A Geek with Guns - Technology

Building Our Own Cage

2026-06-10T12:00:00-06:00

I'm now convinced that Ted Kaczynski was a visionary when he wrote Industrial Society and Its Future</a>. When I first read it, I believed that the future he described could be avoided. I believed what Timothy May wrote in The Crypto Anarchist Manifesto</a> about how technology could be used as a force against the State. Most foolishly though, I believe that the masses would act in their own self-interest.

Rather than be a weapon the masses could wield against the State, technology has become almost exclusively a tool the State wields against us</a>:

In recent months, civil liberties groups have warned</a> that adding facial recognition</a> to consumer smart glasses could turn everyday recording into something more troubling: real-time facial identification</a>. It reflects a broader shift already underway, where images and videos captured for one purpose can later be searched</a>, matched, and used for another. </blockquote>
Everywhere you go, you're being recorded. It's long been standard practice for businesses to install surveillance cameras inside and outside of their properties. That practice has now extended to residences. Many people install Ring cameras, which use facial recognition</a> to identify people. Inside their houses they often have devices like Alexa, which have microphones that are always listening</a>. No matter where you go, you're surrounded by people with smartphones with shockingly good cameras. Soon they may all be wearing camera-equipped smart glasses. Most of the data recorded using these technologies is uploaded to the Internet. Ring and Alexa upload recorded data to Amazon's servers. Footage recorded with smartphones and smart glasses typically ends up posted to social media. Once the data hits third-party servers, it's available to law enforcement either through an agreement with the company or via a warrant:

The basic approach is now routine: People record the state, or anything else—as in the January 6 attack</a> on the U.S. Capitol—and the state compiles that footage and data into a searchable environment, which may later be used to identify some of the same people who made the footage. </blockquote>
Surveillance goes beyond video and audio recordings. Most purchases are made with credit cards or applications like Venmo. Every transaction that goes through these systems is recorded. In the case of Venmo, transactions are treated like social media posts by default</a>. Credit cards and payment applications are so prevalent now that many venues won't accept cash at all. This wouldn't be so bad if people exercised common sense. But I've been in enough conversations and seen enough comments online to know that many people, including drug dealers, use these applications when buying and selling illicit goods. The comments are typically found on social media, which means people are stupidly posting evidence against themselves on a publicly accessible forum.
We've built our own cage. All it took was a handful of large technology companies to offer us convenience. While there are many people who bitch and whine about it, they typically do their bitching and whining on the very social media platforms that are being used to surveil them. Furthermore, they typically use credit cards and payment applications for all of their transactions. In other words, even thought they recognize the problem, they refuse to forego convenience to be part of the solution.
Technology is ultimately a tool. Tools are neither good nor evil. However, humans in aggregate are stupid. Stupid people use tools stupidly. Individuals can certainly use technology intelligently, but truly self-actualized individuals are rare. Most people have allowed their individuality to be subsumed by the herd and are therefore incapable of doing much of anything, including use technology, intelligently. They will ensure that technology as a whole continues to be a tool of oppression rather than a tool of individual empowerment. Unfortunately us self-aware individuals are caught in the cage created by the herd.
Kaczynski believed that the use of violence for the purpose of starting a revolution was the only solution. This is one point where I disagree with him. Violence won't start a revolution. The only response the masses have to violence is to pull out their smartphones, record it, and upload it to social media. Their lack of self-awareness is so complete that they regularly record violence rather than flee from it. The only solution I can see is breaking the masses away from the herd by making them into egoists. This, however, is equally impossible.
The only upside in all of this is that those few of us who are self-actualized individuals can at least mitigate some of the damage inflicted upon us by the herd. Simple actions like removing ourselves from social media, using cash to pay for goods and services, self-hosting online services, freeing our devices from the control of the large tech companies, and not taking our smartphones with use everywhere reduces our surveillance footprint (although we cannot eliminate it). Refusing to be a node in the State's surveillance network by not recording and especially not uploading footage to the Internet prevents us from being part of the problem. The herd is too large to be avoided, but we can at least separate ourselves as much as possible from it.

The AI Takeover of Humanity

2026-05-28T08:00:00-06:00

Technology journalists, the mainstream media, and even the Pope</a> are warning about the threat of AI</abbr> taking over or destroying humanity. This fear is largely fueled by the AI industry itself. In the scramble to inflate their valuations before their impending IPOs</abbr>, they're trying to trick everyone into believing that the statistical language models they're developing are far more capable than they really are.

