M-m-m-my Corona

It was a strange progression, from something sort of abstract happening elsewhere in the world, to some minor inconveniences here at home, and finally, suddenly a “stay at home” order from the State government. Nowhere was it stranger than in the White House, where it changed almost overnight from “totally under control” to a full on disaster. It was like a watching a car accident in slow motion, only the whole continent was about to get hit, and there was nothing we could do but wait for the impact.

To be self-centered and honest, though, it hasn’t really impacted us that much. There’s been some cancelled events — Ben’s big class trip to Chicago, Eli’s girl scout camping trip, Abi’s birthday, and numerous work trips. But those are inconveniences at worst. Unlike some of those around us, I’m at no risk of getting laid off, nor do either of us have to go into a job where we might get exposed to someone who is sick. Our little cul-de-sac in the country is pretty well isolated on a normal day, with a couple acres between each house, so crowded situations aren’t something we have to worry about. And the common complaint of boredom certainly doesn’t apply to us — we’ve got even more to do than usual!

That’s not to say this situation is ideal. Like everyone else, we’ll have to ration toilet paper, hand sanitizer, and Clorox wipes. Grocery shopping is a pain due to the panic buying that has swept the nation. And one of our two cars is stuck in the shop for the duration. But overall, there’s more opportunity for us in a situation like this — which isn’t fair, I know, but its true. The Fed’s questionable decision to continually drop interest rates until they had nowhere left to go allowed us to lock in a mortgage re-finance at a historically low rate shortly before banks started closing. And our income tax return left us with spare funds to invest while the stock market is the lowest its been in over a decade.

Its hard to extrapolate from here where things will go. China seems to be on the mend, and if those numbers are true and directionally analogous, then the US and Canada will recover in a similar fashion eventually too. Its unlikely that the economy will ever be quite the same after this, but its equally unlikely that it will completely fail. There’s a sort of twisted fascination with imagining a worst case scenario that looks like a zombie movie or Mad Max situation that I’ve observed others entertaining, but in my estimation, things are not heading in that direction — this time.

Still, the vegetable garden in the backyard has taken on a new level of importance, and I regret that I never got around to the project where I augment our electric well with a manual back-up, in case of emergencies. It really does seem like as individuals, and as a nation (and I’ll include our home country of Canada in this generalization) we are pretty ill-prepared for these kinds of scenarios. The rapid and stealthy spread of this pandemic is tempered by its relatively low mortality rate — should this happen again (and it probably will) with a flavor of disease that is a less discriminate killer, I’m not sure we could really handle it.

The kids are taking it all in stride — they don’t have enough run-time on the planet to understand just how unusual this situation is. Some day they’ll tell their own kids about this period as a generation-shaping event. Hopefully there’s only this one in their lifetime, but if not, hopefully we’re all better prepared — and better people — from having coming through this one.

When the Sorting Hat Fails

Sorting HatWatching my son struggle with his education has to be one of the most humbling, challenging and enlightening experiences of my adult life. Quantifiably gifted, and objectively smart as a whip, yet his ability to focus on classroom material, organize his homework, articulate his thoughts on a page, or even get completed work safely from home to school is astoundingly limited. Not every teacher he’s had has been helpful, but many have tried really hard to accommodate and help him, and have come out as frustrated as his parents. Its like his output is binary – he either innately understands a thing completely, and sees no need to explain himself, or he can’t be bothered with it at all and is un-phased by his inability to grasp it. Yet for every failure, or near failure, on an classroom test or assignment, there’s a standardized test that says his cognitive ability is “superior” and his intelligence is dramatically above average.

I recently read a report about the skill gap in manufacturing work force development, and it made me wonder how I managed to make it this far. My kid is lucky to have this contrasting evidence that keeps people plugging for him. If the only metric was his report card, he’d have been written off as a dummy years ago. If he went into manufacturing, he’d have ended up on a vocational path, focused on purely manual labor. The other path is theoretical – robotics or AI research – and those are generally reserved for the kind of student who can make it into a Masters program (or higher). Whether my son can pull off a higher education career is yet to be seen, but 20 years ago, I could not have. If it weren’t for community college, my path would have been significantly different.

