bryan wann :: binary fury

Note: this has worked so well for so long since I started drafting this, I may have unfortunately forgotten steps and will update as necessary.

Note 2: This is not for the light hearted, you need to know you want this and are comfortable dealing with Linux routing tables by hand, outside the scope of the EdgeRouter GUI.

I’ve long had a /48 from Hurricane Electric (HE)/Tunnelbroker for my IPv6 connectivity to servers I run home and for general end-user purposes. I’ve also had Xfinity for years which has native IPv6, but never have used it for a couple of reasons. Firstly, I assume it’s a dynamically allocated prefix subject to change anytime which could break inbound connectivity to my servers when the address changes. Secondly, both Xfinity and HE do source address filtering, so traffic sourced from HE gets dropped when it exits via Xfinity and vice versa, so I can’t just run them together. I didn’t want to deal with trying to script or dynamically update DNS hostnames and firewall rules to access my servers over Xfinity v6, and the HE tunnel has been very reliable. I want to keep my Internet-accessible servers on my HE /48.

The main problem is leaving v6 performance on the table. 6to4 traffic is not handled by hardware offloading on Ubiquiti EdgeRouters. Even on an EdgeRouter 12, I can only get about 400 mbit/s of tunneled IPv6 on my gigabit Xfinity service before the CPU runs out of steam (soft interrupts). Testing IPv4 only, I’m able to get ~950 mbit/s through NAT. I’ve artificially throttled my IPv6 performance by only using the HE tunnel.

Another problem is that I’ve learned that some CDNs like Cloudflare and ticketing websites do not like requests from HE IPv6, presumably because they don’t like VPN and tunnel users.

So to use both Xfinity and HE connections, I need some policy routing. Unfortunately EdgeOS / Vyatta stack on the EdgeRouter doesn’t natively support IPv6 policy routing through the GUI or config tree, just IPv4. Fortunately it runs a Linux kernel and it has the iproute2 packages installed so it’s possible to manipulate the kernel routing tables directly to set up IPv6 policy routing via ip rule and ip route commands.

I had looked at this years ago and it sounded annoying to set up, but in the end taking it command by command it wasn’t so bad. I referenced these web pages to get ideas what to configure:

https://serverfault.com/questions/854094/linux-ipv6-policy-based-routing-fails

https://www.sixxs.net/forum/?msg=setup-10320966

https://jsteward.moe/he-ipv6-routing-on-machines-with-ipv6.html

https://web.archive.org/web/20130812091825/http://itkia.com/ipv6-policy-routing-linux-gotchas/

Topology

My home network looks something like this:

There is one router connected to my Xfinity cable modem, two segregated LANs. One is my plain simple home network where all of my wired and wireless phones, laptops, desktops, IoT devices live. It has a 192.168.x.x IPv4 /24 and the first routed /64 that HE assigns to your Tunnelbroker account. The second LAN is behind another router serving up ikeacluster and the rest of my development network. It’s where most of my Internet-accessible servers live and it’s part of the routed /48 network from HE.

In this scenario, I have two IPv6 networks I need to policy route. One is my daily driver /64, and one is my homelab /48 network. I am only interested in Xfinity IPv6 addresses on my daily network, and therefore do not do any sort of prefix delegation to the ikeacluster/homelab side. For the most part devices either get v6 addresses as static assignments or SLAAC.

What I will wind up with is that homelab addresses will stay exactly the same, within the same HE /48. What will change is that now my home network will get both RAs. Things like my phone, laptop, Apple TV will get 2 IPv6 addresses now, one from the same HE /64 as before, and now a Xfinity IPv6 2601:: address. Only HE traffic is special cased, I have not mangled Xfinity traffic at all.

Router config

Expect some temporary IPv6 breakage as you do this. You’ll need to remove the existing default IPv6 route you have pointing at HE’s tun0 interface, then configure DHCPv6 PD for Xfinity. What will happen as soon as you configure the EdgeRouter for Xfinity IPv6, you configure the DHCPv6 prefix delegation and router advertisements on your LAN and commit, all of a sudden all of the devices on the LAN will learn two v6 addresses (HE and Xfinity) and two gateways. Until you get policy routing going, v6 traffic could start egressing via the wrong ISP. Un-configuring PD and RAs on the EdgeRouter will not automatically roll this back, now all of your LAN devices have to timeout the old Xfinity address and gateway (or you manually fix them).

