⇪ Standardized Subway Maps

These are beautiful. They make me want to go visit these cities and explore where the subway takes you.

⇪ Calm Technology

An interesting set of design principles, resulting in calm technology.

How I Setup Arch Linux Using UEFI and an Encrypted LVM

October 15, 2019 | posted in: nerdliness

There are numerous articles and blog postings detailing how to install Arch Linux. This one is mine. I’ve been fascinated with Arch Linux for several years. I like that it is very much a “some assembly required” distribution. Nearly every other installer hides away the underlying complexity of installing and configuring an operating system. The Arch installation process exposes you to all the details and lets you determine how much or or how little you want to put on your machine. Exposure to all the details can be cause for both excitement and frustration. Fortunately there are excellent resources to help you.

The single best resource is the Arch Linux Installation Guide. You should read that completely before installing Arch Linux. In fact, you should follow that to do your install and not follow my setup.

Arch Linux is a rolling release and a moving target. Rolling release distributions constantly get updates, there is no schedule where once or twice a year a major update to the distribution is released. You can update your install everyday. Sometimes multiple times in a single day. Or you can do it once a week. It’s entirely up to you.

As for being a moving target…. In the time it took me to work through the installation process I wanted and capture the steps in this posting, the contents of the base group were changed. It no longer includes a kernel, or an editor, or other software that you might expect or need. So the pacstrap command to install the operating system could no longer be just

pacstrap -i /mnt base

But instead needs to be something like

pacstrap -i /mnt base linux linux-firmware mkinitcpio lvm2 vi

All of which leads to this disclaimer. Follow my installation steps at your own risk. Read the installation guide. Use the Arch Wiki. The answers to your questions are there. Join the Arch Linux Reddit or go old school and use the #archlinux channel on freenode.

Installation Goals

Here are my high-level goals for this Arch installation:

  • I want to have Arch Linux as the sole operating system on the computer.
  • I want to have the drive (except for the boot partition) encrypted.
  • I want to use LVM so that I can resize root and home if necessary.
  • I want to use i3 (or maybe Sway) as a Window Manager and perhaps not have a desktop environment.

For equipment I have an ASUS Q325UA laptop with a dual-core i7 CPU running at 2.7 GHz, 16 GB of RAM, Intel graphics, a 512 GB SSD, and a 1920x1080 13” screen in a 16:9 ratio. It’s a good little computer that runs Linux rather well.

Installation Steps

Preamble

I am presuming that you have already downloaded the Arch Linux installer and flashed it to a USB drive. If not, there are instructions online describing how to accomplish this step.

Boot the installer

Using whatever hot key on your equipment allows you to access the BIOS, ensure that the USB drive with the installer on it is first in the boot order and restart your computer.

Establish connectivity and update the package repository

My laptop doesn’t have an Ethernet jack, so I use WiFi for connectivity. Use wifi-menu to select an access point and get connected. Once connected, verify that you have an IP address and can reach the Internet.

wifi-menu
ip addr show
ping archlinux.org

Now that you have connectivity, update the package repository indexes.

pacman -Syyy

And while we are at it, set the time and date.

timedatactl set-ntp true

Disk partitioning

I am going to setup three disk partitions:

  1. An EFI partition
  2. A boot partition
  3. A partition to hold my LVM setup

Start by determining what device you want to use for the install.

fdisk -l

In my case /dev/sda is the disk.

Partition the drive

Open the fdisk tool.

fdisk /dev/sda

You can see the current partition scheme by using the p for print command.

p

Create the EFI partition

The EFI partition I created is 500MB in size and has a type of EFI Partition. Here are the commands I used.

g (creates an empty GPT table)
n (creates a new partition)
<enter> (accept the partition number)
<enter> (accept the starting position)
+500M (set the partition size)
t (set the partition type)
1 (for EFI partition)

Create the boot partition

I wanted a 500MB boot partition. (I’m obsessive and two 500MB partitions adds up to 1000, which is more pleasing than say a 300M EFI and 400M boot only equaling 700M.)

n
<enter>
<enter>
+500M

By default the partition type is Linux filesystem, so there is no need to change the type of the boot partition.

Create the LVM partition

I used the remainder of the drive space for the LVM partition.

n
<enter>
<enter>
<enter> (use all remaining disk space)
t
<enter> (accept offered (last) partition number)
31 (LVM type partition)

Verify the partition scheme

Display (print) the partition scheme and verify that it is what you want.

p

Finalize the partition scheme changes

Once this step is completed the partition changes will be written to the drive.

w

Format the EFI and boot partitions

The EFI partition wants to use the FAT file system, and boot wants to be ext4.

mkfs.fat -F32 /dev/sda1
mkfs.ext4 /dev/sda2

Setup encryption

The entire third disk partition, /dev/sda3, will be encrypted using LUKS. This is where the passphrase for the encryption will be set, and where the name of the cryptdevice will be set.

cryptsetup luksFormat /dev/sda3
cryptsetup open --type luks /dev/sda3 lvm

The first command will create the encryption and ask for the passphrase. Make sure you note what the phrase is, losing it means you’ll never be able to open this partition.

The second command opens the newly created encrypted partition and gives it the wildly inventive name of lvm.

Setup LVM

I wanted to have separate logical volumes for root and home. For naming I went as simply as I could.

