posted by brwyatt on October 8, 2014

This might be a slight surprise, but I've moved to Seattle (job-related). And while I managed to get my email server moved over onto Amazon EC2 before the move, I didn't have a chance to move my website(s) (including my dad's) over.

However, this has now been completed. I know the sites aren't really that important or anything, but now I feel whole again, and that's what really counts!

Still settling in up here in Seattle (crashing with my parents until I can find my own place, makes things a lot easier), but hopefully I can find time to start working on projects again.

posted by brwyatt on March 12, 2014

(Note: This is not meant to be presented as fact, but rather just more of a "thought exercize" of sorts. Feel free to leave a comment with your thoughts and opinions)

There is a lot of debate and misinformation around Bitcoin's inherent (and designed) deflationary monetary policy. Many cry out that deflationary systems can't work and are always, without question, a bad idea, pointing to The Great Depression as the poster child of deflation's disasterous effects; these people are not wrong. Then there are those who wave the banner that Bitcoin's policies can't ever be changed, and that this is good because no small, elite group of people can choose to, at a whim, make your life savings virtually worthless in the name of a stable economy; these people are wrong (about the never changing part, anyway, not so much the rest).

The truth of it is, however, that Bitcoin's algorithms CAN be changed and, in fact, NEED to have that ability, just as all systems need to in order to adapt to changing circumstances. It is unlikely that it will during it's infancy (and probably better that it doesn't for now), but at some point down the line, it will need to adapt and change to handle unforseen issues or the ever-changing world. However, unlike the current US monetary system, which puts monetary policy in the hands of a small group of people who have the most to lose (and gain) from the well-being of the system (mainly bankers), Bitcoin puts it in the hands of everyone, but it does get a little more complex than just simply "everyone", in much the same way that the US government is with it's system of Checks and Balances.

Here is an overly-simplified venn diagram of the US system:

US System

A bit of an over-simplification, but it works here. It is a little more complicated than that, and the FED controls much of it, but this gets the general idea. Treasury prints it, selling it to the FED, FED buys (or sells) securities to Private banks, which loan it to everyone else. Again, a simplified overview.

But the basic idea is this: The FED controls how much money is available (and thus the value of the US Dollar) at any given time (through the private banks, which are then able to loan it out to the general public, at interest of course). I'll leave you to decide whether you feel this is good or bad, but this is the basic idea. So you have a supposedly (hopefully) educated, interested (read: rich) people controlling the value of the dollar, and generally keeping a low level of inflation (devaluation) in order to encourage rapid money flow and borrowing (that is to say: consumerism via accumulation of debt).

So what then of Bitcoin? What if deflation became a problem? Some could argue it already is, and that's why alternatives such as DogeCoin have popped up. But how can Bitcoin change if it needed to create Bitcoin at a faster rate?

Here's a (somewhat less) simplified view of the major players involved with Bitcoin: (yay for more Venn diagrams!)

Bitcoin System

The miners process the transactions (think PayPal, MasterCard, Visa, etc, but in a distributed, P2P kind of way) that everyone sends, and coders write the code that the miners use to mine, and that everyone uses to connect and send money to others. Some coders are miners, but everyone uses the network.

So what happens if the Miners unanimously decide to change the monetary policy? The rest of the network (the clients that use the network) will reject the "blocks" of validated transactions created by the miners under that new policy. No transactions are sent and received, miners can't spend the Bitcoins they received in fees or from the subsidy, because no one except other miners accept them, and now no one is happy. If anyone decides to publish a client that works under different rules, the network will reject transactions they see as invalid.

So how can the policy be changed? The large majority of people in any given system will just "follow along". Lets face it, there are a lot of things in this world, and we all can't be involved or informed about everything. But what is needed is some form of consensus. If all the miners and all the coders decided to change part of the money-generating algorithms and everyone adopts it, then the change happens, transactions continue processing, and everyone is happy. But if they change it any the majority of people reject it, the change cannoy happen, and could even result in a block chain fork, essentially creating two "histories" on the same network: one with the change, and one without. Same happens if all non-miners want a change, same thing, the network stops accepting blocks from miners not following the change.

