From 90f2a7cba2b7a778414c49f4e6337a28474acef9 Mon Sep 17 00:00:00 2001
From: lf- <software@lfcode.ca>
Date: Tue, 9 Mar 2021 04:27:30 -0800
Subject: [PATCH] cleanup posts

---
 content/posts/dell-xps-15.md                  | 71 -------------------
 .../how-to-have-a-functional-dhcrelay.md      | 28 --------
 content/posts/i-have-rss-now.md               |  2 +-
 content/posts/introducing-my-new-theme.md     | 24 -------
 ...-to-be-set-automatically-from-kickstart.md | 22 ------
 content/posts/nginx-try_files-troubles.md     |  4 +-
 content/posts/setting-up-dhcp-on-a-dc.md      | 42 -----------
 ...ction-they-are-taking-may-compromise-it.md | 27 -------
 content/posts/the-road-to-ethical-iot.md      | 16 -----
 content/posts/vundle-y-u-do-dis.md            | 20 ------
 .../posts/why-do-my-bridges-not-work-1-one.md | 18 -----
 11 files changed, 3 insertions(+), 271 deletions(-)
 delete mode 100644 content/posts/dell-xps-15.md
 delete mode 100644 content/posts/how-to-have-a-functional-dhcrelay.md
 delete mode 100644 content/posts/introducing-my-new-theme.md
 delete mode 100644 content/posts/ms-documentation-sucks-or-how-i-got-my-vm-hostnames-to-be-set-automatically-from-kickstart.md
 delete mode 100644 content/posts/setting-up-dhcp-on-a-dc.md
 delete mode 100644 content/posts/software-should-respect-the-users-privacy-and-inform-them-of-when-an-action-they-are-taking-may-compromise-it.md
 delete mode 100644 content/posts/the-road-to-ethical-iot.md
 delete mode 100644 content/posts/vundle-y-u-do-dis.md
 delete mode 100644 content/posts/why-do-my-bridges-not-work-1-one.md

diff --git a/content/posts/dell-xps-15.md b/content/posts/dell-xps-15.md
deleted file mode 100644
index f52b799..0000000
--- a/content/posts/dell-xps-15.md
+++ /dev/null
@@ -1,71 +0,0 @@
-+++
-author = "lf"
-categories = ["linux", "arch-linux", "hardware", "laptop", "dell-xps-15"]
-date = 2018-03-18T07:12:05Z
-description = ""
-draft = false
-path = "/blog/dell-xps-15"
-tags = ["linux", "arch-linux", "hardware", "laptop", "dell-xps-15"]
-title = "Dell XPS 15: \"I can't understand why some people _still_ think ACPI is a good idea..\" -Linus Torvalds"
-
-+++
-
-I got my new machine in the mail, an XPS 15 bought on one of the numerous sales which pretty much happen every couple of days, and while most of the hardware is amazing compared to my previous machine (a beat-up X220), there are some significant hardware issues that need to be worked around. Besides, of course, the fact that the keyboard and lack of trackpoint is objectively inferior to the previous machine. <!-- excerpt -->
-
-The first thing that many people may do after booting up a new machine on any operating system is to make sure they got what they paid for, and check detected hardware. So, naturally, I run `lspci`... and it hangs. I could change virtual console, but it said something about a watchdog catching a stalled CPU core. Fun! Off to Google, which states that it's the NVidia driver, specifically related to Optimus (which, by the way, [this video](https://youtu.be/MShbP3OpASA?t=48m13s) remains an excellent description of). So I blacklist it, and lspci seems to work fine. Next, I install X and all the other applications I want to use, and being a sensible Arch user, I read the Arch wiki on the hardware, which states that the dedicated graphics card will use a lot of power if it isn't turned off.
