Class V Software Logo

Apr 14, 2024

Tax Day!
last update: 04/14 @ 21:08


A little bit early, but close enough.

The paper copies are in the mail; if you want a sneak preview, the electronic version is here.

Bonus points to the the first person (or anyone) who catches the two typos corrected since I printed the paper version.

Apr 02, 2024

We’ve been Tinged!
last update: 04/02 @ 09:50

And I think it’s a good thing.

(Sorry, another geeky post.)

Fiber Internet finally became an option for us this year; Verizon was never interested in Alexandria for some reason (I prefer to think the city was unwilling to give them too sweet of a deal).

Ting announced they were coming last year and that was enough for me to let our Comcast contract expire in anticipation of being able to ditch them. I’m cautiously optimistic this will be a good thing for us. Here is a bit of history of Ting and parent Tucows.

My hope is: because they are not competing with themselves for cable TV viewers (as Comcast is), they will be more reliable and more transparent. I was surprised when we moved from Verizon (DSL Internet) to Comcast (cable Internet) several years ago that I had to change the way we get DNS resolution.

About 18 months later, during the Covid pandemic work from-home-days, I got a bit more insight into what seemed to be going on. And I was very unhappy about it. That experience broke any trust I may have had in Comcast and led me to start looking at options. One recommendation from the upshot of Comcast blocking access to VPNs (including those used by federal employees working from home) was to turn off the “Security Edge” service. In my case, that meant a new service bundle, higher priced, and (theoretically) less featureful. But DNS resolution still required forwarding our queries upstream, which only made me more unhappy. I am very happy to welcome Ting to the neighborhood and trust they will not interfere with our use of the Internet as Comcast did.

I’ve removed the forwarding clauses from our DNS configuration (mentioned in that earlier post) and not seeing any problems. Ting is not consistently 1 GB symmetrical — it is, however, consistently faster than any prior connection we’ve had and way more bandwidth than we could ever need (and less expensive than Comcast).

Mar 29, 2024

Back from Seattle
last update: 03/29 @ 22:24

We had an excellent spring break trip.

It was great to catch up with Robert in person (and see him in his professional space).

We were able to spend some time with Lynn and David.

The weather was unexpectedly fantastic.

We got to see hockey, ultimate, Vancouver and lots of mountains.

We did a little bit of hiking.

And saw some eastern Washington vineyards (and sampled some of their wine).

More photos in the vacations section; and special note — these are late breaking hockey photos from Sarah and not in the longer form page.

don’t be shy about checking out Sarah’s Facebook page for more of her photos.

Mar 10, 2024

Skipping down memory lane
last update: 03/10 @ 14:07

Sarah and I were looking over some old photos and she pointed out that she had this copy of Linux Journal featuring a photo of Robert (with less hair) and me (with more hair).

That giant data set from the cover article: 200GB — still respectable but not what we call big data these days.

I miss the magazine and the metro ride to read it on.

Mar 09, 2024

last update: 03/09 @ 11:30

Reese and Danni’s wedding celebration was fantastic!

Michelle and Sarah met in college and have remained very close since then. Reese is one of Michelle’s sons. And now she has a new daughter.

So we were happy to help celebrate.

And celebrate we did!

The fog on the dance floor was a nice touch.

Everyone seemed to have a great time.

Reese and Danni clearly enjoyed being surrounded by family and friends.

And, as you can see, Sarah and Michelle loved the time together for the happy occasion.

We drove up on Saturday (stopping to visit with Ian and Sophie) and came back Monday. That led to very nice and relaxed day to cheer on the happy couple.

And to enjoy some of Long Island’s classics: a huge breakfast at Hauppauge Palace Diner and a lovely lunch at a very nice Italian restaurant (queue Billy Joel): Mannino’s.

Before that lunch on Monday, Sarah took us to Sunken Meadows State Park.

Even on a gray day, it was lovely and a great way to stretch our legs before getting the car.

Best of luck to the happy couple and all thier friends and family!

