Another year, another update, take 2024

The move to Scotland went about as well as could be hoped for. We’re unbelievably privileged to go through the process of emigration with one of us being a citizen already, and with (I try to say honestly and without undue attempt at bragging) a decently-sized cushion of money. It’s still a *massive* pain in the ass. Even everyday trivialities like driver licensing and paying taxes are an order of magnitude more complex than you’d expect or hope for.

It’s beautiful here, and I’m glad that we’re ~half way through the time needed to get the kids dual citizenship because it gives them an out if the US goes sour long term. I’m not sold on the UK. As an immigrant, every interaction with the british bureaucracy has had an air of “who the fuck are you?” and quite honestly I look around and reply “who the fuck are you to be asking?” I’m doing your English asses a *favor* by being here. This is no exaggeration; I pay more taxes than the average household gross income in this third rate excuse for a country that still thinks it has an empire and it’s dead obvious for anyone with a functioning brain that England thinks it’s king shit of this place over everyone else. The UK national covid stats reporting doesn’t even include Scotland! You have go looking through the Scot gov website for that. Scotland would be far better off as a smaller consitutional republic member of the EU instead of eating the table scraps England deigns to give it in the name of “union.” Some would call this arrogance, I call it “I have better options and I’m only here because my love thinks this is the best of them.”

Aside from everyone having covid right now and the UK being expensive and lame, things are actually going pretty well. The boys are, despite their best efforts, growing and learning, we’re happy most of the time, and things will evolve in due time. I really hope the election next week here ditches the idiot Tory brigade that have been infecting the UK since 2010 and that this November the US doesn’t make a hard u-turn into crazyland by reelecting that orange smear of human feces.

pc.o debian upgrade to 12/bookworm

I’m always a bit nervous kicking off remote server OS upgrades, but shoutout to the Debian team for making this another smooth one from 11/bullseye to 12/bookworm. The only quasi-glitch I encountered was that the apache php module wasn’t installed automatically during the upgrade, but that took all of 30 seconds to fix.

another year, another update

Well, it’s been an exciting year. One of my dearest friends passed away. I was diagnosed with diabetes not long after restarting prednisone post-transplant. Since last December, the cool startup job I got went away when we encountered funding difficulties in the second half of this year; I’ve taken a new job with a good team at a much larger and older enterprise (their cool startup days were in the mid-90s). We sold our awesome house and are in advanced stages of emigrating to the UK. Things are never quite what we’d planned or hoped for at the outset, but the journey continues and things are always better than we feared.

replacing the self-signed ssl cert on a TP-Link Omada OC200 Hardware Controller

Since TP-Link’s documentation is *awesome* for this (sarcasm alert), I thought I’d share what I finally figured out to get the self-signed cert replaced with one from a local CA that doesn’t make Chrome complain. This was the result of several hours of fiddling around, waiting for oc200 reboots, and getting uber-helpful error messages from the device (sarcasm meter explodes).

Pre-reqs:
1. passing familiarity with openssl command-line usage, including how to set up a local certificate authority (CA; out of scope for this post/rant but this looks decent as an intro: https://gist.github.com/Soarez/9688998)
2. the patience not to see how far you can shot-put the oc200 device
3. some machine with openssl installed (I used a linux machine running ubuntu 20.04 fwiw)

First, you’ll want to create a config file to save typing later and enable Subject Alternate Names for your cert (so the same cert’ll be valid from the controller raw ip, or name, or short name). Call it san.conf or similar.

[req]
req_extensions = req_ext
distinguished_name = req_distinguished_name
prompt=no

[req_distinguished_name]
countryName =
stateOrProvinceName =
localityName =
organizationalUnitName =
commonName =
emailAddress =

[req_ext]
subjectAltName = @alt_names

[alt_names]
IP.1=192.168.5.2
DNS.1=oc200.lan.example.com
DNS.2=oc200


Now, on to making the actual cert (filenames may of course be altered to your taste, just be consistent):

1. openssl req -new -keyout oc200.key -sha256 -config san.conf -out oc200.csr
a. note that you probably want a password here (used by key).
b. if you’re ok with a less secure key sans password, add a -nodes argument above

2. openssl x509 -req -days 365 -in oc200.csr -CA -CAkey -CAcreateserial -extensions req_ext -extfile san.conf -out oc200.crt
a. note that recent chrome builds are moving to deny validity of certs with longer than one year. (imho this is overkill for rfc1918 networks, but c’est la guerre.)

3. openssl pkcs12 -export -in oc200.crt -inkey oc200.key -out oc200.pfx -CApath /etc/ssl/certs/ -CAfile -caname root -name oc200 -chain
a. note that you probably want to use a password here as well
b. note also that the Omada web ui is picky about filename extensions. you’ll want to end your pkcs12-exported cert to end in “.pfx” to keep it happy on upload later

From here, with the pfx file and (optionally, but recommended) the key and pfx passwords, you can proceed to Settings > Controller > HTTP Certificate session, upload your pfx file, fill in any required passwords (be sure to pay attention to which password is which re: key vs cert file aka keystore), and save at the bottom of the screen. You will then want to go to Settings > Maintenance > Hardware Controller section and reboot (this will take several minutes to complete).