In this way, you get a bit of checks and balances. If you get about half of the miners, and half of everyone (which can include the miners), then you can effectively force a policy (everyone else following because they have no choice, majority rule). But if any one group has a majority refusing the change, it will not happen. The only group not effectively ruled by majority rule are the people with any programming or coding skill, you only really need one to code the policy, but I still felt they were worth mentioning as a group that could try (and fail) to change policy on their own.

The idea here, is just as Bitcoin took payment processing from the hands of a few, it does the same with monetary policy as well. Bitcoin CAN be changed, but that power rests with all people who use it, not the select few who are put in control to make decisions. Instead of policy decided by an oligarchy, it is, instead, decided and enacted democratically.

Whether this is good or bad is up to you: putting power to those with the most knowledge and the most to lose, but also who can be corrupted, or put the power to everyone democratically, which can be messy and slow (there is a reason the US has a REPRESENTATIVE system, can you imagine the mess if EVERYONE was able to debate and vote on every single bill?).

Anyway, just something I was thinking about today. If people are interested (or uncertain about how Bitcoin works, and what exactly mining is and what it does), I can write another post explaining Bitcoin more in depth.

posted by brwyatt on September 22, 2013

Well... two things happened that lead up to Captchas:

  1. I got tired of having to go through and delete a bunch of garbage comments and banning those IPs
  2. while doing so, I managed to accidentally delete all the comments, including the two legitimate ones. (oops, oh well!)

So now, to leave a comment, there is a simple captcha that must be completed before it will let you submit the comment.

Turns out, it isn't hard, but isn't easy, either. It wasn't as simple as just slapping in the code used on the Contact form, had to do some tooling in other parts of the comment components, too (yay MVC patterns). But, in the end, I was still able to just "reuse" the captcha component from the Contact form, I just had to make sure the Blog Comment Model, View, and Controller were all on the same page about it, and had to add in stuff to make sure it references the component correctly. If anyone else wants to get it working in Yii, this is where I found how to do it: http://stackoverflow.com/questions/14174861/yii-blog-captcha-never-verifies. The one thing he is missing is adding it to the attributeLabels() function in the BlogComment model, but that's not really important. I hope this reduces the amount of spam I get here.

And then... this further lead to me deciding to tweek the site a bit. Updated the index page, updated the About page, and FINALLY fixed the Server Stats page which has been broken for a while (it was still trying to get stats for the old Freenet drive, which no longer exists). In any case, I hope it looks/reads a bit nicer now. After all, it was first written TWO YEARS ago!

Now if only I can find some time to put in the effort to get the Hypervisor running...

posted by brwyatt on September 22, 2013

I've been thinking, I need to use this blog more. Because I can.

Not much really goes on around here, really, but I have some interesting ideas and projects I'm starting or will start, or at least want to offer up for others. But I do also have the random ramblings of a crazy person, too. In theory, I assume that if I throw enough stuff on here, something may be useful to someone. Maybe.

Last weekend, I finally decided to "break into" my 24-port SGE2000P Linksys switch again. QoS managed to turn itself on again, and as a bonus, all the settings were reset. Long story short, I found out why, and any Cisco device user will instantly know why. Needless to say, any time it loses power, it will reset to it's "startup config". This is a great failsafe if you manage to make a change that breaks everything. But, I was able to get back into the router, change the settings, and then found the copy config section in the settings (yes, I'm using the web GUI, I'm too lazy to learn IOS right now) so I could copy the running config to the startup config. What this means for me, is no more having my download randomly drop from 20mbps down to 0.2mbps while trying to watch Youtube.

