OpenBSD 6.3, Unbound and TLS

So I configured OpenBSD 6.3 to use DNS over TLS and ran into a snag that revealed an extremely poor decision by the Unbound folks, where a config that you might at first glance validates the presented TLS certificate actually does no such thing.

Why is this the case? Because the Unbound people chose to specify the TLS auth name with #, the same as is used to indicate that the rest of the line is a comment!

forward-zone: forward-addr: 1.1.1.1@853#not-really-cloudflare-dns.com forward-addr: 9.9.9.9@853#not-really-dns.quad9.net

With current Unbound, this should fail. I haven't tested it quite yet. However... OpenBSD 6.3, due to OpenBSD's wonderfully-consistent release schedule, shipped Unbound 1.6.8, which did not support this #foo TLS authentication syntax and treats it as a comment. The effective configuration is thus actually as below:

forward-zone: forward-addr: 1.1.1.1@853 forward-addr: 9.9.9.9@853

Note, this definitely isn't OpenBSD's fault. Their shipped version of the Unbound manpages don't describe the #foo syntax, so one must not assume that it is supported.

A smarter delimiter choice (maybe & or % or ^) by the Unbound people would have resulted in this generating a configuration error. I learned something here and will apply it in my own software.

Some 2016 achievements

Personal

Met an amazing person. She likes her privacy, so I'm not going to say much more than that here, but she's affected me far more deeply than I ever anticipated. In a good way.

Started seeing a therapist, weekly. It's a long road but I'm already feeling the benefits. It's also quite expensive :-/

Career

Pushed my career firmly toward software development, without losing sight of my ops roots.

A lot of Ruby. It’s now my default language of choice... feels like what I always wanted Perl to be.

Wrote some software that other people in my team at Fairfax use, and made sure it was all open-sourced and released on RubyGems.

Acted as an informal mentor for a new team member.

Dipped my toes into the world of hiring, via interviewing candidates for a vacant seat in our team. Very grateful to the colleague who helped me get started with this. An interesting process!

Travel

Three trips to New Zealand in 2016, all to Wellington. One of my favourite cities.

an amazing ~five weeks in February-March, spent with my closest friend, alternately exploring the North Island on his motorbike / relaxing and enjoying the weather

a couple of days in August spent with a former colleague, avoiding the Australian Census

a couple of days in November at Kiwicon X, which was just fabulous

Synthesizers

Did a bunch of synth DIY. My own successful Eurorack PCB layouts for:

CGS03 Psycho LFO

CGS18 Drum Simulator

CGS24 Gate-to-Trigger

CGS39 Logic

CGS52 Simple Wavefolder

CGS54 XOR/XNOR Logic

CGS58 Utility LFO

Ian Fritz's XOR Modulator

Thomas Henry's AD/AR envelope

Fonitronik's Buchlidian voltage processor

Yusynth US-1 VCA

MFOS Simple Stereo Mixer

Assembling these and using them in my synth systems has been extremely rewarding, and also quite educational.

2017 bullet points

downsize and tidy my existence to make it much easier and faster to relocate to New Zealand if I choose to

Possibly run a Synth DIY workshop for New Sound Waves group

Eurorack PCB layouts for Tom Wiltshire's microcontroller-based VCDO1 (already underway) and Pentanoise

flesh out my idea for a 2D addressable sequencer inspired by Make Noise Music's René

a set of 10 (!!) Music Thing Modular's Spring, to be used with spring reverb tanks and, eventually, a matrix mixer, probably NLC Cluster. I have the Spring PCBs and have completed two of the 10 thus far...

RubyGems and OpenBSD

So today I wanted to get the lovely Pupistry going on OpenBSD. With a bit of ugly hackery (read: a lot of scripted symlink creation) I got it going, and eventually after a lot of Googling and a bit of experimentation, I minimised the ugly hackery to something I'm reasonably non-sad about.

The most annoying obstacle I encountered was that RubyGems wanted to name executables deployed by gems (eg. bin/puppet) with the same pattern as the relevant Ruby executable being used, such as bin/ruby23.

