Author Archives: Antranig Vartanian

About Antranig Vartanian

Doing things @ illuria, Inc. Unix, BSD, InfoSec, Elixir/Erlang, DNS, XMPP. Mostly harmless.

Comments are back

When I started blogging 8 years ago I used WordPress. One of its features was comments. However, when I started my English blog (the one that you are reading right now) I chose Hugo and then migrated my Armenian blog to Hugo as well.

This had two amazing features. First, no more managing PHP and MySQL, since Hugo is a static sigh site generator, second, no more dealing with comments.

During the last years more and more people have been contacting me over email/Twitter/Telegram to give me feedback about a post that they read. This is mostly about my Armenian blog. I don’t get much feedback from the English blog, unless someone posts it on HackerNews (then I get A TON).

I started missing comments, a centralized place to read all the feedback and an easy way for the reader to post them.

In Hugo’s documentation I see there’s a section about comments but it recommends Disqus. I don’t like 3rd party services. Lucky someone on Twitter recommended an alternative, Isso!

Isso was very easy to deploy. I created a FreeBSD Jail, did a pip install isso and then setup a reverse proxy. Add some JS scripts here and there in the template, and it’s all done!

I’m not sure if I’ll be able to fight spam. I still need to setup an SMTP server so it emails the commenters if someone replied to their comments, but that’s a project for the weekend.

That’s all folks…

Reply via email.

The long awaited vacation

It’s finally here and I cannot believe it. I’ve been waiting for this for a long-long time.

We started illuria Security on… wait let me check.

$ whois illuriasecurity.com | grep -i creation
   Creation Date: 2018-05-15T16:51:31Z
Creation Date: 2018-05-15T16:51:31.00Z

Ah yes, more than 3 years now. I never had a vacation since we started the company.

Every time I told myself “Okay, you will have relax time during the weekend” I ended up coding, if not for the company software then at least for something related to it. A patch in rc.d here, a shell script there.

But now, I’ve grown (I think), I finally know the value of the self. If I’m not good, then the company is not good, if I’m tired, then the company will be tired.

So, for once, all of the co-founders decided to take a proper vacation. We are all still online, because that’s what the world expects from us these days, but at least I’m not coding in Elixir or writing Shell.

Here are some thing that I wanted to do for a LONG time.

  • Fix my ZNC server and migrate my own channels to Libera.Chat.
  • Clean up my hard drives and setup ZFS backup pools and TimeMachine.
  • There are backups of my home server but I’ve NEVER tried to restore them. Time to open the Schrödinger’s cat’s box and see the results.
  • Fix my email servers that I run for communities. God knows how many TLS certificates are there to update.
  • Think about the redundancy of this weblog, but that’s a story for another day.

9 days of vacation after 3 years doesn’t seem much, but I promised myself that I will NOT do this again. Hopefully I will have a proper 7 day vacation after 5-6 months like a normal human being.

It’s very COVID-y on Earth, but at this part of Earth, Armenia, COVID-19 pretty much does not exists. No one wears masks, very few are vaccinated, night-life is all on and internal tourism is on fire. So we ended up going to Switzerland Dilijan, away from all the noise, always raining, never complaining about traffic and almost every corner has a coffeehouse that serves latte.

Take care of yourself folks, it’s okay to write that code a day later, send that email 12 hours late, but the time you spend not taking care of yourself will be spent 10x more later. It’s like legacy code.

This will also give you time to think about… life.

That’s all folks…

Reply via email.

Music.app is a good radio app

As I mention in my other post, macOS also has Music.app, which as I said I will to try it out as well.

Turns out it’s really good! I’ve been listening to DeepHouseRadio all day. When the connection drops while I go to the kitchen to make some coffee, it buffers it properly. Although once it skipped and started playing the “next song” which was some media file.

While doing my testing, I realized that the Music.app has Radio included in it! It fetches the list of radio stations from TuneIn, which I loved using their app on my BlackBerry 9780 back in the day.

Good job Apple, not updating your QuickTime Player, but at least making sure that one of your out-of-the-box apps handles a thing properly.

That’s all folks…

Reply via email.

Good bloggers write a lot

I’ve been thinking lately that I am NOT able to blog a lot and I always blame external factors, “Oh I don’t have time” or “oh there’s no pagination in my theme so there’s no point of blogging daily, yet.”

But in reality, turns out I’m just being lazy.

I’ve been reading Jamie Zawinski’s blog for years, via RSS, of course. Couple of days ago I opened it via my web browser, an woah those number hit me hard!

As you can see, there are 366 days in a year but jwz happens to have more posts per year than that! Look at year 2012, there are 870 posts!

