Thursday, August 2, 2018

I think David fell down

To celebrate my kids both having their wisdom teeth removed this morning, I'll share a "story" from my childhood.

My brother had his wisdom teeth removed when he was in high school.  After the removal (which I won't call a surgery since our dentist did it, with Novocaine and nitrous oxide for anesthesia),  David was recuperating at home.

He was walking down the hall and he fell to the floor.  I was standing nearby, and saw him fall over.  I stood their dumbfounded while he moaned.  From another room, my mom asked what the noise was.

Staring at my brother prone on the floor, I answered, "I think David fell down."  In retrospect, I am pretty certain that he had fallen, since I watched it happen.  But apparently I wasn't confident then, so I conditioned my response with "I think...".

Kids are weird.  Or, I am weird.  Not sure which is relevant in this case.

Friday, August 25, 2017

How to run Linux under FreeBSD 11.1 using Xen

I am interested in trying out different operating systems, but don't have the hardware to dedicate to playing around.  VirtualBox has worked well on my Windows system, but I haven't invested the time to make it work on FreeBSD.  When I saw that FreeBSD 11 now works as a dom0 system with Xen, I thought I'd give it a try.  I had some frustrations, and almost gave up, but I gave it one more try today and had some success.

Here are my notes on how I got to this point, and perhaps they will help you.

I am running:
FreeBSD 11.1-RELEASE-p1 FreeBSD 11.1-RELEASE-p1 #0: Wed Aug  9 11:55:48 UTC 2017  amd64

Step 0: Read the FreeBSD Handbook section on Xen. It is mostly the way to go.

Step 1: Install xen with "pkg install xen".  This installed Xen 4.7.0_2.  Also, you'll need a VNC viewer, which I got via "pkg install tightvnc".

Step 2: Add entries to /boot/loader.conf:
  • xen_kernel="/boot/xen"
  • xen_cmdline="dom0_mem=8192M dom0_max_vcpus=4 dom0pvh=1 console=com1,vga com1=115200,8n1 guest_loglvl=all loglvl=all
Notes: Tune at least the memory and number of cores.  I don't know if all that console stuff is doing anything, but I left it there from the Handbook.

Step 3: Add settings to /etc/rc.conf:
  • xencommons_enable="YES"
  • cloned_interfaces="lo1 bridge0 tap0"
  • autobridge_interface="bridge0"
  • autobridge_bridge0="re1"
  • ifconfig_bridge0="addm re1 up SYNCDHCP"
Notes: My xen setup requires bridge0 and tap0; lo1 is used by something else (openvpn?), so I combined two lines.  re1 is my internal network interface, which has a DHCPd server managing it.  I'm not certain that the "autobridge" lines are doing anything, so I added that ifconfig_bridge0 line to force things.

Step 4: Reboot.  Your system will automatically load the xen kernel.  During boot, you won't see most of the normal FreeBSD boot stuff.  Also, if you look in the boot loader (by hitting 6), it will make you think that Xen isn't loaded by default, but it is.

Step 5: Create your domU config file.  Here's one that works for me. The Handbook uses disk settings that Linux doesn't seem to like, so notice that I'm using a file instead of a dev ZFS filesystem. Marcin Cieslak suggested adding the "xen_platform_pci=0" which appears to be critical (thanks!). Without it, the booting process takes a long time and then fails.
builder = "hvm"
name = "xen-mint"
memory = 2048
vcpus = 2
vif = [ 'bridge=bridge0' ]
disk = [ '/pool/Virtual/xen/mint.drv,raw,hda,rw', '/pool/Downloads/linuxmint-18.2-cinnamon-64bit.iso,raw,hdc:cdrom,r' ]
vnc = 1
vnclisten = ""
serial = "pty"
usbdevice = ['tablet']
Step 6: Create the disk file (and probably adjust the path to it in the above config file).  I made mine 20 GB.
dd if=/dev/zero of=/pool/Virtual/xen/mint.drv bs=1G count=20

Step 7: Download the installer ISO for the operating system you want to use.  As you can see, I'm trying Linux Mint here.  Change the disk line to where ever you have stored the ISO.

Step 8: Boot the virtual system.
xl create /path/to/config.file
If the command returns with no messages, congratulations!  Your virtual operating system is running.  If there were errors, you'll have to fix them before continuing.  I had a bunch of networking issues, such as bridge0 not existing, and tap0 not existing.

