Categories
micro

How people react to “circle-instead-of-character count” on Twitter is soooo weird…

Categories
micro

Ich finde es ein wenig nervig, dass die Podcasternachrichtencasts, die ich höre so viel über Trump berichten…

Categories
micro

Can someone explain to me why ZFS make a disk unavailable because of write-errors but SMART-values are ok?

Categories
General RPG

Thinking about a new cyberpunk-like RPG

For years I have a tabletop-role playing game in my mind that is roughly placed in the Cyberpunk-genre I want to develop. It’s WIP-name is Menschmaschinen (Humanmachines).

Recently I started thinking about it again. With the Apocalypse Engine there came several new Cyberpunk-like games up but not one is really satisfying me. The Sprawl is too much like CP2020 but has not enough cyberware, The Veil is a bit weird and uses emotions for attributes and Headspace is cool but definitely not what I have in my mind. Soon (hopefully) there will be a kickstarter for Sigmata which seems to be rather cool. But this also means that it will take some time until it will be released.

So, back to the drawing board. I have a general idea of the setting in my head but I am not sure what type of game to play with it. The game is set in the not so far future. There is a private elite that has at least as much power as nation states – be it the super rich or corporations. Most people are only gears in the machine. Maybe there are people who rebel against the system and try to leave it. That might create a parallel society like it is described in Walkaway by Cory Doctorow.

I am not sure if there is uploading – as in uploading the brain. Because I am not sure if the implications. Or maybe it is available but only in the lab like in the Nexus-trilogy of Ramez Naam. I am also not sure at what level artificial intelligences are. Are they only expert-systems or real intelligence beings. How powerful are they and how much can they learn?

I want to have Appleseed-like exo-skeletons because they are awesome. The question is again how available are they and can players acquire them. If it evolves around a group of police-wo/men then it is more probable than if it evolves around of people who left the system.

How available is cyberware? Is it easy to acquire and to implant or huge surgeries? Is it cool to have it? Cool enough to amputate your arm and replace it by a robot-arm? Is there technology available to improve the flesh without amputating it or heavy surgery? Maybe nanites that will regenerate you or strengthen your muscles?

Assuming I am extrapolating from today I see mass surveillance as a big part of the game. But the game should already describe ways to circumvent it. Otherwise players spend probably too much time with this part. What do people think about it? Is it good or not? Is there a lot of voluntary surveillance because people are still using some central private infrastructure or did they move back away to some decentralized infrastructure? Is this maybe one of the differences between people in the system and people outside of it?

What about hacking? There should definitely be hacking available to the players. But how to realize it mechanically? A mini-game in its own? Kind of like the dungeon crawl from CP2020 or is it possible to integrate it better into the main game. More social engineering, more automatisms?

What about 3D-printing? How affordable is it? How endurable are the products? What can you print? Only parts? Whole machines? Can you print food? Do they have essentially replicators? What resources are needed for it?

Coming to resources: what is the state of climate change? What are the power sources? Do we have fusion plants? Are we going complete as Sci-Fi with something like cold fusion? Or are we still struggling with old fossil energies and maybe even some blown up nuclear plants?

So many questions to think about and I didn’t list all I have. In the end is the question what game do I want to play? I could imagine the crime-fighting police group. Or a game about the people who left the system searching for resources and a way to rebel. Maybe two settings? One is playing the police-forces embedded in the system who solve crime and will regularly arrest people outside of the system because they are terrorists. And the other way be more Shadowrun-like. People outside of the system who try to make their living by doing anything. Or even rebel-campaigns where the big picture is to dismantling the system.

It is hard. I have to think more about it. My plans are to do some posts about possible mechanics in the next weeks, so subscribe to the blog if you are interested in following what will develop. I am not sure yet if something will come out of this but if it does, it will be Creative Commons-licensed and will be shareable.

Categories
micro

Gerade einen alten Twitter-Post von mir gesehen “Gibt’s bei Vollbeschäftigung freiwillige Arbeitslosigkeit”. Ja, Herr Kobschätzki, ja.

Categories
BSD Computer

Blacklistd and pf on FreeBSD

In FreeBSD 11.0 there was a new daemon delivered in base that helps to blacklist IPs on unsuccessful logins called blacklistd. Its advantage over fail2ban: it works with IPv6 and it is part of base. Its disadvantage is that as far as I understand it applications have to be linked against blacklistd, so that they can work with it.

