Just bought a new NAS for home, and decided on a Synology DS918+ with 4 10TB drives ($539 + 4 x $310). Why not another ReadyNAS? A combination of price and vague dissatisfaction with the ones I’ve used in the past; I may write that up sometime.

Why not FreeNAS? Because I didn’t feel like building one from scratch right now (as much as I like the idea of a ZFS-based NAS), and the prebuilt unit we once bought from iXsystems ended up going back due to being a piece of junk. Both Synology and ReadyNAS use BTRFS as their filesystem format these days, which offers a lot of what you get with ZFS without the need to occasionally resort to command-line incantations. (“Not That There’s Anything Wrong With That!”)

Drive installation was painless (simple snap-in hot-swap trays), and while I found the “desktop” web GUI a bit overdone, everything works well. The biggest annoyance was figuring out which of the “private cloud” packages to add, because they recently changed all that, resulting in some confusion. (short version: only install the Drive package and desktop/mobile clients, and open TCP ports 5000, 5001, and 6690; also use the builtin LetsEncrypt support and set everything to require SSL)

The “EZ-Internet” cloud/firewall config was useless; it’s just a UPnP wrapper, and when it realized that it couldn’t auto-configure my OpenBSD router, the only help it offered was “hey, you should open some ports”, with no indication of which ones were actually required for the installed packages (see above).

Side note: I was amused and pleased that Drive, their latest, greatest personal cloud solution, required installing the Perl package. 😜

I went with their ‘hybrid’ RAID config, SHR-1, because it resizes better when you add more drives or swap in larger drives. This gives me 26 TB in usable space (9.1 * 3 - overhead), which is plenty for now. Down the road, if when media, disk images, and automated backups start to fill that up, I’ll add the DX517 expansion chassis and another 5 10TB drives and bring it up to 52 TB usable.

If you’re following along at home, you may wonder why adding 5 drives doesn’t give closer to 70 TB, and the answer is paranoia. SHR-1 uses a single parity drive, which means you can only afford to lose one disk. This is generally not a huge problem if you have a spare on-hand and swap it in immediately, but there’s a non-trivial risk that another drive will fail while the first one is rebuilding.

If you think about it, this is even more likely when you buy all your RAID disks at once from the same manufacturing batch, so you really want two parity disks and a hot spare, so that the system can start rebuilding as soon as one disk fails, and can survive losing another one during the rebuild. Having only one data disk in a four-disk chassis isn’t terribly useful, so for now I’m running in a cheaper, less-paranoid configuration. When I’m sure that I like the Synology enough to really rely on it, I’ll buy the expansion and convert the RAID to SHR-2 with a hot spare. And buy a cold spare disk as well.

Additional performance enhancements I can add include bonding the two 1-gigabit ports together, bumping the memory (official max 8GB, but there are reports that 16GB works), and adding SSD cache drives. That last is specifically why I chose the 918+, since it has a pair of M.2 slots on the bottom, and some of their other models require you to buy an expansion card first.

Building the volume was quick, but it took ~16.25 hours to run the initial parity consistency check, so performance was sub-optimal until that finished. The GUI was occasionally a bit sluggish during that time.

Next up: setting up dedicated Time Machine volumes for the Macs and testing their Windows backup client.

Oh, and I named it Index.

Update

First Time Machine backup complete. Just because I was curious how well it would work, I backed up 425 GB over wireless, which took about 7.5 hours.

Just picked up the smaller Orbi bundle at Costco. This is the SKU they’ve added recently (RBK22-100NAS) that only has two units (“router” and “satellite”, both with ethernet backhaul); I didn’t really need a 3-pack of the original model, just one on each floor.

The hardest part of the setup was switching off the builtin NAT and running it in AP mode; you can’t do it from the iOS app. The second hardest was discovering that the app artificially limits you to short passwords; the web GUI will let you enter up to 63 characters, as expected for WPA2-PSK.

Preliminary results look good. I may tweak the placement of the units (I just grabbed the first available power and ethernet, since the old wireless is still running), and turn on the optional beamforming, etc. At the very least, I should get better performance on my front porch.

I figure it’ll take me a few days to find all my wireless devices and switch them over. :-)

Update

The optional beamforming is off by default for a reason. It apparently has disconnect issues.

Reading through the manual for an LG TV, I came across the following line in the notes:

When connecting via a wired LAN, it is recommended to use a CAT 7 cable.

This must be for the Skynet upgrade, so when your TV asks you to upgrade to a 10 gigabit switch and add multiple fiber drops to the house, just say “no”.

