Black Cat Blog

Thoughts, Stories, and Ideas

  • Rollercoaster of a Day

    Today has both been one of problem solving and another of new problems. Talk about real life whack-a-mole. One problem solved only to have another pop up. But at least I did get approved to drive through VGM which is good news. I have the orientation tomorrow.

    I’m very tired of having two steps backward for every one forward. It’s disheartening and demoralizing. It’s making me angry, short tempered, and depressed all in one. I feel snappy despite taking a restful nap. I feel a butt load of resentment.

    Oh well! This too shall pass as they say but I’m still waiting for it to pass. I’ll feel a good deal better if VGM works out because that could be a spring board to better opportunities. It could also be one giant fiasco. I cannot really predict and I won’t try. More information to come.

    I’m also pissed because I lost out on overtime from the security job. My boss yanked a shift from me. The money would have been welcome. I’m reminded again how I must look out for myself and my family because my employer sure as shit don’t care about me. Well, my manager does care. It’s just the fuckers above him that don’t.

    I think I’m just going to scream hash tags right now.

  • A Late April Sunday Morning

    I should feel pretty good about it being spring and all but I don’t I feel very down and worthless. My nightmares last night were vivid reminders of the missed/lost opportunities of night. I feel so unbelievably sad that I cannot concentrate worth a damn. I just feel like sobbing. I missed lost love and family opportunities; just not a good person. I live in fear and self-pity.

    Now I am going to lose my mom to Alzheimer’s and I need to go visit her in memory care but I am working every goddamned day just to stay afloat. I think I am going to see her after work on Monday or Tuesday. I feel tremendous guilt for not going. I’m fighting my own demons and seeing her continue to decline is going to make me feel worse. However, I do not want to live in regret so I will visit her this week.

    I had a high school crush on girl named Alynn Capoferri. I had a dream about her that I was pining after her but could not see her. Oh well. My nightmare was like a black and white, infrared photograph with brief moments of color. I think that was the best way to describe it. The Nickelback song, Photograph, really sums it up.

    I hate being autistic and suffering from major depressive disorder. It is an absolute curse – like living in a special kind of inescapable hell. I should be happy because I found a woman that I love to pieces and would never dream of cheating on her. But the reality on the ground is that I am suffering immensely. I feel used up and I feel like I will just continue to decline. Maybe that’s for the best. Maybe the Republican’s are right and if I cannot produce, the best place for me is the ground. That’s how I feel right now.

  • Plan For Today

    I have to work from 4p-11p today and I don’t really mind because the grand plan is to begin working on my book The Beginner’s Home Lab Book: Learning Linux & BSD By Building Real Systems. I’m going to follow the suggestion of my therapist to approach this as if I am writing a letter to a prospective learner. Despite being tired, I’m excited to get started. In preparation for writing today, I set up a PC to use for this purpose.

    This morning I set up some routing so I can reach the PC remotely allowing me to write effectively. I’m actually really excited! The excitement is lessening the lack of desire to go into work today. I know time will pass quickly. My weekend worksite is at a building completely locked down so I will be able to use dictation without the appearance of being crazy.

    I slept the day away and I still feel tired. I’m getting a huge resurgence of very intense nightmares that are effecting my sleep adversely. I’m even having nightmares while napping. It used to be that I could at least sleep during the day for a bit and it would be dream free. Not so much anymore.

    Well maybe I will get some work on my book accomplished. Maybe a sense of satisfaction will lead to a night of better sleep. I feel mentally awful like it’s a 10 yard fight. But the fact that I am writing this while on the bus to work is sort of a win in of itself. I wanted to call out but that’s not in my nature.

  • The War on Drugs

    I have said time and again that the war on drugs has nothing to do with public health or safety. Perhaps it once was but it’s not now. As with most laws nowadays, you have to see who stands to benefit from the law.

    The war is a cash cow for rehabilitation hospitals and private mental health facilities so big healthcare rakes in the dollars. The war benefits private corrections companies. Even law enforcement make extra money from overtime and special assignments.

    The drug cartels themselves are perhaps the biggest beneficiaries of these laws. Cartel leadership did not become as successful as they are by not having good business acumen. I am certain they accept a relatively small amount of product loss as the cost of doing business. Keeping drugs illegal means a higher street price and they know they would loose billions should laws change.

    I have no proof of this but I believe that the cartels donate to politicians hell bent on keeping drugs illegal. They may donate through shell corporations and borderline illegal money moving enterprises.

    Furthermore I believe that by maintaining the drug war, we are actually undermining safety. Violent crime would probably drop as a result of drug legalization. Drug legalization and treatment would go a long way towards making America safer and more secure.

    In conclusion, it’s time to admit that the drug war, much like alcohol prohibition, is a failure. We’re better off legalizing drugs. I forgot to mention one added benefit: the drugs would actually be safer because they don’t need to be produced secret. They can be manufactured using cleaner processes.

