Display local weather measurements on old tablet in our kitchen.<\/strong><\/p>\n<\/blockquote>\n\n I have:<\/p>\n\n There are obviously some resource constraints here \u2014 device and operating system age, memory limits \u2014 so it was interesting to solve this problem within these constraints.<\/p>\n\n First step after wiping the device was to try visiting the existing Grafana dashboards, to see if it would load.\nThis failed immediately because the certificates had expired.<\/p>\n\n This uncovered the first problem:\nthe device hasn\u2019t received software updates since August 2016, and certificates issued by Let\u2019s Encrypt no longer work.<\/p>\n\n Fortunately other people have dealt with this issue, back when the certs in the iOS trust store expired in 2021.\nThis very helpful post<\/a> on the Let\u2019s Encrypt Community Support forum explains how to manually install the current Let\u2019s Encrypt certs from https:\/\/letsencrypt.org\/certs\/isrgrootx1.pem<\/a>.<\/p>\n\n With the certificates fixed, I tried visiting the existing graphs dashboard again, but now it showed a new error:<\/p>\n\n Not particularly helpful, especially when you don\u2019t have access to Safari\u2019s dev console on the iPad.<\/p>\n\n But! I was able to use ios-webkit-debug-proxy<\/a> to show the errors on a desktop browser.\nThis surfaced a bunch of JavaScript errors for unsupported browser features.<\/p>\n\n Based on this, I stumbled across this GitHub Issue<\/a> that showed Grafana 7.0.6 was the last version that supported Safari shipped with iOS 9.3.<\/p>\n\n This left me with two choices.<\/p>\n\n Keep using the latest Grafana, but use wrp<\/a> (as suggested in this Reddit post<\/a>) to render the page as an image.<\/p>\n\n This is a wild approach, and it was crazy enough that I had to try it.<\/p>\n\n While I kinda got it working, I found there were too many moving parts, and I quickly ran into memory limits on the VPS (it\u2019s running a headless Chrome).<\/p>\n <\/li>\n Set up a standalone instance of Grafana running 7.0.6<\/a>, the last version that worked with iOS 9.3.5.<\/p>\n\n This had a few downsides:<\/p>\n\n At the end of the day, option 2 was the least terrible, and the end users (my family) don\u2019t need to know or care about how inelegant the setup is behind the scenes.<\/p>\n\n The last software thing to set up was Kiosk mode for iPad<\/a>, to show the dashboard in full screen.\nFortunately Kiosk mode still works on older iOS \u2014 thanks to the maintainers!<\/p>\n\n Finally, I had to safely mount the iPad to the wall.\nI used the Dockem Koala Mount 2.0<\/a>, mounted directly into the stud:<\/p>\n\n In conclusion, it\u2019s still possible in 2024 to use older iPads with a bit of work.\nMy recommendation is to stick to things in the browser, or use some of the few apps that still work<\/a> on the first gen iPads.<\/p>\n\n","pubDate":"14 Jan 2024","link":"https:\/\/fractio.nl\/2024\/01\/14\/first-gen-ipad-mini-grafana-dashboard-in-2024\/","guid":"https:\/\/fractio.nl\/2024\/01\/14\/first-gen-ipad-mini-grafana-dashboard-in-2024\/"},{"title":"Using MikroTik Netinstall on Linux","description":" If you\u2019ve used MikroTik<\/a> network gear long enough, you\u2019ve likely run into devices bricking themselves after RouterOS<\/a> software upgrades.\nMaybe you\u2019ve set some configuration that has inadvertently made your device unusable.\nOr maybe you\u2019ve inherited a device and want to start with a clean slate.<\/p>\n\n How do you re-install RouterOS, and maybe reset the device\u2019s configuration too?<\/p>\n\n MikroTik provide the Netinstall<\/a> tool to do network-based RouterOS installs.\nUntil recently you could only run Netinstall on Windows, but Mikrotik recently released a Linux CLI version.<\/p>\n\n As of writing, it\u2019s only been available for a few months, and it has quite a few rough edges, which I have attempted to document here.<\/p>\n\n\n\n The Linux version of Netinstall is janky in several ways:<\/p>\n\n You need to set Linux networking up in a very particular way to make Netinstall work.