Category: Technology

---

---

To my regular readers: This is a nerd post that won’t interest most of you, for which I apologize. However, about half of the connections to this blog come from Google, from people who have searched for a topic that I have written about. This post is mainly for readers from Google who are interested in private VPN servers.

---

If you are interested in a private VPN server, then you already know why you need a VPN. But why do you need a private VPN? You need a private VPN because:

1. It’s impossible to know to what degree a VPN service can be trusted.

2. VPN providers charge too much. VPN service is cheap to provide. There are free services, such as Windscribe. But you have to wonder how they use a free service to make money.

3. Some highly secure web sites (my bank, for instance) seem to know when you’re using a public VPN. They may refuse to talk with you at all, or they may challenge you with pesky checks such as CAPTCHAs.

4. A private VPN will almost certainly be faster.

5. Assuming you have the know-how, a private VPN lets you control the configuration on both client and server. You can optimize the VPN for the way you use it.

The hurdle to having your own VPN server is not the cost. Virtual private servers have become quite cheap (more about that below). The hurdle is the amount of knowledge you need to install and configure VPN (virtual private network) on a VPS (virtual private server). Anyone who is comfortable with Linux should be able to do it. You need to be adept at working at a Unix command line. You need a decent understanding of how encryption works. And you need a decent understanding of how networks work.

Here’s what you need:

1. A virtual private server running a recent and well-supported flavor of Linux

2. Knowledge of Unix (or Linux), and knowledge of encryption and networking

3. The right software (and knowing how to install it) on your virtual private server, mainly OpenVPN and SSL

You will hit some bumps, and you will have some questions. I found how-to files from Digital Ocean to be particularly helpful (you can Google for such how-to files). My VPS provider (VPSCheap) also had a helpful how-to file in its support section. In this post, I don’t propose to tell you how to set up a private VPN server. I just want to encourage you and get you started.

About virtual private servers: You can Google for where to sign up for a virtual private server (VPS). I use VPSCheap.net. Some very negative reviews have been written about them, but it was clear that the reviewers didn’t know very much. My guess is that many people write negative reviews of VPS services because they’re in over their heads and don’t know how to use a VPS. My VPS (there are many options) includes 1GB of RAM, 20GB of disk, fast and unlimited network access, and Ubuntu 20.04 LTS. It costs $50 a year. It’s assumed with pretty much any VPS that you get root access to the server via ssh. With VPSCheap, I had to open a help ticket after I saw that my newly set up server did not have the full 20GB of disk space. Five minutes after I opened the ticket, I received an email saying that the problem had been fixed (and it had indeed been fixed).

Your private server does not need a domain name. All you need is the bare IP address. For security and anonymity, it’s probably better not to have a domain name pointing to your server. It would be very difficult for anyone (other than your VPS provider) to find how who uses that IP address. An exception is that, when you’re using a VPN, and when you sign in somewhere (such as your bank) with your real name, your bank will then be able to associate your name and IP address. You can be sure that banks log IP addresses. But law-abiding users of the Internet ought not to need to hide from their bank. Those who do use the Internet for shady purposes are using Tor, not a VPN. The VPN is to protect you from snooping and tracking. It won’t hide you from your bank, or from the law.

My requirements for a VPN are harsh, because I connect to the Internet by satellite (HughesNet). Satellites cause latency, and VPNs hate latency and work poorly over satellite. I tried some free VPN services, and some pay-by-the-gigabyte VPN services, but their slow performance over a satellite link made them unusable. With my own VPN server, the performance of OpenVPN is slow, but tolerable. I found that certain configuration changes (on both client and server) helped. Take a look at keep-alive and replay-window if you have similar problems. Also UDP (rather than TCP/IP) is recommended, because UDP will shovel packets down the tunnel without all the back-and-forth control protocols that TCP/IP uses.

An extra benefit of having your own VPS server is that you can use it for things other than VPN. I’m testing the possibility of moving my blog from GoDaddy hosting to a VPS. That would save money. It also would give me total access to, and total control over, the blog’s server. I think I’ve checked off all the requirements, including the necessity of being able to run SSL (HTTPS) using a free, signed certificate. SSL certificates are another item that cost far, far more than they ought to when you buy them from somebody like GoDaddy.

