Nicolas314

All my geeky stuff ends up here. Mostly Unix-related

Archive for the ‘fun’ Category

Put on your shoes

leave a comment »

shoes


– Mister engineer, we are about to leave the house. Could you please lace your shoes?

– I’m afraid I can’t do that before at least next year.

– What? No! We are leaving the house right now. Tie your shoes and let’s go!

– Well, it is obvious you have not been in the shoe-lacing business for quite a while mate. See: in order to tie my shoes I’d have to get my hands closer to my feet. I see three main possibilities:

1. I lower myself down to the level of my feet (and shoes), which is dangerously close to the ground. I could trip and fall, bringing me to ground level with sufficient speed to hurt my nose, probably causing bleeding in the process. Who would want to leave blood on the floor? You don’t want me to hurt myself, do you? This would take us to a large amount of blood cleaning and nose healing, which could take a lot of time and make us both look bad in case someone on the street asks why I have a bloody nose.

2. I could bring the shoes up to my level. Considering my feet would stop touching the ground, I would have very little time to complete the movement needed to effectively tie a knot to what could be considered decent shoe-lacing. Bad knots would make us look bad, and we do not want someone to notice that we are not even able to come out on the street with properly tied shoes.

3. The third and last possibility is to wait for my feet to grow up enough so that my shoes do not fit any more. This would probably trigger some shoe-buying and shoe-replacing, which could then be put to practical use to purchase a new pair of lace-free shoes, which would then solve all the above issues once and for all.

My conclusion is that we should wait until my feet have grown enough. See you in a couple of months.

– Man, you have reached the end of my patience. Let me tie those shoes for you.

– I’m afraid I can’t let you do that, Dave. Your role as a caretaker is not to take responsibilities and do things in my stead, but to teach me to be autonomous and let me do that myself. In addition, may I let you know that I have had these shoes for a few months now and you have never laced them before in your entire life, therefore I am the only suitable person to achieve that.

– C’mere, let me do it.

– Are you questioning my authority with respect to my own shoes? When you bought them you said they were mine!

– They are still yours, let me just lace them.

– You did not understand the above mentioned points. Apologies for my poor choice of words, I always forget that English is not your native language and you may not get the full power of the most subtle nuances.

– Don’t patronize me. Just don’t.

– Oh that was never my intention. In order to patronize someone…

– WILL YOU FUCKING TIE YOUR SHOES?

– Why the harsh language? Is that really needed? I have only given you the current status and all you can do is react strongly against me. I have not invented laces, nor did I decide to place my own hands at a different altitude than my own feet. I suggest you review our options and come to your senses before we do something we might regret.

– Do you see my hand? I swear it can fly and land on your face in no time.

– Let’s not be too hasty now. I would have to inform legal of your perceived intentions and will have to quote your language. Research indicates that people in your situation have very little chances of winning a legal fight that involves strong wording and physical violence.

– … You know what? You… You just stay here, Ok?

– That’s what I have been telling you all the time. Glad you finally came to your senses mate.

Advertisements

Written by nicolas314

Monday 9 July 2018 at 11:08 pm

What time is it?

leave a comment »

clock


– Hello Mr. Engineer, can you tell me what time it is?

– No I can’t.

– Why?

– Well then. You see, my watch is an electronic and mechanic device based on the oscillation of a quartz that imprints a periodic movement to a set of cogs, which are then de-multiplied to lower the base quartz frequency from 32,758 Hz to exactly 1 Hz, i.e. one beat per second.

– That’s very nice. And what time does your watch show now?

– I could tell you but it would not be useful. See, the quartz frequency is not exactly that power of two, it is itself oscillating with a larger period around that value, meaning that my watch can be ahead or behind by some amounts that are hard to measure, let alone predict.

– So it is inaccurate?

– Yes! You can never tell exactly the time with that kind of device.

– Ok… Seriously, what time is it?

– Not only are the watch mechanics imprecise, but they do not take relativistic effects into account.

– That so?

– Yep. Since Einstein we know time is nowhere absolute. When I put my arm up like this, time flows a little slower because of the Earth rotation, and if I put it down like this is goes a bit faster. Or is it the other way around? Anyway, my time reference is unlikely to be the same as yours since we are not moving around in sync.

