Adding a trusted certificate for FortiSSLVPN in NetworkManager

I needed to connect to a Fortinet SSLVPN, but the certificate on it had expired. While the official Mac client prompts and lets you connect anyways, Linux with NetworkManager (and the FortiSSLVPN plugin) would refuse without providing any messages. Unfortunately, I couldn’t ask the administrator to renew the certificate. What you can do is add the certificate as a trusted certificate for that VPN. Unfortunately, the interface to do this is unclear, so I’ll try to explain it here.

Continue reading

Loose ideas for operating systems

This post has been copy-edited by doppler. Thanks!

Most research nerds either start writing Unix hagiographies or start stapling a 99-point thesis at the doors of Murray Hill. This is the latter kind of post; I’ll try to cover ideas for systems that could be meaningfully different from current systems. I’ve done a lot of research on existing concepts and existing systems, particularly those that could have been the future. Existing systems can be extrapolated into something new.

A lot of the ideas have been percolating in my head for a while now and are rough ideas for what could be. Perhaps I’ll iterate on them further, or realize there’s a reason no one was doing these before. The main idea is a place to start off, and it iterates from there. Treat it like a buffet of ideas; caveat emptor for people who don’t like musing.

Continue reading

Files with accents not showing from an SMB share on macOS

I recently had an issue where some files with accents were showing, but not all of them. If none of them were showing, I might have assumed an encoding issue, but it’s clear something else was at play here. This was pretty annoying when I wanted to play a specific song.

As it turns out, on macOS, it’s almost certainly a Unicode normalization issue, where Apple is (unnecessarily) strict about Unicode. I seem to keep running into these issues on macOS – I first into it trying to notarize a zip file. Luckily, there’s a tool that can handle this for you.

Continue reading

Ghosts of OSI: The Spectre Haunting IP

The dominance of the Internet protocol suite has made it hard to think of anything else. Yet in the 80s and 90s, an alternative to the IP model (outside of the proprietary vendor-specific suites like SNA or DECnet) was challenging its rise: the Open Systems Interconnect, or the OSI protocol suite. The short story is while IP won, OSI didn’t disappear completely. It left its view of the world, the seven layer stack, in every CCNA course – even when it doesn’t fit IP at all.

More than that, it also left several protocols still in use today and made its mark on everyday software. They might be rebased onto IP, but their origins were in OSI. Who’s still out there?

Continue reading

Why ThinkPads are overrated and misunderstood

Before I begin, I’ll make a note that I actually do like and use ThinkPads. However, I hate how technologists (well, the ThinkPad enthusiast community, often seen on, /g/, or /r/thinkpad) have constantly misunderstood them, be it celebrating workarounds for clumsy flaws, or are completely ignorant of their history. Nowadays, I’ve switched to a MacBook Air (since I want a compact laptop that was lightweight and got good battery life… and I am a sucker for an actually good RISC CPU), but I often buy ThinkPads as a “known quantity” for whatever age of machine I need. That is, I know exactly what I’m getting into, and they’re widely compatible with whatever you throw at them. However, I often recommend other lines of machine, be it something radically different like a MacBook or Surface, or something that’s actually more like what a ThinkPad enthusiast’s platonic ideal of a ThinkPad is, like a Latitude or Let’s Note. This post sums up my opinions why.

Continue reading

Fixing VisualEditor not being able to contact RESTBase server

If you set up a new wiki with MediaWiki 1.35 (since it adds the PHP-based Parsoid server), and you get this error trying to load VisualEditor:

Error contacting the Parsoid/RESTBase server: (curl error: 28) Timeout was reached

It’s because the server is trying to contact itself with the server name (hostname/IP). If it’s a DNS name, then make sure the name it uses resolves to itself; a quick fix was to add it to the hosts file.

RISC-V isn’t as interesting as you think

I had wrote this before the Unleashed was revealed, so some of the bits on economics have changed. As of writing this, I still stand by my other beliefs. One of the most hyped things in hardware design is RISC-V, the open ISA available without license fees. Many organizations including Western Digital have pledged support for RISC-V, and the open source community has a lot of faith in it, and with Nvidia’s recent purchase of Arm, people are concerned. However, I feel these hopes are somewhat misleading, as RISC-V’s openness is less at the benefit of the user and more for CPU vendors.

Continue reading