<\/p>\n\n But before we start, a little background on Netinstall, and another less well-known RouterBOARD subsystem called Etherboot.<\/p>\n\n Netinstall is a binary that rolls a BOOTP\/TFTP server into a single executable.\nThe other half of the equation is Etherboot<\/a>, which is a low-level system built into MikroTik devices for installing RouterOS onto the device\u2019s flash memory.<\/p>\n\n Check the documentation for how to trigger Etherboot for your specific device, but it generally boils down to:<\/p>\n\n Then watch the output of Netinstall to see the device fetch an image and reboot.<\/p>\n\n I highly recommend running a packet sniffer like Wireshark or tcpdump when you\u2019re doing this, to identify any configuration errors.<\/p>\n\n If everything is working correctly, you\u2019ll see Netinstall and Etherboot do a standard BOOTP\/TFTP dance.<\/p>\n\n In my particular case, I was doing this on a cAP ac<\/a> that had bricked itself after an automated upgrade, and was stuck in an Etherboot reboot loop.\nI have also used this process to reinstall RouterOS on a hAP ac lite<\/a> with corrupted configuration.<\/p>\n\n Before you start:<\/p>\n\n Once you\u2019ve downloaded these, you need to set up a wired network, with a default route.\nThe To set up the network on Ubuntu, configure Then apply with:<\/p>\n\n If you have other interfaces (like wifi) shut them down with something like:<\/p>\n\n Then start the netinstall server:<\/p>\n\n Replace The You should see output that looks something like this:<\/p>\n\n Remember that depending on what your device is, when the device comes back up after the RouterOS install, the default configuration may have a firewall on the ethernet interface, so you won\u2019t be able to connect to it.<\/p>\n\n The default behaviour is to serve up a RouterOS image, but keep the existing configuration on the device.<\/p>\n\n If you have uploaded broken configuration to the device, or the configuration has become corrupted, a RouterOS install via Netinstall\/Etherboot won\u2019t be enough.\nYou will need to wipe all config on the target device, by running the previous command with More detail about the Linux version of netinstall can be found on the MikroTik help site<\/a>.<\/p>\n\n You might be thinking \u201cwhy use a proprietary tool like Netinstall when I can use open source tools like dnsmasq to serve up the RouterOS images?\u201d<\/p>\n\n The short answer is: I\u2019ve tried this and it doesn\u2019t work.<\/p>\n\n The longer answer is: Netinstall isn\u2019t serving up just the RouterOS image, it\u2019s also repackaging it in a way that the RouterBOARD on the other end can use.<\/p>\n\n The hint the magic it\u2019s doing is in these two lines of This suggests it\u2019s not just sending an image.\nAt the very least, it\u2019s also packaging up configuration to run on first boot (the If you set up a dnsmasq instance and try serving up RouterOS images via TFTP, you\u2019ll find that the device will not install that RouterOS image.<\/p>\n\n I have no interest in working out exactly what it\u2019s doing, nor maintaining a working open source-based alternative.<\/p>\n\n If you don\u2019t value your time and you want to investigate how to go full open source, I saw one creative solution to this problem on a forum that boiled down to:<\/p>\n\n \ud83d\udc4b, I\u2019m Lindsay.<\/p>\n\n You can use this as a quick debugging guide in case you see something in the wild that surprises you.<\/p>\n\n This document is a set of promises I intend to keep. If I don\u2019t, I expect you to call me out.<\/p>\n\n\n\n At its core, I do three things for the team:<\/p>\n\n I have the responsibility for:<\/p>\n\n I am here to leave this world a little better than I found it. If I\u2019m doing my job well, when I step away from the team for long periods of time, things will continue to function well, and adapt and improve.<\/p>\n\n To be blunt \u2013 the main motivation for me doing a career change into leadership was because I experienced a real mixed bag of bosses. I thought \u201cI can do a better job\u201d, and here we are.<\/p>\n\n What motivates to gets me up every morning is creating a fair and just environment for the people I am responsible for.