The days are getting shorter. The sunlight is getting dimmer. And, my eyes are getting weaker. So, I did what nearly no-one else would: I built a power supply and some light panels.

I had a few LED strips left over from project lightboard. These ones were aluminum-backed with a diffuser, and, are 5000K. They are nominally 12V, so first was to connect it to the bench power supply (a BAKU BK-305D). This power supply is, well, it is what it is. Its relatively cheap, its relatively accurate. And, its linear. So, the efficiency is imperfect. It operates by selecting multiple taps fro ma transformer, as your voltage goes up, it switches to the next tap perioidcally so the drop across the output transistors is not too high. Previouly I added a thermostatic fan to it. Nonetheless, its too loud for the lights. Prototype achieved, but, next.

OK, I have a DPS3005. These can be had pretty cheaply and, are quite excellent. They are a buck-converter with a small OLED display, allowing constant-voltage, constant-current, and simple metering. I also have (more than one) old laptop power supply, these are typically 20V. I chose a lenovo one with 65W @ 20V, should be lots.

A quick trip through the 3D printer yielded this case. A bit of soldering, some banana jacks, I chose a XT60 connector for the input (since the Lenovo had a rectangular I dunno what type connector).

OK, installed, a bit of hot melt glue in the usual spots, and, put it in its final place. Now we have a very complex dimmer, and, light.

You are probably asking about the IBM PC jr button. Yeah, I’ve had that for a few years, I got it new back in the day. I’ll let you lookup what day that was.

This was much tougher than it should have been. On the surface, take a small PC with a bunch of Ethernet ports. Slap 1 of them into a cable modem, slap the others into the WiFi system and desktop in the office. Make it be a gateway for v4 and v6. Couple networks (LAN, WiFi, Guest-WiFi). Done. Well. ipv4 was great success. But, getting upstream subnet from ipv6 and then splitting it, well, not so easy. Don your peril sensitive sunglasses if you will read on.

Earlier I wrote about the first problem, receiving a ipv6 address that might change, but having to hard-code that in the DHCP file. Hmm.

Another issue, IPv6 cannot (should not) be subnetted below /64. But, the cableco hands out a /64. They do support prefix-delegation, but, netplan does not. My earlier experience with netplan and its feature gap was not that great, but this is more of a show-stopper.

So, lets do the obvious. Delete netplan. Well, you can’t, but, you can make /etc/netplan be an empty directory, cp /run/systemd/network/ /etc/systemd/network; rm -f /etc/netplan/*; systemctl enable systemd-networkd.

OK, now we are on systemd, it should be all good? Wait? What’s that? prefix-delegation is only supported (as far as assigning an address to an interface so you can do RA or DHCP from it) as of a merge to master the day v245 released Hmm. I’m on v245, is it in or no? (no).

OK, its just code, I got this. But, systemd is a *dangerous* thing. Once doesn’t merely upgrade systemd, its got its tentacles in every aspect of your system.

Hmm. Let’s cherrypick that patch, its pretty simple. Just run:

git diff 5bb67b107f1d618453308c05958d6e987f995ee9^ 5bb67b107f1d618453308c05958d6e987f995ee9 and we have the patch.

Kinda rolls off the tongue, right? Now we do:

git clone and we have the source tree we are using.

Now we do git checkout v245 and patch -p1 < mypatch from above.

Now we run apt-get build-dep systemd and then debuild to get going. Now its time to install and cross-fingers.

So, lets get the config. First, the WAN port:






Now lets do the LAN’s.





(it configures a bridge called LAN which has a few of the ports on it, the others going to the WiFi on a different subnet). I repeated for the various wifi subnets

Now, we have achieved our goal. Each LAN-side interface has a unique IP, on a unique prefix. And we route properly, a few iptables rules, good to go.

My takeaway? I guess not a lot of you are using ipv6 prefix delegation to multiple subnets from your ISP? Or you are not using networkd? Or?

My office is in a (rapidly diminishing) transitional part of downtown Kitchener. Long derelict upper-floors are shrinking but not yet gone. And, some of the characters that inhabit the street are, um, interesting.

A couple of weeks ago I come down the stairs. As i hit the sidewalk, there is a woman sitting on the ground, looking at a pigeon. Pigeon is not flying away, otherwise is normal (for a flying rat that is). I say, “that’s a very tame pigeon”. She then tells me the story, the pigeon has fallen from an upper story, and is stunned, she’s worried for the pigeon. She is coordinating with 2 of the other local street personalities who are coming over with a cardboard box. “Make sure to poke some air holes in there so he can breathe”. Hmm, what is their next step here? Have they thought this through? Soon a few of the local folks will have a pigeon in a box, what next? I didn’t stick around to see how this turned out.

There’s the 3 slightly older gentlemen. In that uncanny valley between ‘unemployed’ and ‘retired’. They sit on the (planter? bench?) and discuss a wide variety of topics, of which they are all most knowledgeable (and loud). And, detailed and long in duration. They are like a cross-over of the two muppets in the balcony (Statler and Waldorf) with the Air Farce Tim Horton’s. Deep topics of world politics are dealt with, debated, discussed.

We also have the violin player. The office is mixed on the violin, i think its very nice and gives us an air of culture as it wafts in the window (and i’ve given him $5 to stick around). Others feel that he could learn another song (doubling the repertoire).

We have some awfully loud conversations with the air. Heated arguments with no one else present. Who doesn’t like a lot of incoherent background yelling while on a conference call?

We have the sad, the woman who ate an entire lipstick tube, slowly, and determindely in front of me the other day. So much red.

And we have the compassion, people stopping by to check in, the soup-deliverers, the coffee couriers. You can see one in the photo above.

Its a rich panaroma of life here. The good, the bad, the ugly. The joy, the tears. The humour, the solemn. Someday I hope that Mar 13 sign can be updated, its like the stopped-clock on the marie celeste for me.

Until then, rock on street opera.

This year, its not exactly the same as previous. The traditional feast of spiral-cut ham or turkey is replaced by tinned herring and crackers this year. At least the cat is probably jealous!

Google has invested heavily in IT security, and, I think has done a decent job of it. All services are TLS by default, identity and authorisation is well dealt with.

So I was somewhat surprised this am to see that Google’s own .com (and .ca) are not DNSSEC setup. I wonder why, there must be a reason.

DNSSEC helps to avoid domain spoofing, which in turn can be used to cheat and get TLS certifications. I’m sure this was a conscious decision. Their server does DNSSEC validation. Its an option in their managed Google Domains. Their Cloud DNS supports it. Just not inbound to their corporate domain.