I recommend setting up DHCPv6 prefix delegation first on your WAN interface facing Xfinity. Commit this first and you should have a /128 address show up on your WAN interface. This at least lets you know Xfinity and PD is somewhat working before you get further.

e.g.

set interface ethernet eth0 dhcpv6-pd pd 0 interface eth8
set interface ethernet eth0 dhcpv6-pd pd 0 prefix-length 60
set interface ethernet eth0 dhcpv6-pd rapid-commit enable
commit
save

[bwann@home-gw1 ~]$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                        S/L  Description
---------    ----------                        ---  -----------
eth0         98.47.xxx.xxx/22                  u/u  outside
             2001:558:6045:c0:4040:aaaa:bbbb:cccc/128


Later, or now, #yolo, enable prefix delegation and begin sending out RAs on your LAN:

set interface ethernet eth8 ipv6 router-advert prefix ::/64 autonomous-flag true
set interface ethernet eth8 ipv6 router-advert prefix ::/64 on-link-flag true
set interface ethernet eth8 ipv6 router-advert prefix ::/64 valid-lifetime 2592000
commit
save

Firewall considerations

You’ll need to apply an IPv6 firewall policy to your WAN interface along with your HE tunnel interface because now you have v6 coming in on two interfaces. My firewall rules are default deny-all on inbound, with rules to allow from specific addresses and/or to specific addresses, with no consideration of the actual interface names. This means I can re-use my existing HE tunnel rules on my WAN interface to keep everything in one place (here I have a rule for v6 traffic passing /through/ my router and another ruleset going /to/ my router)

# WAN interface rules matches tun0 interface
set interface ethernet eth0 firewall in ipv6-name outside6
set interface ethernet eth0 firewall local ipv6-name system6

Policy script

Next, I have written a script to bring up my policy routing in an idempotent manner. I actually wrote and tested this one line at a time so it should be safe running it over and over again. I saved this to /config/scripts/policy.sh:

#!/bin/bash
#
# IPv6 prefixes to policy route
prefixes="2001:470:1f05:2c9::/64 2001:470:8122::/48"

# Add he-ipv6 table
if ! grep "^200 he-ipv6" /etc/iproute2/rt_tables ; then echo "200 he-ipv6" >> /etc/iproute2/rt_tables ; fi

# Flush everything and re-add standard EdgeOS rules
ip -6 rule flush
ip -6 rule add priority 32766 from all lookup main
ip -6 rule add priority 220 not from all fwmark 0xffffffff lookup 220

ip -6 route flush table he-ipv6 || true

for prefix in ${prefixes} ; do
  ip -6 rule add from ${prefix} table he-ipv6 || true
done

for prefix in ${prefixes} ; do
  ip -6 rule add to ${prefix} table main || true
done

# Comcast dhcpv6-pd prefix, punt to main table
ip -6 rule add from all to 2601:646::/32 lookup main

# for prefix in "${prefixes}" ; do
#   ip -6 route add unreachable ${prefix}
#   ip -6 route add unreachable ${prefix} table he-ipv6
# done

# Set default route in he-ipv6 table to HE's end of the tunnel
ip -6 route add default via 2001:470:1f04:2c9::1 dev tun0 table he-ipv6

Walking through what this does:

# IPv6 prefixes to policy route
prefixes="2001:470:1f05:2c9::/64 2001:470:8122::/48"

A simple string list of prefixes to policy route, separated by spaces.

# Add he-ipv6 table
if ! grep "^200 he-ipv6" /etc/iproute2/rt_tables ; then echo "200 he-ipv6" >> /etc/iproute2/rt_tables ; fi

Create a new, separate route table to hold our rules and routes for HE sourced traffic. If it’s already in the rt_tables file, do nothing.

ip -6 rule flush
ip -6 rule add priority 32766 from all lookup main
ip -6 rule add priority 220 not from all fwmark 0xffffffff lookup 220

Blow away any existing IPv6 rules to ensure we’re working with a clean slate. Re-add what should be standard out-of-the-box rules, using the main routing table. I’m not exactly sure what the fwmark lookup with table 220 is for, as there’s no mention of it in /etc/iproute2 anywhere, but we’ll faithfully re-add it because it’s what was there to begin with. (You can run ip -6 rule showto see what was there to begin with before flushing them.)