– Listen, this is all very nice but that was not my question. Will you tell me the time it shows now and I will deal with the imprecision myself?

– No can’t do.

– Why is that?

– Even if you discard all relativistic effects and frequency drifts, the notion of time is not something universal on Earth.

– Care to explain?

– Time is only valid in a given time zone. Since the end of the 19th century we have split world regions according to time zones which keep changing at regular intervals based on political choices. In order to be able to tell you the time of day, I need to know a reference time in a given place and convert that depending on your position on the planet. We could use GMT, which stands for Greenwich Mean Time, but it is not even indicating the current time in Greenwich UK. I could then program a microservice that could give you the current date/time based on an estimated position from your IPv4 address, provided you are not too close to a time border. But then that assumes you have Internet access. Oh wait, do you have an iPhone or an Android?

– Er… Thanks mate. So let’s say we use the current time zone, Ok?

– Do you know if we apply Daylight Saving Time where you stand?

– How would I know? Yes, probably!

– Probably with what probability? Because we could weigh the answer depending on… Hey, where are you going?

– To lunch. I just remembered I wanted to ask you if it was time for lunch.

 

Written by nicolas314

Monday 9 July 2018 at 10:39 pm

Camels

leave a comment »

camels

I read somewhere in a math history book that numbers were actually invented to count camels. Someone wanted to send over a herd of camels to be sold on a market on the other side of the desert and they did not trust the camel escort. How would the receiving party know if some camels had not been stolen on the way? So they used a fairly simple principle: line up your camels, put one pebble in front of each. Gather the pebbles, put them in a small jar, burn the cork, hand it over to the escort.

On the receiving end, break the jar, put one pebble in front of each camel. You will know immediately if camels are missing.

This apparenly went on for a while, until someone figured out that instead of lining up pebbles and camels you could shorten the process by writing signs on the jar to indicate how many pebbles were inside. On the receiving end you just had to look at the signs and compare to what you saw. In case of doubt, break the jar and line up pebbles and camels. And then it was just a matter of time until somebody noticed you don’t need the pebbles and the jar. Just cook a clay tablet in an oven with a text indicating how many camels you are sending.

I have no idea if this story is true or not, but I like the way it stresses the breakthroughs that have happened. Going from a bijection pebbles/camels to a bijection in camels/signs was brilliant. I expect the first attempts were likely to just draw plain strokes on the jar, as many as there were camels in the herd. The next breakthrough was simplifying a whole bunch of strokes into a single sign, e.g. using a hand to signify the number 5. And the last one was to realize that the jar and pebbles were unneeded.

Another shift that amazes me to this day is how money actually works. The first currency tokens had actual value, they were made of metal you could melt and use if you so wanted. When the first bank notes were introduced, they switched from actual value to a potential: the note said that you could obtain real metal if you were to exchange that note in a bank.

We now live in a world where I can pay my lunch by waving a piece of plastic over a radio-equipped terminal connected to a bank. My plastic contains numbers that cannot be found on any other credit card, which are used to authenticate me. Now my bank makes a promise to pay my meal to the restaurant’s bank. No metal or paper changes hands.

Since a few years, things are shifting again. Instead of waving a credit card containing my unique account identification numbers, I can now use a mobile phone that contains a series of numbers that are only valid for myself, my account, for today, and for limited amounts. This is what they call tokenization and the reason it is booming is that it is a lot simpler to store temporary tokens with limited value than long-term banking credentials with unlimited powers. Security needs not be that high, though you still need to be able to authenticate account owners in a very secure way, but there are plenty of ways to achieve that.

Among the strongest methods we know today to authenticate someone, the most popular relies on the fact that you cannot split a big number into a multiplication of primes. If you tried with a gigantic computer, it would require more heat to power than is available in the universe.

We have come a long way since camel-counting.

Written by nicolas314

Wednesday 1 November 2017 at 11:37 pm

Posted in fun

Tagged with , ,

Long live NAT!

leave a comment »

ipv6-no-thanksHome networking can be a lot of fun: setting up a name service, a guest network, or traffic rules, leads to an endless joy of discovering new RFCs or creativity in the very active field of artistic configuration file syntax.