-
-So, I turn it off. For this, I use `acpi_call` with a `systemd-tmpfiles` rule to turn it off at boot. The setup is as follows:
-
-```
-~ » cat /etc/tmpfiles.d/acpi_call.conf
-w /proc/acpi/call - - - - \\_SB.PCI0.PEG0.PEGP._OFF
-~ » cat /etc/modules-load.d/acpi_call.conf
-acpi_call
-```
-
-Next, I get to work doing some programming on it. It was a massive improvement on the previous hardware on account of having a 1080p screen instead of a 1366x768 device-usability-eliminator. However, my terminal-based vim sessions kept getting disturbed by messages such as the following:
-
-```
-kernel: pcieport 0000:00:1c.0: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=00e0(Transmitter ID)
-kernel: pcieport 0000:00:1c.0:   device [8086:a110] error status/mask=00001000/00002000
-```
-
-After looking in the wiki again, I set `pci=nommconf` in the kernel options. At this point I was entirely unconvinced that the `acpi_rev_override=1` stuff was necessary since I got rid of any NVidia software that could possibly break my machine.
-
-Satisfied with my handiwork, I put the machine into service, and took it to school. Naturally, one may want to put a machine into sleep mode if it is not in use. Unfortunately, doing so was causing it to lock up upon any attempt at waking it. Another strange behaviour that I had been starting to notice at this point was that Xorg could not be started more than once a boot due to the same hard lock issue.
-
-As it turns out, this was again the same issue as the sleep, which is fixed by the `acpi_rev_override=1` in the kernel parameters. I had been dissuaded by the Arch developers disabling `CONFIG_ACPI_REV_OVERRIDE_POSSIBLE` at some point in the past, which was what was suggested by an outdated forum post (lesson learned: do more research on things which could easily change), but they reenabled it recently.
-
-So, finally, the situation:
-
-- Power management appears to work correctly
-- Battery life is incredible (but could probably be hugely improved to "ridiculous")
-- The touchpad is a touchpad, which means it sucks, although it is one of the better ones
-- There is a significant and very annoying key-repeatt isssuee which happens on occasion, some users have reported it also occurs on Windows. It has happened at least 5 times while writing this post.
-- I hadn't noticed this earlier, but the *keyboard has a tendency to scratch the screen* while the laptop is closed. Since this is a thoroughly modern machine, there isn't really space to just shove a microfiber cloth between the screen and keyboard like I had done with my X220 with missing rubber standoffs.
-
-### Would I recommend buying one?
-
-**Maybe**. For my use case, it made sense since I want to have a dedicated GPU which can be used in Windows for CAD work. The hardware with the exception of the keyboard and trackpad is very nice, especially for the price (a bit more than half what Apple charges for a similarly specced MacBook Pro 15"). If you don't need or want a dedicated GPU, ***buy another machine***. NVidia still has awful Linux problems.
-
-Which machine? Probably a ThinkPad since they have very good Linux support right out of the box. That being said, I acknowledge that Dell has a group dedicated to Linux support on their hardware, and both companies have similar complete lacks of desire to lift a finger with regards to pressuring their fingerprint reader vendor (the same one for both companies!) to release the driver spec.
-
-Since Linus Torvalds provides such excellent material to quote,
-
-<pre><code>The thing is, you have two choices:
- - define interfaces in hardware
- - not doing so, and then trying to paper it over with idiotic tables.
-
-Sadly, Intel decided that they should do the latter, and invented ACPI.
-
-There are two kinds of interfaces: the simple ones, and the broken ones.
-
-<...>
-
-The broken ones are the ones where hardware people know what they want to
-do, but they think the interface is sucky and complicated, so they make it
-_doubly_ sucky by then saying "we'll describe it in the BIOS tables", so
-that now there is another (incompetent) group that can _also_ screw things
-up. Yeehaa!
-</pre></code>
-
diff --git a/content/posts/how-to-have-a-functional-dhcrelay.md b/content/posts/how-to-have-a-functional-dhcrelay.md
deleted file mode 100644
index 3c82193..0000000
--- a/content/posts/how-to-have-a-functional-dhcrelay.md
+++ /dev/null
@@ -1,28 +0,0 @@
-+++
-author = "lf"
-categories = ["Windows Server", "dhcp", "linux", "homelab"]
-date = 2016-03-05T05:20:54Z
-description = ""
-draft = false
-path = "/blog/how-to-have-a-functional-dhcrelay"
-tags = ["Windows Server", "dhcp", "linux", "homelab"]
-title = "How to have a functional dhcrelay"
-
-+++
-
-I'm dumb. Or ignorant. Or inexperienced. I haven't decided which.