Quick trip to NY
last update: 03/09 @ 11:04

We took a quick trip up to Long Island for a wedding last weekend.

(I’ve been fighting with network routing at home this week, more on that later.)

And I have to say, what qualifies as “low price” there is not what I would say was a low price.

Clearly, NYC has lots of good reasons to reduce cars; the price of gas is one of them.

We took advantage of the wedding being on Long Island to stop off and say “hi,” to Sophie and Ian in their new place.

We were too busy catching up and touring the very nice brownstone to take any pictures (next time).

That was a very fun, though too short, break on the drive and I hope we’ll be back soon.

This was the first time I’ve seen the built-in navigation in Corey (the Mazada) while in a tunnel. It’s very futuristic :)

Feb 28, 2024

last update: 02/28 @ 18:29

Well, that’s likely something I should have done but didn’t in the last few weeks.

As noted earlier, I had a power supply fail and the server was old enough it was not clear I could replace it. Also, I’d had a hard drive fail on the same server a few months back. Both have been through a remodel at the house and so it was time to replace them.

For the first server, I was really under the gun: I wanted to get our internal network back up and running quickly. Clearly no time for manual reading.

For the second server, just recently “Completed,” I was not under quite as much personal pressure. But I still just installed the OS (yes, two major versions more recent than what I had), installed the software and laid down my configurations. It likely would have been a good idea to read the release notes to understand what all had changed, but I was too lazy or thought I could figure it out as I went.

Which, I’m happy to say, I could (thank you Internet).

If you happen to be jumping from RHEL 7 (or, more likely CentOS 7) to RHEL 9 (or, more likely Rocky 9), here are the final couple gotchas I ran into:

External FirewallD forwarding/routing change
With the changes to FirewallD and the underlying firewall layer, my old forwarding didn’t work. I saw a lot of this in the logs, “filter_FWD_internal_REJECT: IN=eno1 OUT=eno2” The fix, thanks to Internet searches:
firewall-cmd —permanent —new-policy allowForward
firewall-cmd —permanent —policy allowForward —set-target ACCEPT
firewall-cmd —permanent —policy allowForward —add-ingress-zone internal
firewall-cmd —permanent —policy allowForward —add-egress-zone public
firewall-cmd —reload
Some updates needed for ruby scripts
The new, modern Ruby doesn’t like instance variables (for good reasons). The quick (but perhaps less than ideal) fix was to make them global variables. My scripts run one at a time, no worry about race conditions so likely that’s OK.
Testing red network with only default route
I thought I was being smart, I added my public IP addresses to the new server while I was building it and then went to test by plugging it into a switch that only had my laptop connected. I gave my laptop an IP in the same class C network and started testing. And nothing worked. I had the server’s default route set up to go out the internal side so I could use the current Internet connection to get updated software. Once I added a route to that class C on the NIC, I could test and see traffic flowing.

My new servers have redundent power supplies now — I learned that lesson. But maybe I didn’t learn the hard disk lesson: I’m not doing any sort of RAID, just frequent backups. And, thanks to the new servers and new disks, I have my old disks as spares should I need them.

Now I can say I’m finishing up some post migration work; prepping for Ting as our new ISP, and getting on with life.

Jan 28, 2024

last update: 01/28 @ 23:19

Win some and lose some…

Refurbished power supply was a bust; wrong item (it was hot swapable, I didn’t have redundent, hot swapable — but I do now).

So I’ve moved on to server rebuild. And with Centos pretty much gone, seemingly a causality of IBM’s purchase of Red Hat, I’m moving on to Rocky Linux. Going from 7.X to 9.X was bound to have some growing pains (having them in a more controlled build and cutover rather than replacing a dead server would have been nicer).