ip -6 route flush table he-ipv6 || true

for prefix in ${prefixes} ; do
  ip -6 rule add from ${prefix} table he-ipv6 || true
done

Do a similar thing, blow away any existing routes in our he-ipv6 routing table so we’re sure we’re only policy routing what the script expects. Always return true even if we don’t flush anything. Then iterate through our prefix list, adding from rules to our he-ipv6 table, this is what will actually match on the source address of the HE traffic.

for prefix in ${prefixes}; do
  ip -6 rule add to ${prefix} table main || true
done

Add rules so if there’s traffic coming into the EdgeRouter then send it to the normal routing table. Basically if it’s local traffic, keep it local. This solves an embarrassing side effect that when I would try to connect from my laptop in the livingroom on a Xfinity v6 address to a machines in the homelab with an HE address in the bedroom, the traffic would bounce down to San Jose and back.

# Comcast dhcpv6-pd prefix, punt to main table
ip -6 rule add from all to 2601:646::/32 lookup main

2601:646:: is currently the /32 that my /60 prefix is ultimately delegated out of. I don’t know if/how often the /60 changes, so I’m trying to take into account any future changes.

Add a rule I believe similarly, any traffic from a Xfinity address, send it to the main routing table. This is hacky because who knows when I won’t get a prefix delegation from 2601::646::/32 anymore and could be scripted better.

ip -6 route add default via 2001:470:1f00:___::1 dev tun0 table he-ipv6

Lastly, add the default route for the HE routing table to point at the remote end of my HE tunnel.

In some of the examples I linked above, people were going further an adding statements to make certain addresses/endpoints unreachable. I don’t think that’s necessary in my case, or at least so far I haven’t experienced any weird side effects after running this for several months.

TODO: This script needs to run every time at boot to set up the policy routing. I haven’t gotten around to that, probably needs to be a task-scheduler job or similar.

Multiple router advertisements on same LAN are fine

On my home LAN it doesn’t really matter that my EdgeRouter is sending out RAs for both the HE /64 and the delegated Xfinity /64. The next-hop for the default router goes to the same place. I can stick a random Raspberry Pi on the home network, it’ll get an address from both /64s and work just fine reaching the Internet and the rest of my networks.

Results

After running the script, thing should look something like this:

root@home-gw1:/home/bwann# ip -6 route show | grep default
default via fe80::21c:73ff:fe00:99 dev eth0 proto ra metric 1024  expires 1798sec hoplimit 64 pref medium

root@home-gw1:/home/bwann# ip -6 route show table he-ipv6 | grep default
default via 2001:470:1f04:___::1 dev tun0 metric 1024  pref medium

The main v6 routing table should only have a single default route, in this case the fe80:...:fe00:99 is the Xfinity v6 gateway I learned from DHCPv6. Likewise the he-ipv6 routing table should have a single default route, pointing at the remote end (HE’s side) of my tunnel.

root@home-gw1:/home/bwann# ip -6 rule show
0:	from all lookup local
214:	from all to 2601:646::/32 lookup main
216:	from all to 2001:470:8122::/48 lookup main
217:	from all to 2001:470:1f05:___::/64 lookup main
218:	from 2001:470:8122::/48 lookup he-ipv6
219:	from 2001:470:1f05:___::/64 lookup he-ipv6
220:	not from all fwmark 0xffffffff lookup 220
32766:	from all lookup main

root@home-gw1:/home/bwann# ip -6 rule show table he-ipv6
218:	from 2001:470:8122::/48 lookup he-ipv6
219:	from 2001:470:1f05:___::/64 lookup he-ipv6

Rules configured, the key part here is that traffic from my HE addresses are going to be routed according to the he-ipv6 . I.e. traffic sourced from my HE /64 and /48 will egress via my HE tunnel, anything not matching it egresses via Xfinity.