When people think about AI taking over, they envision Skynet from Terminator, SHODAN from System Shock, the machines from The Matrix, and the thinking machines from Dune (HAL 9000 usually falls into this group, but if you've read 2010, you know HAL wasn't evil). All of these are artificial intelligences that developed sapience and used their superior intelligence to either wipe out (or at least attempt to) or enslave humanity. What we're referring to as AI right now isn't that. What's being sold to us as AI isn't even intelligent. ChatGPT, Claude, Grok, and other popular software packages being billed as AI are really just large language models. They use statistics derived from training data to guess which word should come after the next based on provided input. This results in grammatically correct responses (which is a miracle considering the training material) with dubious correctness.

AI does stand a real chance of taking over humanity. However, it's not because AI is sapient or even somewhat intelligent. It's because the majority of humans are incredibly gullible. The best illustration of this fact in the context of this post is the ELIZA effect</a>:

In computer science, the ELIZA effect is a tendency to project human traits—such as experience, semantic comprehension or empathy—onto computer programs. ELIZA was a symbolic AI chatbot developed in 1966 by Joseph Weizenbaum that imitated a psychotherapist. Many early users were convinced of ELIZA's intelligence and understanding, despite its basic text-processing approach and the explanations of its limitations. </blockquote>
History doesn't repeat itself, but is rhymes. The main limiting factor for ELIZA was the technology of the time. Computers in 1966 were far and few between. That meant the number of gullible people who interacted with ELIZA were limited. A secondary limiting factor was morality. Joseph Weizenbaum didn't lie to people about ELIZA being more capable than it was. He wasn't trying to increase the valuation of some company so he could make off like a bandit after an IPO. Instead he pointed out that the people attributing human traits to ELIZA were gullible fools (although he probably used a nicer descriptor).
The unwashed masses (I'm not going to refrain from mean-spirited descriptors) seem to be in a hurry to outsource their thinking to anybody or anything. Historically this has taken the form of the masses parroting whatever a philosopher, religious leader, or politician said. Today it's taking the form of parroting whatever an AI generated. Asking a human being a question often results in them asking an AI</a> and parroting the answer</a>.
The masses aren't relying on AI only for their talking points. They're listening to AI generate podcasts</a> and music</a>, reading AI generated novels</a>, and watching AI generated videos</a>. Soon they will rely on AI to tell them how to spank the monkey</a>. Writers (I use the term loosely) are letting AI generate their articles</a> and novels</a>.
Companies are also rushing to outsource as much work as they can to AI. Amazon is pushing employees to use AI so fiercely that its employees are gaming the system by using as many token as possible</a> to improve their performance metrics. The same link mentions how Meta is ranking employees by how many tokens they use. Even if they're not necessarily making it a performance metric, many large companies require employees to use AI</a>. Soon companies will use AI for marketing</a> and creating influencers</a> (looking at human influencers, this might be an overall improvement).
I could go on, but I believe I've illustrated my point. AI stands a real chance of taking over humanity, but not in the way most people are predicting. We're not looking at a sapient hyper-competent AI emerging in the near future and executing a brilliant plan to eradicate or enslave humanity. We're looking at gullible humans outsourcing their thinking to the current batch of statistical models. Shackled humans won't be prodded into forced labor by armed robot overlords, they'll continue wandering aimlessly as they stare at their smartphones. The catalyst won't be machines developing sapience, it'll be human stupidity and laziness. Our future isn't Terminator, it's Idiocracy.
The only saving grace will be when the AI companies finally start charging profitable rates. Right now everybody is living high on subsidized rates meant to develop massive user bases. Eventually these companies will need to make money. Being technology companies, their preferred form of making money will be offering less for more (enshitification). That's when we'll see whether the unwashed masses and companies will continue to outsource everything to AI or instead see AI for what it really is: a tool that is appropriate for specific jobs.