  • Great Therapy Session

    This morning I had a really good therapy session. I am reminded of the importance of therapy in addition to medication when treating depression. My therapist, Nan, is nothing short of incredible. We talked at length about learning, passion, and education.

    I told Nan about one of my goals which is to write a book about computers and networks. I shared with her my topic and intended audience but I was experiencing difficulty overcoming writer’s block. Since perfection in writing is impeding my progress, I had the insight that I would try speech to text. This may facilitate writing and lessen the tendency to seek perfection.

    Then Nan gave me a truly brilliant idea. Since the intended audience is a beginner to the professional side of computers and networks, she recommended that I write it in the form of a letter to a potential student. I was blown away! The sheer simple elegance. Now I have a weekend project. I’m going to start writing and see where this goes.

    Once I put words to paper so to speak, I’ll go back and edit my work. What if I could have the whole damn manuscript written and ready for publication!? That would be awesome. I’d love it if No Starch would take on publishing my book.

    I truly left the session feeling much much better than before. I feel renewed and motivated. I dare say I feel positive.

  • Nightmares

    I am not going to lie … last night was brutal for nightmares. They seemed to keep coming one after another so I am tired. Nightmares do not make for good sleep. Perhaps one day I will learn to control my dreams. I am honestly surprised because I had a decent day yesterday. Time to move on though.

    I hope to hear from VGM today or Monday. I’d like to be earning more money and have more flexibility. First I have to try it and see how it goes. If all goes well, I will reduce the number of hours I am working as a security guard to 16 on the weekends. I am tired of worrying about money and $23 an hour is significant.

    I don’t have any real grand plans for today other than going into work at 2:00PM instead of the usual time. This is okay with me and I don’t mind helping out the boss on occasion. I do have a therapy appointment at 11:00AM today which I am happy about because I need to talk to someone about some weighty issues. Perhaps I will find the concentration to work on my book, but if not, I won’t punish myself.

    I know that tomorrow I will have some good opportunities to work on my book. Since I seem to have writer’s block, I am going to try dictation. I just sent out a quick post on Mastodon to ask what tools might be available. Perhaps writer’s block isn’t really writer’s block but perfection being the enemy of progress. This is one of my mantra’s but I still seek perfection. Seeking perfection is blocking progress.

  • Another Day In The Salt Mines

    Another day and another shift working and toiling to make someone else wealthier. There’s nothing quite like the United State’s definition of freedom: economic freedom only. Have you ever noticed that the same self-righteous MAGAts that advocate locking up as many criminals as possible in dragnets complain that their freedumb is being impinged if laws are passed to help them? I’m sick and tired of the hypocrisy.

    Okay well enough whining on my part. I put Arch Linux – my favorite distro – back on my laptop. I don’t know why in the hell I was running Fedora. Clearly, I wasn’t thinking clearly. I’m happy to be back on the platform that I’ve grown to love. My desktop still uses Arch though. I had some dumb ass idea that Arch would not run that well on a laptop. I was very wrong. Arch is actually more battery efficient than Fedora.

    Well, in any case, I feel good about kicking Fedora to the curb. They capitulated to the age verification movement and they’re allowing AI contributions. As one of my favorite cartoon characters would say, “Uh huh huh huh …. Nope nope nope.” Chicken Hawk was hilarious! I digress. AI writes very poor code. Who knows what security holes are going to open. A good distribution is going down the toilet.

    I’m having fun being back on the fediverse via Mastodon. That’s the only social media that I feel is quality. If you’re already on it and want to follow me, just click on the link at the footer. Hope to see you there!

  • CGNAT and Self-Hosting

    One of the challenges for home lab enthusiasts with connections behind CGNAT is self-hosting. Due to the limitations of double NAT, you will need to rent a cloud VPS and create a VPN tunnel between the VPS and your router or a server behind the router. Fortunately, this can be done inexpensively and with relative ease. I use Cloudfanatic as they have the unusual blend of cheap with reliable. For $4.50 USD per month it cannot be beat. Let’s get down to business.

    We will be getting around the CGNAT restriction by using WireGuard. The neat thing with WireGuard is that you do not have to worry about random IP changes. This will be all updated on the WireGuard VPN endpoint. I need access to my home network so it will be routed appropriately.

    Here is an overview of the topology. Public IP addresses will be represented using the standard RFC5737 192.0.2.0/24 range. This is the exact solution that I use.

    [Home:CGNAT]<---------------->[VPS:192.0.2.1]
Network: 192.168.1.0/24       WG: 192.168.128.1/32       
WG: 192.168.128.2/32              fd00:f1ce:fd0d:1776::1
    fd00:f1ce:fd0d:1776::2

    Let’s work on the VPS-side first since that is the easiest one. I am running AlmaLinux 10 on the server. In the code blocks, commands beginning with hash marks need to be run as root. The first step is to enable IP Forwarding so that traffic gets passed between the WireGuard and public interfaces.