You may also need to do a full flush of your browser’s cache if there were earlier attempts with the same identity cert (e.g. accidentally making it valid for too long and learning a painful lesson). You will need to import the root CA cert into your browser/OS trusted roots collection as well if you haven’t already done so (out of scope for this, but googling something like “import root ca cert ” would help).

Hope this saves someone a few hours of irritation. :)

new job! :D

After five years at Oracle, I got thoroughly fed up with BigCo bullshit and have switched to an early-stage startup at a friend’s recommendation. This will be the fourth company I’ve worked with him at over the last ~20 years. It is *so nice* to get back into days that are filled with code instead of meetings, and with a tech stack I like to boot (java, linux, postgres, AWS) as well as some tasty new things to explore. (I typo’d that as explode at first and let’s be real, that’d work too for technology.)

pc.o update heh

pc.o is now on debian buster after being on stretch for a while. no underlying hardware changes this time around.

pc.o update

Updating from oldstable to stable (what finally provoked me to get this done was oldstable reaching EOL status, heh). No major changes since last “pc.o update” post on the software side. I did end up dropping down to a $5/mo plan vs $20, just because honestly it’s all the resources this really needs (one core, 1gb, ~20gb/disk). As always, I know not many other than me use this server, but if you notice anything odd, feel free to reach out.

(Minor update: turns out I had a free upgrade to 25gb of disk from 20gb pending in linode; applied that. Whee!)

basic tips for technical interviews

An ocean of ink has been spilled about interviewing for jobs in the technical industry (see, just for example cracking the coding interview or get that job at google). I’m probably not going to cover any new ground here, but these are some basic tips for doing better on technical interviews.

This post was inspired by my repeated recent frustration as a hiring manager watching candidates that had potential (or even proven prior performance!) do poorly at the in-depth interview loop phase of the process. If every candidate took fifteen minutes to read and internalize these points in addition to however many hours they spend self-flagellating with Cormen et al’s algorithms tome, I am guessing the pass rate might double. Interviewing is not like regular work (for better or for worse), and competency at the latter does not a priori translate well to the unnatural constraints of you + interrogator + whiteboard.

  • When you’re practicing for an interview that will involve whiteboard time, write out your solutions long-hand on paper first, and make a note of what you have to google to remember. Not that an interview will be passed or failed based on remembering all the printf format specifiers or whatever, but it doesn’t hurt to get them right either.
  • Ask questions before you dive in! (I would stipulate “good questions” but really, anything more than silence that’s on topic would be better than nothing.) Many many many times a problem can be dramatically simplified by asking clarifying questions or stipulating a reasonable constraint. No interviewer will hold this against you; on the contrary, it’s usually regarded as a small but very positive signal for the candidate’s competency.
  • Think out loud as much as you can. Remember that we’re not just looking for banged out code or whatever, but trying to see how you think. Thinking is 90% of technical work, the rest is just typing and irritating planning meetings. If nothing else, outline the solution that comes to mind at a high level and ask if that sounds reasonable before diving into implementing it. That alone can save you many precious minutes from being wasted by barking up the wrong tree.
  • Post-solution follow up work: after you’ve banged out an implementation, take a moment to talk — even at a footnote level — about efficiency / avenues for possible improvement / how to test your work. For example, in a code interview, take a moment to walk through a very simple test case. These are hugely positive signals that the candidate is driven to do good, thorough work and possesses initiative/responsibility/etc.
  • Take a deep breath and relax. :) I know (I know) this is maybe the hardest element of this list, because you’ve got all this stuff riding on whether or not you pass the interview, and rightly you’re a bit stressed out with all of it. But your brain will work better if you aren’t in fight-or-flight mode. Try to, as much as is possible, relax and view interview sessions as a friendly chat to solve a problem between colleagues rather than an Inquisition. Good interviewers will make allowances for nerves, but still, it goes a lot easier if you chill out a bit about things.

Good luck!

pc.o updates

Now that oldstable is oldoldstable, I bit the bullet and upgraded to jessie from wheezy. The upgrade process was surprisingly smooth. Systemd… well, many megabytes of flames have been written about that before. There isn’t much I can add to it other than a) the idea still disturbs me on some level b) pragmatically, it seems to work ok so far c) I have so many other things to worry about.

Since Debian just dropped a new stable version, I’ll probably upgrade to that in a while (~ a quarter or so, or whenever the first patch release drops) to give fresh bugs time to shake out.

No system capacity changes with this update. When pc.o first migrated to linode, I don’t remember for sure, but I think it was something like 512mb ram and (10? 20?) gb of disk. Now for the same price it’s 4gb of ram and 48gb of disk. The former felt a bit cramped at times, but now … I almost feel embarrassed to have so much capacity for what is fundamentally a personal fuck-around-with-shit server. I’d move to a smaller plan but it seems like a pretty big hassle potentially for a savings of maybe $10/mo.

I’m sure this is interesting to all like four or five of you who use pc.o for anything, but I felt obligated to keep the tradition of saying something about system updates alive. As always if you do use pc.o and notice something weird, let me know and I’ll try to fix it.