I thought I had seen everything until I tried to set up IPv6 connectivity for my home network. Little did I know that this would eat up so many of my precious free evenings. The following writeup is here to remind me never to try that kind of shit ever again, and as a warning to future generations who might want to dig into this kind of topic. Life is short, there are many better things to do than attempt to set up a new addressing scheme for your home network. Long live the NAT king!

The Start

It all began when I noticed that my ISP provided me with a unique (native!) IPv6 prefix to use on my home network. Something like:

2001:1234:5678:9abc::/56

Since I was not familiar with IPv6 addresses, it took me a while to find out that the first 64 bits of a 128-bit IPv6 address designate a network, and the last 64 are reserved to differentiate hosts on that network. My provider handing me a /56 means I have 64-56 = 8 bits to play with, i.e. I can instantiate 256 home networks, each having up to 2^64 = 18,446,744,073,709,551,616 hosts. Overshot a bit, maybe.

So where do I start? Do I have to install specific software? Where? Do I need to buy specific hardware? How many services are needed? And thereby started my long painful descent into the horrific world of IPv6. Toss and loose 1d20 sanity points immediately.

My ISP unfortunately did not provide any help as to what I am supposed to do with the IPv6 thingie they gave me. No single help page, very few discussions on their forums, and all exchanges I had with customer service were completely useless. Best I could find were discussions between customers of an ISP in the US that provides a similar setup. That is thin.

Say you received a /56 prefix from your ISP. If that prefix ever changes e.g. because you switched to a new ISP, you want things to work automagically because that is the way things currently work with IPv4: changing my public IPv4 address does not change anything to my home network.

In order to do that, IPv6 suggests that home networks use two sets of addresses: the public ones derived from the ISP-provided /56, and another private address space based on something else called a ULA (Unique Local Addresses). You get to choose your own ULA on your home network(s), preferrably based on a good random number generator, but nothing prevents you from taking something like fc00:caca:caca:caca:caca::/48. If anybody else on the Internet picks the same network prefix you will get into trouble when trying to get intimate with each other, e.g. by establishing a VPN between both worlds. We had exactly the same problem when trying to join two sites using IPv4 NAT’d 10.0.0.0/8 subnets, so this is not really a regression. Fun fact: if you have no ULA in France you can always say “Il manque ULA sur mon réseau”.

How do you get to choose this ULA? If you happen to have a single router on your home network it should just be a matter of digging through the router IPv6 setup until you find it. But most home networks are now running multiple routers that are all unaware of each other, and all convinced they are masters of the universe. You will most certainly end up with several ULAs. Some of your devices will get several addresses and you will have to understand your own network topology to know which address to use to access them. Prepare for glorious hours of debugging, which is particularly great when facing addresses that are mostly made of bloody random bits.

Why several routers on the same home network? Simply because you may be running several DSL connections, or maybe you have a VPN started somewhere away from your edge router, or maybe you connected your smartphone and it offers another potential exit to the Internet. You also get a virtual router when you start virtual machines on a desktop.

To make things simpler, every network interface on your machines will also generate a local address that is only valid for its closest neighbours, called a link-local address. Unfortunately you won’t go far with that one as it is not supposed to cross boundaries. Think of it as a 127.0.0.1 that extends to the other side of the cable but not further.

Ok so we have now several adresses for each machine on the network.  Figuring out which one should be used (incoming or outgoing) is just an unspecified, incredible mess. The link-local address can only be used on very specific physical links, the ULA address cannot be routed to the Internet, and the public addresses you have may change at any moment, e.g.  through your smartphone sharing a 4G access.

At that point we have just determined that your printer currently identified as ‘printer’ also known as 192.168.1.20 in IPv4 will now be accessible as:

– fe80:bffa:3d5f:5f8d:b4cf:1749:b01c:5b2f for machines directly connected to it through an Ethernet cable
– fc00:c465:3b76:b34d:38f7:da19:2586:1cbd for machines living on the same internal network.
– 2001:61af:ff44:b148:4fc3:0097:f35d:c806 for machines on the internet when reached through a first ISP, and another public address for each available ISP connection.