<\/p>\n\n I will call out things I think are unfair both in the workplace and for our customers, and I won\u2019t hesitate taking a stand on principles.<\/p>\n\n Local rationality rules everything around me. People make what they consider to be the best decisions, given the information they have at the time.<\/p>\n\n Good judgement comes from experience. And experience comes from bad judgement. In my experience, disagreements often come from seeing the same thing from multiple, sometimes conflicting, perspectives.<\/p>\n\n My job is to facilitate building context for the team, so we can make more right decisions, and only make new mistakes.<\/p>\n\n I don\u2019t have high standards, I have extreme<\/em> standards.<\/p>\n\n I expect great work from the people around me, and I will push you to do the best work you have done in your career.<\/p>\n\n If I make you feel like I\u2019m constantly disappointed in your work, that means I\u2019m doing a bad job of setting expectations about what those high standards are.<\/p>\n\n I don\u2019t have all the answers, and I don\u2019t expect you to either.<\/strong> We\u2019ll work together to build context that is a better approximation of reality.<\/p>\n\n Family first, work second.<\/strong> I am a firm believer in working-to-live, not living-to-work. If things are not on an even keel at home, your ability to do work is compromised.<\/p>\n\n Work must never trump your home responsibilities. If your partner asks you to do something important for them during work hours, I expect you to take time to do it. If you have kids, I expect you to take time off for special events.<\/p>\n\n I lead by example \u2013 I take time off during the school holidays so my wife can continue to study.<\/p>\n\n You know how to manage your time.<\/strong> I blanket approve leave requests. You know what is best for you, and I trust you to make the right call for the team and yourself. I view people going on leave as a chaos monkey that tests the anti-fragility of the team.<\/p>\n\n If there is a problem, you will hear about it directly, promptly, and humanely from me.<\/strong> I don\u2019t hold on to feedback. Delays in feedback create anxiety. My priority is to feed it back to you as quickly as possible.<\/p>\n\n I\u2019ll provide feedback throughout the day, mostly through Slack. If it\u2019s something particularly sensitive, we will do a video call.<\/p>\n\n When you have negative feedback for me, I expect it directly, promptly, and privately.<\/strong> Making mistakes is part of being human, and I am no exception to this.<\/p>\n\n I take a very dim view of hearing criticisms of me second hand. When I do hear second hand criticism, you\u2019ll be hearing from me pretty quickly. This goes back to one of my values \u2013 fairness.<\/p>\n\n I go out of my way to take public responsibility for my mistakes. They are often teachable moments that are applicable to an audience bigger than me.<\/p>\n\n When you have positive feedback, please deliver it publicly.<\/strong> I like my work to speak for itself, and I appreciate when you say nice things about my work in public.<\/p>\n\n You won\u2019t have my full attention before 10.00.<\/p>\n\n I have a young family, and my priority in the morning is getting them up and going for the day. If I\u2019m in meetings before 10.00, you won\u2019t be getting the best of me. Deal with that as you will. You\u2019ll have a <50% hit rate if you schedule meetings with me before 10.00.<\/p>\n\n 1:1s take priority in my calendar. This is where you have the opportunity to ask me anything. I will help you build context about what\u2019s happening more broadly across the organisation.<\/p>\n\n We will use the full time. Sometimes there will be things we need to talk about, sometimes there won\u2019t be. Even if you don\u2019t think we have things to talk about, we will use the time.<\/p>\n\n I will hold you accountable for actions that come out of our 1:1s, and I expect you to do the same for me.<\/p>\n\n Scheduling wise, we can do 1:1s once a week, or once a fortnight.