  • Physical volume is /dev/mapper/lvm
  • Volume group is vg
  • Root logical volume is lv_root and will be 50G in size
  • Home logical volume is lv_home and will be 250 G in size

Here are the commands I used to accomplish this LVM configuration.

pvcreate --dataalignment 1m /dev/mapper/lvm
vgcreate vg /dev/mapper/lvm
lvcreate -L 50GB vg -n lv_root
lvcreate -L 250GB vg -n lv_home

Next we need to load the necessary modules

modprobe dm_mod

Finally we have LVM scan for volumes and activate the volume group

vgscan
vgchange -ay

Format the root and home partitions.

mkfs.ext4 /dev/vg/lv_root
mkfs.ext4 /dev/vg/lv_home

Mount the root partition, create remaining mount points, and mount partitions

mount /dev/vg/lv_root /mnt

cd /mnt
mkdir boot efi home

mount /dev/sda2 boot
mount /dev/vg/lv_home home
mount /dev/sda1 efi

The root partition mounts to /mnt and the remaining mount points are all contained within root. For no good reason I’m mounting the EFI partition in /efi rather than /boot/EFI.

Run the mount command to verify that all the mounts are correct

mount

Install Arch Linux base packages

As I mentioned above, due to changes in the base package, the contents of this command changed recently. In addition to base, I’m also installing a kernel, the firmware package, mkinitcpio, and an editor.

pacstrap -i /mnt base linux linux-firmware mkinitcpiio vi

Depending on your connection speed and location in the world this may take a while to complete.

Generate the fstab file

With everything mounted, and an Arch installation located at /mnt I can generate the /etc/fstab file.

genfstab -U -p /mnt >> /mnt/etc/fstab

Verify the contents of this file. (!$ is bash shorthand for “last argument from previous command”.)

cat !$

Access the in-progress Arch installation

The rest of the steps happen inside the new Arch installation. This command changes root to the new install.

arch-chroot /mnt

Install additional packages

The pacstrap command was a good start, but there are more package necessary to complete the installation.

pacman -S base-devel grub efibootmgr dosfstools openssh os-prober mtools linux-headers networkmanager network-manager-applet wpa_supplicant wireless_tools dialog vim

Enable NetworkManager

Once the install is complete, and the machine is rebooted, having NetworkManager ready to use will be helpful.

systemctl enable NetworkManager

Edit initial ramdisk configuration to enable encryption

In order for the encryption to work, the /etc/mkinitcpio.conf file needs to be edited.

vi /etc/mkinitcpio.conf

Find the HOOKS line (approximately line 51) and add encrypt lvm2 bewteen block and filesystems. Save the file.

Create the initial ramdisk for the kernel

mkinitcpio -p linux

Generate your locale

vi /etc/locale.gen (uncomment en_US.UTF-8 - or your locale)
locale-gen

Set a root account password

password

Create a user account for yourself

useradd -mg users -G wheel <username>
passwd <username>

Install sudo

pacman -S sudo

Allow users in wheel group to use sudo

visudo

Uncomment %wheel ALL=(ALL) ALL line. It’s very near the end of the file.

Setup Grub and EFI

This step is vitally important. A mistake here will prevent your system from booting. Ask me how I know.

Start by editing the /etc/default/grub file. There are three changes to make here.

  1. Uncommenting the GRUB_ENABLE_CRYPTODISK=y line
  2. Adding cryptdevice=/dev/sda3:vg:allows-discards to the GRUB_CMDLINE_LINUX_DEFAULT line
  3. Adding lvm to the GRUB_PRELOAD_MODULES line

The first change is made by removing the # at the beginning of the GRUB_ENABLE_CRYPTODISK=y line.

The second change is the trickiest. Edit the GRUB_CMNLINE_LINUX_DEFAULT line and add cryptdevice=/dev/sda3:vg:allow-discards to it. In my case I put it just before the quiet argument that was already there. A typo here, say spelling the argument cryptodevice will render the configuration inoperable. There won’t be any errors, but the machine will only boot to a grub prompt.

The third change is to add lvm to the list of preloaded modules. The list is space-delimited. I put lvm at the end of the list.

Here are those three lines after the edits. The rest of the file is not shown below.

...
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 cryptdevice=/dev/sda3:vg:allow-discards quiet"
...
GRUB_PRELOAD_MODULES="part_gpt part_msdos lvm"
...
GRUB_ENABLE_CRYPTODISK=y
...

Once the changes have been made and saved Grub can be installed

grub-install --target=x86_64-efi -efi-directory=/efi --bootloader-id=grub_uefi --recheck

Since I opted to put the EFI partition in a non-standard location, I needed to add the --efi-directory=/efi directive to the command.

Finally generate the grub configuration file

grub-mkconfig -o /boot/grub/grub.cfg

Create a swapfile

Rather than have an entire partition devoted to swap, I’m using a swap file instead. Easier to resize and manage.

fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile

And add the new /swapfile to the /etc/fstab file.

echo '/swapfile none swap sw 0 0' | tee -a /etc/fstab

The -a on the tee command is crucial, leave that off and the /etc/fstab file will be overwritten, not appended to.

