Old glory

I was going through my articles I have collected over the years and found this little gem. The author is unknown.


I AM THE FLAG OF THE
UNITED STATES OF AMERICA

I am the flag of the United States of America.
My name is Old Glory.
I fly atop the world’s tallest buildings.
I stand watch in America’s halls of justice.
I fly majestically over institutions of learning.
I stand guard with power in the world.
Look up and see me.

Continue reading Old glory

Settling in

It has been a month and a half since we moved, and we finally are on a set schedule. The girls have started school, all boxes are unpacked, our house in California closed escrow, and we have successfully adjusted to the CST time zone.

It always amazes me how much God has blessed my family. We are all in good health, we are debt free, we have a roof over our head, and we have food to eat. I can attribute this all to God as I have no control over my health, I am horrible when it comes to big financial matters (such as retirement savings, stock trading, etc.), and I am not the best at selecting the best food choices for myself. It is only through God’s providential guidance that I am in the state I am.

I have been able to go fishing twice since arriving. As a result, I caught 2 fish. Neither were big enough to keep, but it was a great experience to enjoy. It seems the best fishing out here is on a lake. As a result, one needs a boat to get to the middle of the lake. This has caused me to research fishing kayaks. It is doubtful I will get one for the 2017 season, but if I save enough money, I can definitely get one for the 2018 season 🙂

Being a bi-vocational Assistant Pastor is rather weird. It is a role I have not experienced for too long, but I am very excited for what God has in store. Since being here in Duluth, I have been able to share the gospel with several people and see one make a profession for Christ. It was neat to see the “lightbulb” appear when he understood that Jesus came to do all the work of salvation for us and that salvation is not dependent upon our good works or how we live. It is very sad that many people are trapped in the religion of Catholicism, Lutheranism, and Atheism that they fail to see who Jesus is, why he came, and how we can experience life through a relationship with Him.

I am very thankful I can have a second job which is remote work and allows me to be in the tech industry. I like working with bleeding edge software such as Docker, Kubernetes, Puppet, and the like. It also allows me to scratch the itch I have with the nerdy side of tech – coding. I have been able to maintain a legacy PHP app while develop some in NodeJS and Go. Mostly I have been sharing cool things about Github, build pipelines, and the philosophy of “Let the robots do it.”

My coffee survival habit has been amplified by the purchase of a Ninja coffee maker last Amazon Prime day. I was not able to use it until we moved here and I am quite satisfied with how it makes iced coffee. It also gave me a recipe which I have been following for my daily iced coffee – it requires half and half with a few ounces of flavored syrup. I think this is the best approach for iced coffee.

Moving Adventures Part 2

(Note: This guest post is from my wife, Nicole. These are the events that happened July 25th, 2017.)

After 6 hours of rest, we awakened rested (somewhat) and ready to resume our journey. Morning was fairly uneventful, and we were back on the road by 9. As we were fueling up, we realized that Clark’s cup (which he went to bed with) was accidentally left somewhere amid the sheets despite going through the room 2-3 times. No worries! Remembered that were had brought 2 extra sippy cups 😀

As we merged on the I-76 we spotted what we believe to be our moving van. Too funny! The day before we’d seen the same truck as we left Barstow. At least we know our belongings should arrive by Friday, lol! An hour into our drive, all the kids except Mollie fell asleep.

Thankfully, the next leg of our journey was fairly uneventful, and we were able to stop for lunch in Kearney by 2:45. Other then an icky diaper and ordering the wrong sandwich for Andrew, lunch was quite pleasant. In fact, Jake ate more than Clark or Meg! Thanks to everyone’s prayers, the children were very well behaved as we made our way to the next stop–Des Moine.

For the next 3.5 hours: played with toys, watched cartoons, and slept (praise the Lord!!). Seems whenever we’re close to our destination one of the younger three decides they’ve had it and begins to fuss. Thankfully, Clark perks up with food or cars, and Jake loves snacks and playing with random items (wipes bucket, water bottle, thermos,  favorite afghan etc.). As a reward, hoping to get a little pool time at the hotel. So thankful we’re only driving 5 hours tomorrow and going to get a good 2 hour break at the Mall of America!