For most of my career I’ve suffered from imposter syndrome. Fresh out of college I found myself lecturing a packed room full of engineers on how my company had applied web technologies to manufacturing. Years later, and still without any advanced degrees, I found myself as the product manager for what is possibly the most sophisticated embedded AI in manufacturing. And somewhere in-between I tricked two tech titans, Microsoft and Amazon, into hiring me. Surely someone was going to figure out that I was faking at some point!

What I’m figuring out, two decades into my career, is that people like my son are rare. An instinctual grasp of theoretical concepts – maybe not good enough to research new ones, but at least good enough to apply them – and sufficient technical skill to manipulate the real world into the right shape to make those concepts useful, is a relatively unique combination. Add to that a skill I’d like to think I have, but that my son definitely has in spades: empathy for others. This combination of attributes makes for a bridge – a person who can connect ideas, people and technology into better tools, easier user interfaces, and more delightful experiences. People with these skills are translators, connecting people and technology in ways that are simpler to understand and more comfortable to use.

But our education system, and often our incentive system, fails these kinds of people. A two path approach, that accommodates either vocational technical training or theoretical advanced education, doesn’t equip someone who straddles both worlds. I returned to theoretical education in my 30s, and found I was a better at school than in my youth, but I’m still not likely to be a successful Masters student any time soon. On the other hand, had I found myself in a manual labor career path, I’m sure I would have succumbed to depression and boredom years ago – as flawed as my brain might be, I do love learning and exploring new things. If I couldn’t take something apart to see how it worked, and think of ways it might work better, my loving wife would probably have had no choice but to have me committed.

Additionally, if it weren’t for my self-directed employer-hopping, I likely would have hit a career brick wall long ago. My education really does not qualify me for most of the jobs I’ve had. The only reason employers can rationalize hiring me is the experience I’ve had. It was nearly 10 years before one of those employers had the thought (or perhaps the immigration sponsorship requirement) to have a University professor evaluate my experience and effectively assign me honorary degree equivalency. Imagine the vindication when this Cs and Ds student got a 6 page report concluding that I was good enough for the job I was doing!

So how does someone who barely made it, with a minimum of education, whose only redeeming value proposition is curiosity and a drive to try to make things work better, help a kid with all the same flaws find his place in the world? I can’t let his D in English slide when I know how important communication is to his future career. On the other hand, its hypocrisy for me to tell him its not good enough. I can’t tell him that getting into University doesn’t matter – even though I know for a fact that experience is more valuable.

Because of changes in our county’s education funding, this year, his 7th grade year, is the end of his elementary career. Next year he starts high school. Already he’s facing limitations to his options, and decisions about whether he should be pursuing less advanced classes. I know this doesn’t compare to places like Germany, where he’d already have faced the higher education sorting hat, but it still feels so early to be making decisions that could permanently shape his future. The other two have it easy – they’re good students. No one will question their potential!

I once read that adults learn through analogy. There’s no greater analogy for self than watching your own kids face the same struggles you did. Unfortunately, I still haven’t figured out the lesson of how to navigate classroom learning, when the only kind of learning that ever worked for me was just diving in and trying something. On the other hand, I guess that’s kinda how parenting works. We can only hope that we can learn the necessary skills fast enough to be of some use to him!

Getting to Know Your Digital Voodoo Doll

Cambridge Analytica LogoIf the Cambridge Analytica scandal told us one thing, its how poorly people understand how data is being used. Although the folks at CA may not have had the most altruistic of intentions, they were really only exploiting what was freely available. That they used some data Facebook didn’t intend them to use doesn’t change the fact that the data was there for the taking. People volunteered it willingly, so it was inevitable that it would be put to use.