In somewhat related news, I've got an 8-core box sitting in with my servers at the moment, but powered down. It has been there for a while, and I've been wanting to get it configured to jump-start my virtual environment before I get the real hypervisor I'm planning to get sometime in January. My thinking was that I could set this small server up, get all the core network infrastructure setup on it (DHCP, DNS, Puppet master, network auth (NIS? LDAP?), Zabbix, etc), as well as learning how to setup and configure OpenStack, and start tinkering with it NOW, so that when the expensive hardware comes in, I can just move everything over to it, and start playing with more useful stuff such as moving everything off my old server (MySQL (Postgres instead?), Tor, Freenet, Minecraft server, etc) over to it, and even start messing with some more fun things like metrics and things like Redis and RabbitMQ. My only issue is not exactly FINDING time... but MAKING time. As soon as I walk in the door to my aparement, my brain just turns off. This effects my other personal projects as well.

Speaking of personal projects...

I have more than a few "personal projects", all under the name Jungle Cat Software, and hosted publicly on GitHub. As you can see there, I have a few things up with varying degees of work put into them. I probably have the most work put into Bad Science! and BRGE (the engine behind Bad Science!), which was probably the most fun project, but also the least useful. BitcoinAccess was a Bitcoin RPC client that could talk back to either an RPC-enabled client you left running at home, or a service that follows the Bitcoin RPC standard, and is probably the more reasonably useful project... if I finish it. If anyone is inclined to help on any of these projects, I would happily welcome it, and you can find more about what I planned by looking at their boards on the Trello account.

More recently, I started (for some definition of the word "started") another project aiming to combine several ideas in Tor and Freenet; basically using routing more similar to Freenet, but in a real-time way such as Tor, and preferencing low-latency paths and neighbors. I'm personally quite fond of this idea, and I think it could actually be useful. So let me talk about CryptNet for a moment.

So here is my thinking. Largely, it's intent is to be oriented aroud the idea of a "OpenNet", and connect to anyone nearby that you can, possibly even scanning your LAN for connections. Once connected, you now become a part of the network, and route traffic just as a relay in Tor or a node in Freenet would. Except for some differences. Freenet is, essentially, a distributed datastore; incomming requests are checked locally to see if you have data, and then passed on to nodes that appear to be "closer" to the data if you don't (there is a bunch of math and stuff happening here that I'm not going to get into). There is also some stuff with the ranomly-decrementing TTL to hide the originator, and then found (or not found) data travels back along the same path and that's that. Tor, in contrast, creates "circuits" in order to route requests. If a request to an external resource is made, then it is created to an exit node and your traffic passes through a series of three nodes on the network, then out to the destination (some services, like DuckDuckGo, will host a router that can exit to their services, and traffic will be routed to their exit to improve performance). Traffic to an internal network resource again creates a circuit, and then is routed to that resource.

What I'm proposing is something slightly different, and something that can take advantage of the higher bandwidths available. But, then again, we still don't want to flood the Internet! If each client has a handful of "addressable keys" (think GPG fingerprints or Bitcoin addresses), a user can discard or create new ones as necessary, but keys should typically stick around for at least a little while during a given "transaction" on the network (A file download, a conversation, etc). From here, we can start building a kind of "table" of what keys we find from which of our connections to the network, and if we see them on multiple, we can determine which link(s) are faster, so we can start building a graph, but where we can only see a small part of it, specifically, our own connections to our neighbors, and which keys they route through them. But this only gives us half the story. Our connection to "A" might be lower-latency, but a user with a given key might be closer to node "B" (or may even be owned BY "B"!), and may have a shorter round-trip time. So we can get into some interesting Math and huristics there.

It may also be possible to send the same message through ALL of the nodes you are connected to, and those nodes could do the same. Obviously this can get out of hand really fast. By using the key table mentioned before, nodes can eliminate some paths if they don't have the key, and we can even send responses back upstream to say "I don't know this key" if a request is received and you know the key doesn't exist or is unroutable from you, thus eliminating that node as a valid path. Nodes on the network also need to NEVER route a duplicate message with the same ID, in case of duplicate paths. It is expected to receive duplicate messages at times, and they need to be handled correctly (that is to say: ignored and NOT passed on again), it may be also good to transmit a "key not found" back upstream to the node that sent the duplicate message, to remove the slower path from their routing tables. In this way, the network can find the fastest paths through the network.