I mean, I know that my favorite blogger, Rubenerd blogs a lot, but I never knew how much.

I know he has 10 posts per, and his blog currently says

Page 1 of 758 → Older posts

And I know he started blogging since 2004, so if you do the math using bc,

$ echo '(758 * 10) / (2021 - 2004)' | bc -l
445.88235294117647058823

Actually, lately I’ve learned about expr, it’s very handy in command line scripts!

$ expr \( 758 \* 10 \) / \( 2021 - 2004 \)
445

What I’m trying to say is, I don’t know how people blog regularly, it’s not that I don’t have any ideas in my head, there’s always something to say, something to share, something to write about. If it’s not technical then at least it’s political.

Recently Lilith suggested that I should try to allocate 30 minutes a day to write some posts, even if it would end up into the drafts. This is me trying to do that, while drunk 🙂

That’s all folks!

Reply via email.

Two Colons Equals Modules

Days ago I tweeted a shell function which is part of jailio’s code base. Jailio is a project I’ve been working on for the last 6 months. As the name implies, it’s a container management software for FreeBSD Jails.

It has two unique things compared to other Jail management software. First of all, it has no dependencies, it’s written purely in Shell. You can say the same about BastilleBSD, however, Jailio’s second unique thing is that it uses base tools only and requires the base system only. For example, you need to have bastille_enable in BastilleBSD, it also uses its own config files, etc. In Jailio, you need to have jail_enable, because technically Jailio automates jail.conf files. It also uses my patch to automate the jail.confs in /etc/jail.conf.d.

Anyway, back to our topic about Colons and Modules.

I like modules, I got introduced to them when I started programming in school. In Syria, we learn programming at 7th grade but in our school we started a year early, so 6th grade. We always start with block diagrams and then Turbo Pascal!

Yes, 16-bit Turbo Pascal was my first programming language and it had the concept of modules which we called Units.

And then you have languages like C or Shell which don’t have modules. If you use modules you KNOW that it’s hard not to use modules after that.

While reading the source code of vm-bhyve I learned that you can use two colons (::) as part of the function name, which can give you an amazing new superpower to take over the world write cleaner code.

For me this was a life-changer. I write a LOT of Shell code. I ship them to production too. No, you don’t need to write everything in a fancy new language and run it on kubernetes, you can always use simple languages like Shell and run them in a FreeBSD Jail. Or in my case, write in Shell to automate FreeBSD Jails.

Here’s an example code with “modules” in Shell. Note, this works in FreeBSD’s shell, I have not tested other Shells yet.

main.sh

#!/bin/sh

. ./mod1.sh

mod1::func1

mod1.sh

#!/bin/sh

mod1::func1(){
  printf "Here I am, rock you like a hurricane\n"
}
antranigv@pingvinashen:~ % ./main.sh 
Here I am, Rock you like a hurricane

As you can see it all relies on the concept that the function name itself has two colons in its name.

Here’s the code from jailio that I tweeted.

jail::get_next_id(){
  expr $(
    ( grep -s '$id' /etc/jail.conf.d/* || echo '$id = "0";' ) |
    awk -F '[="]' '{print $3}' |
    sort -h |
    tail -1
  ) + 1
}

After tweeting the code above Annatar replied that this should NOT work elsewhere and that’s how I got introduced to The Heirloom Project which provides traditional implementations of the original Unix tools from the original Unix source code.

Hopefully, I will see more people using “modules” in Shell scripts. Hopefully this trick works in other Shell implementations like Bash and zsh.

That’s all folks.

Reply via email.

The OS App vs The Browser OS

I like listening to online radios like anonradio and DeepHouseRadio, instead of me trying to organize my local library or listening the same music over and over again on Deezer, I get lazy and just use their HTTP link.

Like a sane person, I would use a media player to “open” these HTTP radio links. On my FreeBSD machine, all I need to do is mplayer http://the.domain/path/to/content, but on macOS it would not be that simple.

The default media player on macOS is QuickTime. Here is where my problems start. I open QuickTime Player, I set the location to the HTTP link and it all works fine. Until it doesn’t. A small network lag and it stops playing completely.

I am usually connected to the internet via a cable in my office or the house, but when I go wireless, there’s a blind spot in one of the rooms. My FreeBSD laptop with mplayer handles it all fine, but QuickTime? Not so much.

So I decided to use the “other” “Operating System” in macOS, also known as a browser, in this case Firefox. I open the link and it all works fine. Even if there’s a network lag, Firefox would handle it fine.

It’s sad funny how browsers are handling things better than native desktop programs these days.