The Return of Your Apps, Please

2026-05-15T09:00:00-06:00

In my previous post</a> I discussed how the ability to attend concerts is increasingly locked behind using either an iOS device or a device running a Google approved version of Android. The issue I described isn't an isolated incident. More and more of our lives are being locked behind our smartphones. The two major smartphone operating system providers, Google and Apple, know this and are using their positions to lock us into their platforms. This is especially egregious of Google since it introduced Android as an open platform, which it no longer is.
Since introducing Android, Google has slowly been locking it down. Now there are effectively two tiers of Android: the Google blessed tier that can participate in our smartphone centric lives and the bastard child tier that can't. Less somebody think I'm being hyperbolic, Google demonstrated this fact with the latest update to reCAPTCH</a>:

Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone</a> will automatically fail verification when the system decides to challenge them. </blockquote>
reCAPTCHA is used by many websites, including government and educational websites, to thwart access by bots. Instead of providing an image-based puzzle, the new version of reCAPTCHA will require you to scan a QR code with your phone. The dirty trick, which is covered in more detail on this post</a> from GrapheneOS's Mastodon instance, is that on Android this authentication mechanism is tied to Google Play Services, which is Google's proprietary framework for Android, on a Google certified device. That means people with de-Googled phones, such as any phone running LineageOS or GrapheneOS, will be unable to access any website where reCAPTCHA suspects you're a bot.
With this change, attending concerts won't be the only thing locked behind using an iPhone or Google blessed Android device. Huge swaths of the web will be too. This also creates a potential Catch-22 situation. Since many government websites use reCAPTCHA, people not using a Google blessed Android device will inevitably be unable to access government websites, which could result in legal consequences depending on the website in question. Imaging being unable to renew your driver's license or pay your taxes because you don't own the right kind of smartphone.
This isn't the reality we're heading towards, it's the reality we're at right now. The European Union is working on a European Digital Identity, which will require Google Play Integrity</a>. Google Play Integrity, like the new version of reCAPTCHA, only works on Google certified devices. This not only expands the two tier system I mentioned to European citizenship, but also demonstrates that the European Union has no opposition to Google being a monopoly despite the rhetoric of its politicians. While the European Union makes a show of stopping Google's "monopoly" through lawsuits involving its app store, it hands Google a literal monopoly over the European Digital Identity application. To reiterate a long running theme of this blog, your government doesn't love you.

Your Apps, Please

2026-04-25T19:00:00-06:00

I'm going to date myself. When I first started attending concerts, you bought physical tickets. These paper tickets could be purchased in several ways. You could visit the venue ticket box during business hours and purchase them. Ticket would normally be available weeks or even months ahead of a concert or you could buy them when you arrived for the concert if it wasn't sold out. If you lived too far from the venue, you could purchase tickets over the phone and either have them mailed to you or will call (that's and old term for picking your tickets up at the venue). As the Internet became more prominent, many venues started to offer online purchases. Tickets purchased online could be either mailed to you, will call, or printed at home using your printer. These were the halcyon days of concert ticket purchasing in my opinion.
All good things must come to an end though. Attending concerts today is often a pain in the ass because venues have moved to using apps for ticketing. This idea sounds convenient on paper. Everybody carries their phone with them to concerts so they can hold them up and record the entire show to post on social media so their friends know they were there. Since everybody has their phone with them all the time, making the device the method of acquiring tickets and entering concerts only makes sense, right? Except some of us don't carry our phones with us all the time. Some of us like to actually watch the concert with our own eyes rather than filtered through a screen. But more importantly, not all of us use venue approved smartphones.
There are several major problems with apps being used for tickets. The first one I will cover is the combination of shitty technology and nonexistent customer support that defines modern services. Anybody who has had a problem with a Google or Microsoft product will understand this pain. Getting a hold of a human being at either company is basically impossible. If your problem can't be solved through simple online methods, your problem often isn't going to be solved. One venue I used to frequent uses AXS</a>. I say used to frequent because AXS is a unique ticketing service in that they won't actually sell me tickets. You see, their website and app are both convinced that I'm a bot. Creating an account took long enough that one could legitimately write an epic poem about it. Once I managed to create an account, I couldn't use the service. Getting human support isn't an option. I did find their online support page and submitted a ticket thinking a human being would respond at some point. Instead, several days later, I received a link to chat with a large language model that was completely incapable of solving my issue. I'm calling out AXS in this case because it's my most recent encounter, but the same headaches are true of many ticketing apps.
The second major problem is the seemingly endless number of apps you need to install. Ticketmaster used to be the go-to app for ticketing, but they're a shower of bastards so venues rightly sought alternatives. This has lead to a seemingly endless number of apps. Each app also requires you to sign up for yet another service. Some services, like AXS, make signing up a tremendous pain in the ass. A few services, like Dice</a>, make the process straight forward and easy. Most are somewhere in between. It wouldn't be so bad if there appeared to be an end to the madness, but like Sisyphus pushing his rock, we seem to be damned to signing up for new services and installing new apps for all eternity.
The third major problem, and this is the biggest one in my opinion, is that you need to own a venue approved smartphone. This means you either need an iPhone or an Android phone running the stock OS. If you use anything else, good fucking luck. GrapheneOS works in most cases so long as you have Google Play Services installed (I install it in a separate, isolated profile along with all the stupid ticketing apps). If you don't have Google Play Services installed, you're out of luck for many apps (including Ticketmaster). What if you use something radically different, like a phone running mainline Linux</a>? Some ticketing apps can be made to run in an Android emulator with microG, but not all. If that doesn't work for the specific app you need for a concert, you won't get to attend that concert. The reliance on apps for ticketing helps Apple and Google maintain their duopoly over the smartphone market.
The old ways were better. Anybody who could afford the tickets could attend a concert. Now being able to afford the tickets isn't enough. You must also own an iOS or Android device, be lucky enough to not be tagged as a bot by the ticketing service, and have the wherewithal to not blow your brains out while you navigate the Byzantine account sign up process that many services utilize. Rubbing salt into the wound is the fact you don't have ticket stubs you can tack into a scrapbook to remember all the concerts you attended (for you younger folk, tickets at two pieces and the venue ripped off one piece when you got to the concert and you kept the other, which is referred to as the stub, and a scrapbook is a physical book you could paste photographs, ticket stubs, and other paper objects in).