That is, instead of gem install puppet giving you bin/puppet, one gets bin/puppet23 instead, with nary a symlink to make things work as you'd expect.

My Ruby binary is called ruby23 because that's what the OpenBSD ruby-2.3.1p2 package calls it. I didn't want to mess with that, and as it turns out, messing with it (such as a hardlink, a la ln ruby23 ruby) doesn't help anyway.

The solution is to put the below snippet in lib/ruby/2.3/rubygems/defaults/operating_system.rb:

module Gem def self.default_exec_format '%s' end end

The exact path to this file will of course vary by Ruby version, and by operating system. It probably won't exist, and the defaults directory containing it may not exist either.

What is actually happening here is that RubyGems loads this file, if it exists, to set any local defaults. These override defaults.rb, so look in that file to see more detail.

Also you definitely don't want to do this if you install multiple Ruby versions in the same prefix, such as /usr/local in my case.

eaglehelper

So for a while now I’ve been using a little Makefile arrangement I made to help package up Gerber files for PCB orders. Finally got around to writing a README and sharing it on Github:

https://github.com/indigoid/eaglehelper/

To use it, all you need to do is clone it somewhere, then for each project create a two-line Makefile like this (adjusting the include path as appropriate):

basename=project_name_here include $(HOME)/Documents/eagle/eaglehelper/Makefile.include

More info in the project README. Hope it's useful!

Why e-Voting is bad and people supporting it are also very bad

Everyone in Australia that’s a sad loser nerd is currently watching the AEC website to find out who is going to be the next barely managerial leader of this sunburned racist hellhole. A lot of people have jumped in with their takes because the AEC is taking longer to relocate ballots and do the counting. I have no idea why they’d want to be more careful about ballots.

A couple of particularly annoying dickheads out there have brought the multi-headed hydra of idiocy that is electronic voting to the fore. “Oh if we did this all on computers we’d have the answers now and be able to move on”. Basically the argument is because the current system is taking a while to count we should throw it out and put the entire thing on computers.

Here is why this is very stupid

The current system works

When you propose a new system, you usually need to recommend something that is much better than the current system to get up. E-voting is in no way better than the current system and here is why

We have decades of experience dealing with paper voting and preference counts in Australia, we have NONE dealing with e-voting on a nationwide scale

Paper voting is accessible to almost anyone. Many people don’t have access to technology, so couldn’t vote from home, so then you’d still need voting centres - which would need, what, desktop PCs there so people could vote? PCs are not as easy as a paper ballot.

Sending voting information in the post or over the internet doesn’t guarantee the security of the ballot - mailboxes get stuff nicked from them all the time, particularly credit cards and pins. There is no security here. It is not as secure as a paper ballot.

Counting. Intel had a huge fuckup in their chips back in the day that lead to them not being able to COUNT properly. Computer scientists literally can’t figure out numbers that stop rockets from exploding on launch. Computers cannot be trusted to count your ballot as effectively as multiple individuals and scrutineers by hand. What happens if there’s a bug in the aggregation component of the software and we have to re-run an entire election because a developer couldn’t get the data right?

Transparency. The Australian Ballot is a system predicated on secrecy. Sure we can build a new system that takes a ballot from a logged in user that has to have some kind of identity (so we don’t get double voting) and then puts it into a count system. Or we could rely on our EXISTING system that ALREADY DOES THIS. Also, what happens if we have everything sent into a centralised DB and someone alters the values and changes the table and we have no traceability logs? We have to run the entire election. Say someone miscounts the paper ballots or puts the wrong number in the returns system - we can go back and re count the ACTUAL paper votes.

Cost. Many people say e-voting would cost substantially less than an actual paper election, they may be right in terms of the fixed costs - but keep in mind as in point 2, we’d still have to have voting station and voting attendants and the rest of the kit and caboodle as well as transmission mechanisms - would we transmit ballot counts over the open internet or over a VPN? Sure its costlier to transport actual paper ballots but as in point 5, paper ballots are actually more transparent.

