, each journal entry is stored as its own file. Since entries aren’t modified on multiple devices often, this should prevent most conflicts from happening. As lots of entries are added, rereading every entry to sort them by date would be extremely expensive. To speed this up, there is an index file that indexes every entry by its date. As this file is encrypted, everytime it changes, its contents are completely changed. This makes it very likely to encounter conflicts. As this is a probable outcome, this file can be regenerated as needed.

ejrnl is currently very light on features. It currently has the minimum features for me to be able to use it. I have many plans for features that I would like to add in the future. If you’ve been looking for an app to make an encrypted journal, please take a look at ejrnl.

Backups gone awry

I recently moved hosting providers for my sites. This in itself isnʼt particularly interesting. I had thought that they would automatically charge me for each month’s of service but, that turns out to not be the case. So, when my invoice for mid-April came in, I didnʼt pay it which resulted in my hosting being suspended. Again, this isnʼt particularly interesting. When I paid for this invoice, my server didnʼt quite come back correctly. This shouldnʼt have been an issue, all of my siteʼs content is backed up using tarsnap.

Restoring should have been a relatively simple process. I just needed to copy the tarsnap key to the new server, install tarsnap and then run the restore command. I checked 1Password for the key and, oh, crap the key wasnʼt there. I quickly searched my desktopʼs drive and didnʼt find anything. Shit. I guess I need to rebuild the site by hand. Luckily (and sadly) I havenʼt written very much recently. Everything I’ve written prior to November of last year. The rest of the things I’ve written were easy to pull out of Googleʼs cache.

While I was able to recover all of my writing, it wasnʼt without a big time commitment and pain. I also lost quite a number of old projects that I only had in the git repository on the server. This isn’t a huge loss as I wasnʼt doing anything with these repositories but, it still stings. The “moral” of the story is to test your backups in the worst possible scenario. Make sure that you everything that you need to do the restore.

Linksys WRT1900ACS

I recently moved into a large residence and my Time Capsule was having some coverage issues. The edges of my residence had very weak wifi signal with somewhat frequent dropouts. Iʼve also been playing with a Raspberry Pi recently (headless, of course). With the time capsule, there’s no way to see your connected devices. There is also a complete lack of visibility into the operation of a Time Capsule. You canʼt see the amount of network traffic or see what the deviceʼs load looks like. All of these things led me to pick out a new router.

I initially considered using a Ubiquiti Edge Router and Access point but, I wanted AC networking and Ubiquiti’s AC offerings are pretty spendy. I also like to have a web interface to check on the current networking conditions. Given that the software was my primary motivation for moving away from the Time Capsule, I decided to pick that out first. In the past, Iʼve had great experiences with openwrt and so I decided to pick out a router that could run it. After a great deal of searching, I decided upon the Linksys WRT1900ACS.

The WRT1900ACS has pretty impressive hardware specs. It has a dual-core 1.6 GHz processor but, it has a paltry 512mb of ram. While that is probably plenty for what it is meant to do, it seems quite small for a device that you’re spending over $200 on. It has a simultaneous dual-band AC radio. The 2.4 GHz band runs at up to 600 Mbs and the 5GHz band runs at up to 1300 Mbs.

Iʼm not a huge fan of its appearance. While I do get a bit of nostalgia when I look at it (the design is similar to the first wifi router that my family ever owned), it sticks out a bit more than I think that it should. I am thankful that it isnʼt this bad. It is a bit larger than I expected. It is by far the largest router I’ve ever owned. I donʼt find it to be too big of a deal but, its a bit hard to hide. I’m not really sure how much the external antennae help but, it has four of them.

All of the Linksys WRT1900AC* models are marketed as &ldquoOpen Source Ready”. Given the model number, that makes sense. It was a bit of stretch when these models were originally released as not many details nor support was given to the open source projects. Things seem to have improved here as the larger open source projects have added support for these models. Flashing OpenWRT onto this router is very simple. The web interface does complain that the build isn’t recognized, it will flash it for you just fine.

That being said, it has a forced setup process. Prior to this, I canʼt remember ever needing to run through a setup process in order to make the wired portion of a router work. Until you complete the setup steps, the router refuses to route traffic to its wan port. Its obnoxious. Iʼm really glad that I didn’t buy this for stock firmware. Iʼm sure that it is full of these user hostile choices.

I didnʼt know this at the time when I purchased it but, OpenWRT support for the ACS model was a bit experimental. While I found that it worked pretty well in use, it did reboot at least once per day. I never really noticed the reboots as it is incredibly fast to reboot. Openwrtʼs luci interface also looked quite dated. It was still reminiscent of the design of early Linksys routers. I always found it to be quite functional but also very displeasing. Luckily, both of these things have changed with the recent 15.05.1 patch release. Since I installed 15.05.1, the router has been incredibly stable, exactly what youʼd want from your router. It also features a much-improved design. It feels a bit generic as its now using what appears to be the default bootstrap theme. While I do feel that its a bit plain, I really appreciate how much better it looks.