Exit, unmount, and reboot

At this point the installation process is complete. Exit the chroot, unmount devices, and reboot. The umount command will likely produce some errors, these can be ignored.

exit
umount -a
reboot

If all has gone well the computer should reboot. It will ask for the passphrase used to encrypt/decrypt the LVM partition. Once that has been entered the bootstrap will complete. If you get the Grub menu and can select Arch Linux, and then end at a login prompt, then the install was successful.

However, the computer is still not completely setup. In my case I chose to install the i3 window manager, and the Sway window manager. I also installed lightdm as a display manager. Below are some additional commands and setup configuration I made immediately following the install. Your mileage may vary, void where prohibited, please hesitate to call.

Post Install

Enable sudo logging

I like having a record of all the sudo commands I’ve issued. Edit /etc/sudoers using visudo and add this line

Defaults logfile=/var/log/sudo

Set time zone and hardware clock

sudo ln -sf /usr/share/zoneinfo/America/Chicago /etc/localtime
hwclock --systohc --utc

Complete locale setup

localectl set-locale LANG="en_US.UFT-8"

Set a hostname

hostnamectl set-hostname <hostname>

Connect to wireless

Run this command to get a list of access points

nmcli d wifi list

And run this command to join one. Yes, the password is in plain text. It gets stored that way too.

nmcli d wifi connect <BSSID> password <password>

Generate a 4096-bit ssh key

ssh-keygen -t rsa -b 4096

Setup Arch User Repository (AUR)

The AUR is one of the best features of the Arch ecosystem. Add the following the end of the /etc/pacman.conf file

[archlinuxfr]
Server = http://repo.archlinux.fr/$arch

Tweak the pacman mirror list

By default the pacman mirror list includes all the mirrors, worldwide. pacman performance can be improved by using the Arch Mirrorlist to generate one for you. This will probably be easier to accomplish after you’ve installed a window manager or desktop environment and a browser.

Install yay for AUR access

Install yay

Install i3 Window Manager

yay -S i3-gaps i3blocks i3lock i3status
yay -S xf86-input-libinput xorg-server xorg-xinit xorg-apps mesa xf86-video-intel lib32-intel-dri lib32-mesa lib32-libgl

Create ~/.xinit file and put this line in it

exec i3

Run startx to open i3 session. Note, with no terminal emulator installed, and no typical desktop tools installed, running i3 may be a bit anti-climactic.

Install Sway

Sway is a Wayland based alternative to i3.

yay -S wlroots-git sway-git

Copy the default sway config. Sway starts from the command line by running sway.

Install terminator terminal emulator

yay -S terminator

Edit i3 and Sway configurations to make terminator the terminal they use.

Summary

At the end of this process I have a functioning Arch Linux installation, running on LVM and booting via EFI. I’ve got separate root and home partitions, and some unallocated drive space to grow either or both of those logical volumes. Wireless networking is up and running, and I’m able to search for and manage packages using the yay AUR tool and pacman wrapper. Two tiling window managers, i3 and Sway, are install and working, and I’ve got lightdm setup as my display manager. The rest of the setup will evolve over time.

How to Manage Bash Paths on MacOS

September 19, 2019 | posted in: nerdliness

Viewing your bash path

The easiest way to view your bash path is to run

env

Then visually parse the output looking for the PATH entry and then read that line.

A slightly better way to view your bash path is to run

env | grep -i path

This will eliminate all the environment variables that aren’t paths.

$ env | grep -i path
SQLITE_EXEMPT_PATH_FROM_VNODE_GUARDS=/Users/mark/Library/WebKit/Databases
PATH=/Users/mark/.rbenv/shims:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/go/bin:/usr/local/MacGPG2/bin:/opt/X11/bin:/Users/mark/bin:/usr/local/sbin:/usr/local/go/bin:/Users/mark/.cargo/bin
GOPATH=/Users/mark/code/go

Personally I find parsing a list delimited by : to be difficult. So I use a simple function to break the path apart, displaying each entry on its own line, and color coding it along the way. Here’s the function:

path() {
local blue="\033[1;34m"
local green="\033[0;32m"
local cyan="\033[0;36m"
local purple="\033[0;35m"
local brown="\033[0;33m"
local reset_color="\033[0m"
  echo $PATH | tr ":" "\n" | \
    awk "{ sub(\"/usr\",   \"$green/usr$reset_color\"); \
           sub(\"/bin\",   \"$blue/bin$reset_color\"); \
           sub(\"/opt\",   \"$cyan/opt$reset_color\"); \
           sub(\"/sbin\",  \"$purple/sbin$reset_color\"); \
           sub(\"/local\", \"$brown/local$reset_color\"); \
           print }"
}

After setting some local variables to hold bash color codes, the function echoes the $PATH environment variable, using the tr, or translate command, to convert each : into a new line character, \n. The output of tr is passed to awk which colorizes the output but substituting some key words into the same keywords surrounded by color codes.

Here’s a sample output:

Image showing output of path function

One advantage to this output is it is far easier to find duplicates or path elements that are out of order.