Who builds it. Say we make it a glorious open source project on open source hardware built by out of work blue collar Adelaide workers who build some kind of hellish democracy booth for us all - but how can we trust it? OpenSSL is open source and it’s had tonnes of vulnerabilities so again, open source doesn’t mean it’s safer than a damn paper ballot. Government projects in this day and age don’t get built like this, it’s much more likely we’ll have some nightmarish Au-Vote my-gov hellscape built by KPMG/Deloitte/some other crook consulting agency for two gorillion dollars that people who try to vote after 4pm AEST get locked out of. Again, this is not better than paper ballots

but but but what about the blockchain? Nobody cares about the blockchain except for idiot bitcoin nerds - shut up.

It’s going to cost more, be less secure, in the long run take longer to get the value because people won’t trust the outcome and be hideously opaque as to how it works. The AEC’s system is the best in the world and Australian Democracy is one of the best and most democratic systems in the world. Don’t let a couple of deadshits who just want to get ‘THE NUMBERZ’ faster fuck up a system that’s been working incredibly well for over 100 years. We ❤️ you AEC, don’t let the idiot tech fetishists force you to change a thing, keep countin those paper ballots and let us know when you get to the end of them.

Route53 delegation health

I have experienced some nasty surprises with zones hosted in Amazon’s AWS Route53 service lately, so I decided to write a tool to find them, with the intent of running it once a day and generating an alarm for on-call staff (only in office hours!) if there are any failures found. I called it r53watch.

I’d like to stress that none of the problems I had were actually caused by Route53 — we’ve found it to be an extremely dependable service, with our only real gripe being the API rate limiting — but rather things like zones being delegated to other nameservers and the old Route53 hosted zone not being cleaned up.

Barebones URL shortener

So I’d tried to do this with Tumblr and failed. At the top of my Tumblr page are a bunch of links to my stuff in various places, like RubyGems and Soundcloud. These are created via the appearance editor thingy in Tumblr, and they work well, but that particular Tumblr interface doesn’t seem to be accessible via a public API :-(

There’s quite a few solutions out there already. Some use AWS Lambda & API Gateway, which is all very cool and cloudy, but more complicated than I like. I found pek.so, which is entirely hosted in S3 and uses Angular, but it also uses Facebook integration. I have no intention of reactivating my Facebook account, so that’s immediately a non-starter.

The core idea of pek.so, though, which is using S3′s redirector capability to host the short links, is perfect. So I made a little Ruby CLI tool gem: s3shortener. No webservers or databases required. Very quick and easy setup.

CGS39 and AD/AR redux

Spent some time this weekend tidying up and sanity-checking my layouts of Ken Stone’s CGS39 logic and Thomas Henry’s 555-based AD/AR. They’re both ready for PCB fab now.

I was able to get the CGS39 layout into the 100x50mm size bracket, which was important for both PCB pricing and Eurorack case fit. At 44mm depth it'll be only slightly deeper than the Elby rails I use. Looking forward to building a few of these!

Only made minor tweaks (mainly moving pots a bit) on the AD/AR module, but printed out the original schematic and carefully verified everything.

CGS39 derivative

Was looking at Ken Stone’s CGS39 logic circuit tonight and realised that if I was going to do my own board layout, it’d have too many jacks for a 4-6hp Eurorack module with a single perpendicular-to-panel PCB (as I tend to build them, for a number of reasons), so I changed things a bit.

Instead of having four identical logic gates, with two input jacks each, I only have two such gates. So the input jacks are 1A, 1B, 2A and 2B, and the output jacks are OUT1 and OUT2.

The two remaining logic gates use the pairs of A and B inputs, respectively. That is, one gate uses the 1A and 2A inputs, while the other gate uses the 1B and 2B inputs. The output jacks are OUTA and OUTB.