I figure it’ll start crying like a little girl when I plug it into the 5-year-old gigabit switch that connects to the 50Mb/s cable line through the house’s Cat 5 wiring.

“​…is a delicate matter”.

There’s a new MacBook Pro waiting on my desk when I get there today. It needs a name.

My first MBP at this company was named Exodar. Once I purchased a much-faster personal one with a Japanese keyboard, named Togetsukyou, I mostly used it for testing and virtual machines. Both flaked out years ago, and almost precisely three years ago they bought me a new one, which I named HelloParty. That one is down to one working USB port, which I should be able to get fixed under AppleCare after I migrate to the new one (giving me a good test machine again).

Other entries in my stable are Mone (Raspberry Pi), Melwin (Mac Mini), Courier (Surface Pro 2), Ririka (old Asus gaming laptop), Bentenmaru (less-old Asus gaming desktop), and Akatsuki (OpenBSD router).

My initial thought, due to the fact that it has the non-tactile touch-strip that replaces the top row of the keyboard, was to call it NoEscape, but that would get depressing after a while.

Currently I’m thinking either Macchi or Sakie. Leaning a bit toward Sakie, because as a laptop it won’t be running headless…

Any other suggestions?

Friday Update

Sort-of-contest extended, because it turns out the Mac that arrived wasn’t mine! I was getting ready to start migrating all my data over, and mentioned being sad about only getting the 512GB SSD instead of the 1TB I wanted, and one of the other guys said, “no, we got approval for the 1TB SSD; this must be someone else’s.”

So, I bought a Raspberry Pi 3 recently, and since I had no immediate plans to dabble in hardware-hacking, went with the official starter kit, so that I’d get a known tested international power supply, a decent case, and a cute little compact keyboard. (also a three-button mouse and an HDMI cable)

Everything worked perfectly out of the box, including auto-detecting the 1920x1200 resolution of my little Eyoyo 10″ monitor. Then I ran the software updates, rebooted, and poof, no more display. After confirming that the Pi still booted, grabbing the latest image, and booting in safe mode, I discovered that the only way to get a fully-updated Raspbian Jessie or Stretch install to show video on the Eyoyo was to add something like this to /boot/config.txt:

hdmi_force_hotplug=1 #insist there's a monitor there
hdmi_ignore_edid=0xa5000080 # don't query the monitor
hdmi_group=2 # use monitor-style resolutions
hdmi_mode=69 # use 1920x1200, 60Hz
hdmi_drive=2 # turn on HDMI audio

But then I can’t plug it into anything else without either blindly booting to safe mode or ssh-ing in, changing the config, and rebooting. After a fruitless (heh) search of forums and FAQs, I went through the download archives and found the first Jessie release after the Pi 3 came out (2016-02-26). It worked perfectly. A quick binary search between that and the last Jessie release revealed that the last release that correctly auto-detected my monitor was 2017-01-11. None of the Stretch releases work, and the release notes for Jessie 2017-02-16 don’t have anything that screams “hey we broke the EDID parsing”.

But that appears to be what they did. Adding one line to my config re-enabled auto-detection on the Eyoyo:

avoid_edid_fuzzy_match=1

It came up as 720p, but that’s better than “blank”. Adding this commonly-FAQd line brought it to a more reasonable 1680x1050, while still allowing it to work with other monitors:

hdmi_group=2

So, a quite pleasant out-of-the-box experience, a disaster of an update, and the recovery process boils down to “mount the SD card on your PC/Mac, Google for help, then blindly tinker with /boot/config.txt until you get it working again.”

I suppose this is one way to find all the future sysadmins in your fifth-grade classroom…

I do have one specific project in mind for work. Now that we’re in a new building with lots and lots of windows, I should be able to get a decent view of the sky and build Pi-based stratum 1 ntp servers.

Oh, and I named it Mone. Because inside every Pi is delicious cake.

Update

I just installed FreeBSD 12-CURRENT, which doesn’t support wireless, but gave me a completely different OS to test against. It bootstraps itself using the same sort of config.txt, and sure enough, it also requires setting avoid_edid_fuzzy_match=1 to work with my monitor.

Update 2

Just to round things out, I installed Ubuntu MATE as well, and since it’s not as up-to-date as Raspbian, it auto-detects fine. It’s subtly broken in the typical Ubuntu way (can’t run the GUI software updater, and updating from CLI broke several things, including Firefox), so I won’t use it for anything. I expect that it’ll pick up the EDID bug in the next release.