Another extra benefit of having your own VPS server is that you can use it on all your devices. My private VPN service works great on my iPhone (using the OpenVPN iPhone app) and on my Windows laptop. I use OpenVPN as the client on all my devices, including the iMac. There are other client options, such as Tunnelblick. I tested Tunnelblick and hated it. You don’t have to create separate certificates or profiles for each device. Just one will work with OpenVPN clients on all your devices. When I’m at a hot spot with fast WIFI, I find that my VPN server is super fast, even transparently fast.

It sucks that everyone doesn’t have the skill and resources to have a private VPN server, or at least an honest VPN service provider. But the truth is that there are politically powerful interests on the Internet who want us to be vulnerable, because they want to track us and snoop on us, and they want to be able to push advertising at us the better to “monetize” whatever they’re selling. The same thing is true of email. The technology has long existed for encrypted email systems in which identities can be verified by signed encryption certificates and in which spam could virtually be eliminated. But again, there are powerful interests on the Internet (including the government) who want to snoop on us or push advertising at us.

It’s a jungle out there.

---

Update: All VPN users show know what a WebRTC browser leak is and how to prevent it. Google for those terms to learn more.

---

---

The cockpit of an Airbus A380. Notice the symmetry and redundancy, with two of everything (including the pilots). Wikipedia photo.

---

Quick now: How many hearts does an octopus have?

Answer: Three! However, two of the hearts are not backup hearts, exactly. Rather, the three-heart system is an element of octopus engineering that offloads pumping blood to the gills to two extra hearts. The two gill hearts, however, are a kind of redundancy.

Quick now: How many hearts does an earthworm have?

Answer: Five! Earthworm hearts, though, are a simpler form of heart called “aortic arches.” All five aortic arches share the load.

In us humans, hearts are a single point of failure. Maybe that’s one reason why heart failure is the leading cause of death. Some parts of our bodies are redundant, though. We have two eyes, two ears, two lungs, and two kidneys. Our redundant eyes and ears have benefits beyond redundancy, though. They provide us with stereo hearing and stereo vision. Our metabolic systems have all sorts of redundancies. As for our hearts, though they are single points of failure, they do have the ability to heal. That makes us resilient.

Quick now: How many “angle of attack” sensors were operating on the two Boeing 737 MAX planes that recently crashed?

Answer: One.

Since my post about the Boeing 737 MAX a couple of weeks ago, we’ve learned more about what went wrong, and about what Boeing intends to do about it. This piece in Vox provides some good new information. Though the airplane has two angle of attack sensors, the airplane’s control system received input from only one of them. For an extra $80,000, Boeing would include a warning light that would alert the pilots if the two sensors did not agree. The planes that crashed did not have the warning-light option. This blows my mind. Redundancy — meaning no single points of failure — was, or so I believed, an inviolable rule in aviation engineering. We can probably be pretty sure that it wasn’t Boeing engineers who decided to allow a critical crash-prevention system to have a single point of failure. Rather, it was Boeing executives, and their motive was money.

I am obsessed with redundancy. The last half of my career in newspapers (I am now retired) was in editorial systems. I was responsible for publishing systems that had to be 100 percent reliable. A failure would mean that you wouldn’t go to press. For that reason — at least back then — systems people had an understanding with the money people. The money people would say to the systems people, in essence: You’ve got to make sure that we can meet our deadlines and go to press every day. In return, the systems people would say to the money people: Well then, that’s going to cost you, because not only have you got to buy two of everything, you’ve got to build the systems in such a way that the backup system will immediately take over if the primary system fails.