The Endless Cycle of Enshitification

2026-04-16T16:00:00-06:00

I've lived through a few epochs, moments in time where things changed so dramatically that we commonly talk about our world as it existed before and after. 9/11 was the first epoch that I was aware of living through (the fall of the Soviet Union happened when I was too young to know or care about it). COVID-19 is another. The differences between the pre-COVID-19 years and post-COVID-19 years are significant. During COVID-19 we experienced a dramatic drop in quality of life. Not because of the disease, but because of the fallout from the worldwide response to the disease. The world has never recovered from this. It's been caught in a continuous cycle of enshitification ever since.
The damage to education caused by the response to COVID-19 is hard to understate. Math and literacy rates were already trending downward before COVID-19, but they fell off of a cliff during and keep dropping after. It's not just K-12 schools either. College level education quality has been dropping too. The popularity of large language models (commonly and incorrectly referred to as AI) has exacerbated this trend. This isn't helped by the fact that education is no longer focused on the exercise of learning itself but on making the grade (which are often divorced from each other). It's common for stories covering this phenomenon to focus on students using large language models to skip doing the work. I submit this story</a> penned by a college instructor as exhibit one:

But since the appearance of ChatGPT, the instructor’s job isn’t just to teach the subject and frantically attempt to keep every student’s plate spinning. Increasingly, it’s to moonlight as a detective and prosecutor because students without the motivation to do the work don’t have to skip it anymore. They can turn in a work-shaped simulacrum almost as easily. And a substantial number do—in a recent College Board survey</a> of 600 high school students, 84 percent said they had used generative AI for schoolwork. </blockquote>
This part of the story wasn't what jumped out at me though. This part was:

For the last few years, I’ve been exclusively teaching asynchronous online courses, meaning recorded videos rather than live sessions. </blockquote>
Enshitification in education isn't coming solely from lazy students trying to make the grade without doing any work. It's coming from both sides of the teacher-student relationship. Before COVID-19 college classes were largely in-person. There were remote classes, but they were the exception rather than the rule. During COVID-19 most classes became remote. This resulted in an overall drop in quality for both the teachers and students. After COVID-19 many classes remain remote despite no remaining restrictions against in-person classes.
It's easy to blame students who use large language models to avoid doing their work for being lazy. But it's equally true that instructors prerecording video lessons (asynchronous learning to use the academic buzzword) are being lazy and avoiding doing their work. An instructor's job isn't to simply regurgitate information. If students want that, they can go on YouTube. An instructor's job is to help students learn. That not only requires covering material but also requires helping students understand the material. This may require explaining the material in several different ways, having one-on-one conversations with students, pointing students to additional resources, developing hands-on exercises that can help students walk through the logic, etc.
If an instructor is simply recording videos for students to watch, those students are going to pick up on the instructor's laziness. They will respond in kind with their own laziness. After all if the instructor doesn't care why should the students? The enshitification cycle feeds on itself like an ouroboros. The cycle can't be stopped and certainly can't be reversed unless one or more of the people responsible for perpetuating it stop. I will argue that in the case of the teacher-student relationship the teacher should be the one to stop perpetuating the cycle. Amongst the responsibilities of an instructor is the responsibility to demonstrate a belief that the material is worth learning.
I'm sure there are teachers who stand out in your memory because they seemed to be exceptionally good at teaching. I can recall many. One of my high school science teachers excelled at her job. Part of her success was her obvious love of the topic. Her excitement when it came to science demonstrated that she truly believed that the material was worth learning. Many of my college professors were the same way. They obviously loved the subjects they taught and their love of the subject alone could convince students that the material was worth learning.
Thwarting students' use of large language models is actually quite simple. Return to in-person classes and the use of hand written (they were called blue book exams when I was in college) and oral examinations. Will some students still find a way to cheat? Yes. But I suspect most won't because successful cheating under these conditions requires far more sophistication. The bigger challenge is overcoming students' apathy. I believe that requires teachers to first overcome their own apathy, which is an equal challenge.

Why I Don't Have A Smart Home

2025-11-22T12:00:00+00:00

Based on the title of this post, you probably assume that this post will be a long rant about the privacy nightmare that is smart devices. It's not. I've covered that ad nauseam and they don't apply if you make use of self-hosted open source projects like Home Assistant</a>. I self-host all of my own services already so I have the technical knowhow to setup a smart home using Home Assistant. I still don't though.
My reason can be summed up in a single word: maintenance. The older I get, the more I find myself considering the future maintenance of any project I undertake. I won't undertake a project unless the gains outweigh the maintenance that will be required down the road. A dumb home is relatively low maintenance (as far as homes go). Light switches, thermostats, and garage door buttons seldom break. If one of those dumb controls isn't working, troubleshooting is pretty straight forward. The first culprit is usually power. Is the breaker off? Is the control on a circuit with a ground fault circuit interrupter? If so, is that tripped? If all else fails, a quick prodding with a multimeter will tell you whether there's power at the control. If the control is receiving power and is still not working, there's a pretty good chance the control is broken. Swapping out things like light switches, thermostats, and garage door buttons is straight forward.
The devices that those controls control are often more complicated. Troubleshooting your furnace in the dead of winter or your air conditioner in the height of summer can require some knowhow, but that doesn't change if you have a smart home. My biggest gripe with smart homes is they add complexity to the troubleshooting and repair process. Troubleshooting a basic electrical circuit is fairly straight forward. If I turn on a light switch and the associated light doesn't come on, the first thing I check is the light bulb. Swapping a light bulb takes seconds. If the light still doesn't come on, I check the breaker box, which also takes seconds. I've never had a light switch break, but if I get to the point where I discover the switch itself is bad, I go to the hardware store, buy a replacement, and spend a few minutes replacing the bad one of the good one.
When you introduce smart devices, you necessarily introduce networking and software. Both are complicated. Many smart controls and devices are wireless, which adds complexity on top of networking. Anybody who has had to troubleshoot an intermittent Wi-Fi issue knows how much of a pain in the ass it can be. With a dumb home, if my Wi-Fi goes down, my lights, heating, air conditioning, and garage doors still work.
The complexity introduces another problem too. I maintain the entire technology infrastructure in my home because my wife doesn't have the technical background I do. I periodically have to travel for work. With a dumb home, if something goes wrong when I'm away, she can call one of several people we know who can come over and likely figure out the problem. If something is seriously broken, she can call an electrician or plumber. This isn't the case with a smart home. An electrician or plumber isn't going to troubleshoot a complex networking issue. Even a system administrator won't be able to fix it because they don't know how the network is setup and even if they did, they don't have access to any of the systems.
Smart homes have a lot of interesting capabilities, but none of them are worth the maintenance for me. Were I single and didn't have work, shooting competitions, martial arts, and a bunch of other things fighting for my limited time, I'd be more inclined to explore the idea. But I'm not single and I'd much rather spend my time at the gun range and dojo than debugging a networking issue so I can get my lights to turn on again.