Oh joy.

Of course normal human beings are not meant to remember this kind of random shit. For this kind of thing you have DNS.

DNS you said? What DNS?

There are really two ways machines can obtain an IPv6 address: SLAAC and DHCPv6. SLAAC means Stateless Address Auto Configuration, whereby a machine obtains a prefix and derives its own IP address from it, e.g. based on its own MAC address. Cool, right? You do not have to assign individual addresses in static DHCP leases, every machine does it on its own. But then: how do you know which address was self-assigned by your very smart printer?

There are dedicated neighbour-discovery protocols for that, but they are mainly designed to make sure that addresses are locally unique and routers know where to find them. This is only taking care of establishing a link, there is nothing dedicated to associating a name to a self-assigned IP address. And if there was, how would you know who to believe? If two machines on the local network claimed to be ‘joe’, what should happen?

To be fair, there are solutions like Bonjour, also known as zeroconf, but they are unlikely to work on lightweight or old devices. Shoot again.

Back to square one: if you want to reach your own machines using human-usable names you need to run DHCPv6, a protocol that was designed to compensate for such things. And there you go: back to static leases, addresses assigned by a router, attached to a name, and you end up doing exactly the same kind of shit you used to do with IPv4 local networks, except this time the addresses are much easier to screw up.

Even worse: if the self-assigned IPv6 addresses are not related to MAC addresses, it means every single host on your local network will have generated its own random address, forcing you to manually harvest them from all devices. But you know how to do that on your connected toaster, right?

What’s in it for the average home network user? Pretty much nothing. The fact that every single one of your home devices has a potentially reachable address on the intertubes is downright scary. Internet service is for internet servers, not for sensors and other IoT bullshit. First thing you will want to do is bullet-proof your firewall to make sure nobody but you can access your printer from the Internet, and hope things are Ok with your IoT shit.

The story did not just end up with me reading thousands of pages on the Internet and a couple of paper books. I hacked every single computer in my house to run IPv6, starting with the routers under OpenWRT, LEDE, FreeBSD, OpenBSD, pfSense, OPNSense, and later moving on to all client OS machines: OSX, Linux, Android, *BSD, and even some Windows boxes, blimey.  I instantiated dedicated DHCP and DNS servers, configured static addresses, automatic ones, bridges and NATs and firewall rules and what-have-you, and I ended up with some machines working under IPv6 only, some under IPv4 only, some that could use both stacks, and some (a lot) that were just unreachable no matter what. Yeah, I also crashed my Internet access several times. Omelet and eggs.

Let me try to put it this way: some of my home machines are servers, e.g. a NAS or a printer. I want to be able to print on ‘printer’ or mount a share on ‘NAS’ without having to remember random 128-bit numbers. Silly me. Since I want to use names I have to assign addresses myself from a router running DHCPv6. Neither NAS nor printer need to be available to the public. So what did I gain compared to a local IPv4 network? Hmm… Address management is not fun with 32 bits, imagine with 128.

Or maybe I am just old-fashioned, trying to manually assign names to my home machines. This might be an idea for a new product: a router that would automatically identify hosts on the home network and show them on a single web interface, allowing you to assign names and forget about addressing altogether. Might get in trouble when you have several identical devices but I’m sure there would be a way. If such a product exists I have not seen it yet.

On the other hand, if I want to browse the Interwebs in v6, I found out that mounting a SOCKS proxy on a remote cloud box works perfectly well. No need to configure anything, just ssh -D and the IPv6 world is mine to browse.

Summing it all up

Address assignment is not easier than IPv4. Still requires a dedicated DHCP and DNS server, only more complicated to configure. You are facing the tedious task of gathering self-assigned IPv6 addresses from all hosts and copying them onto your DHCPv6 server, hoping the self-assignment method won’t change soon.

Routing is now different, but not easier. New constraints are imposed on knowing which interface to bind to when reaching out to the Internet.

