Re-Roofing With Torch-Down Modified Bitumen

Putting on a new roof is way out of my normal line, but I decided to learn it because I love to learn, and eh, because I wanted to save $4,000.   And anyway, I need the exercise.   I will explain this without shyness of my mistakes and in unvarnished words, so you can learn from my good and bad and do it right yourself the first time.

I own a property in unincorporated Everett, WA with a half-acre of developable land, and a house that was built in 1964.   The roof on the house is the original, and is thus in terrible condition after 50 years;   the tenants recently complained about a leak, so as a temporary measure I covered the area with a tarp.
(Click to enlarge… if you dare)
4. 21 Aug 2016


HowTo: Build an Encrypted ZFS Array ~ Part 2 ~ The Array

zfsThis is a continuation of Build an Encrypted ZFS Array – Part 1 – Encryption, although if you do not choose to encrypt, you could pick up here.   This HowTo is Debian-centric.   Caution:   Sometimes command-lines wrap below, because of the width of the page.

~~   Building the Array   ~~

We now have 4 disk drives set up encrypted, and their raw devices reside at /dev/mapper/sdb ~ sde.   We want to assemble these into a ZFS array so they’ll appear as one volume to the system, and with RAID-Z for data integrity.   First a few rules:


HowTo: Build an Encrypted ZFS Array ~ Part 1 ~ Encryption

~~   Forward   ~~


The Zettabyte File System is an advanced filesystem which was developed by Sun Microsystems and is now owned by Oracle, and although it has always been open-source, its CDDL license is incompatible with GPL and so it will not be included in the Linux kernel.   Now that ZFSonLinux is stable though, it is available as a DKMS package.

With this article, we are going to set up a ZFS array of multiple disks, which will be assembled to appear as one volume, for use as /home, or /media/backups, or other functions where massive data storage is required.   In addition each of the disks comprising our array will be encrypted, and the data will be compressed for better storage efficiency and throughput.   Now this may look long, but I am documenting everything and I’ve made every effort to make it easy.


Good News for Electric Vehicles

This has nothing to do with Prius, Leaf, or Tesla.   This is about on-the-ground EV enthusiasts’ work.


Up until a few years ago, electric motors were lucky to get 40% efficiency.   That is, of 100% of the charge in the battery pack, the motor was only able to use 40% of that energy, the rest being lost to heat, mechanical friction, and the “cogging” effect of newer neodymium-magnet motors.   So for a given range, you needed to include 60% more batteries than you would if efficiency were 100%.


eMail Virus

Look at this pernicious little nasty:
(click to enlarge – it’s just a screenshot)


Without Religion, Chaos?

A Point of View: Why not caring about anything is only for the young

The great believers in the wonder of the universe, as revealed to us by science, seem to have considerable difficulty in either galvanising us to social solidarity, or providing us with true solace.   I’ve yet to hear of anyone going gently into that dark night on the basis that she or he is happily anticipating their dissolution into cosmic dust, nor do I witness multitudes assemblinggodhead in order that they may sing the periodic table together, or recite prime numbers in plain chant.   By contrast, religious beliefs continue to offer many people genuine succour, and they do this, I think, as Dostoevsky realised, not because of the specific concepts they appear to enshrine   –such as an afterlife or eternal judgement–   but because they place the human individual in a universal context, and thereby give her life meaning.

But is social solidarity what science is about?   Maybe it’s about answering questions we don’t know the answer to.


Argentina Debt Default – again

Some exciting events about to happen in a couple hours with Argentina’s debt (at least for finance and intelligence geeks) which may actually filter to the general news.

If you’ve read Confessions of an Economic Hit Man you’ll know some of the history.   In the 1950’s, Kermit Roosevelt (grandson of Teddy) overthrew the democratically-elected government of Iran, putting the Shah in place with only very little bloodshed and no military intervention, just by spending millions of dollars for a coup.   Powers That Be realized that this was a very good way to change a government to be friendly to G7 business interests, without the threat of war with Russia.