However, this does bring up an interesting concern for attacks similar to Freenet, where if an attacker has all your connections, they can start to reasonably determine who you are and your activities. But also, due to "path reduction", this attack could become possible from a distance. Thus, Key rotation, but keys can be linked as the same person with enough data (like bitcoin addresses). Rotating connections (dropping some connections, and creating new ones), much like Tor circuits, can help resolve some of that, changing the landscape of the network as nodes move around in the graph. So this brings up interesting routing challenges; and, as you can see, can result in a bit of bandwidth consumption, especially with newer connections.

But one thing I really like, is the idea of having a common "key store" on the client that plugins can use to store keys, so that the client can properly determine which messages are for itself, and route them to the proper plugin. And since all the messages are a common format, any kind of data can be routed through even older nodes that may not even support the plugin. In it's simplest state, the client is simply a router for the network. It keeps track of keys it sees and connections, and that's it. You can add plugins which create and manage keys for the user, and allow interaction on the network. Someone could easily write a plugin to act like an exit node and a proxy node, to allow regular network traffic (like HTTP) to be proxied over it (just like Tor), or write a datastore, just like Freenet, or even write encrypted communications on top of it, even run things like Tor hidden services, or possibly filesharing like as on DC++ or Gnutella.

I think it has potential, but maybe not. I think the bandwidth hit is survivable, especially on LANs, and the architecture could provide, essentially, a faster kind of Freenet for more real-time applications. What do y'all think?

posted by brwyatt on April 22, 2013

Well... My server's primary system drive decided to develop a hugely large number of bad blocks. If you don't know what that is, the short answer is that a large part of the harddrive decided to simply stop working. There was dataloss. There was pain. There was frustration. It was terrible.

BUT! I managed to recover from a backup from 2012-12-20. The majority of important data was all on my RAID5 array, but this does mean that some configs were lost. Fortunately, this largely effects only me.

It looks like my BRGE and BadScience builds are intact (though probably pointed to the wrong repos), but my build for Bitcoin Access is gone. But email, MySQL, etc are all back up... and that's what matters for now. But I guess the rest of that goes on my "TODO" list... again.

On the bright side, I learned something totally awesome you can do with LVM2. PVMOVE. It didn't help in this case (the drive was too far dead and causing the CPU to get locked up with IOWaits), but holycrap. The whole concept of "oh, yeah, we can just copy all this data to another drive, sync them up, then stop using the old one and effectively move the partition to another drive" is just incredible. I love learning all the impossible things you can do on Linux that you just simply CAN'T do on Windows or OSX.

But anyway... I should probably get some sleep before REAL work tomorrow. But if anyone was wondering where the hell my server was this weekend... that should answer it.

posted by brwyatt on October 26, 2012

Well, started on some personal projects (up on GitHub) and some other things... but mostly I wanted to mention a new thing for the comments: IP addresses are now logged. There is a surprising amount of "OMG! GENERATE MORE TRAFFIC TO YOUR SITE!" spam than there should be for this site (given the content, or, rather, the lack of content).

I'll probably just use iptables to manually block these IPs for now, in the future I might make things smarter so they are just blocked from commenting. Probably just need to add captchas to the comment pages... I'd think doing both would be most effective.

posted by brwyatt on June 16, 2012

First things first, Minecraft has been moved onto it's own server. It can still be accessed the same way and all traffic still goes through my main server. But now, it has a full 8GB of RAM to itself and a dualcore CPU. Things appear to be running MUCH smoother now, though! In addition, everything Minecraft related on my server(s) will now be at http://minecraft.brwyatt.net/, including the DynMap.