What is probably less clear in this tale of targeting was that they weren’t really targeting you or I. Rather, the technology allowed them to identify what kind of people we are like, and target people of that kind. This aggregate group identity makes up a persona — a fictional person that has traits and attributes, gathered from the self-provided data of real people, that are useful for addressing many actual individuals that are similar to that persona.

This is not new. In fact, in programming, type inheritance is a powerful concept that is useful for generalization. What’s new in the last decade or so is the volume of self-identified human data, and a few primary keys that allow that data to be associated with unique donators. Lots of web sites have data on you as a mostly anonymous visitor. There’s identifying information, for sure, but nothing you deliberately confirm or setup, so its a “weak link”. When a website requires you to create an account, then they truly have uniquely identifying information for tracking you within the properties that account uses. Facebook is mostly unprecedented because of the scope of that account. As an identifier, its used far beyond the actual Facebook website — its used on other Facebook properties (WeChat, Instagram) and on millions of partner sites that use Facebook log-in, or Facebook data sharing (when you see “Like on Facebook” on a website that is not Facebook, they are sharing data using your identity as a key.)

The effect is that activities spanning the web are opted-in to Facebook data collection, whether you’re aware of it or not. Suddenly a single primary key has a rich repository of information about billions of individuals. Realistically, it would take an incredible effort to actually target a single individual, but it does become very easy to group individuals based on activity. Individuals who “Like” a Republican candidate, individuals who participate in discussions about vaccinations, individuals who view religious videos, etc…

The field of psychographics is the emerging social science of identifying groups based on these common activities, then determining what methods are most effective at influencing the individuals within those groups. Facebook helps out even more, due to a built-in concept called Graph Relationships. These are the links between individuals that can be used to tie people to groups even if those linked individuals provide no explicit data that identifies them as part of the group. You may not have shown any visible interest in a particular political candidate, but if you’re linked to many people who have, you may find yourself targeted as part of that group.

https://www.businessinsider.com/explainer-what-exactly-is-the-social-graph-2012-3

This self-identification increases with your social network, and with your activity. If you’ve seen ads for something you recently thought about (but could swear you didn’t write down or say out loud) the odds are good that you’ve been targeted based on your activities or affiliations, and advertisers “knew” you would be interested in that product or service, because other people like you are interested in it.

I recently saw this concept described as a digital voodoo doll, and the analogy is apt. Advertisers and other influencers aren’t interacting with you directly, instead they’ve created an avatar that is like you, they’ve experimented to determine how best to impact those like you, and then they’ve launched their digital onslaught against the group. When the voodoo doll gets really precise, its called micro-targeting, and you really should be scared of it.

So what can you do about it? Well knowing the importance of identifier keys, you can participate in the web more strategically. It may be easier to sign up for a new service with your Facebook account (keeping track of multiple passwords is hard!), but know that when you do, Facebook gets all that data. Use different keys (new accounts) for different services, to reduce the chance of your activity being linked. You don’t have to quit Facebook entirely, but be careful what you indulge within their scope of view.

On that topic, there are ways to keep fences around that garden. FireFox has an extension that does just that — blocking Facebook tracking on sites not owned by Facebook. The same cautions should apply to any service whose tendrils extend beyond their own .com front-end. Microsoft, Amazon, Google all offer useful developer tools for web creators — in exchange for data collected from those sites. Diversify your digital activity: use different services for different features, and don’t mix and match. For example, Microsoft hosts our email, but not our voice commands. Amazon gets our voice commands through Alexa, but doesn’t store any of our documents. Opt out of data collection when given the choice.

As tech providers find newer, more clever ways to collect data, and the legal framework struggles to keep up, be aware of how you’re inevitably being targeted. Information is neutral — it doesn’t have a bias. Human beings, on the other hand, are biased. If something is presented as information but appeals to your natural bias, question the source — odds are that you’re being manipulated.