Firewalling the whole thing with a mix of IPv4 and IPv6 might tear you a new one. I can already lock myself out of a router with human-readable firewall rules, I cannot imagine doing the same thing with batshit-crazy addresses and feel safe.

You know what? I will stick to glorious NAT’ing until this mess is sorted out. Good news is that there are many bright people currently working on the topic. All I hope is they eventually come up with something that you and me can use without having to read through a million pages of RFCs, compile obscure daemons, or purchase new boxes as if I did not have enough of them.

Talking about RFCs, this one is trying to gather very sensible requirements about home networks:

https://tools.ietf.org/html/rfc7368

If you have 20 minutes to spare, you should watch this talk:
https://www.youtube.com/watch?v=wQdfWUsG4uI

If you really insist on switching your home network to IPv6, I would recommend reading this rant first:

IPv6 at home (published 2012, still relevant):
http://www.kloepfer.org/ipv6-homenet.html

And to get an idea about how messy it is to get IPv6 configured on Linux:

IPv6 Set up an IPv6 LAN with Linux
https://www.jumpingbean.co.za/blogs/mark/set-up-ipv6-lan-with-linux

In its current state I can only dismiss the current IPv6 definition for home networks as very incomplete and unworkable for non-professionals.  Let’s hope RFC 7368 will be handled by qualified, creative, and pragmatic people.

Til then, there is no place like 127.0.0.1

Written by nicolas314

Tuesday 28 February 2017 at 11:41 pm

EdgeRouter Lite

with 3 comments

erlite-3-900x500

My endless search for the ideal home router made me buy a piece of hardware called EdgeRouter Lite by Ubiquiti. The price point is sweet (around $100), making it a damn expensive home router or a damn cheap professional one. For that price you get:

  • A Cavium Octeon processor: 500MHz, two cores, rated 1000 bogomips, MIPS64 architecture, big-endian.
  • Half a gig of RAM
  • Three GBit NICs
  • No wireless
  • No fan, no noise
  • OS completely contained on an easily accessed USB stick on the motherboard, so essentially as much drive space as you want.

The last point is the most important: by just removing three small Phillips screws you can unplug the original USB thumb drive and replace it with your own, equipped with your favourite operating system. If everything fails you can always switch back to your previous state, put the screws back and call it a day. That should not void your warranty but I am no lawyer.

The provided operating system is called EdgeOS, based on Vyatta, itself based on Debian. It seems Vyatta development is now halted and Ubiquiti is now steering EdgeOS alone. I used EdgeOS on that router for about six months and have to admit being rather satisfied. The router is sold as the fastest switching home appliance on the market, claiming 1 million packets per second. In order to reach that kind of speed with a (dual-core) 500MHz processor on three GBit NICs you need additional specialized hardware that is only available through proprietary drivers provided with EdgeOS. So be it.

I have a beef with proprietary router firmware though: each vendor seems to feel obliged to invent their own management language. Cisco, Mikrotik, Ubiquiti, you name it. Everything is meant to be controlled from the command line, which is great, but instead of navigating through a familiar Unix environment you need to learn half a million new (proprietary) commands, their syntax, side effects, and how to commit, save, or restore configurations.  This is a royal pain in the butt and I have no desire to go get some training to configure a home appliance.

To be fair, open source versions have had the same issue for years, though some made a huge effort to provide good web-based GUIs for configuration and avoid having to invent a new configuration language altogether. Tomato and DD-WRT have really pushed things forward to reach a decent level of user-friendliness. You only need to know about networking and do not have to worry about learning yet another obscure syntax to handle those.

Too bad: both projects seem to be pretty much abandoned today. DD-WRT has not seen a stable release in almost a decade and Tomato still courageously lives on, maintained by a handful of dedicated devs working from home. The communities for Tomato and DD-WRT are dwindling fast in favour of OpenWRT.

OpenWRT is the most advanced open source router project today. It is well designed, based on a single syntax for configuration files, and supports pretty much every piece of router hardware under the sun. The project was recently forked by its own developers into the LEDE project, which is now the version I am following as closely as possible.

Back to the EdgeRouter Lite: what’s not to love?