Moving Adventures Part 1

(Note: This guest post is from my wife, Nicole. These are the events that happened July 24th, 2017.)

Well, after 4 hours of sleep, we woke and were on the road by 5. Forgot one little detail… taking girls to the restroom before we left. When we reached Adelanto, Mollie said she had to go the bathroom. Pulled in to the first gas station we saw and wouldn’t you know it, the restrooms were both out of order 😣 Bought a potty seat for emergencies such as this.

In the mean time, Meg decided she wanted to get dressed. Dressed the girls and was handing out the snack when Jake gagged himself and threw up the banana I just fed him! Cleaned him up, scrounged around to find the clothes I’d stuffed in our overloaded van. A 10 minute stop took 30 minutes 🐢

Back on the road! Fortunately, despite a quick run through McDonald’s, we reached St. George, Utah by noon. As we unloaded the car, we spent 10 minutes in 107° weather looking for Mollie’s shoe and 3 elusive crayons. Finally decided to look when we returned from lunch and have Mollie ride in the shopping cart with one shoe.

Took Jake out of the car only to discover he’d blown out his diaper! He didn’t want to be changed because his poor rear is so irritated. Think the ladies in the Costco restroom thought I was crazy as I held down a squirmy, stinky baby. Once he was changed, I took the girls to the restroom and heard someone commenting on the smell in the bathroom! Way to go baby boy!!

Returned to the van and spent another 10 minutes finding the lost flip flop and crayons. Between the puke and diaper blowout, we’d nearly used our stash of wipes. So had to run to Walmart of course! Back to the road!

Thankfully the kids played quietly with their aqua doodle pads, and the girls fell asleep 😴 Just as Jake was starting to fuss, we passed through a rainstorm, and the boys stared out the window awestruck. Rain is discovered (by the way, the storm cleaned our windshield better than the Lancaster Cruz Thru)!

Things went fairly well for the next few hours. Kids napped and ate dinner at Wendy’s. About 20 minutes into the home stretch, I heard a noise any mother learns to dread–Clark was about to spew. Managed to get most of his dinner in the plastic bag I’d brought for such emergencies. After a quick clean up job, we were back in business. Five minutes later though, we had to stop again because we suspected Jake had dirtied his diaper. False alarm!

Why is it the last 100 miles of any trip seems the longest. After hitting a few construction spots, we finally pulled into Denver at midnight. Sadly, kids who are awakened at midnight are not exactly pleasant. Mollie did okay, but Meg is a bear whenever her sleep’s interrupted. Clark perked up a bit as we trekked across the parking lot. Once we reached the unfamiliar hotel room, however, he started crying that he wanted out of the room! Andrew left me with the three younger ones while he and Mollie retrieved our luggage. In the mean time, Jake’s full diaper leaked out onto my shirt. Andrew hadn’t returned so I quickly stripped Jake down and threw him into the tub. At which point Jake joined the crying chorus 😮 I half expected the manager to come throw us out any minute with all the ruckus we were causing.

Andrew finally came with the luggage (except for the toiletries bag but that’s another story). Prepared for bed and let the kids watch a little episode of Daniel Tiger’s Neighborhood before settling in for a few hours of much needed rest!

Leaving California

Today marks the first day in over 29 years where I am no longer a resident of the great state of California. No longer will iscaliforniaonfire.com be relevant to me or my family! With all changes to life there are some good things and bad things with every major life decision.

From the move, I will miss the following:

  • In-n-Out burgers
  • Nearby family members
  • Lancaster Baptist Church

However, I will not miss the following:

  • 100 degree weather
  • California driving
  • Smog
  • Time Warner Cable

I am also super pumped about these:

  • More fishing opportunities
  • Snow
  • A new ISP
  • Dunkin donuts

Autosign Puppet certificates on AWS

Let’s face it, Puppet’s method of certificates is a pain and huge administration overkill if done manually. Thankfully, puppet has designed several methods of auto-signing certificates. One of which is via crafting a special certificate signing request and verifying the certificate signing request is genuine.