The dream of the Internet was that information could be shared instantly and freely with everyone. Those altruistic nerds that invented it may have forgotten that someone has to pay for technology somehow, and perhaps unknowingly, we backed our technology revolution into an ad-supported model. Being willing to pay for content that isn’t ad sponsored seems to have a tendency to inspire a little less subterfuge in the content provider. If you want to learn something new, or engage with a community on a topic, consider private online services — even those that aren’t free, or require a little more work.

There’s no quick fix for Facebook, or Google or even Apple. To make the Internet a better place, its citizens must be aware, involved and active. You can be online without responding to your baser instincts for affirmation or attention, but if you find the dopamine rush too irresistible, you might be better off closing those accounts after all…

Demarc 3.0

Back in the days of land-line phones, your demarc, or demarcation point, was the part of your house where the public utility phone network entered your home. Each outlet in your home connected here in what was called a POTS (Plain Old Telephone Service) network, and connected to one or more lines going out of the house. Frequently this was located near where power entered your home, and later, cable TV. This makes it an excellent point to retro-fit tech into a house that maybe wasn’t designed with nerds in mind.

I know this looks a little crazy, but in version 3.0 of my setup, its much, much cleaner than its ever been. To quote Morpheus, this is the core where we broadcast our pirate signal and hack into the Matrix! This diagram might be a little easier to read:

There’s some really cool stuff in this architecture that I’m pretty proud of. On one hand, its a modern 1gbps network, with distributed 802.11N WiFi, that can filter out ads and pornography, and support remote connections via VPN. On the other, it can also connect any device from the early 1980s to other devices, or to the Internet.

For the very oldest machines, a Raspberry Pi Zero, running the DreamPi image, connects to our home’s POTS network (long since disconnected from the public phone network), inducing the correct voltage, and playing back a dial-tone sound. A Python script on the the Pi listens for an old-school modem trying to dial out, then plays back the handshake sounds of an ISP, then continues to pretend to be a modem, bridging the device onto our network (and thus the Internet.)

For 90s and 2000s era Macs, either physical Ethernet or an old Airport Classic, provide an on-ramp onto our network. The Airport is configured with a whitelist of allowed machine IDs, so that it can run with only WEP security (since that’s the best it can do!) A Performa provides an EtherTalk to LocalTalk bridge, and a PhoneNet ring running around the basement networks the earliest of Apple and Mac computers.

For newer devices, that have always-on Internet connections, another Raspberry Pi runs PiHole DNS, which filters out ads, with OpenDNS upstream, configured to filter adult content. Dubbed the NetPi, it also runs an OpenVPN server, giving us the same safety when we’re away from home. The NetPi, and a little media PC next to it, also host Plex Media servers that share our content with our devices, no matter where we are.

With more of the Internet abandoning HTTP for HTTPS (whether its needed or not) and newer SSL cryptography ruling out connections from machines with lesser cryptography libraries, the NetPi will probably be pressed into service again running a SSL-stripping Proxy. I haven’t quite figured out how to do this yet, but I do have a RSS+Site Scraper utility running, which means I can still read a lot of content on older devices.

Although this one wall in the house is a little complex, the tech is effectively invisible throughout the rest of the house. Ben and I are working on a Raspberry Pi project using a PowerBook from 1999 as the programming terminal, but the 2019 home theater can also stream 4k content — all without touching or re-configuring anything. I can literally start a document on a Mac Plus, revise it on a Performa, print it from there, or pick it up off a combined AppleTalk/SMB share on the NetPi and publish it to the web from my 2019 Surface Laptop. In fact, I sort of just did…

Update: Squid SSL Bump Proxy running!

So I Tied An Onion To My Belt – 2019 Edition

The start of 2019 required patience — sticking to the same patterns for nearly 4 years doesn’t come easy for me, but sometimes that’s best. Fortunately, we had our first escape in March: a couple’s vacation to Mexico with some great friends from college. Going somewhere just to relax is a relatively new experience, but it went well — aside for a couple days of Montezuma’s Revenge near the end!