Beyond the proprietary software and syntax, EdgeOS offers a web-based GUI that looks fancy and neat but covers only a very, very limited portion of what can be achieved through a command-line interface. This is very frustrating. I love command lines as your next geek but don’t force me to learn a syntax I will use nowhere else just to achieve mundane stuff.

After six months of customizing my home router to my own needs, I had gathered scripts lying around e.g. to extract a list of known MACs or some stats.  And when I updated EdgeOS to another minor version, everything fell apart.  That irked me to no end, pushing me once more into the arms of an open source alternative.

Support for alternative firmware for this router is not obvious to find.  OpenWRT has an incomplete wiki page about it. A couple of guys have succeeded in installing FreeBSD but I did not feel up to the task. Debian supports big-endian MIPS64 machines, and a project called DebWRT offers support for this router, merging both Debian and OpenWRT in a single solution. This is cool but I am a bit terrified about using a straight Linux distro to build a router. If all I have to handle iptables is a bash shell and miles of manual pages, this is not going to work, I hate the iptables syntax with a true passion. The unique config file format used by OpenWRT is a real blessing, there is no way I am going back to one config file format per daemon.

So I started from scratch, built my very own version of a LEDE instance, including all the software I want to run on this box. The process is error-prone and it took me several evenings to get straight. In order not to lose information, I will be detailing everything I did in a next post, hoping it could be useful for someone else.

The net result is a pure LEDE box that has been running without hiccups for a few days now. Configuring routes, VPN, DHCP, DNS is a walk in the park thanks to user-friendly OpenWRT. All my scripts are working again, I can handle backups myself, and I even installed dedicated web and Samba servers. Next step will be to install an ad-blocking name server.

I am certainly losing in terms of performance but I won’t see the difference. Without proprietary drivers, hardware acceleration is gone.  This should not be an issue considering my home GBit network is currently handled by a separate switch and my Internet connection is limited to a mere 20MBit/s, magnitudes below what the router needs to provide. The day I get a GBit Internet connection at home, I will always have a choice to switch back to EdgeOS with just one unplug/plug of a USB key. Or maybe someone will have reverse-engineered the proprietary drivers by then?

There is one alternative I have been looking deep into: using pfSense or OPNsense to build my own firewall. The approach sounds good. I believe the BSD family is technically a lot better than anything Linux-based. This is particularly true in terms of network security software.

Trouble is: pfSense/OPNsense is extremely greedy. You can build a 15 euro router with OpenWRT but you need PC-sized gear to run pfSense, including at least 1 GB of memory and a lot more than mere megabytes of storage (OpenWRT fits in just 4 megs). The cost of a pfSense appliance can easily run in 400-500 euros, which does not make any sense from a budget point of view.  Most people going down that road recommend re-purposing an old PC for the task, but I have absolutely no intention of storing a hungry 300W loud old PC box next to my 20Mbit/s DSL modem, this would be insane.

There lies the whole beauty of this exercise: find the cheapest, least power-hungry, and most efficient way to set up a home routing solution that is easy and fun to configure, flexible enough, and secure. I stopped building my own PCs years ago and cover that need now by building small appliances from scratch, compiling the whole OS myself.

Tinkering is fun!

Written by nicolas314

Wednesday 5 October 2016 at 10:03 pm

Empty Trash Fun Sounds

leave a comment »

You can change the default sound played when you empty the trash on OSX Yosemite by replacing:

/System/Library/Components/CoreAudio.component/Contents/SharedSupport/SystemSounds/finder/empty trash.aif

The new sound must be in AIFF format, which you can obtain e.g. using sox on Linux (also available from brew). Here is a link to the sound I currently use:

https://github.com/nicolas314/files/blob/master/burp.aiff?raw=true

Tons of fun for the whole family. Silly but I like it this way.

Written by nicolas314

Saturday 26 December 2015 at 8:46 pm

Posted in fun, osx

Tagged with

My next desktop: part 2

leave a comment »

own-mac-id

Friend of mine (thanks Ben!) introduced me to this site:

http://www.tonymacx86.com/

Everything you need to build your own Mac from bits and pieces can be found there. Tony maintains very detailed shopping lists for everything you need to build equivalents to Apple’s machines.