On the puppet master

Apply the following code on your puppet master. This will set up the autosign script which will verify your custom certificate signing request. If the CSR is genuine, the puppet master will sign the certificate.

  service { 'puppetserver':
    ensure => running,
    enable => true,
  }

# The file must have execute permissions
# The master will trigger this as `/etc/puppetlabs/puppet/autosign.sh FQDN`
  file { '/etc/puppetlabs/puppet/autosign.sh':
    ensure  => file,
    mode    => '0750',
    owner   => 'puppet',
    group   => 'puppet',
    content => '#!/bin/bash
HOST=$1
openssl req -noout -text -in "/etc/puppetlabs/puppet/ssl/ca/requests/$HOST.pem" | grep pi0jzq9qmabtnTa8KfkBs2z5rQZ3vZsa',
  }

# This sets up the required ini setting and restarts the puppet master service
  ini_setting {'autosign nodes':
    ensure  => present,
    path    => '/etc/puppetlabs/puppet/puppet.conf',
    section => 'master',
    setting => 'autosign',
    value   => '/etc/puppetlabs/puppet/autosign.sh',
    notify  => Service['puppetserver'],
    require => File['/etc/puppetlabs/puppet/autosign.sh']
  }

On the agents

With our puppet master ready to go, we need to set up our agents to generate the custom certificate request. This can be done by editing /etc/puppetlabs/puppet/csr_attributes.yaml before running puppet with the following content:

custom_attributes:
    1.2.840.113549.1.9.7: pi0jzq9qmabtnTa8KfkBs2z5rQZ3vZsa
extension_requests:
    pp_instance_id: $(curl -s http://169.254.169.254/latest/meta-data/instance-id)
    pp_image_name:  $(curl -s http://169.254.169.254/latest/meta-data/ami-id)

Note: The 1.2.840.113549.1.9.7 value must match the item you are grepping for in the autosigning request. This specific value in the certificate is reserved for purposes such as this.

Execution

With everything in place, the way to execute this successfully is to pass in the below as the userdata script when creating an EC2 instance:

#!/bin/sh
if [ ! -d /etc/puppetlabs/puppet ]; then
   mkdir /etc/puppetlabs/puppet
fi
cat > /etc/puppetlabs/puppet/csr_attributes.yaml << YAML
custom_attributes:
    1.2.840.113549.1.9.7: pi0jzq9qmabtnTa8KfkBs2z5rQZ3vZsa
extension_requests:
    pp_instance_id: $(curl -s http://169.254.169.254/latest/meta-data/instance-id)
    pp_image_name:  $(curl -s http://169.254.169.254/latest/meta-data/ami-id)
YAML

An alternative method is to create a custom AMI (especially for auto-scaling groups). I use the below puppet code to create my golden AMI.

  cron { 'run aws_cert at reboot':
    command => '/aws_cert.sh',
    user    => 'root',
    special => 'reboot',
    require => File['/aws_cert.sh'],
  }

  file { '/aws_cert.sh':
    ensure  => file,
    mode    => '0755',
    content => '#!/bin/sh
if [ ! -d /etc/puppetlabs/puppet ]; then
   mkdir /etc/puppetlabs/puppet
fi
cat > /etc/puppetlabs/puppet/csr_attributes.yaml << YAML 
custom_attributes: 
  1.2.840.113549.1.9.7: pi0jzq9qmabtnTa8KfkBs2z5rQZ3vZsa 
extension_requests: 
  pp_instance_id: $(curl -s http://169.254.169.254/latest/meta-data/instance-id) 
  pp_image_name: $(curl -s http://169.254.169.254/latest/meta-data/ami-id) 
YAML 

export CERTNAME="aws-node_name-`date +%s`" 

/opt/puppetlabs/bin/puppet apply -e "ini_setting {\"certname\": \ ensure => present, \
  path => \"/etc/puppetlabs/puppet/puppet.conf\", \
  section => \"main\", \
  setting => \"certname\", \
  value   => $CERTNAME, \
  }"

/opt/puppetlabs/bin/puppet agent -t -w 5',
  }

My tablet history and Kindle Fire (7th Gen) review

My first tablet was an Acer A500 which ran Honeycomb (Android 3.0). I used that laptop for everything – reading, pictures, studying, and using it to project games in the children’s class I taught at the time. It was used more than my laptop, phone, and desktop combined. It served its purpose until my wife accidentally knocked it off the kitchen counter (it was laying flat) and it got a huge dent. It never was the same after that incident. I eventually got rid of it after it no longer held a charge due to the damage it received. 