Iʼm very pleased by this router. It has greatly increased the wifi coverage at my residence. I no longer have any dead zones and the connection is always quite fast. I really like openwrt as well. It is a fantastic firmware for a router. It has given me all of the visibility that I missed on the time capsule. Its a great piece of hardware with support from a great open source software project. I highly recommend this setup to anyone that is willing to dig in enough to reflash their router.

Let’s Encrypt

Recently, Iʼve been in the process of setting up a new site from scratch. Completely from scratch: new domain, new design, and new content. This, of course, means new tls certificates. Instead of buying them with Gandi, as I have done a couple of times for this site, I thought Iʼd use Let’s Encrypt.

Letʼs Encrypt is a new certificate authority that provides free and automated certificates. While you could previously get tls certificates from StartSSL, they really burned you on revocation, even in cases of mass revocation. Buying them from Gandi was much better because of these sorts of issues but, there is a cost associated with it. In both cases, getting a certificate issued is a cumbersome process. I was hoping the Letʼs Encrypt could make this process easier.

When you head to Let’s Encryptʼs website, itʼs not immediately apparent how you go about getting a certificate issued. It turns out that you need an ACME client in order to do this. Luckily, there is an official client. On Debian Jessie, its available from the stable repo, so its just and aptitude install away. The letsencrypt utility contains a number of different ways to authenticate a site. Since I was setting up a WordPress site and I use Nginx as my webserver, I found the webroot option to be the simplest way. All you need to do is run {%raw%}letsencrypt certonly --webroot --webroot-path {{website root}} --domains {{domain name}}{% endraw %} If you donʼt already have a webserver running, you can have the letsencrypt utility set up a temporary webserver just to authenticate the domain. All you need to do is run letsencrypt certonly --standalone. Both of these methods require you to already have the domain pointed at the serverʼs IP. The end result is a directory in /etc/letsencrypt/live with the certificate and private key. You can just configure your webserver to read the files from there.

Letʼs Encrypt is a much simpler, faster and cheaper way to get tls certificates. Thereʼs also a module for Apache that takes care of generating the certificate for you. Iʼll be glad when the Nginx module is no longer experimental. Iʼll be using Letʼs Encrypt for all of my certificate needs.

Plex

Iʼve heard great things about Plex but, Iʼve stubbornly holding out on trying it. I finally got around to trying it and, as with many things, I shouldnʼt have held out quite so long. Plex is a glorious experience. My wife has a huge collection of Movies and TV shows on DVDs and BluRays. Iʼm sure that she remembers what we own and where to locate them but, I donʼt. With Plex, I’m able to easily look through all of our movies and shows.

Most of Plexʼs power comes from its server. The server gets setup on a computer that you plan to leave running all of the time. The only real constraints should are that it should have a good amount of disk space and preferably a decent processor. Plex handles a large variety of files but, it doesnʼt mean that your device can play it. Plex will transcode the media if your device isnʼt capable of playing it. This can be a pretty cpu intensive task if it’s If you’re in control of converting the media files, you should be able to avoid any transcoding by picking a good storage format.

This server feeds a wide variety of clients. The most generic of which is that the Plex server is a DLNA server. This means that you might have a number of clients that can watch Plex content already. My television happens to have a DLNA client on it, meaning that I can simply turn on my tv and start watching. I donʼt do that though, mainly due to the sorry state of the DNLA client. Plex has a number of clients for different media platforms. The one that I most frequently use is the Apple TV. The Apple TV app is pretty workable but, I find the navigation to be a bit clunky. Itʼs also annoying that you can’t ask Siri to play any of the media in Plex but, that comes down to Apple not providing 3rd parties with a way to integrate with Siri.

The interface seems quite obvious. It presents as rows of movie posters or DVD covers. Itʼs somewhat reminiscent of Netflixʼs interface, without the strange scrolling. Itʼs a workable interface although, it is unoriginal. What Plex amounts to is a version of Netflix filled with only those movies that you own or somehow acquired (ahem). For some people, that will be completely worthless. For those people with an extensive collection, Plex can be revolutionary. Suddenly, you have your entire movie collection with a few button press, swipes, or clicks away from anywhere in the world.

In a way, its exists in a world that doesnʼt quite exist. It seems increasingly unlikely that weʼll ever be able to fully utilize Plex. Media companies seem unwilling to provide DRM-free files. Plex doesnʼt care where you get your files. Your options range from the legally gray area of ripping disks to piracy. This means that youʼre either in for a lengthy conversion process or a battle with your conscience. This is the land that Plex inhabits. It doesnʼt have a particularly good UI. It’s workable but it’s nothing revolutionary. The big draw is that it can play anything that you throw at it without DRM. This is only a big deal in that the rest of the big players are required to handle DRM.