Lessons from my experience:

First, Rocky uses AuthorizedKeys vs. Centos 7 using AuthorizedKeys2; not a big problem but my first, bad, assumption was the upgrade meant I needed newer keys. And then (did I mention I was trying to go fast), I just used default file permissions on the new file. Final stumbling block: the new key pushed me over the limis so I started to get “too many failed attempts” errors. Lesson: copy AuthorizedKeys2 to AuthorizedKeys and check the file permissions.
It’s been a long time since I set it up. First, bad assumption: samba users are pulled from OS users. Eventually the errors made sense and I remembered I had to create the samba users/passwords. Second issue: selinux boolean to allow samba to get to home directories — that generates a really weird error on Linux workstation mapping in those drives (not sure what Windows would have looked like). Lessons: create the samba users/passwords and ensure selinux is permitting home directories (or relabel the file system).
Really went pretty well: don’t forget to install CRS with mod_security. And the new rulesets added a few more false positives for subversion access.
Speaking of subversion; it just works. I was pleasantly surprised to see no issues with access the repositories via httpd (after the mod_sec updates). (Do be sure selinux context is correct.)
postfix and spamassassin
It took a lot longer than it should have to understand that the error message about pipe failed due to unknown user really meant just that. The Spamassassin package for CentOS 7 used the “spamfilter” user (I think); it seems like the Rocky 9 package piggybacks off of the “mail” user.
I had to refresh my memory on SSL keys for dovecot; but mistakenly figured I could just remove the Thunderbird saved key and add back the new key (see below). For me, dovecot uses standard key files in standard tls directory. I was surprised that dovecot seems to log Thunderbird’s ssl error which Thunderbird seemed to just mask.
When I hit the certificate issue, I thought (next bad assumption) I could just remove the key I loaded from the old server and add a new exception for the new server’s key. I spent a long time trying but could never coach Thunderbird to ask for that offending key and give me a chance to accept it.
So I remembered having to create a new profile not that long ago when the hard drive failed on the old server. (The power supply was the camel back breaking straw.) So I created a new profile and that let me import the certificate. But…
The Thunderbird new profile/account set up presumed username would include domain (, for example). Of course, dovecot on Linux, using Linux accounts just needed the name. The unknown user / invalid password threw me for my final loop of the rebuild session. Lessons: Delete imported SSL cert only as a last resort and look closely at the assumptions made in setting up a new profile/account.
Final note this this entry: when I started my backup scripts, I was getting astronomically large backup files. tar, in Rocky 9 does not like “—exlude” clause after the source of the files to tar up. CentOS 7 was OK with that. Lesson: tar .

The server has been working well for a few days now and I’m feeling pretty good. I have a bunch more disk space to work with (but I’ll likely need new, bigger USB drives for offsite storage). And I’ve seen a whole new slew of error messages and eventually worked out what they mean and what I need to do.

Of course, the public server (serving this blog and website) is the same era as the internal server and lived through the same very dusty remodel. So that’s next on my plate…

Oh, and Ting is setting up fiber to the house too…

Jan 13, 2024

last update: 01/13 @ 13:12

I may be a bit distracted for a while.

I can now say I’ve experienced a power supply failure for a server — new to me before today. I knew these needed to be replaced, I was just hoping for 6 more months…

New (refurbished) power supply on order — if that’s really the cause (could be motherboard as well), I may be up and limping in a week or so.

New servers ordered as well — clearly it was time, but I was hoping not to be forced into a rush job :( And, learning my lesson, redundant power this time; that seemed excessive for home use before today).

Oh, and Ting says they may be able to hook us up next month.

Gonna be a techy few weeks here…

Jan 03, 2024

Christmas photos
last update: 01/03 @ 15:05

Sadly for us, Robert had to go back to school. We had a lot of fun while he was here and I expect we’ll start plotting our next trip out that way soon.

There are some more photos in the vacations section.

Add new entry (owner only)

The posts on this page will slowly roll off as new ones are added to the top. The "permanent link" links above will take you to one post's permanent address; that should not change or disappear. You can also build up a link to see any month's postings by adding the four digit year, a slash, the two digit month and a trailing slash to the the main URL. Like this:
/news/blosxom/2004/08/. (You can go down to the day level if you like.)

Only the site owners can edit this page (and all attempts to do so are logged); however anyone is welcome to add a comment using the "comments" link below each posting.

RSS feeds: .91 | 3.0