VLANs Mark 3

My second attempt at applying VLANs has been generally successful and since that time I have been iterating to improve it. Notably I have: Reduced the size of the VLAN subnets to something less wildly excessive Added a Work VLAN to isolate my work laptop from the rest of the network while working from home. Added a Perimeter VLAN which contains devices such as Sonos speakers that are more trusted than random IoT devices but which I still don’t want on the primary VLAN.

The Dangers of First Impressions - Unifi Dream Machine Pro

I’ve recently purchased1 a Ubiquiti UniFi Dream Machine Pro to be the basis of my home network. I’m generally happy with it now but it’s out-of-the-box experience was so bad it’s the first Ubiquiti equipment I’ve had that I have seriously considered returning. Background My ISP made a new 1000/50 plan available2 3. Ubiquiti’s 3-port UniFi Security Gateway could barely handle the 250/25 plan I’d previously been using with all the intrusion detection features turned off.

Jenv on Fish

jenv is a Java environment manager. It’s not quite as simple to set up with fish shell so this is my method. This assumes macOS and Homebrew. Installation To begin with install jenv and link the related function into your fish config directory. brew install jenv ln -s /usr/local/opt/jenv/libexec/fish/jenv.fish ~/.config/fish/functions/jenv.fish ln -s /usr/local/opt/jenv/libexec/fish/export.fish ~/.config/fish/functions/export.fish Then add the following to your ~/.config/fish/config.fish file. If you are already adding things to PATH you can combine the set with that.

Configuring VLANs with UniFi for IoT devices

Not all devices on my network are created equal. I place differing levels of trust in things depending on the security maturity and resources of the organisations behind them. Yet if I place them all on my network then by default they’re all peers. I don’t really want to treat IoT lightbulbs as equally deserving of trust as my primary computers and mobile devices. But I also want to be able to communicate with them for control purposes and I don’t want to set up alternate networking hardware just to support these less trustworthy devices.

Hey Siri

Let’s not bury the lede. Siri is the worst product Apple makes. It may be the worst product Apple has ever made. It’s a frustrating exercise in incompetence and hubris that demonstrates all the negatives of Apple’s corporate culture. It’s development history has been marked by neglect and ridiculous prioritisation. Apple clearly wants people to personify Siri. If we ignore the problematic aspects of giving a servant a default female voice in most markets1 the illusion that Siri is a person fails virtually instantaneously yet leads to a number of aggravating behaviours.

Blocking

Social media is, in general, terrible. It’s full of people and people are terrible. Sometimes strangers, sometimes people you know and (although we don’t like to admit this) sometimes the terrible person is ourselves. Dealing with this is not something social media companies are very good at1 but generally at least you have a block function. This has led to some contention about when it’s ok as a private citizen to block someone.

YubiKey

YubiKeys are hardware security keys that you can adopt to be the second factor for authenticating to a wide variety of services. They can also securely store keys such that they can’t1 be recovered from the device which means they can’t be stolen by bad actors. There are a number of guides out there for doing this many of which are much better written than this blog post2. However they generally tend towards a much more extreme level of setup than I want or need to start with.

fish shell

With the release of macOS Catalina Apple have decided to finally do something about the very out of date version of Bash they ship. By changing the default to zsh which is one way to deal with licencing issues I suppose. Users of the excellent Homebrew could already install a current version of Bash. But there are more shells in heaven and earth, Horatio, than are dreamt of in your philosophy1.