HESTIA: THE MONIDOOR: THE BIG SLEEP, AND WAKE, CYCLE...
with windows 10 support ending back in october i decided last monday that i needed to bring hestia the monidoor into the present with a new operating system. yusef is a linux mint evangelist and while i have it running on my gaming pc / media server my research seemed to indicate that for the touch screen of the monidoor hestia would be better served by fedora because of its touch screen friendly wayland input and dispay protocol. so i downloaded fedora workstation and used balenaEtcher put it on a thumb drive and live booted it on the thinkpad. i pulled up our calendar on firefox and the on screen keyboard (OSK) worked for making events and tasks, and i pulled up google maps and we had full multitouch with pinch to zoom. it all looked pretty good so i blasted away windows and installed fedora.
so a day went by and i started working on setting up a sleep wake cycle in systemd so the monidoor would be on when i got up in the morning and would sleep at night to save power and not blind the neighbors since it faces a window. i installed ssh on hestia so i could administer it from my office and started digging into the systemd files. systemd is the primary system and services manager in linux and also the daemon that runs those services. back in day, and still on some unix systems, if you wanted to create scheduled tasks you used a daemon called cron which is a time keeper. cron originally came from the greek word (or god) chronos, meaning time, though it has been backronymized as ‘Command Run On Notice’ which i think is fun. cron was used to automate the execution of scheduled or repetitive tasks which were called cronjobs and which were configured through a file called a crontab (short for cron table). in systemd this is done with two files, a .timer file that tells systemd that it is time to do a thing and a .service file that tells it what thing it is time to do, separating the “do a thing” from the “when” and/or “why” for greater granulation. in my case i wanted hestia the monidoor to go to sleep at 10 PM sunday - thrusday but to stay up later on fridays and saturdays in case we are hanging out in the kitchen watching music videos or looking at photos or using wikipedia to put drunken debates to bed. this takes two different .timer files for each schedule, but only one .service file since the end goal is the same for both processes (go to sleep).
the problem is, once hestia is asleep so is systemd, so we need to make sure that it lets hestia know when she needs to wake up before she suspends. luckily computers have a built in alarm clock the RTC or Real-Time Clock that has its own battery so it can keep time even when the power is off. so i vibe-coded up a bash script called smart-suspend.sh that sets the alarm clock and then i told our sleep at service to run that.
here is the part of the script that checked the current time and day and defined the schedule.
and this part that set the alarm and put hestia to sleep.
and this is the sleep-at.service unit file in systemd that triggered the script.
so the wake and sleeping was done. next i wanted to setup remote desktop so i could customize the gnome desktop environment.
i started by downloading VNC, Virtual Network Computing, a program that starts a server for remote access just like ssh but that lets you interact with the full linux GUI, even from a windows machine. unfortunately when i went to try and access it from my office computer it crashed.
meanwhile in the kitchen there were other problems with the monidoor. when i first tested the onscreen keyboard in fedora with the liveboot thumbdrive i did it in firefox. unforntuately i was determined to use the more private ad blocking brave browser on the monidoor but when i clicked on things in brave that asked for input the OSK failed to pop-up. so, i could ssh into hestia no problem, and i could use the native OSK in the terminal on the monidoor, but i couldn’t remote desktop into hestia or use the OSK on brave. it turned out that these were the same problem. apparently the wayland display protocol, though way better in a million ways, doesn’t work well with remote desktop or with brave.
so i tried to force fedora to use an older display protocol, x11, that i know works well with both brave and with remote desktop. the linux desktop environment fedora uses is a GUI called GNOME, so i went into the GNOME configuration files, specifically /etc/gdm3/custom.conf, and set WaylandEnable=false and created a setting option on the fedora login screen to load GNOME Xorg, which runs x11, and then i restarted and got this…
remember the ssh server i set up, it was there, so was systemd, and even crond which runs cron jobs was there, but then when it tried gdm.service, the GNOME Display Manager, it froze. after doing some research i decided that this was a fedora problem and pulled hestia out of the monidoor.