A path_helper primer

macOS includes a utility called path_helper. The utility hopes to simplify management of your path. Knowing about it, and working with it, is the key to simplifying your path.

path_helper relies upon two sets of information. First is a list of standard paths found in /etc/paths. On my macOS computer /etc/paths contains:

$ cat /etc/paths
/usr/local/bin
/usr/bin
/bin
/usr/sbin
/sbin

The second set of information used is the /etc/paths.d directory. Applications that make use of path_helper know to put a file at this location that contains their path element. Again from my computer, the contents of /etc/paths.d

$ ls -al /etc/paths.d
total 24
drwxr-xr-x    5 root  wheel   160B Sep 30  2018 ./
drwxr-xr-x  126 root  wheel   3.9K Sep 19 14:10 ../
-rw-r--r--    1 root  wheel    13B Oct 26  2016 40-XQuartz
-rw-r--r--    1 root  wheel    23B Feb  2  2015 MacGPG2
-rw-r--r--    1 root  wheel    17B Oct 25  2017 go

Looking at the go entry, for example, we see:

/usr/local/go/bin

Returning to the image showing the output of my path function, you can see the Go entry in the list. As well as entries for X-Quartz and MacGPG2. Also you can see the five standard path elements in positions 2 - 6. Obviously the /Users/mark/.rbenv/shims entry was pre-pended to $PATH. And it is also obvious that some things are getting added to the list twice.

Understanding that path_helper will seed $PATH with the standard elements, and any elements found in /etc/paths.d, it is now possible to clean up what is added to $PATH, and in what order they are added, in the bash configuration.

My bash configuration

My bash configuration is broken up into several files as the outgrowth of near constant tinkering and tweaking.

la -la ~/.dotfiles/bash/
total 136
drwxr-xr-x@ 12 mark  staff   384B Sep 19 14:12 ./
drwxr-xr-x@ 40 mark  staff   1.3K Aug 15 22:33 ../
-rw-rw-r--   1 mark  staff   7.3K Aug 25 22:11 bash_aliases
-rw-rw-r--@  1 mark  staff   389B May  5  2016 bash_bindkeys
-rw-rw-r--@  1 mark  staff   1.9K Jan 20  2016 bash_colors
-rw-rw-r--@  1 mark  staff   1.8K Mar 22  2016 bash_docker_functions
-rw-rw-r--   1 mark  staff    16K Aug 15 22:33 bash_functions
-rw-rw-r--   1 mark  staff   2.1K Sep 19 14:12 bash_profile
-rw-rw-r--   1 mark  staff   5.1K Sep 19 14:12 bashrc

(It is worth noting that the files are in my $HOME via symlinks.) The bash_profile file contains all the additions to my path.

I start off by clearing my $PATH and executing path_helper to seed to with the contents of /etc/paths and /etc/paths.d.

if [ -x /usr/libexec/path_helper ]; then
	PATH=""
	eval `/usr/libexec/path_helper -s`
fi

The -x conditional looks for an executable file; this allows the same bash_profile to be used on Linux machines without throwing errors.

For each element I want to add to $PATH I follow a similar pattern: test for the presence of the directory to be added, and if it is there, append it (or pre-pend it) to the variable. For example:

# set PATH so it includes user's private bin if it exists
if [ -d $HOME/bin ] ; then
  PATH="${PATH}:${HOME}/bin"
fi

Will add my personal bin directory to the list, at the end of the current list.

You can see my current bash_profile, and the rest of my bash configuration, in my GitHub dotfile repository. Here’s a sample from my bash_profile:

# set PATH so it includes user's private bin if it exists
if [ -d $HOME/bin ] ; then
  PATH="${PATH}:${HOME}/bin"
fi

# add Go path for Linux
if [ -d /usr/local/go/bin ] ; then
  PATH="${PATH}:/usr/local/go/bin"
  export GOPATH=$HOME/code/go
fi

# Enable path for Rust
if [ -d $HOME/.cargo/bin ] ; then
  PATH="${PATH}:$HOME/.cargo/bin"
fi

export PATH

Duplicate entries

Close reading of the path function output in the image above, and of the contents of /etc/paths.d, and of the sample bash_profile above, will show that the path for Go is in my $PATH twice. Once from the entry in /etc/paths.d and once from the lines in my bash_profile.

I have, and use, multiple computers running macOS. At work I have a pair of desktops and a laptop, and at home I have my personal laptop. Apparently I used a different method to install Go at work than I did at home. The method I used on my personal laptop created the /etc/paths.d entry, while the method I used at work did not. I can either remove the lines from bash_profile or add an entry to /etc/paths.d. Since I maintain my bash configuration I’ve decided to remove the entry /etc/paths.d (on any machine I find it) and rely upon the code in my bash_profile.

Conclusion

Here are my tips for keeping your path up to date and easy to work with.

  • Start with path_helper and add what you need in your $PATH to that initial set of elements.
  • Try to localize all the additions to your path in one place in your bash configuration.
  • Periodically display your path using the path function, and address anything the strikes you as out of place or no longer needed.
  • Pay attention to applications like Homebrew or rbenv that want to manipulate your path.

A Tale of Two Cards

September 07, 2019 | posted in: nerdliness

Both my wife and I recently signed up for and got Apple Cards. The process was stunningly simple and quick. From our phones, and in about 2 minutes time, we were able to complete the application process, get approved, and have the new card in our respective digital wallets. In my case I had ordered an audio book a day or two earlier and within an hour or two of getting the Apple Card that charge happened on the new card generating 3% cash back.

The Apple Card application and approval process is fantastic. Using the card is also very nice. I’m rapidly learning which stores and restaurants accept Apple Pay. Starbucks can do Apple Pay at their drive through. Jimmy John’s can’t, so I park and go in side there. That way I get the card-less transaction 2%; at the drive through I’d only get 1% since I’d have to hand them my physical card.