<\/p>\n\n With direct reports who have people management responsibilities, I want to meet once a week. With direct reports who are individual contributors, once a fortnight is fine \u2013 but if you find it valuable, I will do them weekly.<\/p>\n\n When I assume responsibility for you, I tend to do 1:1s weekly for two-to-three months, before we mutually decide to adjust the frequency.<\/p>\n\n Given I work remotely, Slack is my lifeline to the team. I am super responsive during the day.<\/p>\n\n Calendar:<\/strong> best to hit me up on Slack before you book anything. I will blanket reject meeting invites that don\u2019t have agendas.<\/p>\n\n Email:<\/strong> This is where information goes to die.<\/p>\n\n I focus on eliminating the negatives way more than I focus on accentuating the positives.<\/strong> I see problems pretty much everywhere I look. I work relentlessly to eliminate those problems. This sometimes means I don\u2019t pay attention to the good things that are happening.<\/p>\n\n It\u2019s something I\u2019m working on and getting better at. Pull me up if you think I\u2019m being too negative on something.<\/p>\n\n I spot dysfunction way sooner than most people.<\/strong> I\u2019m like a hound dog when it comes to sniffing out dysfunction. I have found myself the canary in a coal mine more than once in my career. This has taken a personal toll more than once, and it\u2019s something I\u2019m very mindful of limiting the impact of in the future. If you see me withdrawing, it\u2019s sometimes me pattern matching against past experiences that had Very Bad Outcomes.<\/p>\n\n I think holistically, which sometimes means I hold contradictory views on the same topic.<\/strong> To me, this is a strength when navigating complex systems. I am very good at navigating complex systems. To people around me, this can be frustrating! I can argue three contradictory points in the same number of minutes. I can appear to be hard to pin down on a position.<\/p>\n\n I actively seek contrarian views, sometimes to a fault.<\/strong> Healthy debate and conflict is the lifeblood of the team. I actively create opportunities for dissent. This can be uncomfortable for people who have never worked in environments like this! Apologies in advance \u2013 I will do everything I can to make your introduction to this as gentle as possible.<\/p>\n\n I am very mindful that I am often wrong, and I want to hear what I am wrong about, and why I\u2019m wrong about it, as soon as possible. I don\u2019t have all the answers, but I will relentlessly question until we get a closer approximation of reality.<\/p>\n\n I have a preference for working on product and delivery problems over technical ones.<\/strong> Sometimes this means the team ends up focusing on shipping and going faster, and work to manage tech debt and tech growth gets de-prioritised.<\/p>\n\n Sometimes this leaks into 1:1s (particularly if you are motivated by the same thing). I\u2019m aware of it, but sometimes I still get blindsided by it. When you see this happen, let me know.<\/p>\n\n I am an integrator in a segmenter\u2019s clothing.<\/strong> I have a natural tendency to blend the boundaries of home and work, and seamlessly transition between the two. Given I work from home, this can result in overwork and burnout.<\/p>\n\n I have lots of strategies to create boundaries between the two, like:<\/p>\n\n Call me out if I\u2019m being naughty and working while sick.<\/p>\n\n I won\u2019t add you on Facebook.<\/strong> There is a power dynamic in our relationship, whether we choose to acknowledge it or not. Me adding you on Facebook puts you in an awkward position if you don\u2019t really want to share than information with me.<\/p>\n\n The choice is up to you. If you friend me on Facebook, I will accept.<\/p>\n\n Finally, I think to talk. I don\u2019t often talk to think.<\/a><\/p>\n\n I try to update it frequently and appreciate your feedback.<\/p>\n","pubDate":"30 Jul 2018","link":"https:\/\/fractio.nl\/2018\/07\/30\/my-philosophy-on-work\/","guid":"https:\/\/fractio.nl\/2018\/07\/30\/my-philosophy-on-work\/"},{"title":"A simple proxy service for scrapers running on Morph","description":" When I originally launched<\/a> Got Gastro back in 2008, New South Wales was the only Australian jurisdiction that published data<\/a> about food safety problems.