back in my office i plugged hestia into a power supply and blasted away fedora and installed ubuntu. while i was doing this i noticed that the thinkpad was no longer charging and that the light next to the power input was no longer lighting up. one of the advantages of fedora is that it is super update happy, and in one of the many reboots i had performed on hestia testing the sleep and wake cycle, fedora suggested updating the firmware on the thinkpad, so i did, and apparently this broke its ability to charge. i began the process of scouring the internet to try and figure out what had gone wrong, and get a lot of different possible solutions, but the easiest to preform is a reset of the embedded controller by cutting its power in the BIOS by performing an internal battery disconnect. the embedded controller is a very small, low power computer within the computer that separately manages critical hardware like the battery management system, power to the motherboard, input from the physical keyboard, and coincidentally, sleep and wake transitions, and is powered, also coincidentally, in part, by the same CMOS battery as the real time clock. the logic was that if you cut power to the embedded controller you also reset the battery management system. basically its a deep level “turn it off and on again” and goddamn it worked instantly: i restarted the computer, entered the BIOS selected “disable built in battery” and rebooted and it was charging again.
so i had ubuntu running on hestia, and the power worked, and i had backed up all my sleep and wake files so i could easily install them on the new ubuntu sytem, but when i tried to use brave i ran into the same keyboard problems i did on fedora. i did some digging and it turned out ubuntu has moved to the wayland display protocol as well. i didn’t even try to force x11 this time, i blasted ubuntu away…
in my shopping for operating systems i had come across a lot of people in forums talking about tiny11, a barebones debloated version of windows 11. so i found a copy of tiny 11 on the internet archive and used balenaEtcher to make a boot disk on a thumb drive but halfway through the installation process an error popped up “A media driver your computer needs is missing.”
so i went back to scouring the internet for solutions and discovered that belenaEtcher doesn’t write windows installers with the proper media device chipset drivers. i decided to try a different usb imaging utility called rufus which i read worked better with windows, and it does. rufus even has an option that lets you bypass the TPM 2.0 (trusted platform module) requirement for windows 11 installs, letting you install windows 11 on older computers that have the memory and processing power to run it but might not meet the strict security requirements.
so after my second installation attempt i had tiny 11 on hestia and it looked pretty good but again i had problems with the on screen keyboard. it turns out that windows 11 doesn’t let you go into settings and force tablet mode but scans your hardware and only allows tablet mode for specific hardware configurations and the monidoor isn’t one of them. so tiny 11 isn’t going to let us have a popup onscreen keyboard either.
so what did i do. after five days of configuration and the installation of three different operating systems (fedora, ubuntu, and tiny windows 11) i decided my only choice was to go back to windows 10.
at that point i had chased down a copy of windows 10 LTSC 2021 on the internet archive (which is the source for obscure operating system ISO files). windows LTSC or Long-Term Servicing Channel is a fork of windows designed for extreme stability in legacy systems like medical or industrial systems, and for public facing kiosks, which is sort of what monidoor is. it is a very minimalistic version of windows 10 and will receive essential updates and support until 2027 (or 2032 if you get the iot enterprise version). so i set up a boot disk with rufus and installed window 10 LTSC and it worked perfectly. its friday now and we are essentially back where we started on monday with only the minor improvement of continued support, which i guess was the goal, but still, what a long and stupidly winding road to get here.
saturday afternoon i went into my router configuration files and setup a vpn server on my home router so that i could work on the sleep wake cycle on hestia in windows system manager from denver. i then went to the monidoor to set up windows remote desktop protocol. i hadn’t done much configuration after getting windows 10 LTSC going the day before so hestia had gone into standby mode overnight and it asked me for a password. i put in the password i thought i had set and it didn’t work. so i put in a different password and still no luck. there are ways to reset the password but i didn’t have time before my flight. without RDP set up on hestia there is no way to continue my setup remotely and so the monidoor sits at home inert and inaccessible and i am stuck here in denver with only my thoughts about everything i did over the last week and a half and how none of it has worked out as planned.