When we got back, we started putting things in place for some needed changes. First, Nic got a new car, to keep us in shape for road trips to Canada. Then, after finally getting some clarity on professional transitions, we were able to nail down our summer plans. A July start for a new job meant that we got one more trip to Florida from my previous employer — and allowed me to stick around long enough to launch my second product.

After Nic and the kids were done with Universal Studios, I handed in my two-weeks notice, and we went off to Family Camp — during which I signed the final papers for my new job. We squeezed in one more little get-away with some friends at Darien Lake, then the kids were back to school and I was thrust into almost non-stop business travel. As a result, the fall was necessarily a little more quiet on the home front. Simpler things like tinkering with projects, going on Girl Scout trips, horse-back riding, and kayaking in our beautiful State parks provided small escapes from responsibility.

The best escape had to wait until the end of the year. Ben pushed through another challenging half school year, on the brink of becoming a teenager. To celebrate his 13th birthday, we planned a surprise trip to Disney’s Hollywood Studios, where he and I got to explore the new Galaxy’s Edge Star Wars land. An early morning got us into the brand new Rise of the Resistance ride, and let us see most of the rest of the park as well. Ben built a droid, we drank blue milk, and got to nerd out together on this, the last of his Star Wars birthdays.

We flew out, via Atlanta, where we met up with the girls, en route to Grand Cayman. There we spent a wonderful week with my parents, enjoying their sunny paradise. Nic and I got to try a scuba diving lesson, she and the kids got to play with some dolphins, and we all got to explore the coral reef as we snorkeled around 7 mile beach.

It was a wonderful cap on a pretty great year. 2020 will be an interesting one. Of course, we have some travel planned, having ended up in sort of an every-other-year pattern for some of our favorite adventures. But there will have to be new ones too. Our new teenager starts high school (a year early here) and we’ll have to figure out what makes the most sense for him — as well as thinking hard about what kinds of family experiences are important for our kids in the few years we have left with them.

For now, though, we’re happy and healthy in Ohio, and looking forward to what God leads us through in the next year. Family Photos have been updated — find the link and password hint on the home page.

Einstein Newton Emulator on Android Oreo through 10

I recently brought my Newton MessagePad 120 back to life — for a brief window of time. It died again after less than 48 hours, but it was fun to play with while it lasted.

In lieu of finding more old hardware, I started playing with the Einstein Emulator. I’ve had it running on my Mac for awhile, but since the Newton was portable, it sure would be nice to have the emulator be in my pocket.

Unfortunately, Einstein hasn’t been updated in awhile and didn’t work on my Pixel 3a, nor would the source build in Android Studio on my Mac. A little hacking at it identified two issues:

  • The project had an undocumented dependency on a tool called ninja. Reported here, running this from the command line resolved: brew install ninja
  • Android notifications have changed since the project was created. I found how to update the notification, and implemented it as a work-around. I’m not sure its 100% backward compatible, so I’ve built and signed an APK of the original code and one with my updated code.

These updated bits, plus the necessary dependencies are assembled here.

Sometimes I can hear my bones straining under the weight of all the lives I’m not living

September had no business travel, so of course October had to make up for it. Combined with a 3-stop speaking tour, I had a trip to our LA headquarters and another to Seattle for a meeting on the Microsoft campus. Sprinkled in-between were some wonderful personal trips in Ontario and Pennsylvania. I’ve lost track of how many miles were spent in the air, but 2,226 miles were spent in a car. Tonite will be the first night in my own bed in 3 weeks.

Travel creates lots of time for reflection — especially when it has you re-treading old paths. In Seattle, I got an afternoon to visit the sweet spot we used to call home in the foothills of the Cascade Mountains. The event I spoke at in New York was 20 minutes from the apartment where our oldest two kids were born. I also circumnavigated Lake Ontario for the first time ever, and got to enjoy breath-takingly beautiful views of the Thousand Islands — a place I am resolved to visit again with the family.