By the way, I’m booting all this stuff off of a 5-pack of 16GB MicroSD cards, stored in this cute little holder. This little Anker USB3 card reader is the fastest and most useful I’ve found for imaging MicroSD cards and mounting the /boot partition to fix the config file.

Update 3

So, OpenSUSE has a 64-bit build. It installed cleanly, so I let it run a whole bunch of updates, and then I decided to see if the performance was better for things like watching video. So I opened up Firefox and went to Youtube. Or, more precisely, I tried to go to Youtube, because Firefox absolutely refused to open the page, claiming that it used outdated encryption that was evil and fattening and probably voted for Trump. There appears to be no way to say, “just fucking open the site, okay?”.

1. rubygems.org is like someone tried to reimplement CPAN with crayons and a dumpster.

2. most of the Ruby community thinks an API dump is documentation. Some of them don’t even supply that.

3. 90% of FAQs assume you’re using Rails. Maybe 95%.

4. I got bad flashbacks to Pascal from having to put function definitions at the top. Yeah, whatever.

5. “our {} is different” will trip me up for years.

6. not being able to freely break lines mid-expression is annoying.

7. googling for help always returns obsolete 10-year-old results (“thanks, pagerank!”).

8. manual type conversion == stone knives and bearskins.

9. ri is like someone tried to reimplement perldoc with chalk. In the rain.

Anyway

I had a tiny project that had minimal dependencies. The Perl version flowed from my fingers like water, naturally, but the logic was trivial, and all it needed was a TOML parser and some random numbers, so it seemed like it would be easy to try out in Ruby. And I can even say something nice about the language: shuffle() and uniq() are core array methods.

A related script generates an improved Japanese Diceware ruleset using JMdict, but I haven’t found a full-featured romanization gem, and the advice about XML parsing is all over the map. Perl’s XML::Twig and its simplify() method have really spoiled me; I ended up having to mix Nokogiri::XML::Reader with Nori.parse, and then write my own force_arrays() function to emulate one of the most useful features of simplify(). The result is still only a crude approximation of what I can do with XML::Twig, but it suffices for this project.

While I’m complaining, the following gang-bang expression is not equivalent to the assignment version, which produces a sorted random unique subset of the array. Instead, you get the unsorted complement of the desired slice, unless the array was already unique, in which case Ruby blows chunks. This is, um, non-obvious.

words.uniq!.shuffle!.slice!(0,7776).sort!
words = words.uniq.shuffle.slice(0,7776).sort

On an unrelated note, I was amused to discover that the only useful PDF-generating gem still doesn’t support clipping paths, and while the authors claim it can easily be extended to support additional low-level PDF operators, that feature is not mentioned anywhere in the documentation or code…

Why play with Ruby in the first place? An old friend and on-again co-worker is a real zealot. Of course, our uses of scripting languages are very nearly orthogonal, to the point that many of the reasons I keep bouncing off of Ruby are things he never sees.

And, yes, I continue to be offended by Python’s use of indentation, although I’ll tolerate it at small scale to play with Ren’Py and CircuitPython. It’s heavily pushed on the Raspberry Pi as well, but at least there I can run Emacs and Perl, as Ghod intended.

The Amazon Basics Computer Speakers are not well-shielded, and by that I mean they pick up local radio stations when the volume knob is at roughly 50%, and my hand acts as a convenient antenna when I adjust the knob. This defect is well-known, but buried by the mostly-positive reviews.

Apparently some people have had luck playing RMA roulette, but it’s pretty faint, so I think I’ll just ask Todd for some ferrite beads. Useful having a fully-stocked hardware department in your company. (and ohboy is it going to be fun to move that to the new building next month; some of his stuff isn’t going to fit into the elevator…)

Update

Found some ferrite beads around the house, and adding them didn’t help. The radio signal was stronger this morning, enough that I could understand the ads, so back they go. Fortunately there’s an Amazon locker at the mall, so all I have to do is drop them off on the way to work.

Replacement!

Friday morning I dropped off the RMA and ordered these instead for $3 more. They’re the best-seller in the category, and it looks like I bought them just in time, since they’re out of stock now. With standard two-day Prime shipping, they were on my porch Saturday morning when I went out to feed the cats. They’re about twice the size of the Amazon Basics speakers, with much better sound, and no radio interference.