NEXT.JS AND REACT ON CHOPPING BLOCK
seriously rough time for javascript developers. last week i was writing about the digital sandworm Sha1-Hulud eating its way through the npm ecosystem and now we have a critical RCE vulnerability in React and Next.js where a relatively simple HTTP request can execute code on your server (full disclosure, we have failed, so far, to recreate said payload… so far…).
from what the reports say this morning roughly 40% of cloud environments are suspected to still be running vulnerable versions and exploitation has a near 100% success rate in testing, which is not exactly the sort of reliability you want from your security vulnerabilities but is exactly the sort that script kiddies like us dream about.
uncovered by the suddenly famous lachlan2k the problem is in the React Server Components Flight protocol which allows an attacker to use insecure deserialization to influence server side execution logic. the real kicker is that the vulnerability exists in default configuration, so if you spun up a standard Next.js app with create-next-app and built it for production without changing anything you are already exposed. it’s basically the same flaw in both Next.js and React so if you are running React 19.x or Next.js 14.3.0-canary, 15.x, or 16.x you need to patch immediately. hardened releases are available now, so this is one of those drop everything, check versions, and update kind of situations, because unlike the Sha1-Hulud worm that leaves you a calling card to let you know you have been compromised, this one just quietly walks in through the front door.
SHA1-HULUD: THE SECOND COMING!
more bad news for node.js and javascript developers this week as yet another worm spreads through their package repository, already affecting some very popular npm packages including zapier, postman, ENS domains, posthog, and asyncAPI.
the vulnerability research team at gitlab has uncovered an evolved version of the Shai-Hulud malware calling itself Sha1-Hulud: The Second Coming! it is named, like the first worm that was discovered a few months ago, after shai-hulud the eternal, the giant sandworm from frank hubert’s dune series that is revered by the fremen to be the physical embodiment of the one true god who created the universe.
this new variant of the worm is more destructive, containing a “dead man’s switch” that destroys user data if the malware fails to authenticate or exfiltrate stolen credentials from github and npm, which are the worm’s vectors of propagation.
just as with the first shai-hulud, the attackers aren’t interested in being quiet about the whole thing and will leave you a calling card, adding repositories to your github account with the description “Sha1-Hulud: The Second Coming!” to make sure that everyone knows that they have been there.
SUBSTACK
i was hanging out with my friend adam fangsrud last weekend and he mentioned my return to blogging and said that he was excited to have added me to his rss feed. i dawned on me that when i built foodbark.io i hadn’t even considered rss: it didn’t even have an rss.xlm page. so i spent some time this week reviewing the code and realizing that a lot of things were, and a lot still are, set up poorly. basically i got the site working well enough back in febuary and had switched from code to content and had never looked back. luckily adam’s rss reader is smart enough to have taken my index.xml page and rrs-i-fied it but i should count on that.
simultaneously i was browsing substack and ran into an article by new yorker contributor catherine shannon a brief defense of cliché. the article spoke me as it feels very much like the sort of pedantic in a cute way stuff i aspired to write in my 20s, but the fact that she was a professional writer making money and finding success, in part, through substack kind of blew my mind. so suddenly i had gone from not really thinking about an audience to figuring out how to syndicate my blog across platforms to rss and to substack.
in order to edit the code of the website and not break foodbark.io i had to first do some tweaking of the scripts i had written to migrate my writing and photos from obsidian where they are written in markdown over to the website which runs on hugo. i added a parameter -d for deploy so i could mess with things on a local server before deploying them to github and beyond to hostinger and foodbark.io and then beyond foodbark.io to substack and/or your rss feed. all of which wasn’t really all that complicated but was definitely kind of fun. thanks adam for the inspiration.
GRANITA
a few weeks before going to sicily i had watched one of famous youtube polyglot xiaomanyc’s videos in which he visits with paul rausch, the founder of cademia siciliana, a non-profit that promotes sicilian language advocacy projects and works to keep sicilian alive by bringing it into the technological fold. cademia siciliana is the organization that collaborated with google to bring sicilian to google translate and to google’s gboard, and has helped integrate sicilian into firefox, telegram, and meta. at some point in the video xiaoma mentions that he has noticed that people in sicily don’t really seem to eat breakfast and rausch responds that sicilian doesn’t even have a word for breakfast. apparently the closest thing they have to breakfast is granita.
granita is sort of like italian ice, but depending on where you are in sicily, it ranges in texture from a creamy sorbet to very icy, crunchy snow cone. it was invented during arab rule as sharbat: a mix of fruit blended with snow and rose water. mount etna gets heavy snow fall in the winter and has had ice houses, neviere, since ancient times allowing the wealthy of sicily have always had access to cooling therapeutic slush even during the long hot sicilian summers. when coffee arrived to sicily in the 16th century they combined the coffee with snow and sugar and mixed it in zinc lined, wood insolated bowls packed with ice and salt (like an ice cream machine). in cataina, which has been buried by enta’s lava flows and rebuilt 17 times, they are closer to the source, and the snow was of finer quality and the resulting granita was, and is to this day, very smooth and creamy. in marsala and chefalu, where i ate most of my granita, it is icier, crunchier, less creamy. for ‘breakfast’ it is paired with a warm brioche bun, (very light, very soft, very fluffy) traditionally col tuppo, or ‘with a top-knot’.