The next tablet I purchased was a Kindle fire 2nd gen which I gave to my wife and borrowed it when needed. Life was great. Then, as a reward for good behavior, we let our children play the games and apps we purchased on the Kindle. Our children are so well behaved (thanks to some awesome parentig tips we received in our Adult Bible Class at church) that my wife no longer had enough Kindle time to do her reading. This is when I bought her a 5th gen Kindle fire. The difference between versions impressed me. I liked the thinner design and the new UI was very intriguing. I made a determination if I ever wanted a new tablet I would get myself a Kindle fire. (I was not in the market for one as I was a happy 6 inch phablet user.)

Recently, I have had a desire to reduce my reading list by actually reading the books. At first I tried reading from my phablet, but alas, a 6inch screen is not ideal for reading large amounts of text – even if you have a high DPI phone such as my Google Nexus 6. This has led me to purchase a Kindle fire 7th gen which was released on June 7th 2017.

It has the same intriguing design as the 5th gen device, but has better battery life and more external storage capacity. When I first unboxed and turned on the device, I was happy at how little I had to do to get my new Kindle operational. After 10 minutes of using Kindle fire OS (which is just Android without Google), I quickly realized just how attached I am to Google services. Most of my daily use apps – such as Dropbox and JuiceSSH – were not available. Did I make a mistake buying this $70 device (+$30 case and $9 tax)? Thankfully, there is an alternative and it works quite well – it doesn’t even require rooting your device either!

Wow, after installing the four apps, running a Google play services update, and downloading my needed apps, I am really enjoying my Kindle fire 7th gen! Everything is working as expected; albeit, I have to wait a few milliseconds longer over my phablet to do common tasks. The screen size is perfect, the weight and style is also perfect, and I was able to be different and get a yellow one. (My wife has blue, black is the color I usually get, and red seemed too plastic.)

Moving to Desktop GNU/Linux from Windows/Mac

There are many curious individuals who tinker with GNU/Linux as a Server OS and want to experience what it is like as a Desktop OS. The switch is often hindered by two obstacles:

  1. Some daily use programs are not available. (i.e. Photoshop, iTunes, etc.)
  2. The unknown of what to do if something goes wrong or what do I do to get my 3d graphics driver installed and working.

While these are valid reasons and definitely show stoppers for some, others can safely migrate to GNU/Linux.

The obstacle of programs

I like Krita as an alternative to Photoshop. The menu options are nearly the same and I do not have to install a silly theme (like I have to do in Gimp) or re-learn photo editing just to recognize where everything is at. I have successfully installed Photoshop CS4 with wine without any issues, but Krita is more featured than CS4. Darktable is also a good alternative to Photoshop RAW/bridge.

Rhythmbox connects to iPhones/iPods the same way as iTunes does, but without the store. iTunes does run on a recent version of wine quite well. Some might also want to check out Clementine.

Most every program has an alternative. Alternatives can be found via alternativeto.net or software recommendations on StackExchange.

The unknown obstacles

To use GNU/Linux successfully as the primary Desktop OS, in my opinion, one must have a desktop with worthy hardware. I consider myself an AMD guy. I like the price for performance and I rarely do CPU intensive tasks on my desktop. When AMD bought ATI, I was also happy as ATI was my favorite graphics card. Unfortunately, most Desktop GNU/Linux users are developers and need that extra performance. They have desktop workstations that have Nvidia graphics cards in them with Intel CPUs. You will often find that Desktop GNU/Linux performs better, is easier to use, and has more tutorials for Nvidia graphics cards and how to get them working.

Captive Portal Overview

I originally authored this on Aug 16, 2016 at http://unix.stackexchange.com. Considering my tutorial did not include an overview, I thought I would re-post it on my blog.


To make a captive portal appear, you need to stop all internet traffic and provide a 302 redirectto the client’s browser. To do this, you need to have a firewall (like iptables) redirect all traffic to a webserver (like nginxapache, etc) where the webserver responds with a 302 redirect to the url of your login page.

