Homelab Adventures Continue

My updates here have been few and far between, mostly because I’ve been writing for other entities (when I’m in the mood to write at all). But sometimes I’m working on things where my own blog is the most appropriate outlet.

Longtime followers may recall my homelab efforts. My work in the homelab had, until now, largely been stymied by my dependence on Apple’s anemic Airport Extreme hardware, and an Airport Express to bridge my downstairs homelab to my upstairs cable modem. This is no longer a problem.

Over this past weekend, my wife and I ran some CAT6 cable to set up a wall port near the cable modem and another one near my server rack. Now the cable modem’s ethernet out patches into the wall jack, which comes out the other end in my home office. I’ve temporarily put a straight patch cable between the wall jack and the eth1 interface of my Dell PowerEdge 1950 server, which now runs pfSense and acts as my router/firewall. I say this patch is temporary because I’m going to be standing up a new Force10 S50 switch in the server cabinet, and the smaller (now saturated) Cisco SG300-10 is going to move upstairs to the living room. The cable modem will patch into the new Force10 switch, and the firewall will see that network as just another tagged VLAN.

Why put a layer 3 switch upstairs? WiFi. I’ve broken up the illicit partnership that Apple had spawned between routing/firewall functions and WiFi access point. As it turns out, Apple wasn’t great at any of those things. So what am I using now for WiFi?

Ubiquiti UniFi UAP-PRO. Right now I’ve got it sharing two different WiFi networks:

  • authenticated network for my household and our devices
  • unauthenticated network for everybody else (guests, neighbors, etc)

The unauthenticated network has its SSID attached to a special transparent Tor proxied VLAN. Yes, I’m actually using a Raspberry Pi for right now as the Tor gateway. I expect that to be replaced by a very small virtual machine this summer. Anybody who attaches to this network will have their traffic transparently proxied through the Tor network. Fringe benefit: you can directly access .onion hidden services without any special client-side configuration if you attach to this wireless network.

Right now I’m really loving the Ubiquiti gear. My Mac Mini is currently hosting the configuration daemon, but I expect to migrate that to a Docker container soon. It’s giving me a lot more control over my wireless networks. I can see what the traffic trends look like, who are my most active guests, what sort of traffic volume are they passing, etc.

pfSense was up and running in minutes. I pretty quickly added a transparent Squid proxy without any issues, and bootstrapped IPv6 without too much trouble (though this is one thing Apple did do a better job of).

State of the Nerd Report

I’ve never really consistently given this personal blog of mine much love. Instead, I’ve tried to support larger soapboxes from which to either share my own stories or coordinate and recruit for others.

I’ve done a good bit of writing over the last couple of years for Red Hat, and now for Bronto. I had a piece on OpenSource.com that got a good bit of traction. But most of my writing for the last four months has been going into Autism Daily Newscast.

ADNewscast reached out to me last December through social media and asked if I might like to contribute a guest article from the perspective of an Autistic professional to help others like me to get started in their careers. I submitted the article, and it was well-received, so they asked if I’d like to write another.

Next thing you know, I’d become a Staff Writer, and was in charge of the weekly Careers column. I don’t always know what I’m going to write about next, but it’s been good for me to knock out an article every week and to get into the habit of writing regularly.

Then last week my Editor in Chief asked if I’d like to take on a larger role with the site and join the team of Editors. I did accept that role, and it’s proving to be a rewarding one.

I am autistic. This is not something that was known to me or the people around me for most of my life. But I know it now. And so much of the mysteries of my life make sense now. How come people sometimes say I talk too much? Or too little? How come I sometimes don’t know when to shut up? Or sometimes I can’t speak at all? Why, during periods of prolonged stress (often over really petty things) do I hide in a dark, quiet place and just silently decompress? Why do I have a long trail of broken but intense friendships smoldering in my wake? Most of these mysteries have now been answered with that new fundamental understanding of my self.

I’ve since been “out” about it more. I’ve made my needs known. I’ve engaged in self-advocacy, because those who claim to speak for people like me are often not themselves autistic. The largest Autism advocacy groups that you can think of have no legitimacy. So now I have to face people who dismiss me as being “too high functioning to understand their child’s needs”.

Thirty years ago, I was your autistic child. I was the kid that quietly read the dictionary from cover to cover, and then moved on to the encyclopedia. I was the kid who had memorized the taxonomic classification of every fish species in the public aquarium. I was the kid who would “spaz” (melt down) or simply and quietly shut down when things got to be too tough. I was the kid who was always being told “look me in the eye”, even (especially) when it seemed impossible for me to do so.

I know what it means to be that autistic kid, even if I didn’t know that I was autistic at the time. I’m very comfortable in knowing that I’m in a stronger position to advocate for autism than the parents who have never walked a mile in my own shoes.

As such, I’ve largely been disengaged from tech geekery at home for awhile. I’m getting more and more plugged in to the community of my peers, finding my voice, getting more comfortable with the knowledge that I am different and I do need and deserve some understanding in order to better succeed in this world.

And I’m not going to fight this just for myself; I’m going to fight it so my autistic daughter, who I understand better than Autism Speaks ever will, can enjoy a better chance of success when it’s time for her to live as an adult in this world that will never understand her.

Patterns for Success – Landing the Job: An Overview

Welcome to my first of what I hope will be many contributions to the Autism community via Autism Daily Newscast. As a high functioning autistic person with a well-established career in the software industry, I expect to research and share with you patterns for success in your career endeavors. While it is frequently a challenge, I’m convinced that success can be yours.

read more

Service Oriented Architecture vs. Dunbar’s Number

I’ve got a bit of a problem in that I spend most of my career working in engineering space, but most of my thought capital is spent on larger problems of organizational design, technical strategy, laying down foundations today for problems we’re going to need to solve in a year or more. This frustrates my bosses to no end, who just want me to build a server or swap a bad hard drive out or any other of a number of mundane day to day sysadmin tasks. I’m left without much of an outlet for this stuff besides meetup groups and, when I find the time, blogging. Thanks for humoring me.

One of my frequent frustrations is we tend to carry too much legacy around in how we work, in how we organize. We do things all wrong because, well, that’s how we’ve always done it. But I’m thinking farther out, and I see many operations teams on a collision course with the hard limits of the human brain. To wit: the hierarchical limitations of Dunbar’s number and the human neocortex.

(more…)

create a tor-only VLAN with a Raspberry Pi

I’m a big fan of the Tor Project. It’s really encouraging to see more people using it, and more people setting up bridges, relays, and exit nodes.

What I’d like to see more of is publicly available networks that transparently redirect clients’ Internet connectivity through Tor. My first step here is going to be aimed more at someone with the means by which to set up many wireless access points on a campus, like perhaps an office building or a University. In these environments, it is typical for wireless networks to be created on different VLANs, with multiple SSID’s advertised, and each SSID being linked to a different VLAN. Often you might have a staff SSID and a guest SSID.

But because the host is concerned about bad behavior or misuse of the guest network coming back to haunt them, access is extremely locked down. Perhaps they only allow simple web browsing and nothing more. And access is not granted without knowing a guest network password, or having to go through a captive portal.

Let’s dispense with all of that and use an inexpensive Raspberry Pi Model B to create a Tor-only guest VLAN. (more…)