In earthquake-prone San Francisco, where I worked for the last years of my career, the San Francisco Examiner and the San Francisco Chronicle had impressive levels of redundancy. There were three printing plants, geographically dispersed. At the main offices at Fifth and Mission, there was a diesel generator for backup power that was the size of a locomotive. The computer systems were redundant. If a failure was detected by “heartbeat” systems that monitor critical processes, the system would automatically “fail over” to the backup. With some systems, the failover process might take a minute or so. On some systems (such as the older Tandem mainframe computers), the failover was so fast and so smooth that you might not notice that there had been a failure. I remember one morning when a Tandem technician showed up to make repairs on the mainframe. “Really?” we asked. “What’s wrong?” The technician said that the system had failed over the night before (while the Chronicle was happily going to press, its staff of hundreds unaffected). The computer had called home to report the problem (many computers can do that), and a technician was dispatched. The computer had even told the home office what parts to bring.

An important part of my career responsibilities was risk management. I have written more “disaster recovery” plans that I care to remember. But I am still obsessed with redundancy.

Redundancy, actually, figures heavily into the plot of my first novel, Fugue in Ursa Major. In the setup and foreshadowing of the redundancy angle, Phaedrus says to Jake:

“The problem is, redundancy is not cheap…. Most people can’t afford much redundancy. I’m hard pressed for redundancy myself, these days especially. People have two cars, a spare tire, an extra toothbrush. But it’s hard to have redundancy when having just one of something you need is hard enough. But let’s don’t get ourselves depressed over dark possibilities. You’ve come to go camping on a high ridge, and smell the flowers and look at the stars. We can scare the daylights out of ourselves some other time thinking about how precarious our support systems are.”

Once upon a time (is it still true?) many systems on aircraft, such as the navigation systems, were triple redundant, like an octopus’ heart. It was very hard for me to believe that Boeing, of all companies, would allow a single sensor to bring down an airplane. Two airplanes.

According to Vox, Boeing’s fix for the 737 MAX includes monitoring two angle of attack sensors and warning the pilots if the sensors disagree. It is stunning that Boeing didn’t do things that way the first time. Boeing will pay dearly for cutting corners.

After redundancy has saved the day in Fugue in Ursa Major and as the story gets into the denouement stage, Jake teases Phaedrus, and Jake quotes his English-teacher mother. Joan is a dog:

Jake smiled up at the stars and scratched Joan’s head again.

“Aha,” said Jake, “I just figured out your real objection to monotheism.”

“What’s that?”

“A single god is not redundant. If god lets you down, you have nowhere to turn to. That’s an existentially ugly place to be, as my mother might say.”

---

Wikipedia photo

---

I have long been fascinated by aviation. Though I never got a pilot’s license (I chickened out), I have about 45 hours of flying time as a student pilot. On my trip to Scotland last fall, I was eager for the opportunity to fly from New York to Edinburgh and back on Boeing’s newest plane — the Boeing 737 Max. A few weeks later, one of these planes crashed in Indonesia. Last week, another one crashed. Now I have a retroactive case of the heebie-jeebies.

At the time, I felt quite safe on the plane. It’s a beautiful, reasonably comfortable plane, though maybe a bit small for trans-Atlantic flying, for which wide-body planes are the way to go. But now I will refuse to ever fly again in a Boeing 737 Max, because I doubt that Boeing will ever find a way to make the plane truly safe.

Only the nerdier articles have been explicit about what the problem really is. All of the reporting on the two crashes tells us about the onboard software that is thought to be the cause of the crashes. But that leaves the impression that, when the software is revised and updated, the plane will be safe. But I’m not sure that that’s the case, because the true flaw in the Boeing 737 Max is that the plane is inherently unstable because the new engines, which are bigger and heavier, don’t fit the old 737 airframe. The plane is inherently inclined to go nose up and stall, especially when making sharp turns at low speed (which you’ve got to do — at low altitude — getting in and out of airports). There is no way to fix that other than starting from scratch and engineering a whole new plane.

The best article I’ve seen on this problem is at Slate: Where Did Boeing Go Wrong?: How a bad business decision may have made the 737 max vulnerable to crashes.

The New York Times also did a nerdy piece: After a Lion Air 737 Max Crashed in October, Questions About the Plane Arose.