Prior to getting these cards, both of us had a debit card with our bank, and we both have a VISA card through the bank too. We don’t use the VISA cards. For travel or large purchases we have a Citibank MasterCard. The Citi card is in my name. My wife’s Apple Card application resulted in a higher interest rate than I was offered. We both decided this was due to a lack of credit history under her name. Toward that end she applied for an Amazon VISA card in her name. This card offers 5% cash back on purchases made at Amazon or Whole Foods. We do a fair amount of shopping on an annual basis at Amazon, so 5% back on those purchases is a good deal.

The contrast in the process to get the card and have it fully setup is stark. While she was approved immediately, and was able add it to her Amazon account, she was not able setup an account with Chase until she had the physical card in her possession. While she can, and does, keep track of purchases, there was no way to see the account.

The new card arrived in the mail today - six days after she applied. This is actually pretty good, since at the time she was told it could be two weeks. After dinner she sat down to create her account. The first hurdle was creating a password. Banks have gotten nutty with password requirements, and Chase is no different in this regard. The password had to be 8 - 32 characters long, had to have a number and a capital letter, couldn’t have two or more letters in a sequence (e.g., abc), and couldn’t have more than two of the same letter.

This meant that trying to use a pass phrase, something NIST now suggests, wasn’t possible. The pass phrase she tried had three occurrences of the letter “a”. The web form didn’t display a message it just made the heading over the first password field red. Once we abandoned the pass phrase and used the Chrome suggested password we still couldn’t get the form to submit. Turns out that using auto fill for the phone number resulted in an unformatted number: 3335551212. The form wanted a formatted number: 333-555-1212. Really Chase? Really? It isn’t hard to do a little processing of the digits in the field to format the number for the customer. Again, the only hint the number was the problem was a red heading.

Using color as the only means of conveying information violates user accessibility. It’s also just plain rude. Eventually, after several frustrating attempts, after being made to feel stupid by not being able to fill in a simple form, the “Next” button was enabled.

At which point she was informed that access to the agreements was currently unavailable and she’d have to try again later. This is adding insult to injury. She wants to be a good customer. She wants to setup an account and play by the rules. Unfortunately the rules are obscure, poorly communicated, and seemingly arbitrary.

After signing out and signing back in, she was presented with the agreements, and she was able to digitally sign. Her account is now active and she can finally see a list of purchases.

To recap; the Apple Card application was simple and fast. It required a minimum of information. Approval was instantaneous and came with a fully functioning digital card. Within seconds of any purchase you get a notification on your phone showing you the merchant and the amount. Opening the card in the Wallet app lets you see spending by the week or month. You can see spending categories or spending by merchant. It. Just. Works. Oh, and you can pay any amount you want, at any time, toward your outstanding balance.

The Amazon VISA application process was fairly easy too. Where the process fell apart was having to wait a week to setup the account, and then having to jump through hoops to complete that process. I’ve been creating software for 4 decades now. I know what it takes to design and implement interfaces and back-end processes alike. Interfaces like the one at Chase rely too much on the developer and not enough on feedback driven design. Not providing messages to indicate when a field hasn’t been filled in properly, and relying only on a color change of the heading is a failure. Not formatting user inputs is a failure. Allowing the entire process to complete only to present the customer with a message saying, “Sorry. We can’t finish now because our systems aren’t available” is a failure.

My sincere hope is that the Apple Card is hugely successful. That its ease of use and clear concise reporting of expenditures, and the protection of customer information, sets an example that people begin to demand of other credit providers. Apple disrupted home computing with the Macintosh in

  1. They disrupted portable music, and indeed the music industry, with the iPod in 2001. They completely redefined cell phones with the iPhone release in 2007. Now I hope they are on the cusp of disrupting the credit industry.

If you have an iPhone and want a good credit card experience, go get an Apple Card.

Switching to Bitwarden

September 06, 2019 | posted in: nerdliness

For the past eight or so years I’ve been using 1Password as my password manager. It works both on my Macs and on my iOS devices. The browser extension on the Macs has always been good, and the iOS one has gotten better. I like that it stores more than just passwords; email account, credit cards, passports, and secure notes to name a few. At last count I have nearly 600 total items stored in my 1Password vault.

Recently I’ve been exploring other password options. I have a laptop running Arch Linux, and a NUC that has Ubuntu 18 installed on it. I’d like to have password management there too. After a lot of research, and some experimentation, I’ve switched to Bitwarden.

Bitwarden is free, has a hosted or a self-hosted option, works on Windows, Linux, and macOS, and has browser extensions for Google Chrome, Mozilla Firefox, Safari, Vivaldi, Opera, Brave, Microsoft Edge, and even Tor Browser. There are mobile apps for iOS and Android, and there is a command line interface. Oh, and you can access your vault via the web as well.

The types of objects Bitwarden knows about out of the box include Logins, Cards, Identity, and Secure Notes. The Secure Notes object allows you to define new field to hold text, boolean values, or hidden text (think passwords). The interface is clean and lightweight.