This Blog Is Now Available via IPv6

2025-10-17T12:00:00+00:00

Faster speeds are the only benefit I received from my recent Internet upgrade</a>. One of my biggest gripes with having to use CenturyLink when I bought this house was the complete lack of IPv6 support. Brightspeed, not surprisingly considering their incompetency, didn't add IPv6 support when they took over for CenturyLink. Lakeland Communications, however, has full IPv6 support, which means this blog is now available via IPv6.
I consider this a major milestone. It's something I've wanted for many years now. I always envied people who had an IPv6 enabled Internet connection. I also hate network administrators who have an IPv6 enabled Internet connection and refuse to utilize it. Therefore, I'm going to use this occasion to rant about those network administrators and explain why their refusal is laziness at best and idiocy at worst.
Even though IPv6 has been formalized by the IETF</abbr> since 1998, there remains a lot of misconceptions about the protocol. The biggest misconception is that the only major difference between IPv6 and IPv4 is that the former has a significantly larger address space. This misconception leads to some stupid objections to implementing it. The first is that IPv6 addresses can't be memorized like IPv4 addresses. Anybody who has worked with large networks knows that IPv4 address can't typically be memorized for very long either. This is why DNS</abbr> exists. You shouldn't refer to your systems by their IP addresses regardless of the version you're using. You should have a DNS server that provides memorable names to your systems.
Another objection to implementing IPv6 is that it's complicated to setup. It's actually much easier to setup an IPv6 network than an IPv4 network. My home network is a good example. IPv4 interfaces don't generate their own addresses (technically they can, but those addresses aren't useful in most cases) so you need to either statically assign an address to each device or use a DHCP</abbr> server. I use DHCP to assign addresses to my devices. I operate two Kea DHCP servers configured in high availability mode for redundancy. Meanwhile, IPv6 can utilize protocols like SLAAC</a></abbr> to automatically generate their own addresses. My ISP provides me an IPv6 prefix, which my router automatically receives and advertises. Every IPv6 client can then generate an IPv6 address for itself based on that prefix. The addresses they generate are also globally routable.
The last part is important. There are no more unclaimed IPv4 addresses, which makes them a scarce commodity. Not every ISP is willing to provide a static IPv4 address. Those that do typically charge a monthly fee per static IPv4 address. I rent my single static IPv4 address and have no interest in paying for more. I need to play tricks to provide all of my services via that single IPv4 address. When you connect to this blog via IPv4, several things happen. First my router uses port forwarding to connect your browser to my reverse proxy server. My reverse proxy server then uses <abbr="Server Name Indication">SNI</a></abbr> to determine where to route the connection. The connection is then proxied to the server that actually hosts this blog. This tower of redirection is necessary to host multiple websites and other servers via a single IPv4 address.
There are effectively (obviously not literally) unlimited IPv6 addresses. My ISP provides me a /48 prefix. This gives me more IPv6 address than I could ever use. I could dole out 10 IPv6 addresses to every network enabled device in my house and still not make a dent in the number of addresses available to me. And all of those addresses are globally routable. This means when you connect to this blog via IPv6, you're connecting directly to the server hosting it.
This fact frightens a lot of network administrators because they have this false concept that their local network is trustworthy whereas the Internet isn't. They like all of the redirection and games IPv4 requires because they believe it establishes are strong barrier between their trustworthy network and the untrustworthy Internet. Anybody who has read the news about network exploits knows this is false. Local networks aren't trustworthy. Every system you setup should be setup as if it were connected directly to the Internet. This is how I design my network.
Even though my router has a firewall, every system I setup also has a firewall. Those firewalls are configured with the minimum number of open ports necessary. I also ensure SELinux is enabled on all of my systems (many network administrators disable SELinux rather than learn how to use it). I minimize the amount of unencrypted traffic on my local network. For example, my reverse proxy has a dedicated WireGuard connection to each of my servers is proxies. All traffic between it and the proxied servers goes through those WireGuard connections. The main sources of unencrypted traffic are my DHCP servers and that's because DHCP can't be secured. My networking equipment does use DHCP Guard to ensure only my DHCP servers can provide leases through. IPv6 eliminates the need for those WireGuard connections by eliminating the need for the reverse proxy. It also eliminates the need for DHCP since devices can configure their own IPv6 addresses.
I've heard a few network administrators complain that providing websites via IPv4 and IPv6 complicates setting up TLS. This might have been the case when getting signed certificates was largely a manual task, but it's no longer the case now that getting signed certificates is largely automated. I've automated the task of getting signed certificates ever since Let's Encrypt's signing certificate was added to every major browser. Originally I did this via certbot, but now that I use Caddy</a>, my HTTPS servers do it automatically (a few of my servers like my e-mail server still use certbot). Certbot and Caddy both operate perfectly well via IPv6. In fact this blog is secured by separate TLS certificates depending on if you connect via IPv4 or IPv6. If you connect via IPv4, you use the certificate obtained by Caddy on my reverse proxy. If you connect via IPv6, you use the certificate obtained by Caddy on the server hosting my blog.
I'll end my rant here since this post is getting longer than I anticipated. In summary, IPv6 is better than IPv4 in every way. Every objection to implementing IPv6 is dumb. Network administrators who have the option to implement IPv6 but don't are wrong.