Step 9:  Watch your OS boot and then do the install, using VNC.  If you don't have X Windows working, I think you might be hosed; I couldn't get console stuff (via xl console #) to do anything useful.
vncviewer &
During the boot, vncviewer exits when the size of the virtual screen changes, due to changing video modes or whatever. When that happens, just run the vncviewer command again.  "vncviewer" works for accessing a second running domU.

After you've completed the install, you'll want to comment out the ISO line from the config file, to "eject" the install media.


  • The "usbdevice = ['tablet']" line should make the mouse follow the cursor well. However, on a FreeBSD 11 domU system, this kept the mouse from moving at all. Without it, the mouse and cursor were far apart, so it is mostly unusable with a GUI. So, at this point, my FreeBSD domU's are just terminals. 
  • Parrot Linux won't install for me, as it can't find a disk.
  • It appears that audio doesn't work in the domU's.  I haven't spent any time on that yet.
  • You have to be root to run the xl commands, so be root or add "sudo" as needed above.
  • Mint complains about "Running in software rendering mode".  To fix this in VirtualBox, you have to uninstall the Vbox add-ons, and then add them again.  I don't know what the comparable xen actions are.

Sunday, November 15, 2015

The Most Interesting Couple In The World

Good evening.  I’m James, and I've been trying to live vicariously through Andrew ****** for several decades. Why? I’ve come to the conclusion that Andrew is the most interesting man in the world.

We met in 1990, as we moved into our dorm as college freshmen and we quickly became close friends. This friendship is one of the best things that has ever happened to me.

Let me tell you a few things about Andrew that I think are interesting:

  • “Hi, my name’s Andrew” with a hand offered is a magic incantation that can open any door.
  • Andrew can name all the imperial admirals from the Empire Strikes Back.  
  • Andrew can climb rocks, as well as jump off rocks into lakes.  He knows how to set up my camping equipment much better than I do.
  • Andrew can tell you the tradeoffs in various computer architectures, and how best to virtualization computer systems.
  • Andrew has read the book you’re reading, and can tell you two others that you should read.
  • Once when we were meandering through a used bookstore, and I asked a question about Gandalf.  Without hesitation, he picked up a copy of a nearby book and turned straight to the page that explained about the wizards (or, rather the five Maiar spirits).
  • Andrew told a friend that the book Dune was based on a haiku.
  • Andrew tried to convince the dorm cafeteria that he should to walk around and dispense fresh pepper from a huge pepper grinder.
  • He had theories about the proper order to watch Star Wars before that was a thing on the internet.
  • He went through a phase where he talked about the tv show the OC a lot.
  • Andrew is an amazing cook. He made sure I got the Joy of Cooking, as it includes directions on skinning game.
  • He left his suburban enclave and quickly became a big city guy. I helped him move into his first place in the city, and I was worried for him. But he proved me very wrong.
  • Andrew taught me how to brunch like a professional, where the conversation “should be desultory and topical. Nothing serious should be discussed before the drinks come.” 
  • He knows more and can synthesize material to make fascinating observations about the world.

Things Andrew can’t do well?  Card games.  His joke delivery could use a little work.  I have seen Andrew make some terrible decisions, but I can honestly say they were interesting choices.

Another way that Andrew is interesting?  He gathers amazing people.  His call of, "Hey, you should come over" has led to great parties which I have many wonderful memories from, hanging out with interesting people and eating fabulous food.

On the recent bachelor trip to Zion, I got to meet some more of his friends.  Quickly, I was outmatched by the depth and breadth of knowledge of this crew.  How do Lean and Agile work together?  Some comparison between Thailand and Spain.  Something about wine.  Something about football strategy. The difference between a mini-scramble and a micro-scramble. Andrew has amazing friends.

I’ve always told my kids that they should strive to be interesting.  I'm proud that they get good grades, but I want them to them to be able to lead interesting conversations and combine disparate bits of information to make a new thought, and be funny and charming.  When I tell them to be interesting, what I’m actually telling them is to be like Andrew.

Now Andrew is married.

Some of us didn’t think he’d ever do it.  After all, he is very busy being interesting and living the dream.  Why would he make a dramatic change like this?  