While it is possible to export your 1Password vault and import it into Bitwarden, and even though I initially did just that, I decided to take a more curated approach. I deleted all the entries from the import and manually created entries for those items I wanted and frequently used in 1Password. Spread out over a couple of days it took me perhaps 4 hours to create 130 entries in my new Bitwarden vault. Along the way I made use Bitwarden’s password generator and cleaned up some weaker passwords, and some duplicate passwords.

On the 1Password side I added two “smart folders”: one called 1Password and one called Bitwarden. The 1Password folder displays all the items that do not have a tag with the value bitwarden. The Bitwarden folder does the opposite; it shows only items that do have a bitwarden tag. This allows me to know which 1Password entries I’ve moved.

Initially I setup the browser extension for Firefox. I use Firefox primary for work; it holds all the web applications I use as a part of my job. One option the extension has that is very nice is automatic fill. Open a page that has a recognizable login form and Bitwarden will pre-fill the user and password fields for you. All you need to do is press enter. Very nice.

Getting the Safari extension installed was more problematic. Every time I clicked on the link I was take to the Safari Extension Gallery, where there was no evidence of Bitwarden. After several attempts from different computers I finally did a search and found this issue on the Bitwarden GitHub account: Publish Safari Extensions as a Safari App Extensions. Toward the bottom of the comments there is a link to a new beta version of the desktop app that includes a working Safari extension. As Apple works to protect individual privacy they are changing underlying frameworks and altering long standing protocols, which in turn requires the developer put in extra effort in order to support what is likely a small(er) audience.

With the new extension in place, Safari (my primary browser) now auto-fills login forms and works as expected. I’ve also installed Bitwarden and the Firefox and Vivaldi extension on my Arch Linux laptop, and I’ve setup the iOS app and it’s extension on my iPhone and iPad.

I am pleased with Bitwarden, and I’m also pleased to have started reviewing and cleaning up my password vault. For now I’m keeping 1Password installed as I am sure there will be seldom used accounts that I’ll want to migrate. However, I’ve disabled the browser extensions for 1Password so that I’m only using the Bitwarden one.

Applications like Bitwarden and 1Password make good password hygiene possible and practical. If you aren’t using a password manager, I highly recommend either of these two applications.

⇪ TIL: Just Delete Me

A directory of direct links to delete your account from web services.

⇪ TIL What Does rc in Unix Mean?

Today I learned (TIL) what the rc in bashrc means.

What Computer to Buy?

July 31, 2019 | posted in: nerdliness

I’d really like a new computer, but I want something that will meeting my current computer needs and have enough storage capacity to not only hold my current data, but enough to allow my current data to grow.

What I Currently Have

My current primary computer is a Late 2013 15” MacBook Pro with a Retina display, a 2.3 GHz Core i7 processor, 16 GB of RAM and a 1 TB SSD. Except for needing a battery replacement earlier this year (the original was starting to swell), and having a bad case of full storage, it has been and continues to be a superb machine. I’ve used it daily since getting it in June 2014 and it still does everything I want.

Being out of storage space, or nearly out of storage space, has been an issue for over a year now. Photos, music, audiobooks, videos, and documents, not to mention coding projects, applications and their data, all add up. Recently I was down to 30 GB free space. Some judicious moving of files to an external USB drive, and the deletion of old iOS backups, brought the free space figure up to ~ 150 GB.

I’ve already migrated all my audiobooks and movies to an older (a Mid 2009 MacBook Pro) laptop. I could use external drives to house my growing media collections, but carrying around a laptop with an attached external drive is nowhere near as useful and portable as a laptop by itself.

Here is the space used by all the directories in my home folder, along with the space used by the Applications folder.

DirectoryGB UsedComputer
Applications37.78Primary
Desktop1.93Primary
Downloads23.4Primary
Dropbox8.47Primary
Library244.78Primary
Movies37.17Primary
Music162.54Primary
Picture237.78Primary
code18.01Primary
manuals4.67Primary
src11.5Primary
Movies121.45Secondary
Music373.88Secondary
Pictures232.84Secondary
TOTAL1,516.20 

Any new computer would need to have, at a minimum, 2 TB of storage. And that would only give me roughly 500 GB of room to grow. I have no idea how long it will take to fill 500 GB. It would be a nice cushion, but I fear it would be filled within a year’s time.

My current favorite configuration from Apple is a new 13” MacBook Pro, with Retina display, a 2.4 quad-core i5 processor, 16 GB of RAM, and a 2 TB SSD for $2,799. Moving up to a 2.8 GHz quad-core i7 adds $300 to the price, or $3,099.

An Aside on Annual Computing Cost

I bought my first laptop, A Titanium PowerBook G4 in 2002. In 2009 I upgraded to an aluminum MacBook Pro. And in 2014 I upgraded again to a Retina MacBook Pro. Combined these three computers cost roughly $8500. Divide 8500 by 17 years and you get an annual computer cost of $500 per year. A $3100 computer would need to last 6 years to keep that $500/year average.

Butterfly Keyboard Effect

My employment provides me with a 2017 13” MacBook Pro, with a 3.1 GHz core i5, 16 GB of RAM, and a 512 GB SSD. It’s a very nice machine; the size is perfect, the weight is subjectively considerably lighter than my 15”, and with BetterTouchTool installed, the TouchBar is semi-useful. Until recently it hadn’t been plagued with butterfly keyboard switch issues. However, the “B” key now only works some of the time. Repeated presses with varying weight will eventually produce a “B”.