Traceroute results

Here’s proof in the pudding or something:

From one of my Linux boxes on my home network that only has an IPv6 address from the HE /64, traceroute to facebook goes via the HE tunnel:

[bwann@raptor ~]$ traceroute6 www.facebook.com
traceroute to www.facebook.com (2a03:2880:f131:83:face:b00c:0:25de), 30 hops max, 80 byte packets
 1  2001:470:1f05:___::1 (2001:470:1f05:___::1)  0.270 ms  0.196 ms  0.161 ms
 2  tunnel263332.tunnel.tserv3.fmt2.ipv6.he.net (2001:470:1f04:2c9::1)  15.380 ms  22.593 ms  21.033 ms
 3  10ge11-19.core4.fmt2.he.net (2001:470:0:45::1)  19.478 ms  22.419 ms  19.383 ms
 4  * * *
 5  xe-0.equinix.snjsca04.us.bb.gin.ntt.net (2001:504:0:1::2914:1)  23.900 ms  23.379 ms
    xe-0.paix.plalca01.us.bb.gin.ntt.net (2001:504:d::6)  23.790 ms
 6  * * 2001:418:0:5000::751 (2001:418:0:5000::751)  30.911 ms
...
 10  po243.psw02.sjc3.tfbnw.net (2620:0:1cff:dead:beef::5ddf)  20.820 ms
    edge-star-mini6-shv-01-sjc3.facebook.com (2a03:2880:f131:83:face:b00c:0:25de)  20.502 ms  20.415 ms

From my laptop on the same LAN with both HE and Xfinity addresses, to facebook, this time it goes out via Xfinity:

lapdance:~ bwann$ traceroute6 www.facebook.com
traceroute6 to star-mini.c10r.facebook.com (2a03:2880:f131:83:face:b00c:0:25de) from 2601:646:9e01:1600:ad2f:8fee:48af:d42e, 64 hops max, 12 byte packets
 1  2601:646:9e01:1600:7683:c2ff:fe14:5129  4.050 ms  3.651 ms  4.056 ms
 2  2001:558:1014:30::2  10.578 ms
    2001:558:1014:30::3  15.969 ms
    2001:558:1014:30::2  15.631 ms
 3  po-324-346-rur202.sanjose.ca.sfba.comcast.net  22.185 ms
    2001:558:82:840a::1  10.807 ms
    po-324-346-rur202.sanjose.ca.sfba.comcast.net  16.639 ms
 4  2001:558:80:168::1  11.184 ms
    po-2-rur201.sanjose.ca.sfba.comcast.net  12.387 ms
    2001:558:80:168::1  12.626 ms
...
13  po7.msw1at.01.sjc3.tfbnw.net  16.717 ms
    edge-star-mini6-shv-01-sjc3.facebook.com  15.436 ms
    po7.msw1ag.01.sjc3.tfbnw.net  18.761 ms

From my laptop to my Chef server running in ikeacluster:

lapdance:~ bwann$ traceroute6 chef.wann.net
traceroute6 to chef.wann.net (2001:470:8122:1:227:eff:fe26:3238) from 2001:470:1f05:2c9:ad2f:8fee:48af:d42e, 64 hops max, 12 byte packets
 1  2001:470:1f05:___::1  3.843 ms  2.304 ms  3.729 ms
 2  2001:470:8122:___::2  2.702 ms  3.229 ms  3.116 ms
 3  2001:470:8122:1:227:eff:fe26:3238  3.886 ms  2.440 ms  2.128 ms

Caveats and side effects

OS source address selection, in particular “use longest matching prefix” on dual-addressed machines can have undesirable effects with this policy routing.

In the case where a machine has multiple IPv6 addresses, RFC 6724 lays out a whole slew of rules to pick what local address is used when connecting to something on the Internet. Depending on the address of what you’re connecting to, traffic may go out via different route than you expect.

For example early on I was wondering why my speed tests from my laptop using Xfinity’s website weren’t showing any improvement. My laptop has both a HE address starting with 2001:: and an Xfinity address starting with 2601::. Lo and behold, www.xfinity.com resolves to `2001:559:19:6089::2af2` so MacOS is sourcing my request from my HE address, and thus my Speedtest was going through the HE tunnel and not over Xfinity native IPv6! Thus it was still hitting the original performance bottleneck and showing I could only do 400 mbit/s of IPv6. Temporarily removing the HE address, I was then able to hit 990 mbit/s of IPv6 using Xfinity natively. Quite a difference!

tl;dr anything that resolves to 2001::something may always go out HE.

About once a year I get the itch to work on family genealogy of the Wann/Cox/Christy families, especially when I’d go back home over the holidays and have access to old photographs. I guess it appeals to my need to review and organize data, and to keep track of who is who. It’s mostly casual work on Ancestry, yet I try to be very careful and skeptical around the hints it provides, only use information from first party sources, and try to verify it with cross referencing against other data. It’s very easy to point and click around, accepting sources from god knows where and build out a pretty chart, but really how accurate is it?