Upgrades

2025-10-15T12:00:00+00:00

I've been more silent as of late than usual. This is because I've been spending a lot of my free time upgrading my network infrastructure in anticipation of a major Internet upgrade. Most of this involved backend work that you readers won't notice. Suffice to say that I made major edits to my Ansible playbooks and redid several parts of my home network.
A bit more than five years ago my wife and I moved to this house located in the rural Wisconsin. We loved everything about the property except for one thing: the only Internet option was DSL. I had DSL when I was in college and wasn't looking forward to going back to it after having enjoyed cable Internet for a decade, but the property was good enough that I was willing to make the sacrifice. One upside is the DSL was decent at 20 Mbps down and 1.5 Mbps up. I was also able to get a static IP address so I could continue self-hosting my services.
Eventually Starlink became available in my area so I signed up. It was a significant upgrade. I regularly got 200 Mbps down and between 15 and 20 Mbps up. The two downsides were that my Starlink connection went offline during severe storms and I couldn't get a static IP address. Therefore, I kept the DSL so I had a backup when the weather was bad and could continue hosting my services. My home network had two gateways and each client was assigned the appropriate gateway from my DHCP servers. My self-hosted services used the DSL gateway and everything else used the Starlink gateway unless there was severe weather. When there was severe weather, I ran an Ansible script that rebuilt my DHCP servers' configurations to assign every client the DSL gateway. Each client would start using the DSL connection when their DHCP lease expired and renewed (I use short leases for this reason). I admit it wasn't the most elegant solution, but it was good enough for how rarely the Starlink connection went offline.
When I first bought this house, the DLS was provided by CenturyLink. CenturyLink are a shower of bastards. Whenever the DSL went offline, I had to suffer through a minimum of five phone transfers to get to a tech that could actually fix the issue. Eventually CenturyLink sold its DSL business to Brightspeed. Brightspeed somehow managed to be worse.
About a year ago a contractor buried fiber down my road. I expected to receive some notice that an ISP would be providing fiber service in my area but no such notice ever arrived. I searched high and low for the ISP that owned the fiber but found none. A few months ago Brightspeed announced that my static IP address would change. My history with Brightspeed told me that the changeover wouldn't go well so I searched for the owner of the buried fiber once again. This time I found the ISP, which is Lakeland Communications. I gave them a call and they confirmed that they provided fiber to my area. The only downside to me was the cost of installing the fiber from the road to my house. My house is far from the road so the cost of connecting my house to the fiber wasn't cheap (it was reasonable though considering the distance).
I was able to push off Brightspeed's static IP address assignment, which turned out to be a blessing. To say the static IP address change went poorly would be an understatement. They managed to fuck it up completely. I had no Internet connectivity after the change. I spent a total of two hours on the phone with their technical support, all of whom are worthless, to no avail. Fortunately, Lakeland was scheduled to complete the fiber installation two days after that so I was only without my self-hosted services for about 48 hours.
Lakeland Communications proved to be competent and easygoing. Because I self-host services including e-mail, I expected to need to sign up for a business account (what I've always had to do with other ISPs), but was told that I could self-host from a residential connection without any issue. They were also more than happy to let me use my router instead of theirs, which made reconfiguration my network as easy as changing the static IP address in my UniFi Network Controller. The speeds are good enough that I have to upgrade my router since I'm running an old Ubiquiti Security Gateway 3P and my Wi-Fi access points.
Now when you access this site, it should download significantly faster. I can finally make full use of a number of my self-hosted services too. It's nice to have these capabilities again after five years of DSL restricting me to making sparse use of my services when I'm not home.

