This is the first of what I hope to be recurring "status update" posts. They're going to kind of just be miscellaneous posts with a bunch of random information that may or may not be related. It's more of a report on my thoughts and daily activities than a coherent discussion on any one topic. With that in mind, here we go...
First of all, happy Easter! Pastor Keoni Hughes gave an excellent gospel presentation this morning, which I would highly recommend checking out if you have some spare time 1. We also saw a few people get baptized, with is fantastic. My views on this holiday pretty much entirely align with what's presented in his sermon, so do check that out if you are curious. I will point out, however, that Easter started out as as a pagan holiday, and all of the traditions surrounding Easter are pagan, especially the whole Easter-egg thing. I do not approve of my church putting on an Easter-egg hunt. Likewise, I do not approve of the use of Christmas trees in the celebration of Christmas because those too are pagan, and in fact the Bible even says that Christians should not be like other nations when it comes to celebration:
"Thus saith the LORD, Learn not the way of the heathen, and be not dismayed at the signs of heaven; for the heathen are dismayed at them.
For the customs of the people are vain: for one cutteth a tree out of the forest, the work of the hands of the workman, with the axe.
They deck it with silver and with gold; they fasten it with nails and hammers, that it move not."
- Jeremiah 10:2-4
I don't think Jesus intended for us to only celebrate his birth and his resurrection. In fact, he said "This do, as often as you drink it, in remembrance of Me" (1 Corinthians 11:25b, my emphasis), implying that we should be reminded of what Jesus did for us as often as we eat and drink, not just a few times a year. The true Christian holiday is the one we do formally once a month, which we call Communion, though we should be celebrating it every hour of every day.
I've been messing with more OpenBSD daemons over the past few weeks.
My last post was about
fingerd(8). I've also been
ntalkd(8), which allow local users to
communicate in real time by bridging their terminals together. I
used this to talk to my girlfriend once, and she seemed to thoroughly
enjoy it. I also set up an FTP server using
ftpd(8), which my dad
uses to do backups to my server. We previously used Nextcloud for
this purpose, but the performance of Nextcloud is abysmal in an
OpenBSD virtual machine, and it frequently broke, requiring constant
reboots. So we set up an FTP server to allow a method of backup
that has better performance, which seems to be serving him well.
It is important to note that my dad uses Windows 10, which complicates matters as far as networking and file transfer protocols are concerned. We first tried SSHFS, because I was already running SSH, which I've had great success using to serve my virtual machines. I found an open source driver for Windows that adds SSHFS support, but it was horribly slow. I figured this was just a limitation of Windows, so I tried to speak Windows' language. I set up Samba in a virtual machine, and the performance was not any better. So finally I settled on Nextcloud, which provided a nice user interface for him. However, it was very slow, as I mentioned, which is why I finally decided to try FTP.
I was wary of FTP at first because it is older than IP itself, and I've heard that it is absolutely horrible to firewall because it requires so many ports that are randomly allocated. However, I quickly learned that FTP has two modes of operation: active mode and passive mode. Active mode is where the server makes data connections to the client, and passive mode is where the client makes data connections to the server. By configuring Windows to use active FTP mode 2, I only have to forward the standard FTP port through my firewall, because then my server will open connections to the clients, which has always been allowed by my firewall policy.
My dad is very pleased with this solution. Because FTP offers no encryption or anything, it literally just sends file data directly over the wire, making it very fast. Obviously, the lack of security means that he has an unprivileged account on my server, and FTP is only available on the LAN that he is on. This provides enough security for our purposes. He has no public keys installed on my server, so he can't access his account over SSH. My server is configured to deny all logins that aren't done via public key authentication, which means that I have to manually install every user's public keys.
Exams are coming up, which means that the semester is almost over. Then I'll have some summer classes to get through, and then I'll work a lot more hours. When OpenBSD 7.1 drops sometime within the next month or so, I'm hoping to get all my infrastructure migrated over fairly quickly. LineageOS 19.1 is rumored to be right around the corner as well, which means I'll have a good time upgrading my phone from 18.1. I think it's interesting that releases of both the operating systems that I use are almost perfectly aligned this year. LineageOS does a big release about once a year, typically every April, and OpenBSD does releases twice a year.
I've been doing a lot of research on IPv6, which is the successor to IPv4, and I'm very excited about it. There's a good possibility that my ISP has IPv6 support, and OpenBSD supports IPv6 too, which means I might be upgrading my home network to use it. IPv6 is especially neat because I don't have to worry about NAT: instead of getting a single public IPv4 address and using NAT, DHCPv6 allocates an entire block of publicly-routable addresses that can be assigned to each device on my network. My firewall will still make sure that all those devices remain secure, but this means that I can have my DNS point directly to my virtual machines and other servers, and my router merely routes packets to them; it no longer has to use NAT. This should greatly simplify the whole networking setup.
My only concern right now is that OpenBSD doesn't seem to have a DHCPv6 client implementation, which means I can't actually get an IPv6 block from my ISP if it offers one. I might have to wait a few more OpenBSD releases. IPv6 is going to be a huge project for me, but I can't wait to get on board with it. IPv6 is pretty old already now, so none of the devices on my network should have any problems with it. That being said, I'm sure there will be some technical difficulties up-front, as I don't have any IPv6 experience.
So that's what's been on my mind lately. I'm sure there will be more to come as I finish out the semester and have more time to work on my hobbies.
At the time of my writing this post, my server has not scraped this morning's service, but it will show up within the next 24 hours.
© 2019-2023 Jordan Bancino.