-
-`dhcrelay` only gets proper responses if it's listening on both the interface that it's actually listening on for requests and the one where it will get the responses.
-
-My command line for it to forward dhcp requests to my Windows dhcp server in my virtual lab is:
-
-    /usr/bin/dhcrelay -4 -d -i eth1 -i eth2 10.x.x.x
-
-`eth1` is the interface with the Windows dhcp server on its subnet
-
-`eth2` is the interface with the clients on it
-
-`10.x.x.x` is the address of the Windows dhcp server
-
-This is run on my arch (yes, I know. Debian took longer than Windows to install. The only stuff on it is in `base`, `vim`, and `dhcp`) gateway VM. I could also stand up a Windows box and have it do NAT, but that doesn't use 512MB of RAM nearly as happily.
-
diff --git a/content/posts/i-have-rss-now.md b/content/posts/i-have-rss-now.md
index be471a5..7caa919 100644
--- a/content/posts/i-have-rss-now.md
+++ b/content/posts/i-have-rss-now.md
@@ -9,7 +9,7 @@ title = "I have an RSS feed now"
 Hello!
 
 The full content on this site is available by RSS at
-https://lfcode.ca/rss.xml. I can make no promises as to how fabulously RSS
+<https://jade.fyi/rss.xml>. I can make no promises as to how fabulously RSS
 readers will render the full post contents without some kind of styling, but
 they are included.
 
diff --git a/content/posts/introducing-my-new-theme.md b/content/posts/introducing-my-new-theme.md
deleted file mode 100644
index 67c8352..0000000
--- a/content/posts/introducing-my-new-theme.md
+++ /dev/null
@@ -1,24 +0,0 @@
-+++
-author = "lf"
-categories = ["meta", "ghost"]
-date = 2016-03-06T04:40:37Z
-description = ""
-draft = false
-path = "/blog/introducing-my-new-theme"
-tags = ["meta", "ghost"]
-title = "Introducing my new theme"
-
-+++
-
-Recently, I had enough of the Arabica theme for Ghost. Put simply, it was ancient, didn't look that great anyway, and was missing a bunch of newer Ghost features.
-
-Its replacement is a fork of lanyon-ghost, itself a fork of lanyon (a theme for Jekyll).
-
-Currently, all I've changed is the fonts, and I switched the homepage to display full posts, as it's quite irritating to have to click on each one to read it (while I'm at it, it would be *great* if Ghost allowed to put a mark where the fold in the page is, so that longer posts don't eat up all the space on the page).
-
-The fonts in use are the beautiful Charter (main content), Fira Sans (headings, other text), and Source Code Pro (monospace/code).
-
-There's also an author page that shows the author's description, image and such along with their posts.
-
-Here's the code: https://github.com/lf-/lanyon-ghost
-
diff --git a/content/posts/ms-documentation-sucks-or-how-i-got-my-vm-hostnames-to-be-set-automatically-from-kickstart.md b/content/posts/ms-documentation-sucks-or-how-i-got-my-vm-hostnames-to-be-set-automatically-from-kickstart.md
deleted file mode 100644
index d8d743c..0000000
--- a/content/posts/ms-documentation-sucks-or-how-i-got-my-vm-hostnames-to-be-set-automatically-from-kickstart.md
+++ /dev/null
@@ -1,22 +0,0 @@
-+++
-author = "lf"
-categories = ["hyper-v", "linux"]
-date = 2016-12-18T04:46:03Z
-description = ""
-draft = false
-path = "/blog/ms-documentation-sucks-or-how-i-got-my-vm-hostnames-to-be-set-automatically-from-kickstart"
-tags = ["hyper-v", "linux"]
-title = "MS Documentation sucks (or how I got my VM hostnames to be set automatically from kickstart)"
-
-+++
-
-I wanted to automate my linux VM deployment on my Hyper-V based lab infrastructure. One small flaw: while DHCP does automatically update DNS, it does *not* do too much when your VM is named "localhost". I wanted to make the fedora deployment completely automated... which it is after I wrote a kickstart, except you can't get into the new box because you can't find its IP address.