A particularly interesting stop was at a conference in Pennsylvania with ABWE, a missions organization with a long history of enabling incredible good, and briefer history of hiding incredible evil. We were interested to see what had become of the folks that sent my family to Bangladesh in my youth, and after reading many books on the topic, learn a little more about what’s happening in that still-troubled country. Some things have definitely changed: their website and missionary training now contains clear and unequivocal information on the safety and protection of children, and they’ve launched a tech ministry that has the stated purpose of partnering with, and enabling, nationals to reach their own people. Some things have not changed: I spoke to a missionary who felt over-worked on the field and that his family suffered as a result, and we heard from an executive team that is still 90% old white American dudes — not exactly a diverse crew. Still, even the white dudes were espousing some progress: that our families are our most important work, and that Americans might not always be God’s premier messengers in some parts of the world.

Each of the stops had a certain percentage of “what if” to them. We’d probably be a good deal more wealthy if we still lived in Seattle. Things might be easier if we lived somewhere in Ontario. I spoke at a really cool college in New York, maybe I could have made a career path out of that, if we’d stayed there. And of course an organization like ABWE could launch us almost anywhere in the world. We don’t really have any data to suggest that any other option would be better than the one we’ve selected, but the weight of other possibilities is sometimes overwhelming. We turn 40 next year — have we done everything we should have by this point? Our oldest becomes a teenager in just a couple months — are we doing a disservice to our kids by giving them such an easy, comfortable life?

Travel is expensive with a family of five. Banking miles on business travel takes me far away from my kids, but buys us opportunities to take them on little adventures. The next few we have planned will be fun and easy ones, but I wonder if its time to show them a little more of the world.

Housekeeping – on HTTPS

Related to my previous rant on Internet security, the latest trend is to force a move to HTTPS — the encrypted version of the web’s primary protocol. In my opinion, this is largely silly: its security theater, since most scam sites can easily provide a certificate, and it gives browser makers even more leverage over little content developers.

I find it offensive in a different way, too: it breaks compatibility on the Internet. A whole generation of devices that have older versions of SSL, that can’t easily be upgraded, get cut off from today’s web.

There’s a place for HTTPS — namely, anywhere you submit data to a server. I don’t argue the importance of that. But lots of content is just there to be consumed, and the whole transaction with the server is “give me the content.” For a browser to claim that transaction is unsafe, just because the request and response weren’t encrypted, is dumb. Its perfectly safe to read this website without encryption — and there’s millions of sites where that is true.

That said, it irks me to see my own website marked as insecure, so I did what probably every other “little guy” should do, just to keep up with the times, and added a SSL cert for free through Lets Encrypt. However, my implementation does not break compatibility with older devices: you can still access this site without HTTPS by sending an uncommon user-agent. This will happen automatically if you’re, say, in Netscape Navigator on an old Performa, or visiting from a HP TouchPad. Only if a modern OS is detected will my main site meta-redirect to the HTTPS version, and you can over-ride through your browser’s Developer Tools. Otherwise, if you visit via HTTP, you’ll see a brief flash while the content re-loads over an encrypted connection.

Utility and classic sub-domains will remain on HTTP until all these young hippies get off my lawn…

Apple 2 Forever…

AtariComputerAlthough our first family computer, and my first attempt at programming, was an Atari 800XL (for which I collected every peripheral and game I could find), my first computer was a Macintosh 512k — which I rescued from a garbage can outside our church. Its display had collapsed to a thin vertical line, but that didn’t stop me from turning it on, and pretending to type on its keyboard or explore with its mouse. Eventually my parents found someone who could repair it, and it became a useful, slightly more modern family computer. At some point, long after it was obsolete, we traded it in for an also-obsolete Mac Plus, and added a hard drive. After a few years in service, we got a Compaq Presario 486, and the Mac Plus got relegated to storage.