Credit Card Security – corollary

In response to my prior entry, my son asked about using NFC (phone) for payment, rather than cash.   It’s not simple.   At this moment this country in a maelstrom of deciding what to do next.   Isis with C-Sam is an NFC mobile payment system that’s at least deployed in a few places, and it’s a consortium of Verizon, AT&T and TMobile.   They saw early-on that the crypto chip in phones is controlled by the carriers and took advantage of that, locking other payment processors out. (Like Apple did with Firewire’s high licensing fees and failed when everyone went to USB, even though Firewire was far superior)   Unfortunately though, NFC payments have been minimal in the past year, so some major retailers (7-Eleven, Best Buy, et al) have turned off NFC functions in their terminals as it costs (a few fractions of a cent) to keep them on!


Credit Card Security

You may have heard about the massive credit card breaches at Target, Neiman-Marcus, Sally Beauty Supply, Splash & Key Road Car Washes, Roy’s Restaurants, MAPCO Express, Schnuck Markets, and others.   Where customers of those stores who used credit cards during certain periods in the past year, have had their credit card information scooped up and sold on the black market for carders to buy and steal with.   Thousands of cards for sale in a carders’ forum called Rescator[dot]so and [dot]la (don’t visit it without shields up) at $10-$25 each, in tranches called “Ronald Reagan”, and so on.   Rescator brought an innovation that hasn’t been seen before across dozens of similar crime shops in the underground:   It indexes stolen cards primarily by the city, state and zipcode of the stores from which each card had been stolen, which means carders can conveniently shop in their area and not trip alarms.   Carders (usually street gang members) buy blocks of this card info (tens, hundreds, thousands of cards), write the magstripe of old gift cards with the info, and use them to buy expensive items to re-sell, and more gift cards.   (Incidentally, banks are also buying this card info, to try and stem the tide… it’s cheaper than the thefts they have to cover)


DarkCoin in the altcoin Sphere

As y’all know, I’ve been out of the mining business since ASICs came into LiteCoin, as difficulty skyrocketed from ~2,800 to now 9,000.   The new ASICs are so fast that diff has had to adjust to keep the same pace of block discovery.   BUT to buy an ASIC for a $thousand or three to mine today will net about one LTC a day with current diff, so it’s absolutely not worth it except on gigantic scale.


HowTo: Convert Debian From SysV to Systemd

~~   Forward   ~~

For many years, Debian has used the SysV init.d system to start needed daemons and set things up.   But SysV can not work multi-threaded, and does not have controllable dependency resolution.   Upstart was invented to address some of these shortcomings, and RedHat and Ubongo tried it, but Upstart is just not extensible enough for future needs.   And so we turn to Systemd.

Systemd was developed for Linux to replace the init.d system inherited from UNIX System V and Berkeley Software Distribution (BSD) operating systems.   Unlike init.d, which is scripted, Systemd is a daemon that manages other daemons, and all daemons (including systemd) are background processes.   Systemd is the first daemon to start (during boot) and the last daemon to terminate (during shutdown).   Systemd starts each daemon, it monitors it, and it stops it in an orderly way.   And Debian will be moving to systemd when revision Jessie is released as Stable around Nov, 2014.

Why wait?   Works great.   Let’s learn and use it now as it’s a better paridigm, and brings Debian into the 21st century.


Security of Bank Checks

As I now have a new credit union I need new checks.   I was just about to order them through the credit union like I usually do, but their price stopped me in my tracks:  $102 for 100 plain green checks!   Well I remember a couple decades ago my dad complaining about paying $1 per check, but that was way before mass-customization.

I’d have to get my own checks this time.   Checks are still a security problem for three main reasons.   Thieves steal your outgoing bill payments from your mailbox, then:

  • “wash” the checks with solvents to get your writing off, then they write their own amount to their alias;
  • use a color copier or scanner to duplicate your checks with new amounts;
  • physically cut out the writing and graft in something suitable to them.