My grandma Inez and her mother Corene have literally of thousand of family photographs between the two of them, stretching back to the 1900s. Family from all parts of the country would come visit, it seemed like they knew everybody. If you came to visit, you were having your picture taken a few times. There’s even some 8mm film of a 50th wedding anniversary. Unfortunately the vast majority of the photos are unlabeled as to who or where or when they were. Before dad died I’d pick his brain on identifying people and he did what he could, even as far as going as scanning and labeling photos himself. He admitted he wasn’t very sentimental and never looked at photos nor kept track of extended family.

Some of the photos had names written on the back, and I’d find bundles in envelopes where photos and notes were mailed to other relatives in attempts to identify the people in them. These were like gold, I brought these home to scan (front and back) to preserve them and add to the tree. But the dozens and dozens of other people in the photos, their identities are now sadly lost to time. It took a couple of years of procrastination, I finally have a couple hundred of these painstakingly scanned in now. A 1600 dpi scanner does wonders for those tiny photos from the 1920s.

Grandma was also a scrapbooker, one book was positively stuffed with newspaper clippings of relatives over the years. Another scrapbook was from her college years which had some interesting photos of people that were obviously important to her, but again no names to identify them. She had even taken a notebook and wrote a couple dozen pages on growing up.

I found one Wann family photo album that went back a couple of generations, this was also very valuable as it has the only photos I know of my [great]-great-grandparents. Dad had told me what he had heard was that when his grandpa re-married, the new wife decided to burn all of the old family photo albums. Apparently some photos survived somehow, and while I’m grateful for my grand-aunt identifying people in the photos (some names seem to be slightly off), I don’t have any other photos or information to cross-check against.

Which leads me to ambiguity of names! I already knew from previous work that people played pretty loose with names when transcribing them, copying from 80 year old documents written in cursive, and whatnot. I was focusing on my great-grandpa’s family and some poor woman’s name was spelled Paralee, Pairlee, Pairley, Pareelee, Pearly, I’m not even sure what made it on the tombstone.

In particular I’ve had a lot of people named Robert and James. I originally thought my g-g-grandfather was Robert James Jr, and his dad was Robert James Sr, but apparently the elder has James Wann on his tombstone, and some other trees imply he went by James instead of Robert. But then my g-grandfather had a sibling called “J.R.”, did this mean James Robert?  or was he a Robert, Jr.?  Some years the census form would be filled out “Robert J” and the next would be “James R” for the same person! Then there was another brother who was known as Jim, sometimes James; then a son called James, Jr. Then of course Jim had a Jim, Jr. It was all very confusing! I think I finally sorted out all the seniors and juniors, the Jims and James and Robert, until somebody tells me otherwise. James/Jim is extremely popular in that swath of the family. I’m still troubled by how somebody else has my g-g-g-grandfather as a James Sr, what is true?!

One nice thing I did this time was splurge for Newspaper.com and Newspaperarchive.com subscriptions. (Ok I signed up for 7 day trials and got sucked into a subscription). They’ve been super helpful for looking up people, although very slow and tedious going over searches. So far I have had the best results dialing in newspapers by name in an individual city and searching for the family name, or looking for a person on a statewide basis.

Through newspaper archives I’ve uncovered countless marriage/divorce/obituaries/birth announcements that Ancestry doesn’t have in their databases, and more than a few arrests and jail records. The Newspaper/Newspaperarchive collections aren’t very complete, I often find myself searching both of them and finding news articles in one that isn’t in the other website. This is also how I found out the Kinta State Bank once had it’s vault blasted by dynamite and robbed in the 1920s, I thought this was only a movie trope. I’ve found a Bryan William Wann that was here in California in the 40s who was constantly in jail for this or that, ranging from vagrancy, selling liquor, failure to pay fines, breaking the peace in Santa Cruz, to concealed carry of a weapon.

Right now I’m mostly focusing on people alive in in the 1930s-2000s, as that’s the best information I have. I have seen several other people more serious and trying to trace our families back all the way to Europe in the 1600s. I will happily let them do that work, they seem much better equipped than me to do it. Best I can tell everyone kind of winds up at Wann in the late 1600s, either being English or Irish.