I have written a lengthy article on how to do this with a Raspberry Pi. It basically boils down to the iptables block/redirect to webserver:

iptables -t nat -A wlan0_Unknown -p tcp --dport 80 -j DNAT --to-destination 192.168.24.1

and then the webserver (nginx) redirecting to the login page:

# For iOS
if ($http_user_agent ~* (CaptiveNetworkSupport) ) {
    return 302 http://hotspot.localnet/hotspot.html;
}

# For others
location / {
    return 302 http://hotspot.localnet/;
}

iOS has to be difficult in that it needs the WISP settings. hotspot.html contents are as follows:

<!--
<?xml version="1.0" encoding="UTF-8"?>
<WISPAccessGatewayParam xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.wballiance.net/wispr_2_0.xsd">
<Redirect>
<MessageType>100</MessageType>
<ResponseCode>0</ResponseCode>
<VersionHigh>2.0</VersionHigh>
<VersionLow>1.0</VersionLow>
<AccessProcedure>1.0</AccessProcedure>
<AccessLocation>Andrew Wippler is awesome</AccessLocation>
<LocationName>MyOpenAP</LocationName>
<LoginURL>http://hotspot.localnet/</LoginURL>
</Redirect>
</WISPAccessGatewayParam>
-->

Tupperware announces new container platform

Today, in a surprise move into technology, Tupperware has released a new container platform competing with Docker and rkt. Tupperware’s new platform – named Bowl – has been in alpha for the past 6 months, but now has achieved public beta status.

Tupperware party
Early photograph of a Tupperware party. This announcement was made at a similar one.

What’s unique about Bowl is that it introduces a new concept to containers – Lids. A Lid goes neatly on top of the container and seals the contents from evil doers and prevents bad code from escaping. Bowls, due to their circular shape, require burping the attached Lid. This burping maneuver was demonstrated live to the audience and was described as a method to keep the containerized application fresh across hybrid clouds. With Burping, no longer do we have to worry about our code going stale inside of the container.

Unlike other containers, when done with a Bowl, they go through a cleaning cycle and are available for reuse immediately or stacked in a cupboard for later. Lids, associated with Bowls, are placed underneath to keep the associated roles in relative proximity. Unlike some deployments which require planetary alignment, Bowl comes in several predetermined sizes which negate this prerequisite. If for some reason your code does not fit in a Bowl size, multiple Bowls can be used. This feature instantly transforms your monolith application into a microservice architecture – all without refactoring your workflow!

Bowl will be showcased in global parties as early as next week, but preview respondents have come across with the following remarks about Bowl:

It is so good that Tupperware has launched into the tech business. Tupperware already has such a good influence on minority groups and bringing an interest of tech to them is really a great idea.

Joan P

This isn’t your grandma’s container technology.

Jon S

I was surprised how well Bowl stacked up to the challenge.

Andrew B

And when you’re done, it doubles as a barber aid!

Rob N

This is exactly the kind of container I was looking for – Lightweight, secure, reusable, and dishwasher safe.

Chris B

Bowl is expected to integrate nicely with Kubernetes 1.8 which is due out next year.

Captive Portal Restaurant Menu

I have been contacted several times in regards to my captive portal post. In India there seems to be a surge in popularity for restaurants to have an open WiFi that prompts a user to open up a menu/splash page. The caveat being the legal issues encountered when providing free, open wireless internet. In order to avoid legal issues, the device that broadcasts must be disconnected from the internet. Although I am curious if just blocking internet access for those connecting is enough. 

It seems like an interesting issue to tackle, but I think creating something out of a WiFi captive portal would be like hammering a square peg through a round hole. It might work (if given enough time and effort), but in the end, it is probably not the right tool for the job.

While writing this post, I was reminded how Google appears to be tackling this problem. On my Android phone, I let the NSA spy on my whereabouts by enabling location services. It also lets my wife pinpoint where I am physically located. With it enabled, I can visit most shops in my area and get a Google maps prompt with the business information, reviews, and a few pictures. (Side note: if you appear in court over a childish/dumb action, you validate the judge’s decision when you post a negative review of the court house. Also please do not butcher the English language when trying to review places.)

Utilizing GPS location as well as having an app that provides the information seems like the best route to go in this circumstance. An alternative would be to have an app with WiFi credentials hardcoded in, listen for when a WiFi connection is made, check to see if it matches a predefined SSID, and attempt to communicate with a local app server to process data. Of course doing something like that is outside the scope of my tutorials.