The answer is clear.  Because, of course, he fell in love with the most interesting woman in the world.  Ameena, I raise a toast to you.  You are obviously amazing, and the two of you are wonderful together.

I wish you years of adventures and deep conversations and goofy grins.  And brunch.

Thursday, July 16, 2015

Tech Tip: Firefox, Pocket, and NoScript

Since the integration of Pocket directly into Firefox, I've noticed that when I save an article, the Pocket popup dialog has been blank.  I use the extension NoScript for security purposes, and I figured that was causing the trouble, as that is not an unusual of being a NoScript user.

Today, I dug into this a little more, and figured it out.  The solution is to whitelist "about:pocket-saved" in the NoScript options.

I hope this helps someone else!

Friday, August 2, 2013

Gymnastics: Pace, Mantilla revel in opportunities gymnastics provide

Posted: Friday, August 2, 2013 10:06 am | Updated: 10:30 am, Fri Aug 2, 2013.

Gymnastics: Pace, Mantilla revel in opportunities gymnastics provide

Sloane Pace and Louisa Mantilla know they will probably never be Olympic gymnasts — and that’s OK with them.

The tumbling twosome don’t do gymnastics for the medals or the accolades, they do it because there’s nothing in life they are more passionate about.

“I think it’s really fun and it’s a great opportunity because most kids don’t get to do it,” 13-year-old Mantilla said. “It’s a really great sport and you can have fun with it.”

Both Pace and Mantilla have been involved with gymnastics from a young age and have become USA Sports most senior competitive gymnasts at the Gilroy location. They have moved up through the levels of gymnastics since the Lawerence family took over the gym in 2008 and continue to train hard in order to keep progessing.

“I feel like it’s your reward (moving up a level in gymnastics),” 12-year-old Pace said. “All your hard work is paying off and you get this really great sense of accomplishment when you conquer the skills and get to move up.”

In Gilroy, the highest level a gymnast has reached is level 6 in the five years of having a competitive team. But in the Hollister location, gymnasts have reached the optional levels — levels that allow a gymnast to compete in state competitions — and have also gone on to compete at the college level.

One such gymnast is Taylor Lawerence, the daughter of owner Melinda Lawerence, who is currently on the Division I Brigham Young University cheering team.

“The most rewarding thing for me is seeing them (the gymnasts) grow,” Melinda Lawerence said. “With gymnastics, it’s hard to see results. You don’t see day-to-day results. You see monthly or six month results. ... I like to see them not know how to do anything, and then give this a chance and have confidence in something they would’ve never tried or dared to try before.”

Programs are open to both boys and girls who want to learn the different aspects of gymnastics as well participate in the gym’s total body conditioning program. Lawerence said that this type of conditioning is beneficial not just to gymnasts, but to any athlete looking to add more strength and flexibility to their game.

“It definitely keeps you in shape,” Pace said. “You’re constantly working and it’s a really difficult workout that you do. You need to eat healthy because if you don’t, you won’t be able to do the skills. You get mentally strong, too, from having to do all the hard skills that are sometimes scary. You have to build up the mental strength to be able to do it.”

While some use gymnastics as a transition into other sports such as cheerleading, Pace and Mantilla won’t be picking up pom pons any time soon. The pair will be entering high school soon but are grateful that both Gilroy and Christopher High Schools offer a gymnastics program where they can continue to compete and apply what they’ve learned at USA Sports at the high school level.

“We just want to keep moving up, keep progressing,” Mantilla said.

Tuesday, July 23, 2013

FreeBSD success: Block bruteforce ssh attacks, plus squid

I recently built a new FreeBSD server to replace my aging system.  This server acts as my firewall, dhcp server, does NAT, and now that I have lots more disk space, will be the local file server.  During the switchover, I decided to begin using OpenBSD packet filter pf which is one of the firewall options in FreeBSD.

I am still getting the hang of configuring pf, but I have been able to set it up to notice brute force attacks on my open services (e.g. ssh) and put those hosts on a blacklist.  This makes me happy, since my daily system report has always included pages and pages of attempted access to my system.

So I can always recreate my success when I inevitable mess it up later, this post documents how I did it.