My fear of spending $3,099 on a new laptop only to have it develop issues with its keyboard is not significant, however, it is present. I’d be happier if I could get something without the butterfly keyboard. My work iMac has a Magic Keyboard that has good key travel and no keyboard issues.

Options, Options, Options

Using $3100 as an upper limit my question is: what computer can I buy that would:

  • hold my entire data collection (media, code, applications, and documents) in one place rather than on two separate computers
  • be enough computer to last another 5 years

If that computer happens to be a desktop, then would there enough left from the $3100 budget to replace my current laptop with something smaller and lighter? With a desktop for heavy lifting the future, smaller and lighter laptop (or iPad Pro?) needn’t be maxed out for CPU or storage.

Another option would be to invest money (and time and effort) into setting up a NAS with enough storage to hold the media collection (and enough room to expand it), and act as a backup target for all the computers in the house.

In the rest of this posting I want to explore these options:

  • Getting and setting up a 4 or 5-bay NAS with at least 12 TB of usable storage
  • Getting a Apple desktop with no less than 4 TB of storage (either with or without a lightweight laptop or iPad Pro). Storage could be external USB drives.
  • Getting a Apple laptop with no less and 2 TB of storage

NAS

A 4-bay Synology chassis can be bought for ~ $360. Four 6 TB Western Digital Red hard drives, at ~ $150 each, total another $600. So for a $960 investment I could have a NAS with 24 TB of raw capacity. A RAID 10 (mirror and stripe) configuration would net 12 TB of usable storage. That would easily swallow my media collections and provide back up for all the computers in the house.

A 5-bay Synology chassis is $899. Five 6 TB hard drives, at ~ $150 a piece, is $750, for a total cost of $1,649.

BaysTotal SizeNet SizeTotal CostCost per TB
424 TB12 TB$960~ $80
530 TB15 TB$1,649~ $110

The 4-bay option is less expensive per terabyte of storage.

Playing media (music or a movie) across my home network would be acceptable. We currently use an Apple TV to view movies stored on my older MacBook Pro, and for the most part that works. What I don’t know, and would need to research, is could I access music or movies when I’m out of the house? And would that bump into the bandwidth consumption limits my ISP has?

Having a NAS - even without reliable media access while not at home - would be a huge improvement in reliable storage at home. It would also relive to pressure of having a constantly full hard drive. Having a NAS is likely something I should do regardless of getting or not getting a new computer.

Apple Desktop

Apple currently sells desktop computers at three price points. 27” iMacs, 27” iMac Pros, and Mac Minis. You can still get refurbished 2013 Mac Pros, but a new (to me) computer that is based on a thermally limited 6-year design does not make good sense. While I’d love to get one of the new Mac Pros being released later this year, I expect them to start at double my budget, and expect a nicely fitted out one to use up all of $10,000. Not an option unless some kind reader of zanshin.net wants to make a donation.

iMac

A 27” iMac, with 3.1 GHz 6-core i5 processor, 32 GB of RAM, and a 3TB Fusion drive, with Magic keyboard and a Magic Trackpad, sells for $2,949. I’d have $151 left over from my self-imposed budget. Spending all the money on a new desktop would preclude a new laptop or iPad for the time being.

An Aside on Fusion Drives

Apple’s fusion drive is a combination spinning platter drive and SSD. The OS optimizes how the drive is used. It is less expensive per GB, but I’m not sure I want a fusion drive. The 3 TB fusion drive adds $300 to the price. That same $300 will outfit the iMac with a 512 GB SSD. External USB drives would then be used to house all the data.

iMac Pro

A 27” iMac Pro, with a 3.2 GHz 8-core Xeon processor, 32 GB of RAM, and a 4 TB SSD, with a Magic keyboard and trackpad, sells for $6,249. More than twice the budget. Scratch the iMac Pro from consideration.

Mac Mini

A Mac Mini, with a 3.0 GHz 6-core i5 processor, 32 GB of RAM, and a 2 TB SSD, with no keyboard, no trackpad or mouse, and no monitor, sells for $2,499. It is possible to upgrade the RAM in a Mac Mini. 32 GB of after market RAM costs roughly $150. Getting only 8 GB of RAM reduces the price to $1,899.

A Magic keyboard and trackpad are another $228. I have a 24” monitor I could use, but a new 27” 5K monitor is ~ $550. Getting a Mac Mini that is equivalent to an 27” iMac costs $2,827. For that price you might as well get an iMac.

Approaching the Mac Mini from a different angle, and getting a minimal machine and adding RAM, and using external, directly connected storage (USB drives) looks like this: 3.0 GHz, 8 GB RAM, 512GB SSD for $1,299. Added RAM is $150. Two 4 TB USB drives are ~ $200. The keyboard and trackpad are still $228. And the monitor is still $550.

ItemOption AOption B
Mac Mini 3.0 GHz, 8 GB RAM, 512 GB SSD$1,299 
Mac Mini 3.0 GHz, 8 GB RAM, 2 TB SSD $1,899
Magic Keyboard & Trackpad$228$228
5K Monitor$550$550
32 GB after market RAM$150$150
Two 4 TB USB drives$200 
Total$2,427$2,827

With either Option A or Option B, postponing the monitor purchase until a later date saves ~ $550, bring the two prices down to $1,877 and $2,277 respectively. At $2,277 a 2 TB Mac Mini is $672 less than the iMac. The $1,877 Mac Mini is $1,072 less.