    # sysctl -w net.ipv4.ip_forward=1
# sysctl -w net.ipv6.conf.all.forwarding=1
# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
# echo "net.ipv6.conf.all.forwarding=1" >>     /etc/sysctl.conf

    Once IP forwarding is configured, we can begin the WireGuard side of the configuration. In the next step we will be generating the VPS private and public keypair.

    # dnf install epel-release wireguard-tools
# cd /etc/wireguard
# wg genkey | tee private.key | wg pubkey > public.key
# touch wg0.conf
# openssl rand -base64 32 > preshared.key

    Below is my server configuration which has been sanitized. You will have to provide your specific keys. Put the config below in your wg0.conf file that you created in the previous step. While a pre-shared key is not a requirement, it is a strong recommendation because this key provides extra protection against quantum-level attacks.

    [Interface]
PrivateKey = <Server Private Key>
Address = fd00:f1ce:fd0d:1776::1
Address = 192.168.128.1
ListenPort = 51820

[Peer]
PublicKey = <Home Public Key>
PresharedKey = <Your Preshared Key>
AllowedIPs = fd00:f1ce:fd0d:1776::2, 192.168.128.2/32, 192.168.1.0/24

    Once this configuration has been completed, it is time to configure the firewall to allow WireGuard traffic in-bound and forwarding between the WireGuard and public interfaces. Here is how to do this.

    # firewall-cmd --permanent --zone=public --add-service=wireguard
# firewall-cmd --permanent --zone=trusted --add-interface=wg0
# firewall-cmd --permanent --zone=trusted --add-forward
# firewall-cmd --permanent --zone=public --add-forward
# firewall-cmd --reload

    Once the VPS-side has been configured, we can set up the machine that is going to act as the end point at home. I have a VM that is running all of the services that I self-host. This VM also acts as my WireGuard tunnel endpoint. You have an array of options but this keeps things simple. Remember to copy the public key from your home end point to the VPS configuration and vice versa. Please do the same with the pre-shared key.

    The first and most important step is to enable routing on the home endpoint.

    # sysctl -w net.ipv4.ip_forward=1
# sysctl -w net.ipv6.conf.all.forwarding=1
# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
# echo "net.ipv6.conf.all.forwarding=1" >>     /etc/sysctl.conf

    Install WireGuard

    # dnf install wireguard-tools
# cd /etc/wireguard
# wg genkey | tee private.key | wg pubkey > public.key
# touch wg0.conf

    Configure WireGuard.

    [Interface]
PrivateKey = <Home Private Key>
Address = fd00:f1ce:fd0d:1776::2
Address = 192.168.128.2/32

[Peer]
PublicKey = <Server Public Key>
PresharedKey = <Pre-shared Key>
AllowedIPs = fd00:f1ce:fd0d:1776::1, 192.168.128.1/32
Endpoint = 192.0.2.1:51820
PersistentKeepalive = 25

    The firewall on the home side of the WireGuard tunnel is more complex because NAT must be enabled so that communication works bi-directionally.

    # firewall-cmd --permanent --new-policy=wg-to-lan
# firewall-cmd --permanent --zone=trusted --add-interface=wg0
# firewall-cmd --permanent --zone=trusted --policy=wg-to-lan --add-ingress-zone=trusted
# firewall-cmd --permanent --zone=trusted --policy=wg-to-lan --add-egress-zone=public
# firewall-cmd --permanent --zone=trusted --policy=wg-to-lan --set-target ACCEPT
# firewall-cmd --permanent --zone=trusted --add-forward
# firewall-cmd --permanent --zone=public --add-masquerade
# firewall-cmd --permanent --zone=public --add-forward
# firewall-cmd --reload

    Now we can bring the tunnel up. Do the following on both the VPS and the home sides.

    # systemctl enable --now wg-quick@wg0

    Once the tunnel is brought up, we can do some verification and testing. On the home side, you should see something similar to the following:

    # sudo wg
interface: wg0
  public key: <Home Public Key>
  private key: (hidden)
  listening port: 58512

peer: <VPS Public Key>
  preshared key: (hidden)
  endpoint: 192.0.2.1:51820
  allowed ips: fd00:f1ce:fd0d:1776::1/128, 192.168.128.1/32
  latest handshake: 1 minute, 1 second ago
  transfer: 49.61 MiB received, 438.12 MiB sent
  persistent keepalive: every 25 seconds