There are two serious problems here. The first serious problem is that Boeing, in trying to save money, used an engineering kludge to keep its 737 model in the air when it should have started from scratch with a new design, as its European competitor Airbus did. The second serious problem is that, in the United States, Boeing more or less regulates itself. This is because the Bush administration, in 2005, changed the rules to serve the industry rather than the public. Republicans actually believe in things like that. James E. Hall, a former chairman of the National Transportation Safety Board, writes about this in today’s New York Times: The 737 Max Is Grounded, No Thanks to the F.A.A.: Federal aviation regulators have allowed the airline industry to have too much power.

This is yet another reason why it is essential that we throw the Republican Party out of Washington, for good. Whether it’s education, energy, communications technology, pharmaceuticals, or the environment, Republican notions about deregulation are handing the powers of government over to the greedy few, the public interest be damned.

On top of its engineering kludge, Boeing (as well as the so-called regulators) screwed up again by deciding that pilots didn’t even need to know about the instability, the kludge, and the new software system that is supposed to compensate for the kludge. Engineers and pilots would never go along with anything that appallingly stupid. But the money people would.

Hereafter, when I fly, I won’t buy tickets without being reasonably confident that the plane is either an Airbus (because Europeans still believe in regulation in the public interest), or an older American plane such as the Boeing 747, which was designed back in the days when government did its job and engineers were allowed to do theirs.

Let’s also hope that this fiasco costs Boeing billions of dollars and ends the careers of some executives. Maybe then they’ll remember that cutting corners in something as potentially dangerous as an airliner does not save money in the long run. If I were an airline that bought these planes, I’d sue Boeing’s socks off.

In the long run, good regulation saves lives and property. What Republicans refuse to learn: In the long run, good regulation probably saves money as well.

---

Recently someone gave me a 10-year-old (or so) laptop that had been written off as dead. It was sold with Windows Vista, and it would no longer boot. I installed Ubuntu Linux on it and found that it works great. Bottom line: Free laptop.

I’m a Mac loyalist and a conscientious objector to anything from Microsoft (though I believe that Microsoft products have gotten much better now that they’ve lost their monopoly and competition has forced them to improve their software). I’ve been a Unix user since about 1985, and I first used Linux in the early 1990s. Linux has come a long way.

A laptop is not something that I particularly need. But, on those relatively rare occasions when I travel, a laptop is nice to have. Laptops of this vintage can be bought on eBay for as little as $40 if you catch a bargain. In choosing an older laptop to run Linux, you want one new enough to have a dual-core 64-bit processor and 4 GB of memory. An older laptop may be heavy, but they’re cheap. Older batteries can be a problem, but the battery in my newly acquired laptop will run for about an hour. Most of the time, though, even when traveling, you can find a place to plug the laptop into the wall. You’ll want a laptop with built-in WIFI.

Learning to use Linux may be a tad more difficult than learning to use a Mac or a Windows machine. But Linux has gotten much easier to use, with a pretty graphical interface. Probably the biggest challenge that most people would face in bringing up an older laptop on Linux is installing Linux. That’s not something that I want to get into here in detail, because you’ll find many tutorials if you Google for it. But the simplest route is to download a Linux installer on another computer and then copy the installer to a USB thumb drive that is configured to be bootable. You boot the laptop off the USB thumb drive and run the Linux installer. Once you’ve installed Linux, the sailing is much easier.

I am using Ubuntu Linux 18.04, which is the newest version of Ubuntu Linux at present. Ubuntu Linux comes with LibreOffice already installed. LibreOffice is an open-source suite of office software that is, as far as I know, pretty much 100 percent compatible with Microsoft Office. It’s as easy to use as Microsoft Office. It will open all your existing Microsoft Office files. And if you use LibreOffice for word processing, you can send your files to users of Microsoft Office and they’ll be able to open the files just fine.

Ubuntu Linux also comes with the FireFox web browser installed, and Thunderbird for email. If you need software that is not pre-installed, there is a long list of open-source applications that Ubuntu will download and install for you.

---

Apple released a bunch of software updates yesterday — 10.14.2 of Mac OS; 12.1.1 of iOS; and 5.1.2 of watchOS. The updates for the iPhone and the Apple watch enable the long-promised EKG function on the Apple watch 4.