Software was always my main skill set (most attempts at hardware hacking led to cut fingers — I’ve left my blood stains on many a motherboard) and after 20 years in the industry, I no longer feel like too much of an imposter when I call myself a software professional. On hardware, though, I remain a novice — it’s a hobby, not a profession.

I’ve carried that Mac Plus with me from job-to-job, keeping it setup on my desk, or a bookshelf, to remind me where I started and, on the rough days, how much I love what I do. I fired it up occasionally, but the display was beginning to degrade, and it was trending toward a thin vertical line. Recently I decided I was ready to try the same repair my parents had funded so many years before. A PDF copy of the Dead Mac Scrolls revealed the secrets that had eluded my 12-year old self: common failure points in solder and weak or aged capacitors made for an accomplish-able project. With a healthy respect for high voltages, a few YouTube tutorials, and more than a little trepidation, I put the old Mac Plus under the knife, and restored it.

Shortly afterward, I got a handful of other dead Macs, and found there was something of a market for vintage machines that have been lovingly restored. I managed to repair, clean and flip another Mac Plus, in beautiful platinum gray, a Mac SE, and an original 128k. I did not turn a profit, but I did manage to almost break even. In trade for one of those, I was given a couple other retro gems.

Apple ComputerThe Apple //c was the 10-year old computer my dad had in his classroom in Germany in the mid-90s, and the Apple ][gs was the last of the Apple 2 line up, and something of a unicorn that I never really had the chance to play with. The C lacks a power supply and may need some other repairs, but the GS booted up, and I couldn’t resist the challenge of figuring out how to connect it to my home network. Here’s the MacPlus and the IIgs talking to a range of newer devices — including a very new Raspberry Pi.

Here’s what was needed to pull that off:

  • LocalTalk PhoneNet is an adaptation of Apple’s old serial networking protocol, expanding its range using 4 pin phone cabling —- which was cheap and common at the time. I ringed the basement rec room with phone line to connect my Mac Plus, so adding an extension to the IIGS was easy.
  • The LocalTalk Bridge control panel was an unsupported Apple offering that allowed mid-90s Macs with a serial port and an Ethernet port to connect LocalTalk to EtherTalk. Technically both these networks are AppleTalk, with different names for the different connection types. A middling Macintosh Performa serves bridge duty.
  • A Raspberry Pi running a modified Netatalk install, thanks to the A2SERVER installer (and a lot of tinkering) talks AppleTalk over WiFi, and is reachable by the bridge, providing a modern file share for very old computers. The topology looks like this:

I’ll do a full-write up and post it on our vintage-computer friendly companion site: http://classic.jonandnic.com for those who want more details.

Internet Safety – a moving target

When you visit a webpage, you might think of its address, like www.cnn.com. That address isn’t really an Internet address though. It’s a domain name — a friendly and memorable shortcut for an Internet Protocol (IP) address. That kind of address is made up of four groups of numbers, called octets. CNN’s actual address (today) is 151.101.1.67. That’s what your browser really goes to.

The mechanism the browser uses to look up the number from the shortcut is called DNS, or Domain Name System. One of the most resilient and important parts of the Internet, DNS is often provided by your Internet service, whose own servers sync with other DNS servers around the world, providing a distributed system of record — a phone book, if you’d like, for instant address look-ups.

Importantly, DNS is first provided by your computer (or mobile device) that forwards DNS requests from the browser, to your router or modem, which forwards the request to your Internet provider, etc… If you don’t like your Internet provider’s answers (or the speed with which they answer), you can choose a different DNS provider by making a configuration change downstream (eg: on your router, or on your computer.)

This “chain of trust” allows organizations to filter the Internet within the network they provide internally. If an organization doesn’t want its members to visit a website (like pornography) they can insert DNS records locally that prevent the request from actually finding that website.