The down side to this, is that running another server costs money in electric costs. The PSU on both my main server and the Minecraft server are 430W, which means they could both end up costing me about $26/month (EACH!) to run 24/7. Fortunately, neither should be taking that much power, and are probably consuming more in the 200-300W range. Do the math, that is still a bit of a cost to me.

In addition, the migration of the server took maybe... 6 hours total of me moving things over, testing it, figuring out and setting up the IPTables rules to forward traffic from my server, copying over the data and bringing it live. It took parts of two of my evenings. Lets say I'm worth about... $16/hour. So that change cost ~$96 worth of my time. Note that I'm not including installing Debian on that server, physically setting it up, wiring it up, setting up static DHCP, setting up DNS internally and externally, the additional switch migration from a DLink DGS-2208 to a Cisco SF302-08, which also required setting up it's own static DHCP and internal DNS. But, I personally got a lot out of both of these moves, as this frees up resources on my server that were being eaten by Minecraft. Fortunately, the Cisco switch was free.

Additionally, if you Minecraft folks need a faster CPU, it looks like a quad-core 2.6GHz CPU for that motherboard is going to cost about $150. And that is something I am NOT paying for. I'll help pay for it, but at least 75% has to come from y'all.

Additionally, I have 25/25Mbps FiOS. Business class with a static IP. This probably helps me more than y'all, to be fair, but the extra bandwidth means y'all won't be as effected if I decide to stream an HD movie, and won't suffer from minor outages because my IP changed and my DNS hasn't been updated to reflect that change. This is costing me $105/month, with $15 of that being from getting the business version.

So here is the final total:

  • Electricity for brwyatt.net: $18/month (best guess)
  • Electricity for minecraft.brwyatt.net: $18/month (best guess)
  • Migrating to a new Minecraft server: ~$96 (possibly up to $140)
  • 25/25 Internet: $105/month ($15 for static IP and contractual rights to run servers on it)

I could also go into how both my domain names cost me $12/year each... but I'm pretty sure that that mostly benefits me anyway. And then the added costs of cooling.... But I won't. I mostly just want people to understand what goes into running something like this, even something so small and simple. It does cost money, even if you aren't paying for it.

posted by brwyatt on June 12, 2012

Internet install was quicker than expected! Took less than an hour. Compared to normal residential installs (Since I'm technically a business customer): he came in, mounted the FiOS modem, plugged in my server, I told him it works, he showed me the modem (since I'm not getting their router, he walked me through verifying the problem is on their end since they can't support my side of the modem), we shook hands, he left and called back a few hours later to verify things were still working. He never even touched a keyboard or looked at my screen. Maybe it was because my router was a full computer with two NICs and had a big "DEBIAN" sticker on the side... but why can't residential installs be like that too?

Anyway! Everything on my server should be up now (MySQL, Apache2, Postfix/Dovecot (email), Minecraft, Freenet, Tor (relay!), and I2P. This server does way too much, and I'm considering moving some things off onto another box I have, but I'd like to see my first power bill first before I add any more things to the grid.

I should also note that I also have a static IP! 71.244.54.5 is mine. It will only change if I decide to leave Verizon, move to a different circuit, or buy a whole block of IPs (they give them out in consecutive blocks, so I might have to give that one up for a consecutive block). So this should help with finding me with DNS... my IP won't change often, at least not for a long while. I'm also talking to Verizon to get my reverse-DNS setup (so when you lookup my IP address it tells you it is brwyatt.net, this is helpful for email servers) and I'm going to continue using JangoSMTP (great service by the way!) until it is setup.

I'm still mostly unpacking and settling in after the move on Saturday. Got my dresser and nightstand built, and I think that is all for furniture till the couch arrives. Still have to unpack a bunch and organize... but that will take time and is an adjustment. It is really kinda cool to look around me and say "all this is mine". Sure I'm technically renting the apartment... but the stuff in it is undeniably mine, and I am paying the rent... so... that is kinda cool... to me, anyway.