-
-I wrote a small tool to deal with this issue:  
-https://github.com/lf-/kvputil
-
-You want the variable `VirtualMachineName` in `/var/lib/hyperv/.kvp_pool_3`.
-
-Documentation that took way too long to find:  
-https://technet.microsoft.com/en-us/library/dn798287.aspx
-
diff --git a/content/posts/nginx-try_files-troubles.md b/content/posts/nginx-try_files-troubles.md
index 8bdf860..62481d1 100644
--- a/content/posts/nginx-try_files-troubles.md
+++ b/content/posts/nginx-try_files-troubles.md
@@ -9,7 +9,7 @@ title = "nginx: how to try multiple roots successively"
 As part of developing this new version of this site, I've needed to mess with nginx a lot to switch from Ghost to Gatsby, especially when related to hosting files out of multiple directories.
 <!-- excerpt -->
 
-Specifically, this site is deployed by `rsync`ing the production version of the site onto the server behind `lfcode.ca`. I want to be able to use --delete to get rid of any old files for reliability reasons (don't want to rely on stuff that's not supposed to be there accidentally). Additionally, I am hosting static files at the root of `lfcode.ca`, which I don't want to manage with Gatsby.
+Specifically, this site is deployed by `rsync`ing the production version of the site onto the server hosting it. I want to be able to use `--delete` to get rid of any old files for reliability reasons (don't want to rely on stuff that's not supposed to be there accidentally). Additionally, I like being able to host random files on the server, which I don't want to manage with Gatsby.
 
 What this means is that I need the server to try in order:
 - serve the file from the Gatsby directory
@@ -17,7 +17,7 @@ What this means is that I need the server to try in order:
 - serve it from the untracked static files
 - 404
 
-There are countless StackOverflow posts on this exact issue, but for various reasons, they have their own issues.
+There are countless StackOverflow posts on this exact issue, but none were quite right for my use case.
 
 One popular suggestion is to set the `root` to some directory above both content directories then use something like `try_files dir1$uri dir1$uri/ dir2$uri =404;`. This works... nearly.
 
diff --git a/content/posts/setting-up-dhcp-on-a-dc.md b/content/posts/setting-up-dhcp-on-a-dc.md
deleted file mode 100644
index 9decb46..0000000
--- a/content/posts/setting-up-dhcp-on-a-dc.md
+++ /dev/null
@@ -1,42 +0,0 @@
-+++
-author = "lf"
-categories = ["PowerShell", "Active Directory", "dhcp", "dns"]
-date = 2015-11-14T22:20:48Z
-description = ""
-draft = false
-path = "/blog/setting-up-dhcp-on-a-dc"
-tags = ["PowerShell", "Active Directory", "dhcp", "dns"]
-title = "Setting up DHCP on a DC with secure dynamic DNS"
-
-+++
-
-So, in my virtual homelabbing, I decided I was going to get a Windows based network set up with more or less only PowerShell. In these efforts, I discovered a pretty poor pile of documentation (such as [this insanity](https://technet.microsoft.com/en-us/library/cc774834%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396) where they tell you to create credentials with netsh, restart the service, then delete the credentials and restart again [optional step: wonder why it doesn't work]).
-
-####Here's how I set it up:
-#####Create AD account:
-```powershell
-# Get username and password for the new account (remember to include your domain!)
-$cred = Get-Credential
-
-# Create the user (it needs no special permissions)
-New-ADUser -Enabled $true -SamAccountName $cred.UserName -AccountPassword $cred.Password
-```
-#####Make the DHCP server use it:
-```powershell
-# Set the credentials for the DHCP server
-Set-DhcpServerDnsCredential $cred
-
-# Restart the DHCP Server
-Restart-Service DhcpServer
-```
-
-You're set!