This is also the basis of many parental controls systems. They keep a list of addresses kids probably shouldn’t go to, and all you have to do is configure your local environment to use the parental controls DNS server, rather than a public unfiltered one. This chain, and the ability for administrators to control the chain, is a part of how the Internet was designed: the browser asks the computer, the computer asks the router, the router asks the network provider, the network provider asks the rest of the Internet.

Last year, Mozilla (makers of the FireFox browser) decided to experiment with breaking that chain of trust. Instead of the browser asking the PC (and so on), they decided maybe the browser could go around the chain, and just ask someone that Mozilla decided to trust. They claim this makes people safer, since they can encrypt that request, using a non-standard approach called DNS over HTTPS (DoH). The effect is that intentionally crafted trust chains will be broken. Fine as an experiment, but this month they decided this behavior would be the default for all FireFox users. If you don’t know how to work around it, your parental controls are effectively disabled.

And working around it is possible — but not easy. Because this is not a standard, or even an accepted RFC (the process by which the Internet is evolved through review and consensus), Mozilla gets to impose arbitrary hoops you have to jump through to disable it. The easier they are for you to implement, the easier they are for someone to defeat.

And Mozilla isn’t the only browser maker messing with trust on the Internet. I’ve written before about Google’s attempts to re-make the ‘Net in their own image.

So, how can you filter the Internet at home while bigger groups than you and me are hard at work funneling all traffic through bastardized versions of the Internet where they can monetize your queries? As of late 2019, here’s what still works — and my best guess about how long it will continue to work…

Circle with Disney – another 1-2 years
Circle is a device that you put on your WiFi network that filters actual traffic. Below DNS is the actual routing of data from a website to a device. This path is managed via ARP (Address Resolution Protocol) tables, which tell your router how to get traffic to a given device. Circle needs to know which devices on your network belong to a child (which is a bit of a pain to setup), then it can stop traffic that’s not appropriate.

Unfortunately, Circle is abandoning the one-time purchase device, in favor of a device+service model that will cost you more. If you can still find them, the original Circle is less than $100, and really works well. It also lets you set time limits and curfews from a reasonably friendly app on your phone.

PiHole + OpenDNS – 3-5 years
PiHole is a tiny service that runs on a Raspberry Pi. In total it’ll cost you about $50 to set this up on your network. Once the Pi is built and running, you can install PiHole in a couple seconds, and tell it to use OpenDNS as your upstream DNS provider (instead of your Internet provider.) Then tell your router to use the Pi as a DNS server — your own chain of trust. You can then use the OpenDNS website to determine what kinds of web pages should be allowed within your home network.

It sounds complicated, but its really not too hard, and because its actively being developed, they’ve been able to stay on top of changes, like Mozilla just made. As of today, they’ve implemented one of the work-arounds for DoH, that tells the browser not to trust any other DNS provider. Eventually Google is going to realise there’s an untapped data source here, and move to eliminate competition from parents who want to protect their kids. But for the near future, this works well.

Mobile Device Parental Controls – constantly changing
The best phones for parental controls are iPhones… personal preference aside. The Screen Time feature lets you set a PIN and access control for many things on the device. Unfortunately, you need regular physical access to configure and change these settings, which appear and disappear through different OS versions. This obviously requires parents to keep a certain amount of hands-on with their kids devices.

Apple has an app called Apple Configurator that allows you to setup a number of Supervision controls over the device remotely — but they’ve intentionally limited that capability so only organizations (schools or businesses) can use it. They actually research you to determine if you should be allowed to Supervise users before you can use the feature with kid’s devices — presumably they’re monetizing this somehow, because there’s no reason this shouldn’t be free to everyone.

Amazon has a number of features for parental control and monitoring on their tablet devices (yours truly was responsible for some of them), but with each version of their OS, they make those harder to find and use.

Our kids don’t have their own phones…yet. We have one “kid phone” that they can check out if they’re going to an event where we’re not with them — but its locked down tight. Still, their friends all have phones, and the pressure is on. Soon enough, I guess I’ll be trying out some parental control apps, to see what works best outside the home. Any suggestions?