While writing this blog-post I realized that macOS has another media player known as Music.app, so will try with that as well, let’s see how it will handle it.

That’s all folks.

Reply via email.

Barcamp EVN21, or why we don't build more products

The year was 2021, the month, July, the day was the 10th and I was very happy. It was Barcamp Yerevan again, the new year of the tech industry, the day we all share knowledge, the day people come NOT to listen to talks but to take stickers and t-shirts instead, because it’s free, as in beer as well as in speech.

Not all people are like that, some of them give talks. I’ve been giving talks since Barcamp Yerevan 2016. Since it’s a free unConference, we get a lot of sponsors, from small outsourcing companies to large ISPs and Gambling-as-a-Service providers.

Usually, during an unConference such as this, there are 1) sponsored talks, by the sponsors, 2) selected talks, by individuals, which are selected by a committee and 3) unConference talks, where people just write on a wall “Talk about X at room Y, ZZ PM” and whoever is interested goes there to listen.

Usually, there’s this habit, that if the unconference talk is not good, then people leave the room by smashing the door on the way out. Usually, the selected talks are good, because good job committee, usually the sponsored talks are good, because sponsors don’t want to send an engineer who’d give a bad talk.

But this year was not a usual one. This year was the exact opposite.

The uncoference talks were awesome, people from random companies were talking about how to work remotely, how to work from outside the heart and the capital of Armenia, Yerevan. People were talking about how to start a community. People were talking about audio system and audio engineering.

The selected/sponsored talks were the… I’m not sure I know how to describe this, but, they were what they are supposed to be, sponsored talks by sponsors.

Here is an example. A system engineer fellow talks about infrastructure automation, how tools like Terraform are cool, what is an automat… no sorry, he did NOT talk about the benefits of an automated infrastructure nor what problems it solves. I wondered why.

At the end of the talk someone asked “so have you implemented this at YOUR company?” and the fellow answered “Well, not really, some bits here and there”, and I got the answer to my why question.

He did not know, because he was not talking from experience. That’s why there was no storytelling, there was no “sharing” of experience. It was only a talk, which is what the sponsored company was aiming for anyway.

Now for me, a systems engineer, I can see BS lack of experience like that in a minute, but I asked my friends if ALL the talks were the same, the marketing ones, the media ones, the ones about “how to grow your company,” and guess what, all of my expert friends in other fields agreed with me.

We also had panels. I was on one of those panels, I think it was called “Security Panel” which was supposed to be about… Security, as in InfoSec. But instead we talked about the war and the post-war status of the “cyber” security field in the country.

Last but not least, the guests, they were awesome, all of them, they shared a LOT of knowledge with the audience, which I hope will have an impact long-term.

Alas, that’s the pain of running a free, corporate-sponsored (un)conferences. You give voice to people who have the money, which not necessarily have the knowledge nor the experience. And this is why we don’t have more product companies in Armenia. We are not producers, we don’t have the experience. We are consumers, we are not part of open-source communities, and if a fellow is then everyone will point out as if it’s some god-ish action to contribute to software.

Hopefully, next year will be better.

P.S. Every year I give the last talk on the last day, since people stick around and ask me questions and I don’t like to ignore questions or free the room for the next speaker. All my previous talks are on my personal page on the new Barcamp Yerevan website. This year I was at 10:30AM… Most of the organizers who knew me personally were afraid that I’d oversleep. Luckily, such disaster was averted thanks to Syuneci.

That’s all folks.

Reply via email.

How I got fired from my first tech job

My daily routine is usually the same, wake up, go to work, do a lot of meetings, chat, email, code, sleep and repeat. Which means that I don’t have new things to talk about. However, since I decided to blog regularly, here’s a blast story from the past 🙂

I grew up in Syria and it’s a cultural thing that we work from a very early age. I got my first job when I was 11 years old. During the summer I worked as a stonesetter, my salary was 200 Syrian Liras per week, back in the day that would be 4 US Dollars.

I loved that craft, looking deeply into the pins and understanding where the gems and diamonds would go, how to close the pins properly so it would sit there for years.

However, I also had a love for computers, I got interested when I was introduced to Unix, I wanted to use Aircrack-ng to hack the neighbor’s WiFi Access-Point so I get free internet access. Inet access was not only expensive, but you had to wait 6 to 12 months to get one. I got Slitaz Linux up and running, it included Aircrack-ng in it and cracked the network, I still remember the password, it was 11111222223 with WEP algorithm. Hrach, if you are reading this, I’m sorry that I never told you about it, but thanks to you I got into computers 🙂

When I was 14 I had to deliver gold to a partner workshop, on the way, right at the beginning of Sulaymaniyah Street I noticed a large computer shop. Very beautiful, a lot of computers, laptops, hell, there was a gaming PC with 3 screens (That was the first time I saw a desktop with 3 screens!). After I delivered the gold, on my way back, I entered the shop, I got introduced to the owner. Turns out they were an official representative of companies like Dell, HP, Asus, etc.

