On Sunday I noticed something peculiar - our
VDSL NBN connection was still at it's usual maximum speed. This is not entirely out of the ordinary, as it'd frequently be synced at very nice rates after a disconnect, and then would slowly glide down again over the next few hours or days (on occasion) before disconnecting again. The peculiar thing was that it'd been up for 15 days!
Indeed, about two weeks before, friends of ours a couple of streets over had been off the NBN for about a week, and Telstra + NBNco were digging up the pits at the end of their street, and I assumed the two things were related. The Friday their internet came back on, ours went dark for a couple of hours, and when it returned, that's when the 15 days mentioned above started.
So I had the current sync rates at about 41 and 12, and the fact it'd been synced for about two weeks, and that was all I had to go on, as when I upgraded our NAS I neglected to put the graphing jobs back. Damn it.
So I spent Sunday and Monday night rewriting the jobs and getting them ready, then left them collecting data and sure enough, our internet is pretty solid at the moment. I'm fairly well impressed, I hope it stays that way! For comparison, see the 60-day report from March - quite a difference!
In the process of rewriting the jobs though, I ditched dpinger and simply grabbed the stats from the Unifi controller, which was already collecting and recording everything I wanted in the resolution I required anyway. I'll hopefully release the script at some point but for now it's too ugly to see the light of day.
I woke up this morning to an email from Keybase about my web-proof being deleted - it didn't sound right, but I have moved some things around so I guess it could have happened some time ago and they're just noticing it? Went to check the server out, and found a huge mess:
- Everything 403ing for some reason
- Unable to log in via SSH due to EPERM on authorized_keys.
- Unable to log in via the console because I can't paste root's password and it has symbols I can't manually type.
Fuck, no time to fix it, I have work to do!
Fortunately, I had a brief moment around lunch time to take a look at it, so I threw the machine into single user and set root's pass to something I can type. Ran
fsck on the filesystem, and it found some stuff, but nothing disastrous, and all the files are there, permissions look fine all the way up the tree, and yet I'm unable to
su to my own user due to EPERM:
su -m fwaggle
/usr/local/bin/bash: Permission denied
At this point I'm pulling my hair out and went to IRC to ask for ideas, where pez came to my rescue with a forum thread - these things happen if the perms on /. and /.. are too strict, and sure enough, mine are set to 700 for some reason. A quick
chmod and things are back to normal, but how'd this happen? I don't recall
chmoding anything yesterday, though I did use freebsd-update and upgraded all my packages also.
I'll have to file that one away though.
I've been chasing a Wii U for a while now, mainly for Duncan to play Super Mario Maker, but also because I'm a huge nerd and like collecting videogame consoles. I narrowly missed one last year that was ridiculously cheap, but since then I've not found one anywhere near my pain threshold, which is about a hundred bucks for the system.
Sabriena pointed out on Saturday that EB Games were having a sale on their ebay shop, 20% off all pre-owned stuff, and that put their Wii U premium consoles at about $130 shipped... so I slept on it. After some pondering, I decided to order it and have it "pick up from store", which is free, so it was around $120 all up, I can live with that. We picked it up Sunday around lunch time, along with a copy of Smash and... it won't read the disc. Considering the state the console arrived in (utterly filthy), I just assumed this one had slipped through their not-terribly-rigorous refurbishment process without a proper inspection and took it back.
The second one was substantially cleaner, but exhibited the same symptoms, so I took the game back. Unfortunately they didn't have another pre-owned copy of Smash, so I swapped it for Windwaker HD instead, and that worked.
Regrettably, I took the first console back before properly investigating things... because I'd bound my Nintendo Network ID to it, I couldn't re-add the account on my second console (presumably to limit piracy). Their suggestion is to use an SD card to transfer the profile, that would have been helpful to learn before I'd factory reset the first console and taken it back! After searching around online, found a phone number for Nintendo and resolved to call them on Monday.
Update 2018-08-13: Called Nintendo on Monday, they picked up super-quick after about three options on their phone menu. Didn't even get all the way through explaining the problem before the guy knew what I wanted, and after providing a bunch of security information and the serial number of the second console he put through the transfer request, and within about an hour I was able to add the NNID to the console again... so when I get another copy of Smash I gather I'll be able to play it online.
Update 2018-08-19: Super Mario Maker showed up later this week, and I neglected to mention Smash showed up Wednesday. I haven't managed to play anyone online (not sure if it's a server issue, an issue with my router/firewall, or my console is banned), but both games work flawlessly. I don't think I'll buy much else unless it's something I really can't get on the Switch, and as long as I don't pay too much for it (or I buy it somewhere like EB where I can trivially return it, though their WiiU selection is dwindling).
After reinstalling our NAS, and installing the UniFi controller on it, one of the few things left is HTTPS for it. I'm a huge fan of LetsEncrypt (if we're going to have the stupid CA system we have, we might as well democratize it!), and an even bigger fan of acme.sh.
One of the issues is that these are all services on my internal network - I've absolutely no interest in ever publicizing any of these services, so how to validate them for LE? Since I use Cloudflare for my domain, it seems a no-brainer that using their API for DNS validation is the obvious solution.
Unfortunately, FreeBSD's port of acme.sh doesn't install things where they need to be for it to work as others describe.
I had to copy the dns_cf.sh file from
/root/.acme.sh/, and since I was there I hard-coded my API key into it. Then it was a simple matter of specifying it as others do:
acme.sh --issue --dns dns_cf -d piglet.home.fwaggle.org -d nas.home.fwaggle.org -d unifi.home.fwaggle.org -d plex.home.fwaggle.org
Install the certificates as normal in Nginx, and set up a reverse proxy and I'm all set!