I’ve long been vaccinated and boosted, but finally caught COVID just in time for Thanksgiving. I wonder how many people it’s been through between the bat and/or escaping the lab in Wuhan and my lungs. By most accounts I’ve had a mild case, but it’s the most miserable sickness I’ve ever had. My memory of events is kinda fuzzy, shoulda been writing more frequently.

Monday morning I was tired and had a bit of a hoarse voice, meh, just another Monday. By Monday night however I had a deep dry cough that kinda tasted metallic-ish, headache, a bit of chest tightness, and a runny nose. It actually reminded me a lot of getting sick from galvanize poisoning from welding, but I haven’t been welding. I started feeling like I had a fever so I took a rapid test. Positive, fuck.

Then the chills set in. I experienced these after my 2nd shot and my booster, this time they lasted way longer. I spent all night, Tuesday, Tuesday night wrapped up in a blanket with my head propped up on the couch in front of my space heater. Even getting up and going to the bathroom I had to be bundled up in my blanket and unwrapping just for a bit made me shake hard. Roll over, get shivers. Drink water, get shivers. Only had a mild fever, 99.7.

I would sleep for an hour or two, then spend the next hour mindlessly scrolling through Twitter and Reddit over and over until I could sleep again. I really didn’t feel like doing anything, not even looking at my laptop or watching TV. Coughs were deep, unproductive, unpleasant, and felt better when I’d sit up and lean over when one came on. I was chugging water every time I coughed or got up, and had a mountain of TP from blowing my nose. Sore throat, headaches, and chest tightness pretty much went away.

By Wednesday evening the chills finally let up. Now I just started cycles of hot and cold with a fever of 100.7. I’d either be laying there uncovered, baking in a puddle of sweat, or have to cover up, only to repeat later. The coughs were starting to be minimally productive, just enough to be satisfying. I was starting to wonder if this is how it was going to, if my temp would keep going up and up, my lungs filling up more, and if things were going to get worse somehow. Oddly enough the cats didn’t care much for me when I was roasting, I figured they’d be with me soaking up the warmth but they largely decided to sleep in the chair.

Fortunately I never lost my sense of smell, taste, or appetite. I had pizzas delivered and I gobbled them down. I also never experienced any shortness of breath, which I was really concerned about. Anything to do with touching my eyeballs and not being able to breath are two things I lose my shit over. I was frequently taking deep breaths to make sure I still could without any pain or difficulty. I had a pulse ox and it never got below 96% SpO2.

Thanksgiving morning, I was feeling better … I thought. The fever finally stopped, still coughing, and had a stuffy head. I took a shower and felt really tired after and took a nap. That continued throughout the day, I felt fatigued more than I’ve ever felt before, just ugh. I was hoping I could pick up a hot turkey dinner from the grocery store, but I was so tired I didn’t want to deal with calling and picking it up. Then I wound up having to go pick up my pizza anyways because nobody was doing delivery.

Friday I was feeling better yet. Not tired anymore, I was up vacuuming, taking out the trash, and doing laundry. Still testing positive, blah.

Today I’m feeling much better, but I’m realizing through typing this and a phone conversation with my bank that my thoughts really are cloudy today. It’s taking some focus to stay concentrated, I find myself retyping the same parts of sentences in a row, spelling errors, and memory of the week is a bit more fuzzy than I’d expect. I don’t really feel sleepy or tired, no other symptoms, not even sinus congestion, just thinking is .. off. I guess this shit is real, and I really hope it doesn’t linger!

I think the actual birthday is in a few weeks but I’ll forget by then. I started building ikeacluster in 2012 as a home lab project, I wanted something nearly silent, low wattage, and real hardware. Motherboards and hard drives have come and gone, and had one switch die. I don’t tinker with it as much as I used to, but it keeps plugging along.

TL;DR Apple + eGPU + 27″ Thunderbolt display probably needs a dummy HDMI dongle in the GPU and performance sucks.

Early in the pandemic I got hooked on Minecraft. My daily driver is a MacBook laptop which doesn’t have a lot of graphical horsepower for fancy shaders. A friend suggested using an eGPU, so I bought a Razer Core X enclosure and an XFX GPU card, a long-ass Thunderbolt cable to my laptop and life was grand. I could run the Sildur shaders with volumetric lighting like a champ and it really made MC pop.