I talked with the owner about some of my projects, that I was installing Linux machines in school and that I was trying to make a map with all access points in Aleppo with their passwords.

After 20-30 minutes of chit-chat, he offered me a job. I was supposed to 1) Format computers (as we used to say), that is installing a fresh OS and setting up software 2) Help the other employee to deploy networks at schools 3) Help customers buy new computers when they arrive.

I worked there for 3 months, I was getting paid 250 Syrian Liras per week, that is 5 USD back in the day, plus some bonuses every time I would sell a device or fix networking issues at the schools.

One day customers arrived (a man with his wife), they were having problems with a laptop that they owned, I fixed the issue on the spot and asked nothing in return. They asked if I could come and fix a similar issue on their desktop at home, I told them I would but I cannot right now as the owner is not here. I wanted to give them a business card to call us later but we were out of those, so I gave them my cellphone number.

An hour or so later the owner came back, I told him about what happened and went back to my room to fix an HP laptop that had a melted keyboard and I started blaming AMD for that 🙂

The couple called, I told my boss, he told me “Okay, go to their place and fix it, don’t charge them anything”. So that’s what I did.

I came back to the office an hour later, the owner was sitting in front of his desk and told me to sit in front of him. Then he said, “Are you trying to steal my clients?”.

I got confused, I had no idea what is he talking about, “Sorry, what do you mean? I didn’t understand what are you implying”. He answered, “You gave them your cellphone number, so they start calling you and pay you instead of us. You’re fired”.

I didn’t know what to respond, I didn’t have those intentions, I was just doing my job.

I took my backpack and I left. I was crying the entire time, walking back home, listening to Star Wars Galactic Battlegrounds’ OST.

To make things worse, when I arrived at home my mother told me “Why are you so much into computers? It’s not that it even pays well, you know you have to study and graduate Pre-Secondary Education this year”, little did she know, that as of right now, I will not be paid at all while “doing computers”.

Years have passed and I moved to Armenia during the Syrian war. While working as a waiter for a year, I found an “Armenian Linux” and the company responsible for it, Turns out they were a huge software development company. I wrote a patch for the “splash screen”, I gave them the patch, on a USB drive.

The CEO of the company said “What are you doing next Monday?”, “I have to go to university” I replied, as I was an undergrad learning English and Communications. “Well, after the university you’re coming here, you’re hired”.

Oops, flashbacks, what am I supposed to do now?

I looked left and right, there were all these desktops running Linux, the engineers on the top floor were working on robotics, so I said “Deal!”.

I learned that day, that no matter how bad of an experience you get, the next time will probably be different. Unless it’s Windows, that thing always fails.

That’s all folks.

Reply via email.

VNET Jail HowTo Part 2: Networking

As always, Dan has been tweeting about VNET Jail issues, which means it’s time for another VNET Jail post.

This post assumes that you’ve read the original post on VNET Jail HowTo.

In Part two we will discuss Networking.

We will use PF as a firewall to do things like NAT.

If you need more help please check the FreeBSD Handbook: Chapter – Firewalls or send me an email/tweet.

At this point (from the last post) we were able to ping from the Jail to the Host.

root@www:/ # ping -c 1 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=0.087 ms

--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.087/0.087/0.087/0.000 ms

Now we will setup PF on the host by adding the following to /etc/pf.conf

ext_if="em0"
jailnet="10.0.0.0/24"

nat pass on $ext_if inet from $jailnet to any -> ($ext_if)

set   skip on { lo0, bridge0 }
pass  inet proto icmp
pass  out all keep state

We also need to enable IP Forwarding in the kernel

Add the following in /etc/sysctl.conf

net.inet.ip.forwarding=1

And now execute

sysctl -f /etc/sysctl.conf
service pf restart

That should be it, now your Jail should be able to ping the outside world

root@zvartnots:~ # jexec -l www
You have mail.
root@www:~ # ping -c 1 9.9.9.9
PING 9.9.9.9 (9.9.9.9): 56 data bytes
64 bytes from 9.9.9.9: icmp_seq=0 ttl=61 time=2.566 ms

--- 9.9.9.9 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.566/2.566/2.566/0.000 ms
root@www:~ # 

If you setup a resolver, you should also be able to ping domain names as well.

root@www:~ # echo 'nameserver 9.9.9.9' > /etc/resolv.conf 
root@www:~ # ping -c 1 freebsd.org
PING freebsd.org (96.47.72.84): 56 data bytes
64 bytes from 96.47.72.84: icmp_seq=0 ttl=53 time=133.851 ms

--- freebsd.org ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 133.851/133.851/133.851/0.000 ms

Now, for a more complicated setup that assumes no firewalls and multiple IP addresses, where each Jail has its own IP address. I have a similar setup at home where my ZNC server Jail has its own IP address by connecting the physical NIC to the same bridge as the ZNC Jail.