<\/p>\n\n Since then, several other Australian jurisdictions have started publishing their food safety data: Victoria<\/a>, WA<\/a>, ACT<\/a>, and SA<\/a>.<\/p>\n\n As part of building the new Got Gastro<\/a>, I have been slowly<\/a> adding<\/a> scrapers<\/a> for new data sets from across Australia and the UK.<\/p>\n\n The low-hanging fruit has been picked \u2013 NSW and Victoria publish a page\/URL per notice, WA publishes a PDF per notice \u2013 now it\u2019s time for the harder data sources.<\/p>\n\n\n\n South Australia Health publishes a register of food prosecutions<\/a>. The data is not structured. Every single entry is formatted differently. Business names, addresses, dates, and even field names are different for each entry.<\/p>\n\n The clue to what\u2019s going on is in the class name on the content:<\/p>\n\n This is a pretty common thing about public data: often the only reason it has been published is because legislation requires it.<\/p>\n\n If the scale of the data being published is small, folk-systems spring up to handle the demand (in SA Health\u2019s case, a WYSIWYG field on a CMS to handle 6 notices). When the scale of reporting is big, you get a more structured, consistent approach (like the NSW Food Authority\u2019s ASP.NET application<\/a> that handles ~1500 notices).<\/p>\n\n The challenge becomes: how do you build a scraper that handles the variations in data from artisanal, hand-crafted data sources?<\/p>\n\n But it turns out that\u2019s not even the most challenging problem with writing a scraper for this dataset. Sure, there are some annoying inconsistencies that require handling a few special cases<\/a>, but nothing impossible.<\/p>\n\n The problem lies with how the scraper runs.<\/p>\n\n The sa_health_food_prosecutions_register<\/a> scraper runs on Morph<\/a>, a truly excellent scraping infrastructure run by the Open Australia Foundation<\/a>.<\/p>\n\n The scraper scrapes the food prosecutions register from the SA Health website. The SA health website sits behind some sort of Web Application Firewall. It\u2019s assumed this WAF is meant to block nasty requests to the website.<\/p>\n\n Unfortunately, the WAF blocks legitimate requests from Morph, which means the scraper fails to run. The WAF sometimes returns a HTTP status code of 200 but with an error message in the body. Sometimes it just silently drops the TCP connection altogether. This behaviour only exhibits on Morph, not when running from within Australia.<\/p>\n\n Bugs that only show up in production? The best.<\/p>\n\n To make the scraper work on Morph, we can build a simple Tinyproxy<\/a>-based proxy service running in AWS to proxy requests from Morph to SA Health\u2019s website. The proxy is locked down to only accept requests originating from Morph.<\/p>\n\n The proxy service must be:<\/p>\n\n The last point is key.<\/p>\n\n When I originally tested this proxying approach, I did it with a Digital Ocean droplet in Singapore. I forgot about it for a couple of weeks, then accidentally killed the droplet when I was cleaning up something else in my DO account. Aside from the fact that the proxy\u2019s existence and behaviour was opaque to anyone but me, I wanted other people to be able to use this proxying approach. More selfishly, I didn\u2019t want future Lindsay to have to remember how this house of cards was stacked.<\/p>\n\n To keep costs low and the service resilient, the proxy service uses the AWS free tier, and autoscaling groups.<\/p>\n\n There is Terraform<\/a> config in the scraper\u2019s repo<\/a> to build a proxy instance and supporting environment. The Terraform config:<\/p>\n\n When the scraper runs on Morph with the Once you clone the repo<\/a> and set some environment variables, you can start planning your changes:<\/p>\n\n To apply the plan:<\/p>\n\n To destroy the environment:<\/p>\n\n This Makefile approach was borrowed from hectcastro\/terraform-aws-vpc<\/a>, from which this Terraform config was forked.<\/p>\n\n To keep Terraform changes consistent, all changes to the proxy service are run through a Continuous Deployment pipeline on Travis<\/a>. This means no changes to the \u201cproduction\u201d service are done locally. This is important for creating visibility for new contributors of how the service runs and changes.<\/p>\n\n Terraform relies on \n