First, you need to enable pf.  The FreeBSD handbook has the details.  That page also details what I'm talking about, so this post isn't even needed. :)

The relevant portions of  my pf.conf are something like:
# Services I offer to the world
ext_svc_tcp="{ ssh, ftp, http }"

table <bruteforce> persist
scrub in
nat on $ext_if from !($ext_if) -> ($ext_if:0)
# Filter Rules
block in
block quick from <bruteforce>
# Allow rules for services running on Tigger
pass in on $ext_if inet proto tcp from any to ($ext_if) port $ext_svc_tcp \
        flags S/SA keep state \
        (max-src-conn 50, max-src-conn-rate 10/5, \
        overload <bruteforce> flush global)
I'm not certain if the bruteforce table persists across reboots or reloading of the firewall, but I figure it should since the keyword persist is on the table definition.  Table lines can also have "file <path>" options, which might write it out to an editable file?

How do I know this is working?

# pfctl -t bruteforce -Tshow
No ALTQ support in kernel
ALTQ related functions disabled

I also am attempting to use squid to remove ads during web browsing. On desktop computers, I am very happy with Adblock Plus on Firefox, but it really bothers me that I am deluged with ads on my iPad and the like.  SquidGuard seems like the perfect addition to filter the ads, but, while I have configured it into the stream, it isn't blocking things I know it should.   However, I have had success with Upside-down-ternet.  The kids don't know what hit them. (I recommend using mogrify options "-flip -swirl 45".)

squid is automatically placed into all outgoing http requests by adding this line to pf.conf:
rdr pass on $int_if proto tcp to port http -> port 3129
and adding this to squid.conf, after rebuilding www/squid33 with TP_PF enabled:
http_port 3129 intercept

Monday, October 15, 2012

Gas Prices

Friday, August 17, 2012

Pace will race, after all

Pace will race, after all

Former top school board candidate changes mind, files for candidacy

Posted: Friday, August 10, 2012 10:54 am | Updated: 5:00 pm, Fri Aug 10, 2012.
The pool of candidates vying for one of four soon-to-be-vacant seats on the Gilroy Unified School District Board of Education grew as of of Thursday. James Pace, Director of Land Development for Pembrook Development in Morgan Hill and father of two children attending GUSD schools, filed for candidacy Thursday with the Santa Clara County Registrar of Voters. He now joins incumbents Mark Good, Fred Tovar and Pat Midtgaard, who will also run in the November election.
Pace, 39, made the final round of interviews alongside then candidate Pat Midtgaard, who was appointed over Pace in December 2011 to fill the vacant seat let by former trustee Francisco Dominguez.
After previously telling the Dispatch in July, “I don’t think the board position would be a good fit for my life right now,” Pace reconsidered his original position after attending an informational candidate session hosted by Board President Tom Bundros.
"I just went there to make sure someone good was running, and there was no one there," he said, referring to the absence of non-incumbent candidates. "So I decided I had to step up."
The former computer programmer has been involved with five school site committees, including the Rucker Elementary School Modernization Committee, serving as treasurer of the Rucker Elementary School Parent Club and chair of the Rucker School Site Council. Pace served for four years on the Measure P Bond Oversight Committee, and two years on the Superintendent Parent Advisory Committee.
Come fall, Pace will have one son attending Rucker and one daughter enrolled at Ascencion Solorsano Middle School.
"I think it's important that citizens take their government seriously," he said. "You gotta participate."
GUSD trustee Dom Payne cast the lone vote for Pace during December 2011 interviews. With a 5-1 vote, the school board appointed Midtgaard – a former GUSD board member who served from 2004 to 2008.
The deadline for non-incumbents to file for candidacy has been extended to next Wednesday, since GUSD trustee and former Board President Rhoda Bress has confirmed she will not be running again.
Four seats occupied by trustees Rhoda Bress, Mark Good, Fred Tovar and Pat Midtgaard will open up in November. Three of those seats are four-year terms; the other is a two-year term occupied by trustee Midtgaard.

