About itllallendintears

An(other) English eccentric.

Spicy Octopus Pasta

  • octopus legs (one per person?)
  • garlic 2 – 3 gloves
  • shallot
  • tin of whole tomatoes
  • dried chilli flakes 1 tsp
  • olive oil

Wash the octopus in salty water, rinse and cut into thick slices. Thinly slice the garlic and shallot. Sauté the garlic and shallots in olive oil until they start to have a little colour, add the octopus pieces, cook for a minute, then add the child flakes and tomatoes. Break up any large pieces of tomato. Season. Simmer for 15 – 20 minutes on a medium heat, partially covered.

Uncover and cook for another 10 minutes to let it reduce / thicken.

Really good with a pasta like Bucatini or Linguine.

Optional: sit back and remember how good this was when you ate it in Valetta.

Advertisements

Pi(e) Holing Facebook

It all started with a click. While reading the newspaper i clicked on a link to Facebook and was shocked when it opened.

The reason for my surprise was that in my /etc/hosts i had the following entry:

# Block Facebook
127.0.0.1   www.facebook.com
127.0.0.1   facebook.com

a rather blunt instrument, but one that until now had been effective at shitcanning any links. So why had it stopped working? After some confused poking around it became obvious that my new ISP provided way more IPv6 routing than the old ISP, and macOS was now favouring IPv6 traffic. As a consequence the hack in my /etc/hosts grew to include entries for IPv6:

fe80::1%lo0 www.facebook.com
fe80::1%lo0 facebook.com

And once more Facebook was back in the shitcan.

Note: adding hosts to /etc/hosts is obviously tedious – you can’t wildcard and blocking the root domain doesn’t block sub-domains. In order to get rid of all Facebook servers (just the obvious ones) takes over ten entries, all of which need to now be repeated for IPv6.

At this point any rational person would conclude that this is not a sane thing to be doing. Obviously it’s time to be running my own DNS server and sinkhole and shitcanning domains with wildcards!

Fortunately there are still plenty of people on the internet who haven’t given up, for example, Pi-hole. By installing Pi-hole on a Raspberry PI hanging off the back of my router, and updating clients to use it as a DNS, i have a place where it is possible to wildcard block entire domains.

As a well as providing DNS Pi-hole also maintains a (partial) list of domains that serve ads. This means that devices on your home network that aren’t running ad blocking now has a good chance of not being served ads. This was a partially solved problem, as the Raspberry PI also runs Privoxy  which also blocks a good percentage of ads.

As an aside, the war between ad blockers and ad pushers has been quietly escalating and i’ve been starting to notice that a few news sites are managing to execute Javascript that blocks uBlock Origin. Sites that employ such measures are still blocked from displaying ads by Pi-hole and / or Privoxy.

While installing Pi-hole it was necessary to make some decisions about what to use as a DNS authority. There are some obvious answers like 8.8.8.8 (Google), 9.9.9.9 (IBM and some shady law enforcement types), OpenDNS, OpenNIC, etc. None of which seem ideal.

You probably won’t be surprised to hear that all your DNS queries are sent, unencrypted, over port 53. Which initially sounds like a really bad thing – it would provide your ISP with an easy way to know every site that you looked up. However, in all likelihood they aren’t doing that… mostly because they have stronger, government mandated, requirements to meet, such as tracking every site that you actually visit and when you visited it, not just the ones that you happen to lookup, and then subsequently visit via a cached lookup. If all you had to do was run your own DNS to avoid tracking… yeah, not going to happen.

Despite the above rational, there exists a parallel DNS infrastructure called DNSCrypt, mostly volunteer run, that proxies encrypted access to DNS. Assuming that you can trust that they aren’t logging (something you’re already doing with the DNS providers listed above…) then you can effectively block any visibility of your DNS activity to your ISP… not that they’ll care. If your traffic isn’t leaving your machine via an encrypted tunnel (think VPN, Tor, etc) then you can assume that it is being inspected and logged at the packet level.

In terms of increasing privacy DNSCrypt doesn’t seem to offer very much. It does offer some other protections against DNS spoofing attacks, but i’m not sure how widespread those are in the wild. I’d also guess that the other major providers of DNS are taking countermeasures as they are needed… and are maybe more effective than the volunteer force behind DNSCrypt.

I’ll probably end up installing the dnscrypt-proxy on the Raspberry PI and using it as the resolver for Pi-hole. In the end it’s just going to be an encrypted proxy for OpenNIC, which if given a choice is where i’d want my DNS to be resolved.