-
-###Bonus:
-
-Also remember to set the DNS server to only allow secure updates!
-
-```powershell
-Set-DnsServerPrimaryZone -DynamicUpdate Secure
-```
-
diff --git a/content/posts/software-should-respect-the-users-privacy-and-inform-them-of-when-an-action-they-are-taking-may-compromise-it.md b/content/posts/software-should-respect-the-users-privacy-and-inform-them-of-when-an-action-they-are-taking-may-compromise-it.md
deleted file mode 100644
index cc3582a..0000000
--- a/content/posts/software-should-respect-the-users-privacy-and-inform-them-of-when-an-action-they-are-taking-may-compromise-it.md
+++ /dev/null
@@ -1,27 +0,0 @@
-+++
-author = "lf"
-categories = ["software", "software-politics"]
-date = 2019-03-31T01:14:29Z
-description = ""
-draft = false
-path = "/blog/software-should-respect-the-users-privacy-and-inform-them-of-when-an-action-they-are-taking-may-compromise-it"
-tags = ["software", "software-politics"]
-title = "Software that respects users' privacy must inform them if they are going to compromise it"
-featuredImage = "../images/fusionleak.png"
-
-+++
-
-Above is a STEP file from Autodesk Fusion 360. It contains personally identifiable information by default: it leaks their Autodesk username (in my case, my full name!) and a file path on the local computer, which could also contain the user's name as well as any other information they might have put in it. In this case, it identifies where a non-scrubbed version of this particular file is found. <!-- excerpt -->
-
-Fusion 360 does not tell you that this information is there. It does not display it in the interface either.
-
-This sort of metadata leaking is everywhere. For instance, I have no idea if I can get an email associated with the owner of a Google document if it is shared with me. It's not obvious if it is exposed in the UI, and if it is not, perhaps an API exposes it. This sort of issue is particularly insidious because it makes it easier to use a platform to conduct doxing attacks and makes it unclear whether people whose identities need to remain private can use a service.
-
-Metadata is more interesting than the data itself. This is a central concept in the NSA's phone surveillance: the content of a call can be surmised particularly easily by a computer simply by considering origin, destination and duration.
-
-The primary data in a file is usually completely generated by the user and is very unlikely to contain any PII unless they put it there themselves. Metadata on the other hand is frequently computer generated, is hard to read relative to the data itself, usually hiding in dialogs in dusty corners of the user interface, if exposed at all, and is likely to contain information about the user and their computer.
-
-If you are writing a program which generates files or other information which will be shared, *please* consider what you store as metadata with it. Do not store local paths on the user's computer in the file because they may compromise the user's privacy. *Show* the user what metadata is on the file when they are saving it. Everywhere in the interface where taking some action may reveal information as metadata to someone else, include a small block of text indicating what information that is and why it needs to be collected. Similarly to how [rubber duck debugging](https://en.wikipedia.org/wiki/Rubber_duck_debugging) works, you may notice while you're writing that statement that you don't need to expose some of the information. As much as Apple is a harmful company to the environment and to users' ownership of their devices, I have to commend them on their choice to include a small privacy icon wherever the user is agreeing to provide some information in the provision of a service.
-
-These metadata issues are something which really made me realize how fortunate and privileged I am to be in a situation where having my name published with CAD files is at best annoying. I can think of several people I know online for whom that would be catastrophic, and they are all from groups which have been and continue to be prejudiced against in society. If a team has people from those groups on it, it is far more likely to notice this type of privacy issue and prioritize it appropriately highly.
-
diff --git a/content/posts/the-road-to-ethical-iot.md b/content/posts/the-road-to-ethical-iot.md
deleted file mode 100644
index e0fd3b8..0000000
--- a/content/posts/the-road-to-ethical-iot.md
+++ /dev/null
@@ -1,16 +0,0 @@
-+++
-author = "lf"
-date = 2018-11-08T13:55:26Z
-description = ""
-draft = true
-path = "/blog/the-road-to-ethical-iot"
-title = "The Road to Ethical IoT"
-
-+++
-
-I very much subscribe to Stallman's ideas that the Internet of Stings is an oppression system, but there are also obvious benefits to having more things available to computers to automate. 