In my rc.conf on the host

ifconfig_em0="inet 192.168.0.34 netmask 255.255.255.0"
defaultrouter="192.168.0.1"

cloned_interfaces="bridge0"
ifconfig_bridge0="addm em0"

Here’s an example with jail.conf

znc {
	$id		= "52";
	$addr		= "192.168.0.252";
	$mask		= "255.255.255.0";
	$gw		= "192.168.0.1";
	vnet;
	vnet.interface	= "epair${id}b";

	exec.prestart	= "ifconfig epair${id} create up";
	exec.prestart	+= "ifconfig epair${id}a up descr vnet-${name}";
	exec.prestart	+= "ifconfig bridge0 addm epair${id}a up";

	exec.start	= "/sbin/ifconfig lo0 127.0.0.1 up";
	exec.start	+= "/sbin/ifconfig epair${id}b ${addr} netmask ${mask} up";
	exec.start	+= "/sbin/route add default ${gw}";
	exec.start	+= "/bin/sh /etc/rc";

	exec.poststop   = "ifconfig bridge0 deletem epair${id}a";
	exec.poststop  += "ifconfig epair${id}a destroy";

	host.hostname = "${name}.bsd.am";
	path = "/usr/local/jails/${name}";
 	exec.consolelog = "/var/log/jail-${name}.log";
	persist;
}

And that’s pretty much it!

That’s all folks.

Reply via email.

Migrating home-servers

As I have mentioned before, I want to blog more, so here it goes.

I’ve been struggling financially lately, with COVID and then the war I’ve thrown away almost all of my savings. One of the decisions that I had to make was moving back to my old place. No one lives here anymore, my parents got their own house, which means I can live with freedom alone and rent-free.

That meant I need to move home servers again. Yes, I’ve always been a home server fan. This blog runs on my home server as well.

While many people argue that running a home server is a complex process compared to the cloud, since you need to pay for electricity and manage hardware, I, however, feel that’s a myth.

My current uptime is

ssh pingvinashen uptime
1:59PM up 48 days, 42 mins, 2 users, load averages: 0.15, 0.18, 0.21

And I only needed to reboot because I had to upgrade since I’m a fan of upgrading whenever there’s a patch to some critical software 🙂

One of the advantages of running a home server in Armenia is the fact that electricity is cheap, so are static IP addresses. I pay 2USD/mo for each IP address and I have many of them.

Usually, I have one static IP per service (Jabber, ZNC, etc.) and one static IP for all web-oriented services such as blogs, websites, etc.

However, norayr also runs a home-server for the community, he runs the Armenian instance of Diaspora*, Mastodon, and SocialHome.

Due to technical limitations at his side of the city, he’s been keeping his home server at my place.

Vartanian LLC, Home-Server as a Service 😛

Anyways, I had to bring his home server to my new/old place as well, which meant that he needs a static IP for his services.

I did not want to call the ISP for a new IP address since the last one I’ve been using was for an Armenian instance of Lobste.rs that I deployed for our community. It’s not very active, but you can’t force people to be active in communities and Armenia does not have the concept of “tech communities” like others do in the west.

That meant that I have to remove an IP from a Jail so norayr can use it.

So I had to migrate some things. I had to use my proxy server IP address and reverse_proxy the traffic to the lobsters’ Jail.

Sounds easy, until I remembered that I run Apache on my host.

I’m not very fluent in Apache, I keep doing mistakes, so I wanted to migrate all of my vhosts to Nginx.

You’d think that it would be easy, and yes it was 🙂

So now, norayr runs his home server and I have migrated the webserver to Nginx in an hour.

For some reason, it feels faster, but I’m still not sure why. I probably had to optimize Apache back in the day, but Nginx’s default configs do seem better.

Now, since many IP addresses have been changed, I have to struggle with SMTP issues. No, SMTP works fine, but Google, just like it keeps breaking the web, it keeps breaking email as well, routing all-good emails to people’s spam folder, eh.

That’s all folks.

* not a footnote but part of the project name.

Reply via email.