![\"photo](\"\/images\/posts\/2024-01-14\/weather-station.png\")
<\/li>\n ![\"photo](\"\/images\/posts\/2024-01-14\/rpi-sdr.png\")
<\/li>\n Trial and error<\/h3>\n\n
If you're seeing this Grafana has failed to load its application files\n<\/code><\/pre><\/div><\/div>\n\n![\"screenshot](\"\/images\/posts\/2024-01-14\/grafana-wont-load.png\")
<\/p>\n\nCrazy or annoying: pick one<\/h3>\n\n
\n
\n
![\"photo](\"\/images\/posts\/2024-01-14\/ipad-in-situ.png\")
<\/p>\n\n\n
Netinstall is only one half of the solution. The other is Etherboot.<\/h2>\n\n
\n
How to run netinstall on Linux<\/h3>\n\n
\n
netinstall<\/code> Linux binary will not work<\/em> if you do not have a default route set, and will output FAILED TO REPLY<\/code> which is an awesomely unhelpful error message.<\/p>\n\n\/etc\/netplan\/50-cloud-init.yaml<\/code>:<\/p>\n\nnetwork<\/span>:<\/span>\n version<\/span>:<\/span> 2<\/span>\n ethernets<\/span>:<\/span>\n eno1<\/span>:<\/span>\n addresses<\/span>:<\/span>\n -<\/span> 192.168.88.100\/24<\/span>\n routes<\/span>:<\/span>\n -<\/span> to<\/span>:<\/span> 0.0.0.0\/0<\/span>\n via<\/span>:<\/span> 192.168.88.1<\/span>\n<\/code><\/pre><\/div><\/div>\n\nsudo <\/span>netplan generate\nsudo <\/span>netplan apply\n<\/code><\/pre><\/div><\/div>\n\nsudo <\/span>ip link set <\/span>dev wlp0s20f3 down\n<\/code><\/pre><\/div><\/div>\n\nsudo<\/span> .\/netinstall -a<\/span> 192.168.88.1 routeros-mipsbe-7.1.1.npk\n<\/code><\/pre><\/div><\/div>\n\nrouteros-mipsbe-7.1.1.npk<\/code> with your image name.<\/p>\n\n-a<\/code> flag says what IP address should be assigned to Etherboot clients when doing the Netinstall dance.<\/p>\n\nUsing server IP: 192.168.88.100\nStarting PXE server\nWaiting for RouterBOARD...\nPXE client: 01:23:45:67:89:10\nSending image: mips\nDiscovered RouterBOARD...\nFormatting...\nSending package routeros-mipsbe-7.1.1.npk ...\nReady for reboot...\nSent reboot command\n<\/code><\/pre><\/div><\/div>\n\n-r<\/code>.<\/p>\n\nYou can\u2019t use non-MikroTik tools (like dnsmasq) to serve up the RouterOS images<\/h2>\n\n
netinstall<\/code> output:<\/p>\n\nFormatting...\nSending package routeros-mipsbe-6.48.1.npk ...\n<\/code><\/pre><\/div><\/div>\n\n-s<\/code> flag), or signalling to wipe existing configuration (the -r<\/code> flag).<\/p>\n\n\n
I wrote this so you understand my philosophy on work.<\/h2>\n\n
I\u2019m here to route information, remove roadblocks, and shield the team<\/h2>\n\n
\n
\n
I value fairness, context, and pride in work<\/h2>\n\n
Fairness<\/h4>\n\n
Context<\/h4>\n\n
Pride in work<\/h4>\n\n
My expectations are few but firm<\/h2>\n\n
Feedback will be direct, prompt, and humane<\/h2>\n\n
My office hours are 10.00 to 17.30<\/h2>\n\n
1:1s are the most important conversations I have<\/h2>\n\n
Slack is the best way to contact me<\/h2>\n\n
I have some quirks. I\u2019m working on them.<\/h2>\n\n
\n
This document, like me, is a work in progress<\/h2>\n\n
<div<\/span> class=<\/span>\"wysiwyg\"<\/span>><\/span>...<\/div><\/span>\n<\/code><\/pre><\/div><\/div>\n\nThe scraper<\/h2>\n\n
Designed to be cheap, resilient, and open<\/h3>\n\n
\n
\n
MORPH_PROXY<\/code> environment variable set, it connects through the ELB to the Tinyproxy instance, which then proxies the request on to SA Health\u2019s website.<\/p>\n\nDrive changes with
make<\/code> and environment variables<\/h3>\n\nmake plan\n<\/code><\/pre><\/div><\/div>\n\nmake apply\n<\/code><\/pre><\/div><\/div>\n\nmake destroy\n<\/code><\/pre><\/div><\/div>\n\nWrap it with a Continuous Deployment pipeline<\/h2>\n\n
.tfstate<\/code> files to track state and changes between Terraform runs. Because Travis starts with a clean git clone every build (and thus no .tfstate<\/code>), terraform config<\/code> is used to push\/pull persistent state across builds.<\/p>\n\n