To err on the pedantic side, you are not really building your own Mac but rather choosing PC hardware that is suitable to run OSX, Apple’s operating system. To be fair to Apple, there is a lot more to a Mac than just OSX.  When you buy a Mac you get a ready-made machine built from hardware that has been tested to just work out of the box. The OS is pre-installed, your configuration is clearly identified and supported, and you benefit from a long-term warranty that has little equivalent in the PC world. This is especially true for today’s laptops that rarely go through a complete year without experiencing hardware defects. If you have ever brought back your MacBook to an Apple store you know exactly what I mean: the service is top-notch, you bought a lot more than just hardware. Enter the store with a broken machine and come out an hour later with a brand new MacBook containing all of your data (unless you fsck’ed up the hard drive, of course).

That said, if you are ready to spend some time maintaining your own machine alive and pay the costs associated with that, it really makes sense to build your own. The next Genius bar is in your living-room if you happen to be a Mac Genius yourself. Ready for the game?

I started from Tony’s shopping list for a Mac Mini. When you dig into it, you realize that some pieces of hardware are not available here in Europe. There are equivalents but you need to know which values to check and if there are chances of incompatibility. RAM for example comes in various flavours: voltage, size, speed, and standard. Some motherboards use dual channel RAM, in which case it is better to buy two RAM chips of equal size rather than a single big one. If you want to have an independent video card you also need to make sure your can power it enough otherwise the box will not even boot. And with great power consumption comes noise and heat to dissipate, for which you need an adequate box and ventilation.  That shit is not obvious to get right and Tony’s shopping lists only get you to a certain point, after which you need to start juggling between what you would like to achieve and what is available to purchase in your region. Some parts cannot be delivered overnight and the risk of picking an incompatible device is high, forcing a return and a few more days of waiting. Not a friendly game to play, is it? Ideally you would like to buy one part and be done with it.

The main points for me were: low consumption, small size, and silence.  These were the three reasons why I purchased a Mac Mini in 2007 and they are still true to this day.

Enter the ready-made mini-PCs: several vendors are now focusing on offering mini boxes that pack enough power into the smallest form factors, keeping heat and noise to minimal amounts. The Intel NUC product line first comes to mind, but there are other vendors now on the same market, like Zotac or Gigabyte. After a careful review of most common options, I chose to go with this one:

Gigabyte GB-BXI5h-4200

You can find Gigabyte boxes (called bricks) sporting i3, i5, i7, or Celeron processors. i3 seemed a bit weak and the i7 boxes are apparently extremely loud, so I opted for a Core i5 version for about 400 euros (Nov 2015). I scavenged an SSD hard drive from an older build I had and only had to add RAM chips on top of that to complete the box: two 8-GB chips from a noname vendor for 80 euros should do the trick.

Now off to installation!

Before I installed OSX, I wanted to give the box a test run with some live Linux flavours to see what it was worth. This led me to a first obstacle: the BIOS. Gigabyte provides a very simplified BIOS (text) interface with absolutely no documentation or online help. You are facing pages of obscure names that do not mean anything at all to the uninitiated, and good luck configuring it.

I admit having stayed away from the whole BIOS/EFI thing those past years and was completely left in limbo as to what I should do. The box could not boot a live Linux Mint USB stick, but I got Ubuntu to boot easily enough.  Seems that operating systems nowadays have to be signed to be allowed to run. I found some options to disable that in the BIOS but that did not get Linux Mint to boot. Oh well. The live version of Ubuntu is nice enough, recognizes all the hardware, and gave me a working desktop in less than a minute. Good to know in case I do not succeed in getting OSX to work.

Prepare to spend some time in the BIOS settings though, because nothing will boot until they are correctly aligned. All together, it took me maybe 2 hours to get things straight by trial-and-error. Not your user-friendly-est experience.

I picked the install procedure from here:

Install Yosemite on any Intel-based PC
RehabMan guide to installing on BXI5h

I chose to install Yosemite (OSX 10.10) and not El Capitan (OSX 10.11). The only brief experience I had with an early El Capitan on my previous Mac (mini) had a disastrous bug that left most fonts completely unlegible on my screen.  Better play it safe and stay one version behind, especially for unsupported hardware. I might update it later as there are many reports of people who are successfully running El Capitan on the same kind of box.