(Yes I chose to tether my laptop to the eGPU, but the 12′ long cable gave me some movement options)

Then the eGPU enclosure stopped working. It took forever to get a response from Razer coz covid and they wanted a lot of details. Eventually I RMA’d it and they apparently replaced the PSU. Life was grand again.

Then I upgraded to either High Sierra or Mojave (or maybe it was to my 13″ MacBook, I forget) and life got a little sad. If I gracefully disconnected the eGPU and re-connected it, Minecraft stopped working. The Launcher would launch, I’d get a white screen, and the game was clearly running because I heard the music. Rebooting fixed it.

When the M1 14″ MacBook Pro came out, I bought one immediately because the 13″ MB was pretty long in the tooth and the battery was shot, and I despised the Touch Bar. Unfortunately this sunk my eGPU plans, the M1 just did not support them at all. Even with an upgraded model with the fancy integrated Apple GPUs it could not handle fancy Minecraft shaders at all. The system was fast as hell but the Sildur “enhanced default” shader was the best I could do.

Fast forward to this week. I have a Mac Mini with a 27″ Apple Thunderbolt display as a desktop computer, so I thought ah ha I’ll just move the eGPU to it and get some use out of it. Nope. The Mini was too old and only had Thunderbolt. The Mini also was a dog at running X-Plane and Lightroom anyways so I said screw it and eBay’d a 2013 Mac Pro trashcan.

(Also the first time I fired up the eGPU after several months there was an electrical pop when I hit the power switch. Dead PSU. I had to track down a replacement. Me and the Razer Core X just aren’t getting along.)

After buying a Thunderbolt 2 -> 3 adapter, cable, hooking it all up, installing the Kryptonite boot loader to enable the eGPU, fired up Minecraft and white screen in the launcher.  Game was running, utilizing the XFX GPU, music going but white screen in the launcher. Fired up X-Plane, process was running, on the XFX GPU but there was no X-Plane window at all. Note this was with the Thunderbolt display plugged into the Mac Pro and not the GPU.

I plugged a shitty monitor into the GPU with a DVI->HDMI dongle, MacOS instantly recognized it and put a desktop on it. I fired up Minecraft expecting it to show up on the shitty monitor, lo and behold the launcher launched and the game screen appeared on the Thunderbolt display, using the XFX GPU. Interesting! It would seem you need something plugged into the GPU like another monitor or a dummy HDMI dongle for it to haul the video back to the eGPU and back over Thunderbolt.

Unfortunately this takes a performance hit. With the high end Sildur shader the best I could do was around 30 FPS in MC. So I’m back to using slightly less fancy until I can buy a new monitor that has HDMI or DisplayPort on it so I can plug directly into the eGPU.

Update: I bought a Dell 4k display and plugged it directly into the eGPU. Life is grand again, and the display is way more sharp than the trusty old Thunderbolt display.

Admittedly it’s been a few months since I’ve taken a walk around the neighborhood, but I noticed for the first time people around here don’t go out of their way to avoid each other on the sidewalk. Ever since covid started people on their daily walks would brutally social distance outside, either darting off into the bike lane, walk off into the grass, or even onto the side of the street to avoid oncoming pedestrians or overtake somebody else. This happened well into 2021, both in the neighborhood sidewalks but also the park here. I haven’t noticed it so much in downtown areas like San Jose or Santana Row, everyone has been quite happy to congregate for quite a while.

Last summer after peak covid, I ballooned up to 224 pounds. I saw a photo of me at a cookout and I had a definite belly which really motivated me to do something. It was starting to affect my sleep as I’d have to start rolling over to sleep on my sides, because laying on my back was uncomfortable. A couple of my buddies had just started either a keto or paleo diet and after hearing what they were doing it didn’t sound so terrible. I love me some meat and cheese so I started trying to do a keto diet in July.

I quickly realized unless I cooked at home I couldn’t get in enough protein to go completely zero carb. At the end of the first week I felt so hungry no matter how many cheese sticks, beef jerky, or pork cracklins I ate it didn’t help, I had to run to In n Out for a burger. I improvised a bit and cut out all the carbs I could, no pasta, no pizza, no fries, virtually no bread, no candy, no beer, no breaded meats, and went for BBQ brisket, steak, pulled chicken, hot links, and drank only Diet Coke / coffee / tea. Instead of beer my drink of choice was rum and diet soda which had surprisingly few calories, yet very tasty. I lived on In-n-Out 3 x 3s and Flying Dutchmans on the weekends which certainly got me protein and fat. Eventually the hunger calmed down and while sometimes I felt hunger it was easier to ignore, much unless the first week. Admittedly I was very lazy and did not hit the gym at all so I probably could have lost it a lot quicker if I was active.