I’d recommend looking into Pi-hole it’s a really nice of tools to have a better understanding and control of what devices on your network are actually doing. Oh, and keep in mind that IPv6 is now a thing, running in parallel to the IPv4 internet for which you probably had some reasonable mental model… learning about RA, SLAAC and it’s Privacy Extensions) DAD, etc. was an eye opener for me!

Youtube… ffs

For the longest time i’ve been using a Safari Extension called ClickToPlugin, which replaced Youtube’s video player with the native Safari video player. There were a couple of reason for this, the biggest of which was the horrendous amount of CPU that the YouTube HTML5 player uses. It also disabled autoplay, another scourge of the ad-supported web. Oh, and it never played ad.

The recent re-design broke all this, and it doesn’t look like it’ll be repaired. Time to find another solution… <sigh>

There are other Youtube focused extension out there for Safari, but none of them seem to exactly what i want. Firefox has a few plugins to allow downloading, or copying the video URL, which gives you a way to choose the player. There doesn’t, however, seem to be anything that does exactly what ClickToPlugin managed.

For a few weeks i’ve been using a Firefox plugin to copy the video URL, pasting that into Safari, and letting it play it with the native player. But it means opening Firefox, and switching between browsers, etc.

More recently i started playing with youtube-dl. If i’m going to copy and pasting URLs why not give them to a script, and have it spawn a Quicktime player? Well, the Quicktime player doesn’t have a command line… and who wants to wait until a video has downloaded before watching? It would be better to pipe the output of youtube-dl to a player… but that will have to be something other than Quicktime.

When in doubt try ffmpeg – the true swiss army knife of video! The ffmpeg distribution includes a tool ffplay, which can play video piped into stdin. Looks like we have everything needed:

$ youtube-dl -q -f best --buffer-size 16K https://www.youtube.com/watch?v=DLzxrzFCyOs -o - | ffplay -fast -fs -loglevel quiet -

Now all i need is a dumb bash script in my path, which takes a URL, and plugs it into that command:

#!/bin/bash
if [ $# -ne 1 ]; then
    echo Usage: yt url
    exit 1
fi

url=$1

youtube-dl -q -f best --buffer-size 16K $url -o - | \
 ffplay -fs -loglevel quiet -

Yes, the amount of time and effort involved in avoiding the unavoidable smartness of the smartest people in Silicon Valley…

Signal Desktop (Again)

It could be that i’m still confused about the release channel for the standalone Signal-Desktop client, but it doesn’t appear to be released as a bundle.

My previous build from the ‘electron’ branch stopped working, telling me i needed to update. However, the electron branch has gone… which is actually good news, as it means that the changes have merged to master.

Starting from scratch, but with all of the NodeJS NPM / Yarn junk still around, all it took was cloning from GitHub:

$ git clone –recursive https://github.com/WhisperSystems/Signal-Desktop.git

$ cd Signal-Desktop/
$ yarn pack-prod

Edit: the module dance can be avoided with the following:

$ node –version
v8.6.0
$ yarn –version
1.1.0
$ git clone –recursive https://github.com/WhisperSystems/Signal-Desktop.git

$ cd Signal-Desktop/
$ yarn install
$ yarn pack-prod

And then the usual dance to add modules until things started working. That part of the process defies description, and short of trying re-install all the npm / yarn stuff and starting from nothing, its unlikely that we’ll see the same things. In my case i had to ‘npm install’ the following:

  • electron-icon-maker
  • grunt

and ‘yarn add’:

  • grunt-sass

I’d have thought that there is a actually a module dependency list in the bundle, and a yarn / npm command to process it… no idea what that might be!

signal-desktop

It would be nice if there was an official build soon. Would like to stop having to do this dance – especially as the builds have been working perfectly for what i need for months now!

Various Failures

Recently when working through the backlog of film in the fridge, i managed to develop a roll that had obviously been nowhere near a camera. Oops. So professional.

Perhaps to balance that out there was also a roll that had been through the XPan at least twice, and perhaps three times, in London (once in August 2016, again in August 2017), Hamburg, and Nagano. The results are, to say the least, chaotic.

Also in this batch of films was a roll of Ilford SFX 200 shots of my neighbours water damaged ceiling. Obviously under-exposed and consequently rather “moody”. It’s all so much water under the bridge, etc.

Baumkamp-EG_05

Through Yellow Sands

The_Untouchable_City copy

Been spending a lot of time working through old pictures for the next I Wrote This For You book. The image above (from the entry ‘The Untouchable City’), taken from top of Roppongi Hills, with 黄砂 (こうさ) on the glass, has really stayed with me!

Now i want to get it printed A2 and on a wall… maybe with the oddness in th bottom left cropped out.