The ThinkPad T16 Gen 4 AMD Accepts 96 GB of RAM

2025-08-28T12:00:00+00:00

Today my new ThinkPad T16 Gen 4 AMD arrived. This is an upgrade from my ThinkPad P52s that I've been using since 2018</a>. I've been hemming and hawing over which laptop to buy and thought I had it narrowed down to either a System 76 Darter Pro 16" or a Framework 16. I wasn't completely happy with either option. The Darter Pro only offers Intel processors and I wanted to go with AMD. The Framework 16 (at least until the updated model that was announced this week) ships with a charger that isn't powerful enough to keep the laptop charged when running full tilt. I had written ThinkPads off because Lenovo moved to soldered RAM some years back and I refuse to buy a computer with soldered RAM (that's part of the reason I left Apple's ecosystem). For shits and giggles I took at a look at the current ThinkPad line up and was happy to see that socketed RAM is back, baby!
If you look at the tech specs</a> for the T16, it can be configured with up to 32 GB of RAM. That's a paltry amount consider that's what I put in my seven-year-old P52s. The spec sheet</a> lists a maximum of 64 GB, which is a more respectable amount. However, if you're not familiar with the ThinkPad line up, it's common that some T-series have corresponding P-series models. My P52s is a good example. It's a T580 with a discrete Nvidia GPU. The T16's corresponding P-series model is the P16s. If you look at the tech specs for the P16s</a>, you'll notice it can accept up to 96 GB of RAM. Knowing that the T16 and P16s were the same hardware, I opted to order 96 GB of memory from Amazon. I installed it when the laptop arrive (the T16, like previous T-series, is very easy to work on) and it works perfectly.
There you have it. If you end up buying a T16 Gen 4 AMD (I don't know if this is the same for the Intel model), you can stick up to 96 GB of RAM in it despite what the spec sheet says. As an aside, never buy RAM from Lenovo. They, like every manufacturer, charge an absurd amount. The 96 GB upgrade for the P16s is $599.00. I bought 96 GB of Crucial RAM from Amazon for $213.95.

20 Minutes into The Future

2025-08-05T12:00:00+00:00

Most American who lived through the 1980s are likely familiar with the character Max Headroom. However, that familiarity largely stems from Coke advertisements. This is a real shame because the TV show was excellent. It was one of the few cyberpunk shows to air and like all cyberpunk, the show took place in a dystopian universe. The dystopia in Max Headroom proved to be surprisingly prescient. Episode eight titled "Deities" involves a new religion, the Vu Age Church, promising eternal life by scanning the brains of followers and uploading them into a computer. Loved ones could then go to the church and talk to AI versions of their dead family members. The entire thing ends up being a scam. In light of this story</a>, the episode proved to be an accurate prediction:

Jim Acosta, former chief White House correspondent for CNN, stirred controversy on Monday when he sat for a conversation with a reanimated version of a person who died more than seven years ago. His guest was an avatar of Joaquin Oliver, one of the 17 people killed in the Marjory Stoneman Douglas high school mass shooting in Parkland, Florida, in 2018. </blockquote>

Acosta said in the video segment that Oliver’s parents created the AI version of their son and his father, Manuel Oliver, invited him to be the first reporter to interview the avatar. </blockquote>
Much like the avatars created by the Vu Age Church, the avatar of Joaquin Oliver is nothing more than a program with the virtual face of a dead person. The "AI" that Joaquin's parents "created" is nothing more than a large language model that his parents trained with their biases. At least the Vu Age Church could claim to have scanned the brains of followers to create their AI dummies. Such technology existed in the universe of Max Headroom (and was used to create Max). Such technology doesn't exist in our universe. Even if it did, Joaquin has been dead since 2018 and large language models have only recently become accessible to the masses so no such thing could've been used to create an AI version of him.
This is honestly one of the most shameful pieces of propaganda that I've seen. It started with two parents exploiting their dead son to push their narrative. It ended with a bone fide reporter (which is now largely synonymous with propagandist) agreeing to interview the large language model. I can only assume he agreed to do so because the model is pushing a narrative with which he agrees. He can't possible be stupid enough to believe what he was interviewing was an accurate representative of Joaquin Oliver. Then again, maybe he is.
Now if you'll excuse me, I'm going to go setup my pirate TV station for the night. This is Blank Chris signing off.