ZFS on Linux 4.13 in Debian Jessie

The first question that comes to mind is why bother? The big reason, for me, is thunderbolt hot-plugging. Thunderbolt hot-plugging made it into 3.17. Unfortunately, Debian Jessie ships with 3.16. Luckily, 4.12 and 4.13 are available from jessie-backports. If you want to use zfsonlinux, youʼll need to do quite a bit of extra work. zfsonlinux ships packages that depend on the 3.16 kernel. Its also not as simple as just building the zfs package as they first create rpms and then convert them to debs. This is an issue because rpmbuild doesnʼt like the versioning scheme that is used for Debianʼs backported kernels.

To start with, youʼll need to download the source for the kernel to compile:

Then youʼll need to untar the source into a writable directory. i.e. cd into the desired directory and run:

This next step is going to take quite a while, building the kernel. From the untared linux source directory:

You can feel free to change either LOCALVERSION or the suffix to KDEB_PKGVERSION just make sure that the values that you specify don’t contain a ..

It’s much easier to do this without zfs already installed, so Iʼm just going to assume that is where you are at. Install the newly compiled kernel and reboot.

Now you have a custom kernel version running. The next step is to install zfs. This is mostly following zfsonlinux’s instructions on generic debs but, their instructions are missing a couple of steps. Youʼll need to download spl and zfs from zfsonlinux. I would suggest grabbing the latest release. You’ll also need a few build dependencies.

Now we need to compile spl and install the development packages which are required for building zfs.

Finally, we’re going to build and install zfs

Finally, reboot, and you should be all set. While that is a bunch of steps, it really isnʼt too bad.

2015: The Tools I Use

Continuing on what I started last year, here is the list of tools that Iʼve used this year.

Mac

Again this year, my Mac is my primary work device.

  1. neovim — I continue to do most of my work with text, whether that is Ansible playbooks or code. I could easily just use vim but, neocon has a couple of nice extras, mainly that it properly handles pasting without using paste mode.
  2. iterm 2 — iterm continues to be great to use. I donʼt really like the built-in terminal on OS X so Iʼm lucky that iTerm exists, especially since I do almost all of my work in the terminal.
  3. tmux — I generally keep iTerm running full screen since I do most of my work there. While this works pretty well, itʼs a bit of a waste as its a huge amount of space for just one thing at a time. I use an inverted T, where I have one large split on top and two smaller ones on the bottom. The big split on top is generally used for neovim and then I can run related tasks in the bottom two.
  4. git — git is basically the standard for version control. Git has its flaws but, I really like it.
  5. mailmate — I switched email clients since last year. Mailmate definitely feels more like a traditional email client. Itʼs really well done.
  6. Alfred — Alfred is a keyboard launcher. It does many more things than just launching apps. I use it all of the time.
  7. Arq — Arq is a great secure backup solution. It supports many cloud storage providers so youʼre able to pick your favorite.
  8. Textual — Textual is a pretty good irc client for OS X.

iPhone

  1. Tweetbot — I like using Twitter but, I really donʼt like Twitter’s design decisions. Tweetbot fits me much better, Iʼm not looking forward to the day when Twitter cuts off access to 3rd party access.
  2. Prompt — Prompt is good to have around in case you need to access a server over ssh. Prompt is a very well done ssh client but, ssh on a phone sized device isnʼt a fun experience.
  3. Spark — While the built-in mail client on iOS is perfectly functional, I find it quite cumbersome to use. Spark is a really great iOS email client.
  4. Unread — Unread is a pretty great RSS reader on iOS.

Multiple

  1. 1Password — Keeping yourself secure online is hard. Having to remember a unique password for each service is pretty much impossible, particularly if you try to make them secure. 1Password solves this problem. Itʼs so good that itʼs easier than using the same username and password for everything. Their recently announced team features are bringing this same great setup to teams. Available for Mac, iOS and a bunch of other platforms.
  2. slack — We continue to use Slack at work. Slack definitely had momentum last year but, it seems like everyone is using them this year. I like Slack but, Iʼm not sure itʼs good enough to have this much attention on it. I also think that itʼs unfortunate that many open source projects are starting to use it as their primary communication method.
  3. Dash — Dash is great documentation viewer for Appleʼs platforms. I use it every day. Available for Mac and iOS.

Server

  1. WordPress — As I previously mentioned, Iʼm back to using WordPress to manage ruin. While there are definitely some things that I don’t like WordPress but, itʼs pretty great at handling writing.
  2. ZNC — ZNC is an irc bouncer. It has quite a number of features but, I donʼt use that many of them. I mainly just use it so that I donʼt miss anything when my machine is offline.
  3. tarsnap — Tarsnap is a great solution for secure backup. The siteʼs design looks pretty dated but, it’s a great backup solution.