# ping -c 5 192.168.128.1
PING 192.168.128.1 (192.168.128.1) 56(84) bytes of data.
64 bytes from 192.168.128.1: icmp_seq=1 ttl=64 time=19.4 ms
64 bytes from 192.168.128.1: icmp_seq=2 ttl=64 time=19.7 ms
64 bytes from 192.168.128.1: icmp_seq=3 ttl=64 time=18.0 ms
64 bytes from 192.168.128.1: icmp_seq=4 ttl=64 time=18.3 ms
64 bytes from 192.168.128.1: icmp_seq=5 ttl=64 time=22.9 ms

--- 192.168.128.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 17.993/19.646/22.872/1.737 ms

    On the VPS, do the same thing:

    # wg
interface: wg0
  public key: <VPS Public Key>
  private key: (hidden)
  listening port: 51820

peer: <Home Public Key>
  preshared key: (hidden)
  endpoint: <Home IP>:58512
  allowed ips: fd00:f1ce:fd0d:1776::2/128, 192.168.128.2/32, 192.168.1.0/24
  latest handshake: 45 seconds ago
  transfer: 2.27 GiB received, 259.69 MiB sent

# ping -c 5 192.168.128.2
PING 192.168.128.2 (192.168.128.2) 56(84) bytes of data.
64 bytes from 192.168.128.2: icmp_seq=1 ttl=64 time=18.0 ms
64 bytes from 192.168.128.2: icmp_seq=2 ttl=64 time=18.0 ms
64 bytes from 192.168.128.2: icmp_seq=3 ttl=64 time=18.2 ms
64 bytes from 192.168.128.2: icmp_seq=4 ttl=64 time=19.2 ms
64 bytes from 192.168.128.2: icmp_seq=5 ttl=64 time=19.3 ms

--- 192.168.128.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 17.961/18.527/19.331/0.603 ms

    If you get results similar to the ones above, than the tunnel itself has been established between the two end points. The next step is to see if the VPS can reach your home network. The address I am pinging here represents my default gateway on the LAN. Again, you should see results similar to the ones below.

    # ping -c 5 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=63 time=22.0 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=63 time=20.6 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=63 time=20.6 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=63 time=20.2 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=63 time=20.0 ms

--- 192.168.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 20.031/20.694/22.026/0.707 ms

    From here, the sky is the limit. On the VPS, side though you will need to set up some port forwarding for access to services that are not http/https related. If you intend to host a website, use your favorite reverse proxy app. I use NGINX but configuring this is beyond the scope of the post. Below sets up port forwarding for SSH so you can remotely access your network.

    # firewall-cmd --permanent --zone=public --add-forward-port=port=2222:proto=tcp:toport=22:toaddr=192.168.128.2

  • The Future Of Work

    Is the future of work going to be work on a 1099 contractual basis? The reason I ask is I am seeing a steady trend towards this kind of work. I am not necessarily against it either. In fact, I would be absolutely for it if universal healthcare could be made available. All of the big corporations and the wealthy would stand to benefit from this and so would the working class. It creates entrepreneurial freedom and working freedom.

    I am a actually a proponent of this style of working because it means more flexibility for life’s events that pop up. Although it is not without its warts because I could see the potential for abuse here, especially if work turned into a reverse auction where it is only offered to someone at the lowest price. I could also see abuse if people are charged to sign up for a gig site. There would need to be some controls put into place.

    The benefits are real and tangible though for people on both businesses and individuals if proper controls are put into place to prevent the moneyed class from outright exploitation. The freedom it would provide the working class would be wonderful. After all, we really don’t need to work 40 hours to get work accomplished. This is an anachronistic hold over from pre-technology times. Let’s all work less and enjoy life more.

  • Still Dragging

    It’s going to be nice having some time off after today. I get off at 11am and I don’t have to be at work again until Thursday at 4pm. I will enjoy having the time off as I am really tired. I think I want to sleep late tomorrow. That sounds delightful. I did my last few things to complete migration to a dual stack IPv4/IPv6 setup. I noticed my Mastodon instance has been cruising since I gave it IPv6 access.

    I am too tired to work on my business this morning. I’m thinking I’m just going to mess around on my laptop. Being productive just isn’t going to happen. I have a therapy appointment about the time I get home from work. After that I would like to have a nap and then watch a show or three with Denisse. A boring afternoon will be fine as well.

    I hope I hear from VGM soon as I am tired of doing security work. VGM offers a driving contract position through the Uber platform. Unlike other opportunities, this one pays $23 per hour on a 1099 basis. I think if I hear back from VGM with an offer, I’m going to start doing that instead of security work. I’m really and truly tired of being a security guard.

    VGM has quite a nice offering and if I need more time off one week, I can simply take that time because it has been ruled that 1099-basis workers cannot be forced into accepting a schedule. The courts ruled that 1099 is contractual basis and forcing a set schedule changes things into employment. I would rather not work so hard. Also driving a high end Lucid vehicle will be fun.