-
-The schism that currently exists between those two parties is largely because many IoT devices are fiercely proprietary devices that don't belong to the user, horrifying free software advocates. To make it worse, even those who find the lack of ownership acceptable detest the massive numbers of security issues in these systems caused by their code being quickly and poorly written, with development credentials or backdoors left intact at release. 
-
-Something must be done. An ethical IoT device must respect the user, first and foremost. Custom firmware should be allowed and encouraged, though perhaps after flipping a switch on the physical device to ensure malware doesn't take advantage of it. Network communication must be done through an audited outer layer which throws out any packets which are invalid and encrypted with the wrong key. An example of such a layer is WireGuard.
-
diff --git a/content/posts/vundle-y-u-do-dis.md b/content/posts/vundle-y-u-do-dis.md
deleted file mode 100644
index 29bc43a..0000000
--- a/content/posts/vundle-y-u-do-dis.md
+++ /dev/null
@@ -1,20 +0,0 @@
-+++
-author = "lf"
-categories = ["vim"]
-date = 2015-01-18T05:43:30Z
-description = ""
-draft = false
-path = "/blog/vundle-y-u-do-dis"
-tags = ["vim"]
-title = "Vundle, y u do dis"
-
-+++
-
-Now to start off with, I apparently can't read and feel quite stupid for wasting 30 mins of my life messing with this problem.
-
-Recently, I decided that vim was a good idea. So I commited to not avoiding it in favor of Sublime Text (I still need to fix the html stuff so that using Sublime isn't so damn tempting) and the editor-switching stuff has been going well.
-
-When I decided to stop stealing someone else's vimrc, I also switched to using Vundle instead of Pathogen. This ended up throwing a slew of strange errors *not even mentioning a shell* such as `Error detected while processing function vundle#installer#new..vundle#scripts#view:`. Googling this gave me a seemingly completely unrelated issue from 2010 (typical as of late sadly). After trying a few things like deleting .vim/bundle, nothing was seeming to work. So I went off to read the docs. After messing with the GitHub wiki, I realised that I'm a derp and should read properly. There was a section clearly labeled `I don't use a POSIX Shell (i.e. Bash/Sh)` to read about this.
-
-That being said, this isn't a totally useless I'm-an-idiot post, because gmarik could do something better. There could be detection of capabilities required, so that there's a pleasant error message stating what went wrong, rather than the current state of throwing a 20 line long error lacking entirely in description of **what** failed, and where. This is also partially vim's problem, because it could state that an error happened while executing shell code or similarly useful things.
-
diff --git a/content/posts/why-do-my-bridges-not-work-1-one.md b/content/posts/why-do-my-bridges-not-work-1-one.md
deleted file mode 100644
index 2bb16c4..0000000
--- a/content/posts/why-do-my-bridges-not-work-1-one.md
+++ /dev/null
@@ -1,18 +0,0 @@
-+++
-author = "lf"
-categories = ["homelab", "hyper-v", "lxd", "containers", "networking"]
-date = 2016-06-24T22:55:33Z
-description = ""
-draft = false
-path = "/blog/why-do-my-bridges-not-work-1-one"
-tags = ["homelab", "hyper-v", "lxd", "containers", "networking"]
-title = "Human error is the root of all problems, especially with network bridges"
-
-+++
-
-When in doubt, the problem is directly caused by one's own stupidity.
-
-I was trying to run an LXD host in a Hyper-V VM and went to set up bridged networking (in this case, *notworking*). Twice. The good old rule that it's caused by my stupidity rang very true. The problem was caused by the network adapter in the VM not having the ability to change the MAC address of its packets. The toggle is in the VM properties under advanced settings in the child node on the NIC.
-
-This is why you should have a routed network.
-