I’m going to guess that thousands of people who’ve never seen an electrical graph of their own heartbeat before (including me) saw that for the first time today. It’s easy. You press your right finger against the stem of the watch, and the back of the watch has electrical contact with your left wrist. That forms a circuit that goes across your heart. In 30 seconds, the watch creates a simple EKG. The test is intended only to detect atrial fibrillation.

The iPhone saves a record of all your EKG’s. If you request it, the iPhone app will create a PDF of the EKG that you can use to start a conversation with your doctor. I used that PDF to create the image above.

Lucky for me, the watch didn’t detect a problem.

I’ve had the Apple watch for about three weeks now. I have become very fond of it, not only as a timepiece but also as a communications device and fitness coach. If I’ve been sitting at the computer for too long, it taps my wrist and tells me that it’s time to stand up and move around for a while. It has encouraged me to walk more, knowing that it counts every step and that I’d like to have a good report at bedtime. I am still trying to understand how to make use of its “heart rate variability” function (as are many watch wearers). But heart rate variability is a complicated subject for another day, after I understand it better.

Three times, I have triggered the watch’s fall detector. In all three cases, I was slapping my hand against my leg — for example, when I was on the deck yelling at the squirrel to get off the roof. I replied to the watch’s prompts and told it that I had not fallen.

Honestly I would feel a little insecure now without the watch on my wrist. That, I’m sure, is just what Apple was aiming for.

---

The signal strength dial on a Collins 75A-4 receiver, circa 1952

Uh-oh. This is a nerd post.

Every so often, I have a maintenance day for my collection of obsolete technology. Stuff gets dusted. Stuff gets turned on and exercised. Batteries in portable devices get charged. Little fixes gets done. These things are like pets. Like pets, they like to be photographed. Unlike pets, they hold still for tripod shots with long exposures.

To keep working and for a long life, many devices actually need the periodic exercise. Failure to periodically use my IBM Selectric III would be one of the worst things I could do to it. Capacitors in old radios and other electronics need tend to deteriorate unless they are energized and charged periodically. Batteries require maintenance. But old devices, like old pets, also need to be (and like to be) petted and loved. They are intelligent machines from some incredible engineers. I have been known to say that engineers were some of the best artists of the 20th Century. A collection of old technologies is in many ways an art collection.

Strangely enough, pretty much all my old technology works. I realized today that my Pioneer SX-9000 receiver-amplifier (about 1972) is sitting idle and needs to be used. It works fine, but all of its dial lights are burned out. On eBay, for the SX-9000 and many other classic amplifiers, one can buy brand new LED replacement bulbs for the dial lights. For $19.95, I ordered a set of bulbs. I’ll soon make a project of opening up the SX-9000, dusting it out, replacing the bulbs, and moving it to a place where it can be connected to good speakers and still be heard.

I didn’t get to all my old pets today. But they’re still loved, so maybe tomorrow.

A Monroe 650 calculator, with Nixie tubes, which just calculated the square root of 2. This is my go-to calculator when I’m doing my taxes.

An Astatic D-104 microphone

A 10-point “Delegate” typeface for my IBM Selectric III. My IBM Selectric is long retired from the San Francisco Examiner and bears a nameplate for The Typewritorium, a San Francisco typewriter business that may still be in operation, though I think it has moved.

An analog measuring device with a very long history

The fine-tuning dial on the Collins receiver, which has 21 tubes and weighs 35 pounds

A Tektronix 2430A oscilloscope, totally cherry and shipped from San Francisco when I moved. It was retired from the data center of the San Francisco Newspaper Agency, where I believe it was used for calibrating the read-write heads on early “wash tub” disk drives.

The somewhat dusty interior of the Collins 75A-4 receiver

A Civil Defense CDV-700 Geiger counter, in perfect working condition. There were times when winds from the Fukushima Daiichi disaster in Japan (2011) blew this way. The Geiger counter reported a significant (but not dangerous) increase in the North Carolina background radiation.