The two main points that caused issues were related to getting the damn thing to boot: the BIOS itself, and the bootloader.

BIOS first: I had to juggle with hundreds of undocumented options until I got them right. For posterity, here are some important settings that are working for me now:

BIOS product: MMLP5AP-00
Version: F6

Advanced:
    Intel Rapid Start Technology: [disabled]
    Network Stack: [disabled]

Chipset:
    Onboard audio: [enabled]
    Onboard LAN: [enabled]
    Erp support: [enabled]
    DRAM Frequency Control: [disabled]

Boot:
    Option 1: [UEFI BIOS on HDD1]
    CSM Parameters:
        Launch CSM [enabled]
        Boot filter [UEFI and legacy]
        Launch PXE OpROM policy [do not launch]
        Launch storage OpROM policy [legacy only]
        Other PCI device ROM priority [UEFI OpROM]

Remember to disable Secure Boot as the OS we will install is not signed. Or rather: its signature is obviously not recognized as an official PC OS.

I could not get Unibeast to boot this machine, so I ended up using Clover which works perfectly fine. RehabMan’s guide saved me there. A million thanks to him for publishing this!

Things I remember from these painful moments:

Installing OSX from USB is quite straightforward. Either you have enough device drivers running and it boots, or it crashes almost immediately. If you get past the OSX setup screens you are good to go. It took about 30 minutes to get OSX installed on the box. This is an SSD drive so disk speed is normally not an issue.

The first time OSX is booted you are hanging by a thread as the bootloader is not installed yet. Do not reboot the machine now or you will have to restart from scratch. You absolutely need to follow RehabMan’s procedure to the end to get all of your device drivers sorted out. Install the developer tools, run git, get the necessary files, modify some XML files manually, and run everything through very carefully. Once you have everything ready you can install Clover on the hard drive. I found it to be a pain to configure and did not dare be too adventurous in the options I chose. If it boots, it suits me.

One part you cannot escape is generate a fake ID for this Mac otherwise you will be locked out of all Apple stuff, including the Apple store. The Clover tools did all of that for me quite nicely. The “About” window shows it is identified as a MacBook Pro retina from 2013 with 16GB RAM, the processor being correctly identified as a 2.3GHz Intel Core i5 (see attached screenshot).

I never got WiFi or Bluetooth to work, even following RehabMan’s instructions step by step. Something is wrong is my configuration somewhere and I could not figure out what exactly. Not really an issue as I am not using radios on that machine. That said, I was curious and got it to work with a 5-euro external USB WiFi dongle from D-Link so it should not be too much of an issue if I ever need WiFi.

Once the bootloader is Ok, the bootloader prompts you for either normal or recovery boot. I never tried recovery, I just assume it works. Cold booting to a login window takes about 10 seconds.

So far everything has been working and the desktop is extremely stable.  There are sometimes issues with the audio system sometimes crashing and not recovering, but it seems to be related to a bug in mpg123, a command-line mp3 player I am sometimes using to preview mp3 files from a terminal. I just switched to using VLC for that kind of task and did not get sound crashes since then. If the sound system ever crashes again, a 10-second reboot fixes everything.

I applied every system update I received so far and did not get into trouble so it seems OSX is happy. Net gains:

  • New box is about half as big as my previous Mac mini
  • Completely silent, even under heavy load
  • Tremendously faster on all accounts! Operations that took minutes before are now measured in seconds. Converting ebooks, encoding movies, or converting flac to mp3 are now a breeze.
  • A lot more comfortable to live with as 16GB of RAM allow to have as many apps running as I want. It is still connected to a 1920×1080 HD screen so the RAM is mostly for apps. I expect things to go differently the day I hook it onto a 4k screen as video memory will be taken from the same 16GB.

The trip was not event-less but by all means, it was worthwhile.

Written by nicolas314

Saturday 26 December 2015 at 8:31 pm

Posted in fun, hardware, osx

Tagged with ,