Given an XOR logic chip, the truth table would look something like the below manually-calculated table which probably has errors in it but oh well ;-)

IN1A IN1B IN2A IN2B OUT1 OUT2 OUTA OUTB H H H H L L L L H H H L L H L H H H L H L H H L H H L L L L H H H L H H H L L H H L H L H H L L H L L H H H H H H L L L H L H L L H H L H H H H L H L H H H L L L H L L H L L H L L H H L L L H L L H L L H H L L L L H L H L H L L L H L H L H L L L L L L L L

I'm pretty unhappy with the draft PCB layout. I'd like to make it a bit shallower and will probably throw it away and start again.

Another AD/AR envelope PCB

This one is the work, mostly, of Thomas Henry. Electro-Music forum page here. Thomas’s decidedly elegant design requires only a trusty old 555 and a single op-amp to do the important bits. I chose a quad op-amp package and used two of the remaining opamps for a bipolar LED driver, and the last one for an attenuverter per the modulation input of Ian Fritz’s Analog XOR design.

This is a lot closer to what I want, I think. I love the level control on the Ladik C-030 but often wish it was an attenuverter instead.

The other idea I had was to combine the Attack and Decay/Release controls into a single dual-gang pot, thus making it more of a Shape control. Still mulling this over in my head. I’d then have room for a separate Offset control to complement the attenuverter, giving it fairly comprehensive controls.

This isn’t far off being ready to order. Just to wait a few days and do sanity checks, tidy up the silkscreen, etc.

Ian Fritz AD/AR

Couldn’t sleep, so whipped up a quick draft PCB layout for Ian Fritz’s AD/AR circuit, in Eurorack format. I added a second output jack, and, per the forum thread, ditched the truncate circuit (labeled TRUN in the schematic)

I like how it has no switch (unlike, say, a Ladik C-030, a module I have and dearly love!)  to select AD/AR behaviour and instead just functions appropriately according to the length of the trigger/gate pulse. Some people may not like that, but I’m not making the module for them :-)

I’m on the fence about adding an attenuverter stage at the output of this module. It’s very tempting, but the extra op-amp will make it deeper and I’d like to avoid that. Something to revisit once I’ve descended the surface-mount design rabbit hole.

I’ll order PCBs once I’ve had a sleep and rechecked everything for stupids.

New Sound Waves (April 2016)

I’d missed the last few New Sound Waves meets for one reason or another, so was determined to make it to this one despite feeling a bit off. Fun! Noisy!

A late-arriving attendee brought a Buchla clone (mostly DIY’d, I believe?) system. I’d never seen one in person before. It was fascinating to compare it to the Eurorack systems that dominated the meet. Quite different. The 16-step sequencer was wonderfully playable, somewhat akin to Ray Wilson’s Vari-clock sequencer. You can see it in the pic below; it’s the section with two sets of 16 vertical sliders.

I also loved the gooseneck LED lamp attached to the top of the Buchla clone. Very smart. Definitely want to do the same for my big home system.

Another interesting note was that one of the gentlemen present is incubating his own little lineup of Eurorack modules, pleasantly named Metro Modular. He brought ten of them with him. Someone to keep an eye on, for sure.

For anyone reading this and considering bringing their synth to the next meet, I’d recommend bringing the below items:

at least one two-metre 3.5mm patch cable, for grabbing the shared clock signal

a standard 1/4 inch guitar cable, at least three metres long, maybe longer, for connecting to the shared mixer

a 3.5mm to 1/4 inch adapter if your synth doesn’t have a 1/4 inch output jack

headphones (I forgot mine today and regretted it)

List of modules I took with me in my little 6U system (mainly so if/when I write another blog post like this in future, I can look back and see what changed):

Doepfer A-152 CV-addressed 8-way switch/track&hold switch complicated thing

Ladik C-030 AD/AR (x2)

Ladik S-180 trigger sequencer

Doepfer A-171-2

Synthrotek dual VCA

Synthrotek 308 (distortion)