With the recently released FreeBSD 11.1 sshd got linked against blacklistd. Therefore there is a new option in sshd_config: UseBlacklist. Per default it is set to no. Uncomment it, set it to yes and then reload sshd.

The config is in /etc/blacklistd.conf. Usually you define blocking rules in the [local]-section and whitelisting in [remote]. The sample file and the man page are good enough to explain that part.

In addition you need to start the blacklistd-service and enable it in rc.conf or even better in a file in /etc/rc.conf.d.

In /etc/pf.conf you need to add the following line:

 anchor "blacklistd/*" in on $ext_if

Then you need to reload pf with the new rule:

 pfctl -f /etc/pf.conf

Now blocking should already work. To get the blocked IPs use the following command

 blacklistctl -b

If there are IPv6-adresses blocked, you need to add -w, so it is then

 blacklistctl -bw

If you want to unblock an IP you can look into the tables with pfctl. To see for example the table for sshd, the command is:

 pfctl -a blacklistd/22 -t port22 -T show

Now let’s say you want to unblock the IP 23.23.23.23, then you could issue a:

 pfctl -a blacklistd/22 -t port22 -T delete 23.23.23.23

This will remove the IP from the table and it is now unblocked. blacklistctl will still show the IP as blocked though. But if the IP tries again to log in and fails often enough, it will get blocked again.

Categories
BSD Computer iPhone Linux Productivity

Some plaintext-productivity love with Taskpaper

I finally got my plaintext-todo-system together. It was a bit cumbersome because I did and could not want to use Dropbox, but it works now. The problem is that some of my machines either run FreeBSD or OpenBSD and all the plaintext-productivity apps on iOS either require Dropbox or iCloud1. I have a Nextcloud but the Nextcloud-client on iOS does not really integrate into iOS and nearly no one offers to sync with something else than iCloud or Dropbox on iOS.

But there is a really good git-client on iOS: Working Copy. And there is a really good markdown-editor, that also has taskpaper-support and integrates with some workarounds with Working Copy: Editorial2.

The final piece that was missing where some reminders which work somehow automagically. There is a way to create iOS-reminders in Editorial from Taskpaper-files but there I would need to run a workflow in Editorial manually to create them. And I wouldn’t get a mail in the morning with a summary of tasks that are due, overdue etc. But I have now some scripts and cronjobs which create the mail and will send out push notifications via Pushover3.

How does it work?

I created a git-repo on my server. And have it checked out on my clients and in the home-directory of my user on the server. When I change something on the clients, I commit and push to the server. On the server there is cronjob in the crontab of my user running every minute to pull the repo. Additionally there is a cronjob running a python-script that checks if a task has an alarm set. If one is set, it will send the task as message to pushover, which sends a push notification to my iPhone. At 4 am in the morning there is an additional cronjob that runs a script that will generate a summary mail and sends it to me via e-mail.

The scripts expect the following tags, so that they can work:

  • @today or @due[YYYY-MM-DD]
  • @alarm[YYYY-MM-DD HH:MM]

The basis is the Taskpaper-Parser from github-user kmarchand. My push-script is a derivate from the script4:

 

from datetime import datetime, timedelta
from collections import namedtuple
from dateutil import parser
import sys
import re
import httplib
import urllib


tpfile = sys.argv[1]

with open(tpfile, 'rb') as f:
    tplines = f.readlines()

Flagged = namedtuple('Flagged', ['type', 'tasktime', 'taskdate', 'project', 'task'])
flaglist = []
errlist = []

project = ''

for line in tplines:
    try:
        if '@done' in line:
            continue
        if ':\n' in line:
            project = line.strip()[:-1]
        if '@alarm' in line:
            alarmtag = re.search(r'\@alarm\((.*?)\)', line).group(1)
            tasktime = datetime.time(parser.parse(alarmtag))
            taskdate = datetime.date(parser.parse(alarmtag))
            #print(tasktime)
            #print(taskdate)
            flaglist.append(
                    Flagged('alarm', tasktime, taskdate, project, line.strip()))
    except Exception, e:
        errlist.append((line, e))

today = alarm = overdue = duethisweek = startthisweek = None
today_date = datetime.date(datetime.now())
today_time = datetime.time(datetime.now())
time_tmp = datetime.now() - timedelta(minutes = 1)
today_time_less1min = time_tmp.time()

for task in flaglist:
    if task.type == 'alarm' and today_date == task.taskdate and today_time > task.tasktime and today_time_less1min < task.tasktime:
        alarm = True
        #print '\t[%s] %s' % (task.project, task.task)
        conn = httplib.HTTPSConnection("api.pushover.net:443")
        conn.request("POST", "/1/messages.json",
          urllib.urlencode({
            "token": "APP-Token",
            "user": "User-Token",
            "message": task.project + " " + task.task,
          }), { "Content-type": "application/x-www-form-urlencoded" })
        conn.getresponse()
if not alarm:
    print '\t (none)'

It is simple, it could be probably far more elegant but it works for me™.