I have found the place for my server (and any future equipment). Since I don't have a washer or dryer... I've got it right where the washer would be. And when I get a server rack... it even has a 250v plug. It will take a converter to work... but... it will do. Granted a rack and the stuff to fill it is just under a third of my salary... but... If I stay here long enough it might just get used.

Still have some cleaning of the apartment to do as well, and my mom wants/needs me to clean out my old room as well, which is fair.

... I am not looking forward to bills...

posted by brwyatt on June 9, 2012

I keep forgetting I have this blog to write my thoughts and ramblings for the world to see (and for spammers to try and spam the comments, apparently...(And FAIL MUAHAHAHAHAHAHA)).

So... Tomorrow (well, I guess today...) I'm moving out of my parent's place and into my own place. It isn't too far, but it is exciting and scary. Still kinda working on packing, though at this point, much of this can just be carried by hand, but I want to make it a little easier on me. I should also probably note that this is all possible because I'm now a FULL TIME, SALARIED employee at work! That, in itself is pretty exciting too... I mentioned it before when I got to sign the paperwork, but now the paychecks are comming in from what was an offer, but is now an official position.

As far as the moving goes, I'll be without my own Internet until sometime Monday when it gets installed. I'll be leaving my server here, though, so there won't be downtime till probably Sunday night, lasting until whenever on Monday when the Internet is hooked up. I'm paying for 25/25 BUSINESS Internet with a static IP address (71.244.54.5).

So that should be fun and exciting... probably should get some sleep or get some more stuff packed...

posted by brwyatt on May 8, 2012

You guessed it! Sam Johnson! This is what he had to say about CISPA:

Dear Mr. Wyatt:

Thank you for contacting me regarding H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA). I appreciate having the benefit of your views.

As you may know, America now faces serious cyber threats from foreign states and terrorist organizations on a daily basis. These range from cyber attacks that try to disrupt our networks to attacks that attempt to steal classified information and intellectual property. While many of these cyber attacks directly target U.S. government agencies, there are an increasing number of attacks that are targeting U.S. companies that don't have access to the same protections given to government agencies.

As a leader in the development of new technologies, American companies have also seen a large increase in theft of technology and trade secrets from cyber attacks. This is a direct threat to American prosperity, as a loss of these trade secrets will ultimately limit America's economic potential.

To address this, House Intelligence Committee Chairman Rep. Mike Rogers (R-MI) introduced H.R. 3523 on November 30, 2011. This bill would amend the National Security Act of 1947 to allow the government to share classified cyber security threat information with companies and for companies to voluntarily share cyber threat information with the government. This bill would also guard against the theft or misappropriation of private or government information, intellectual property, or personally identifiable information. It is also important to note that under CISPA, the government would not be able to stop access to particular websites, require companies provide any information, or censor or remove content.

Ensuring that America's networks and information are secure is a vital interest, and H.R. 3523 is a necessary tool to accomplish this goal. I also understand that certain concerns have been raised regarding the need for privacy protections in this bill. You will be pleased to know that I supported several amendments to this bill that will limit the scope of the bill to provide adequate privacy protections.

One of the amendments I supported limits the government's use and storage of shared cyber threat information to only 5 specific purposes including the investigation of cyber security crimes, protection of individuals from death or physical injury, protection of minors from child pornography, and the protection of our national security. Another amendment I supported prohibits the federal government from using library records, firearms sales records, or tax returns that it receives from private entities under this Act.

I believe that CISPA, as amended, has a proper balance between security and privacy. I voted in favor of this bill when it came before the House of Representatives on April 26, 2012, and passed by a vote of 248 to 168. Currently this bill has been referred to the Senate where it awaits further action.

Once again thank you for contacting me and please do not hesitate to do so in the future if I can be of any assistance.

Sincerely, SAM JOHNSON. Member of Congress