Synthrotek Echo

Synthrotek Sequence-8

Liivatera Noise

Nonlinear Circuits dual VCO

Nonlinear Circuits LPG (x2)

Nonlinear Circuits mixer/headphone amp

Manhattan Analog mixer

Blue Lantern (Barton) Duo Quantize

Blue Lantern Cobalt Smelter Lab filter/analog multiplier/VCA/noise

4ms Buffered Multiple

4ms Rotating Clock Divider

4ms Shuffling Clock Multiplier

Pittsburgh Modular Outs

CGS in Eurorack, and lessons learned

For a number of reasons that I won’t go into here, I have made my own Eurorack-oriented layouts for a small subset of Ken Stone’s Cat Girl Synth (CGS) projects. I worked on some of them during my holiday, and had been messing about with others prior to that. Recently I placed a big PCB order — ten PCBs for each of nine different designs — with Seeed Studio. The big box of PCBs arrived last week. I have been busy since then!

It didn’t all go to plan, of course. I let a few dumb mistakes slip through the net, despite carefully checking things before ordering. Here’s a lesson I learned along the way:

Put as many signal traces on the bottom layer as you possibly can, particularly if they go under other components such as ICs. This way if you need to cut a trace to hack around a bug in your layout, you can get to it without desoldering things.

Today I used the laser-cutter at Sydney’s Robots & Dinosaurs hackerspace some matching front panels, in 2.5mm bamboo ply. I design all my front panels in Front Panel Express’s software, as it has built-in support for the Schroff mounting system used in Eurorack. Very quick to use.

I have a lot more building to do! But I am looking forward to showing these off at the New Sound Waves meet tomorrow.

Multisnare 1.0 PCB layout

So gasboss775 posted a schematic on MuffWiggler forums for an enhanced version of the Roland CR-78 snare and named it Multisnare. Schematic here. Thread here.

It’s pretty tight but the pots, switch and jacks just made it onto one board, suitable to mount perpendicular to a Eurorack panel, and just fitting inside Seeed Studio’s 10x5cm price bracket for PCB fabrication. I flipped two of the five pots onto the back of the board to hopefully give a little bit more finger room. So it won’t be a 4hp panel. I think with the right-angle pots it should fit nicely in 6hp with the usual Davies 1900H knobs.

I’m really not good at routing complex things like this, but it’s good practice.

I haven’t verified the Eagle footprint for the switch, but it looks vaguely in the right ballpark (relative to the Lumberg 3.5mm jacks) and the legs on those switches are sufficiently adjustable that it doesn’t matter.

Will recheck that I didn’t screw up the schematic when transcribing it, and then order. If it works I’ll send gasboss775 some PCBs. Sharing is caring :-)

NZ Day #38

Up at a preposterous hour. Taxi to Wellington Airport. Mooched about for a while because everything (taxi, checkin, the usual processes, etc) went to plan and all that buffer time wasn’t needed at all. Had a fairly uncomfortable flight in a middle seat. Did see some lovely colours shortly after takeoff though:

Anyway... HOME! Had dinner at the great little Lebanese place (Eddie’s) in Mortdale. Lovely non-carbonated lemonade, fattoush (SO VERY GOOD!) and pumpkin/chickpea kibbi.

This was an awesome trip. It didn’t all go to plan (I’d really wanted to visit the South Island, but for various reasons that didn’t happen) but I had a great time and had heaps of time to just chill the hell out.

I am incredibly grateful to my host and his lovely partner for making this possible, putting up with me, loaning me his motorbike, recommending places to go, going places with me, talking shit, watching movies and all the other little things. You know who you are. Thanks!

Hopefully I can do something similar next year.

NZ Day #37

Day #37 was the last full day I spent in Wellington. In the evening I visited a colleague’s house (the same colleague who kindly hosted me on that fateful first night of the trip) to pick up a thing. While I was there he introduced me to his 10-week-old kittens. ERMAHGERD. After that all I really did was pack my bags, and have a burger. After cats, I headed back to Northland, and snapped a last evening shot of the Wellington skyline.