(Get a good locking mailbox, and take your payments to the post office)


The Depressed Jeep

My 2007 Jeep Grand Cherokee has been ill ever since I bought it three years ago.   The Check Engine was on and it throws a code of P013C, “O2 SENSOR 2/2 SLOW RESPONSE – RICH TO LEAN”.   This is an unfixable plague for Jeep owners, and has become known as “the AIDS of Jeeps”.   So I bought a cheap OBD2 bluetooth dongle and an excellent Android phone app called Torque.   Checking my car’s oxygen sensors on engine bank 1 (driver’s side), I had what I should have:



HowTo: Set Up Reverse SSH Tunnels to Forward Ports

~~   Forward   ~~

VideofunnelSometimes, we have a powerful machine on our LAN, where we would like to run -all- our services like Squid, CUPS, MythTV, TOR, and so on.   In my case this is my Home Theater PeeCee.   I have all the appropriate daemons running on that machine and their listening ports are only on, and not on any outside interfaces (which would be a security problem).

But I also want these services on the other machines of my LAN, like the laptop and so on.   With reverse SSH tunnels, on the laptop I instigate a tunnel to the HTPC, and the HTPC’s daemon port is then forwarded through the encrypted tunnel to the laptop.   That port now appears on the laptop at as if it’s local.   When I use that service, the laptop reaches into its bellybutton, goes through the encrypted tunnel to the remote server, and accesses the service running on the remote HTPC.   All of this is done through SSH with military-grade encryption, so you can do this no matter where you are, securely.   No matter what daemon, only port 22 is ever open to the outside.   And, it’s fast.


Right to be Forgotten

Google Agrees to Forget.
Applies to Europeans only, and only to their local country searches.   The last three paragraphs are worth reproducing:

“And, interestingly, one of the most powerful voices calling for a reassessment of the power of the internet giants over our personal data has been an American writer.   In his novel The Circle Dave Eggers paints a dystopian future where a brilliant technology firm -The Circle- persuades the world that the more information we all share, the better our lives will be.


R.I.P. – Winter is Gone

Goodbye and Thank You, to the greatest Texas bluesman who ever picked up a guitar.


*POOF*, BitCoins Gone

Silk Road 2.0 ‘Hack’ Blamed On Bitcoin Bug, All Funds Stolen

Oh.   dear.   I’ve been tracking this bug and should have known that if Mt Gox got hit, so would SR.   After this hit the news and I researched it, it looks like numerous SR users warned them beforehand too.   It may be that these warnings tipped off the perpetrator and gave him the idea.

This is why you keep coins in your own wallet and avoid leaving them lay on third-party accounts like SR.   Only transfer coins when you’re about to buy something.   (but not at SR)


HowTo: Render SSL on your Hosted Websites


~~   Forward   ~~

With all the websites that still do not use SSL, and the clear benefits that SSL provides, the only reason I can see that people are still not using it is that it’s not straightforward for the time-challenged and the uninitiated.   So let’s do this.

Secure Sockets Layer is currently the most common method of encrypting access to websites.   It’s used by all manner of e-commerce, banking, security and other websites, and is highly advisable for all sites as it provides protection for your visitors and you.   SSL is a streaming cipher (as opposed to a block-cipher, i.e. for disks) which offers perfect forward secrecy as it uses a long-term public/private keypair, to exchange short-term symmetric keys for streaming.

This HowTo assumes that you have one or more websites residing with a hosting firm, and that you control them with cPanel.   It also assumes that you’d like to have your SSL certificates, eh, without cost.


HowTo: Set Up TOR for a Single User, or as a LAN Gateway

~~   Forward   ~~

The TOR Project (“The Onion Router”) is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.   It provides the foundation for a range of applications which allow organizations Torand individuals to share information over public networks without compromising their privacy.

  • Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, email, instant messaging services, IRC, or the like when these are blocked by their local Internet providers.   Tor’s ‘hidden services’ let users publish web sites and other services without needing to reveal the location of the site.   Individuals also use Tor for socially sensitive communication:   chat rooms and web forums for rape and abuse survivors, or people with illnesses.
  • Journalists use Tor to communicate more safely with whistleblowers and dissidents.
  • (more…)

HowTo: Cache Web Objects with Squid


~~   Forward   ~~

Be kind to the Internet.   Practice good web hygiene and help yourself at the same time.   Squid is a venerable web object caching server, which optimizes the data flow between your browser and that distant webserver to improve performance and cache frequently-used content to save bandwidth.