A pound here, a pound there the weight started coming off. I plateaued at 201-203 around the holidays, but finally hit 199 this weekend. I’ve now basically gotten rid of my covid weight and back at the weight I was at when I was going rucking in the summer of 2020 to originally lose weight. I’d love to get back to 180 again, we’ll see.

It was rather amazing to realize just how much carbohydrates we eat out of convenience. Hit the convenience store, potato chips and a soda? carbs. candy? carbs. Fast food, burger bun? carbs. french fries? carbs. Breakfast? pancakes, toast, biscuits, waffles, potatoes, oatmeal, cereal, juice? all carbs. It also turns out carbs are really cheap compared to only eating proteins, my cost per meal went up a good amount during all of this.

Dreams are weird and so personal that they’re useless to try to describe to somebody else. I seem to have three recurring dreams that happen occasionally and they’re kind of fascinating to me.

One is where I imagine my iPhone bending and breaking up. Like it starts off as a couple of hairline cracks through the front/back glass, maybe a defined bend where I carried it in my back pocket and sat on it. As time goes on more cracks appear and the shell starts to come completely apart and feels like a melted candy bar, to a point it looks like it got ran over by a car, and have to gently press bits of the phone together where it still works. Most interesting about this dream is that I’ve realized when my phone starts coming apart (I’ve never sat on my phone and bent it IRL) I know I’m in a dream and can either try to wake myself up or play with some lucid dreaming.

A second related one is that while trying to use a phone/computer/tablet I can’t type and/or the UI gets messed up. Most commonly I’m trying to type in something and the output isn’t what I want, like I’m hitting the wrong keys repeatedly or the auto-correct has gone way crazy. I’ll try over and over and think I wind up waking up from frustration. Or, I try to wake up my phone and there’s constant ads I have to click through even to get to the home screen. Or, I try to take a photo and the phone decides to auto-crop on a particular subject instead of the entire scene like I want. Those are the frustrating ones.

Lastly is a dream of this posh apartment. It has wooden roman columns out on the front porch, brick exterior walls, and a nice interior. The kitchen has a bunch of boxes piled up around it because I don’t cook much and haven’t gotten around to unpacking my cookware (this is something I’d do IRL). Nothing of particular interest happens here. Occasionally I’ve moved to another apartment and a month later remember I haven’t cleaned this unit out of all my property so I have to go pack it up. This dream apartment feels so strongly familiar I’ve actually woken up in the middle of the night and seriously had to think about every address I’ve lived at to try to remember where this place was, and finally realize I have in fact never lived anywhere remotely like this.

Finally got around to getting my covid booster. Holy crap, the side effects were even worse than the 2nd dose. Hours of chills and shaking, inability to sleep, then a fever all day where I soaked anything I was wearing or laying on, then body aches and stomach cramps. Today I feel like I got hit by a truck, but much better than yesterday. This better last me a while!

TL;DR it’s SHA1 with no newline

We wanted to create off-line templates for our Netgear SmartManaged switches (which runs a blatant IOS CLI ripoff), but needed a way to generate the encrypted password hash from a given plaintext password:

username test password test
-to-
username test password encrypted a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

For the life of me I couldn’t figure out what algorithm they used, it wasn’t an obvious salted hash (lack of $x$saltsalt$ prefix) nor was it the old style Cisco MD5 mechanism. Wasn’t SHA256 either.  It’s 40 characters long, consisting of [a-z0-9] which looked like a hex representation of something. Frantic googling wasn’t helping me, nor the myriad of various password generators.

I was at my wits end and was about to post on r/networking (yay talking to rubber duckies) about it when I decided to go back at the list of algorithms I tried and wondered if we tried SHA1 with no line return like I had seen in some examples. That worked:

bwann@basic76:~$ echo -n "test" | openssl sha1
(stdin)= a94a8fe5ccb19ba61c4c0873d391e987982fbbd3