Side-by-side, here is a minimal Mac Mini with 3rd party RAM, and external USB storage, next to an iMac with comparable RAM, and external storage.

ItemMac MiniiMacComments
Processor3.0 GHz i53.1GHz i5 
Memory8GB 2666MHz DDR432GB 2666MHz DDR4 
Memory upgrade$149.99 - 32GB 2400MHz DDR4  
Storage512GB SSD512GB SSD 
Keyboard$129included 
Trackpad$99included 
Monitor$550included 
External storage$200$200Two 4 TB USB drives
TOTAL$2,426$3,149 

Clearly a Mac Mini, with 3rd party RAM, and some external storage is the least expensive desktop option. The biggest difference between the two setups is the monitor. Apple makes simply gorgeous high resolution monitors. While there are some options for 4K or 5K monitors from 3rd-party manufacturers, those offerings are no where near as good looking as the iMac. And the LG monitor infamously had problems where it interfered with nearby WiFi access points.

The question becomes, is it worth an extra $723 to have the Apple display. One way to look at the iMac is, it’s the best 5K monitor money can buy, and it comes with a free computer glued to its backside.

Apple Laptop

Apple has three laptops in it’s current line up. The MacBook Air, and both a 13” and 15” MacBook Pro. Price and processing power, along with storage, vary widely.

MacBook Air

A MacBook Air, with a 1.6 GHz i5 processor, 16 GB of RAM, and a 512 GB SSD sells for $1,699. It would make a fantastic second computer. As a way out of my “need more storage” situation, it isn’t helpful.

MacBook Pro 13”

The 13” MacBook Pro, with a 2.4 GHz i5 processor, 16 GB of RAM, and a 2 TB SSD, sells for $2,799. If you select the largest processor option, a 2.8 GHz i7, you add $300, bringing the price up to $3,099. My benchmark machine, for better or for worse.

MacBook Pro 15”

All of my personal laptops have had some flavor of a 15” screen. A new 15” MacBook Pro with a 2.3 GHz processor, 32 GB of RAM, and a 2 TB SSD lists for $3,799. You can double the SSD to 4 TB for an additional $1,400, bringing the total up to $4,599. A little outside my budget. And a lot of money for a laptop.

What to Choose

The best choice, I feel, among the laptop options, is the 13” MacBook Pro with a 2 TB SSD and 16 GB of RAM. However, I don’t think that is the rational choice.

The rational choice is to buy a 4-bay NAS chassis and four 6 TB drives, and set that up. It eliminates the lack of storage problem, and provides much needed back up storage. For all the computers in the house. A NAS would be $960 well spent.

The “I want a shiny new toy” thing to do is to spend $3100 on an iMac and some external drives. The “still shiny but more affordable” thing to do is get a Mac Mini, a keyboard and trackpad, and a couple of external drives for ~ $1,876. Delay the monitor purchase hoping that Apple will release a standalone 5K monitor for a reasonable price in the next year or so.

In the end I think the first thing is to buy and setup a NAS with as much redundant storage that $1000 will buy. And wait to see what Apple does. There’s a rumored 16” MacBook (in the same form factor as today’s 15”). There is speculation about a 14” laptop to follow the 16”. And I hope that sometime soon, Apple releases a new keyboard that eliminates once and for all, the problems with the butterfly switches.

Getting a NAS and waiting to see what Apple does is the smart move. With network storage I can offload quite a bit from my laptop, making it perform better. It still has life in it. However, if you want to donate to my cause, I’ll be happy to buy bigger, shinier toys from Apple.

My MacBook Pro Has A Swollen Battery

March 16, 2019 | posted in: nerdliness

My late 2013 15” MacBook Pro Retina has a swollen battery. Recently I noticed that the trackpad was increasingly hard to click. In fact the upper half, the bit closest to the space bar on the keyboard, can’t be clicked at all. When you put the laptop on a flat surface it is starting to rock from side to side a little now too.

According to my Battery Health app, the current maximum charge possible is 7097 mAh out of 8440 mAh originally. Or 83% of its original capacity. The manufacture date is shown as May 16, 2014, so it is eight weeks shy of being 5 years old. It has seen 512 cycles. Apple suggests that my laptop battery has a useful life of 1,000 cycles.

Apple will replace my battery for $199. The nearest Apple store location is 110 miles away. There is a certified repair center about 15 miles away. Both require that you bring the laptop in for a diagnostic test first. This is ti “certify” what the issue is, so that genuine Apple OEM parts can be ordered. I was quoted 24-48 hours for the diagnostic, and 4-5 days for the battery shipment and replacement.

I have other computers (5 that I can reach from where I am sitting) but I really don’t like having my primary computer out of my hands for 5-7 days, or more.

A couple of searches led me to this YouTube video, which shows How to Replace a Late 2013 MacBook Pro Battery. After watching it a couple times, and after reading about the iFixIt kit used to make the repair, I wen ahead and ordered a MacBook Pro 15” Retina (Late 2013-Mid 2014) Battery. It should be here in 4 or 5 days.

I’ll post again with how the replacement went. Hopefully on this laptop with a new battery, and not on a hastily purchased new laptop.