My 7″ 1280x800 monitor got a bit flaky during the data center move, and while it survived, the screen quality will never be quite the same, so I picked up an Eyoyo 10″ 1920x1200. The blindingly bright blue power LED needed covering with gaffer tape, but the image quality is excellent, and it even has speakers. Works great with my Mac, but even though my Surface Pro 2 detects it and shows its resolution, for some reason it doesn’t send a video signal out to it via HDMI. I tried two different mini-Displayport adapters and a brand new high-end cable, so I suspect HDCP handshake issues.

[Update: there’s something a bit odd about the Eyoyo monitor; when I first plugged it into my new Raspberry Pi 3, it worked perfectly, including showing the splash screen, but ever since, it only works if I force-select a video mode. Still works fine with the Mac, but it simply cannot auto-sync with the Pi, or show anything from the Surface Pro 2, which makes it “less than versatile”]

While setting up my cube in the new building (which included swapping the desk pieces around and adding a partial roof), I decided to ditch the crufty old USB2 hub I was using in favor of an Anker 10-port USB3 with fast charging support. Mostly because the right-hand USB port on my MacBook Pro went out a while back. Maybe after the holidays I’ll send it in for service; I think the AppleCare runs until February.

Those were easily justified purchases, but in the nearly-pure toy department, I picked up a TrueRNG3 USB hardware random number generator. Automatically supported in Linux, works on a Mac if you manually send the output to /dev/random, and they have a Windows driver. Sadly, while OpenBSD 6.2 supports several USB HRNG, it looks like the TrueRNG isn’t one of them. Yet.

I don’t have dieharder test output from it at the moment, because it only delivers 50 KB/s of random bits, but ent really likes its output. The vendor claims to pass the dieharder tests, but doesn’t say how long it took to generate enough samples (some of the tests consume a lot of bytes).

Why am I trying to improve the quality of my random numbers? Because I’ve been playing with random passphrase generation again, using a rule-based generator that lets me feed in a variety of patterns and dictionaries, for Diceware-style generation with calculated entropy. For instance, one script generates an improved romanized Japanese diceware list, based on the word-frequency rankings in JMdict, and I can do side-by-side comparisons between different lists to see how easy the results are to remember. Side note: the EFF wordlists are a nice improvement on the original English 5-dice lists, and they’ve got two nice 4-dice lists as well, with interesting properties.

For real fun, I set my generator up to allow mixing multiple rulesets, which is a relatively minor increase in entropy, but definitely more entertaining (especially if you include the Lord Of The Rings ruleset…).

And it also let me prototype an updated syllable-based system using polyhedral dice. Cut out and save!

+--------------------------------------+--------------------------------------+
|     Random Passphrase Generator      |      Digits, Specials, Uppercase     |
|                                      |                                      |
|  1  2  3  4  5  6  7  8  9 10 11 12  |     1  2  3  4  5  6  7  8  9  0     |
| -----------------------------------  |     @  #  %  $  !  |  &  _  ,  :     |
|  s  v  p  h  f  k  r  t  j  m  w  b  |     A  B  C  K  N  Q  T  X  Y  Z     |
|                                      |     +  -  *  /                       |
|       1   2   3   4   5   6   7   8  |                                      |
|   +--------------------------------  |     d12 * d8 * d6 = 9.17 bits        |
| 1 | eth  id  ol  eg  od  az  it  el  |     var/op/digit = 8.64 bits         |
| 2 |  ug  og  an  as  on  ar  is  al  |     d10 = 3.32 bits                  |
| 3 | ath  ay  ot  iz  us  os   a   e  |     d4 = 2 bits                      |
| 4 |  et  il   u  ed  ig  uz oth   o  |                                      |
| 5 |  oy  ul  ag  en  un  oz  or  es  |     10 syl ~ 14-char random ASCII    |
| 6 |  ad  ez ith  ut   i  ud  in  at  |     12 syl > 16-char random ASCII    |
+--------------------------------------+--------------------------------------+

(this table shouldn’t wrap on most screens, but for some reason it does in Chromium on my shiny new Raspberry Pi at 1920x1200, unless I zoom the font size to 80%, 110%, or 200%; some odd scaling in the version of Bootstrap I’m using, I guess)

Most people never find the old Diceware tables for generating syllables, special characters, etc. They’re buried in the original mailing-list post for Diceware, and aren’t referenced in the current HTML pages. Most of them aren’t particularly useful, but if your password policies require some combination of upper-case, special characters, and digits, they’re better than just appending “A1!” to every password. My var/op/digit rules above exist for the same reason; I find it pretty easy to remember “Z/4” or “X+2”.