Wednesday, May 16, 2012

Gifted and talented students have a wonderful opportunity to check out Rucker’s program

Dear Editor,
Gilroy Unified School District recently sent notification to students who qualify or may qualify for Gifted and Talented Education services next year. One of the options for GATE-certified children is to become part of Rucker Elementary’s self-contained GATE program.
Both my daughter and son transferred to Rucker to be part of this program, and I have been so impressed with the quality of the instruction and the depth of education they have received. I strongly recommend that all eligible families of incoming third through fifth grade students come out to the Rucker GATE Open House Monday evening, May 14, at 6:30PM to learn more about this phenomenal program.  Rucker is located at 325 Santa Clara Ave., near Masten Avenue and U.S. 101.
James Pace, Gilroy

Thursday, April 12, 2012

Another reason why I dislike AT&T

It's all my fault really.  Eleven year old don't really need phones, do they?  But, she was starting middle school, and her mother had said something that was interpreted as a promise.  So, she got a phone.  We bought an inexpensive feature phone with a slide out keyboard.  Those crazy kids, they sure do love to text.  We added the unlimited text plan, because we'd heard enough stories about pre-teens' runaway bills.  She did not have a data plan, because that's just dumb.  The phone was nice enough, and she picked out a case that she liked. 

She was very responsible with it. Mostly.  If it is turned on at school, it is taken away.  She never had her phone taken away.  She kept it charged on a makeshift stand.  She answered when we called; she texted us when she needed something.  She went to bed when we told her, and didn't text after lights out.  At least, not very often.

However, for as great as a gymnast as she is, she sure can be clumsy.  So, in hindsight, it seems inevitable.  We had investigated the insurance scam when we purchased it, but the $50 deductible and $5 per month fee seemed to not make any sense for a phone we'd paid $20 for.  Then, it happened.  We heard the distinctive crunch of electronics hitting wood -- hard wood.  Perhaps the "eco" part of the Samsung phone name is code for thin plastic.  The phone didn't survive this drop.  Well, that's not entirely true.  The back half seemed happy and ready to work its magic.  But the front half, the half with the number buttons and the screen -- that half was decidedly not happy.

Tears from the small one and anger from the big ones came.  Hope in the magic of the father with the electrical engineering background rose, then plummeted.  Where does this spring go? The phone was not going to survive.

Two years had not passed. One year had not passed.  A new phone was not going to come cheaply.

We searched for alternatives.  Google Voice on her iPod touch was  re-enabled.  We inventoried our phone collection.  The cheap-o old phone we had was around. Has anyone seen the charger? No? Well, look for it.  The charger couldn't be found. 

We are victims of Moore's Law; we have plenty not-quite-shiny toys around the house, gathering dust, and being used as futuristic props in the land of make believe.  Behold, a pile of old iPhones.  We've been good customers.  That is, we've spent a lot of money to have nice shiny toys for us that we pay a lot of money to use.  We're such good customers that we've learned that in corporate speak, "unlimited" means "has a limit," just as we had learned earlier that "nationwide coverage" means "may sometimes work where you live." 

Our options solidified: we could buy a crappy phone at full price or we could reuse an old phone that we have.  Is that even a choice?

The SIM card slid in with a satisfying click.  The newly charged phone began searching.   Network found.  Days old text messages arrived.  Joy!  Paranoid parents find and disable all settings that use data and 3G.  It's an iPhone when she's home on our wifi network, but when she's out in the wild, it's a phone.

Over the next weeks, she learns some of the reasons we'd upgraded.  The battery wasn't holding a charge well.  Deal with it.

Then, on a rainy spring morning, my email box receives a message from AT&T.  AT&T sends me many messages, most of which I archive.  I happened to read this one. 

A data plan is now enabled on her phone? Are you kidding me?  Yes, AT&T has a policy (everyone loves policies).  They spy on their network, which I suppose makes sense.  They noticed she is using an iPhone.  The policy says if you have a smartphone, you get a data plan.  But we're not using data!  They have a policy.  $30 per month (plus fees?) has been automatically added.

I am pulling the SIM card out of her iPhone.  She'll have to live without until I can find a handset. Oh, pulling the card isn't enough. They need to update the EME or IMI or something.

My father worked for various incarnations of AT&T for over 30 years.  They send him a check every month -- something called a "pension" that you can read about in the history books.  The first stock I ever owned was symbol T.  AT&T created Unix, the computer operating system that inspired me personally and professionally.  The C programming language.  The transistor.  Information theory.  The laser.  Legends Ritchie (I have a playing card signed by Dennis Ritchie, and you don't. I win.), Pike, Cheswick, Shannon and more worked there.   AT&T powered the best phone ever, first.  I really, really want to like AT&T.

But I don't.

Does anyone have an AT&T non-smart cell phone they aren't using?