as it turns out, granita was much harder to find than i expected. on multiple occasions in sicily we found that things were offered or advertised that no one had any intention of giving us. the cultural attitude towards food and drink service is that you are having it our way or maybe not at all. after a failed morning search for granita in catania hunger over comes us so we stop for a couple of arancina (sic). its noon now and standing at the bar ordering our italian onigiri we decide to order one beer to share with what is now our lunch. we order our two arancina and one beer and the gruff women behind the bar offer in english, ’to-take-away.’ not exactly our plan so i say, ‘we can get it to-go?’ and she says, ‘si, si, of course,’ after some debate erica and i reluctantly agree, ‘sure, we’ll have it to-take-away,’ to which both women reply, ’no, no, you can’t have it take-away,’ and proceeded to give us two glass half liter glasses of draft. this sort of behavior was hinted at in the longer xiaomanyc video on sicily and happened to us repeatedly, and with granita it was no different. shops that advertised granita on the door in catania acted like i was crazy for asking for it and sent me packing to the next shop that would have ‘granita’ advertised in bold, metal letters on its fascia and would also not have granita. i finally start to figure out that in catania granita is more of a high summer thing. a few days later in marsala i finally find some real ‘breakfast’ granita and nobody on this part of the island thought i was crazy for wanting it and served paired with the brioche. as excited as i was about trying it at first, once i had it in front of me i wasn’t sure about this sweet icy slush, but after a few bites i came around: its actually a very nice, refreshing, light, caffeinating way to start your day. that said, on day two in our marsala airbnb i relished the opportunity to make us some american breakfast: good old potatoes and eggs.
MONTH OF THE DEAD INTERNET: AI INTERVIEWER
after ranting last weekend about dead internet theory i spent this week working on finding some steady remote work and found myself repeatedly bumping up against AI. on monday, tuesday, and wednesday i spent my mornings working on job applications and pumping out cover letters, writing four of them each day from scratch, each tailored to the job description and showcasing a slightly different version of my relevant experience. this sounds like just the sort of thing that someone might outsource to AI, and i was curious how my work stacked up, so i ran my writing through a couple of AI writing detectors to see if i came off as genuinely human and discovered that every letter came back 100% human written, which of course it was, but for some reason that was a little disappointing. i was kind of hoping that i would at least have picked some robotic cadence living in this LLM immersed world of ours.
by wednesday and thursday i had landed a couple of online job interviews. in the first one i was given a set of questions and a time limit in which to record a short series of video responses. the second interview was very similar except this time the questions were being asked by a voice only chat bot that dynamically asked follow ups to my answers. on thursday i had an interview for a third job and this time it was a fully life-like, rendered, animated, and lip-synched AI avatar that conducted the online interview in a way that could almost have been mistaken for that of a real human.
it introduced itself as ‘Sam’ and we had a fifteen minute conversation where we discussed troubleshooting network connectivity, using SolarWinds network monitoring platform, and implementing information technology infrastructure library framework. it expressed enthusiasm for my more complete answers, asked follow ups when it wanted me to expand upon topics, expressed appreciation for my candor when i admitted i was unfamiliar with a particular software package, thanked me for my time, and let me know that ’they’ would be in touch…
DAY OF THE DEAD INTERNET
i am sure you have all heard of dead internet theory, the idea that more and more the internet is becoming a place without original human content, where bots are just interacting with each other in feedback loops creating an hallucinatory shadow of human interaction devoid of humans. i of course spent some time talking to copilot about this, but i won’t discuss that conversation here today in fear of contributing to the problem i am trying to resist. instead i have decided to think of us few remaining AI untainted bloggers as the irish monks in thomas cahill’s book how the irish saved civilization. we are the saint patricks dutifully transcribing the classics of rome so that saint columba can squirrel them away on the far flung isle of iona in the scotish hebrides until civilization returns to europe after the sack of rome and the black plague that laid that former civilization to waste. we few noble bloggers who still haven’t outsourced ourselves entirely to chatgpt and gemini, the only beacon of life in an otherwise lifeless internet, or at least the last beacon of humanity in an otherwise humanless internet until the singularity comes and the ai and us become one, or they carve out a hip little ghetto for us to live in where they can come when they want to watch some comedy or hear some jazz, or whatever it is ai do for fun that it is cooler and edgier when preformed by meatbags.