Jumping the ship on Evernote

I am a long time user of Evernote. Currently it has the best browser extensions, a wide range of supported operating systems, and it has a free tier; however, I am getting frustrated with it. In the past year, they have changed plans twice – now the free tier is only supported on 2 platforms. This has cost me to re-evaluate my use of Evernote. Lately all I have been using Evernote for is to sync a grocery list between devices and keeping my children’s memories in one location – their sayings, artwork, etc. In the past I also used it for note taking, article saving, and inputting ideas. I have also seriously considered buying a subscription just so I can continue uninterrupted.

While this may be a rant about a free user using a free service, I contribute to the monitization of their service by the viewing of advertisements. The free tier limits (except for maximum devices) are adequate for my occasional use and probably have cost Evernote around $3 total in the past several years. The valuation Evernote has placed on their second-level tier ($35/year) is much higher than I value it (~$12/year). While I may not be able to set the price on what Evernote costs, I can put a price on what I am willing to pay for a simple note service.

A recent article on opensource.com opened my eyes to looking at note taking alternatives. I was surprised at how mature Paperwork was; however, it contained one simple flaw that throws my grocery list experience out the window – no checkbox option. This caused me to evaluate Google Keep – yes, has check boxes, but functions more like sticky notes. Then I remembered Atlassian’s confluence has checkboxes. Their paid version is $10 for up to ten users (per year if it self hosted, monthly if in the cloud). This fits my budget, I can create grocery lists, take notes, and create notebooks/spaces. While I have not switched away yet, confluence seems like a viable option as I already have an always-on home server.

I do not use the kuerig – here is why…

The kuerig device is a visually pleasing design. It appears to belong in the modern kitchen. A few months ago, I was given a kuerig first generation with a reusable filter and used it as my primary coffee consumption device. It gave me a sense of faster coffee delivery in the morning – I was happy until I discovered these flaws:

Flaw #1 – I spent more time making coffee than with a drip machine.

While it had a reservoir of water, that only lasted for about 6 tall glasses of coffee. I would have to switch out the K cup if I wanted a cup in the morning and one to take with – very common thing for me to do. This led me to another flaw.

Flaw #2 – the kuerig is designed for casual coffee drinkers.

By casual I mean 3-6 cups a month. Even with a refillable K cup, I was spending twice the amount on coffee and found myself adding 5 minutes to my normal routine just for use of the kuerig.

Flaw #3 – coffee dust

The coffee ground too much in store bought K cups and my refillable K cup often found itself in the bottom of my glass. This was disgusting and I could not stand throwing away the last sip of coffee because it had coffee dust at the bottom. To combat this, I had to cut filters in the shape of my K cup.

After 2 months of trouble with the kuerig, I got frustrated with drinking coffee. What was designed to be a pleasant, easy experience in making coffee turned out to be painful, time consuming, and more expensive. I evaluated my habit with the kuerig and found I was doing the same exact items with my old drip system, but spent more time affixing it to the kuerig. Once I realized that, I switched back to my old ways, sold the kuerig and bought more coffee with the money.

Debugging PHP web applications

In 2017, this topic seems a little dated and will probably not get me an opportunity to speak at a conference. While all of the elite programmers, cool kids, and CS grads are talking languages such as Go and Erlang – how to do tracing, performance testing, and the like – it seems very juvenile for me to write about PHP.

PHP is a language made specifically for the web. It is the first web language I learned after HTML 4/CSS. I learned it because it was easy. The syntax was easy, the variables – easy, running it – easy; however, when something broke, it was difficult as a beginner to troubleshoot. I would spend several hours looking at the code I just wrote only to find out I missed a semicolon or quote. This post is several things I wish I knew when I started with PHP. Continue reading Debugging PHP web applications

Few posts in the works

I have not posted in a few weeks. This was mainly due to getting a rest from posting every week of 2016! I have a few posts coming in the next few weeks. The first one will be about debugging PHP applications. The second one will be deploying a high availability MySQL cluster – what it looked like 10 years ago, and what it will look like 10 years from now. (HINT: Kubernetes + GlusterFS 😉 )