In addition there is a simple shell-script5:

#!/bin/sh
/usr/local/bin/python2 /home/user/python/tpp.py /home/user/taskpaper/Work.taskpaper > /tmp/taskpaper.mail
/usr/local/bin/python2 /home/user/python/tpp.py /home/user/taskpaper/Personal.taskpaper >> /tmp/taskpaper.mail
mail -s 'Your Daily Taskpaper Summary' my@mailaddress.org < /tmp/taskpaper.mail

And here is my crontab:

* * * * * /bin/sh -c 'cd ~user/taskpaper && /usr/local/bin/git pull -q origin master' >> ~/git.log
* * * * * /usr/local/bin/python2 /home/user/bin/tpp_alarms.py /home/user/taskpaper/Work.taskpaper
* * * * * /usr/local/bin/python2 /home/user/bin/tpp_alarms.py /home/user/taskpaper/Personal.taskpaper
0 4 * * * /home/user/bin/taskpaper_mail.sh

Since I am running FreeBSD on my server I have to rely on a crontab and cannot use systemd-timers.

On my computers I am an avid vim-user and I use taskpaper.vim for having syntax highlighting and some additional shortcuts for marking tasks as done or today etc.

In Editorial I use the Working Copy-workflow.

It is all very simple and not very elegant. But it works and brings me the funtcionality I was missing from using apps like Todoist or on the “local” level Taskmator. And everything runs on my own machines except the delivery for the push notifications. But the only chance to get there my own solution would be to develop an iOS-app because you can’t get in any other way push notifications to your iOS-device. And if I should switch back to Android at any point, I still can use pushover. I pushover goes down, I hope there are alternatives… 😉


  1. To be honest, I do not understand why so many iOS-apps expect a Mac on the desktop. Do so many iOS-owners also own a Mac? I would expect that most actually own a Windows-machine

  2. It does not integrate as Textastic but that might come in the future

  3. I use Pushover because our Icinga2, the monitoring system we use at work, already uses pushover to send notifications when an alert is coming up.

  4. Please forgive me since I am not very knowledgable in the arts of programming and just hacked around to get a works-for-me-thing

  5. I am running it on my FreeBSD-server, thus the path to python is /usr/local/bin/python2 – when you are running Linux the path is probably /usr/bin/python2

Categories
BSD Computer

OpenVPN, pf and alias-IP-adresses

Recently I had to build an OpenVPN-server on a FreeBSD-machine that uses already port 443. But I wanted to use port 443 because its reachability is usually guaranteed. So I added a second IP-address to the interface. Let’s say for this example the adresses are 10.10.10.1 and 10.10.10.21. And then I followed the few hints I found on the net for NATing through the interface. Since it is FreeBSD and I have pf available, I use it of course. And after that I opened up certain hosts to 10.10.10.2 on the other hosts.

What is the rule you find when you google?

nat on $ext_if inet from $vpn_clients to any -> $ext_if

ext_if is your interface to the outside world. In my case the one with the two IP-adresses. $vpn_clients is the openvpn-network2.

And then I was up to a surprise. When I connected to the VPN and then tried to connect to the hosts I wanted to reach through the NAT via ssh the following happened: ssh host1 – connection denied, ssh host1 – please log in. If I waited a short moment instead of trying to connect immediately a second time the connection was denied again. And some other strange behavior like that was observable.

What happend? FreeBSD NATed all the time through either address 1 or address 2 but never through the same.

What you can do is define the address for the NATing you want to rewrite to. So it becomes:

nat on $ext_if inet from $vpn_clients to any -> $vpn_nat_ip

In this case vpn_nat_ip is 10.10.10.2.

Another side-note: you don’t want to add a second interface for the second IP-address but use an alias-IP on the first network card. Otherwise you have to start use routing tables etc. for getting your traffic correctly moved through your system.


  1. Yes, I know…the original host has routable adresses there

  2. by default 10.8.0.0/24

Categories
micro

Ordered now a Raspberry Pi for having a RetroPi at home 🙂

Categories
micro

Und jetzt: Maker Faire 🙂