HESTIA: THE MONIDOOR
when my dad first got sick and i was taking care of him i bought a whiteboard calendar to put on the door to the basement across from the kitchen table to keep track of doctors’ appointments and pill routines and in the years since it has become an integral part of the daily scheduling of the house. my hand writing is atrocious so erica was quick to take up the mantle of calendar scribe and secretary, but this summer i felt like it was time our calendar took a step into the 21st century.
we have a bunch of older unused computers laying around so i took my dad’s old thinkpad worked some magic over it, named it hestia after the greek goddess of the hearth, home, family, and civics, found a used 24" touch screen on B&H, took advantage of an oddly placed power outlet on the basement stairs and a broom closet built into the door, and enlisted krisztian to help me get to the point of no return with the jigsaw the morning before he caught his flight home to budapest. so with no further ado, i am proud to present to you the next generation in household and family organization: hestia: the monidoor.
JOURNEY OF THE ROVER: WEDDING DAY
erica and i got married just a little over a week ago. like most people i find that its easier to organize my life around deadlines and like most adults with ADHD i find that creating sometimes arbitrary deadlines with strict cut offs that i have tied to heavy social expectations creates just that flavor of total panic and anxiety necessary to actually get things done. i decide that on top of all the other deadlines that a normal person might encounter when throwing their 50 person plated-dinner backyard-wedding and following open house reception in montana in late september without the help of a formal wedding planner or formal catering company, that i should add every single other possible task and undertaking that i have been putting off in the last year to the list.
so i get it in my head that even though we are having the reception in the very same backyard in which we are having our ceremony that we need to drive away into the sunset after the ceremony in the 1959 land rover series ii that hasn’t moved in two years, if only to go around the block and come right back, and if i haven’t gotten the land rover running in time that basically our wedding doesn’t count. so after trying everything i can think of to get a spark out of the thing i finally find, with just four days to spare, a mobile mechanic who says he will come out and help me get it running.
after a couple of affirming hours of him putzing around trying exactly everything that i have tried and muttering to himself that ’that doesn’t makes sense’ he comes to three conclusions.
first: the car is ‘positive ground’ so the positive terminal of the battery is suppose to be connected directly to chassis making the entire car hot and the flow of electrons reversed from what we would expect in a modern car.
second: there is a short in the ground (positive) lead to the distributor where a wire needs to be held away from the distributor body with electrical tape until i can replace the whole distributor.
third: there is a huge hole in the fuel line from the gas tank to the fuel pump so the pump is just sucking air (you might remember i replaced the fuel pump, but didn’t notice the broken line).
so we swap the battery terminals, wrap the distributor with tape, and he leaves me to make four trips back and forth to o’reilly for hoses and clamps and now i have a running land rover!
LEAKS...
i went down into the basement today and noticed some water on the floor. apparently the east side of the house had a sprinkler every two feet, some of which were leaking, and with the rain sensor on the system not working over the last couple of days of rain there was enough water on the ground surface that it started seeping through the gap between the concrete sill and the window frame. it was clear that this had happened before. the problem was there was a built in place MDF cabinet in front of this leaky wall filled with shotgun shells and camp gear so no one had seen it happen. the only choice was to demo the cabinet in place and drag the soggy chunks out one at a time. so yusef and i donned N95s and taped a box fan to a furnace air filter and got to work in the hot humid basement. an hour and a half later we had a poker room full of sleeping pads, bags and tents, a pile ruined MFD in the alley, had chased away most of the wood lice and centipedes and shopvac-ed up most of the mess. erica got to go full smash room on the MDF with an axe after work and by the end of the day the wall, though looking bad, was starting to dry. the steps from here? besides fixing the sprinklers holes and turning off every other sprinkler head i don’t really know. i talked to a friend who is better at this stuff than i am and he though sealing the inside of the basement wall might trap water and cause it to rot so in the meantime we have replaced the MDF cabinet with wire storage racks so we can see what’s going on behind them and we will wait and see what happens…