Transferring Files To The Macintosh SE over Serial/Kermit

The Mac journey continues with me searching for a way to transfer files from my modern PC/Mac onto the old Macintosh SE I recently was restoring; a way without constantly removing the SD card from the SCSI2SD adapter and mounting it in an emulator. After reading a lot of different pages, and hitting different dead ends, or methods that involved a lot of hardware, time, or monetary investment I found an old reliable way to transfer files.

One of the methods I looked at was an ethernet LAN adapter for the Mac SE; the issue I saw was some of them were expensive and a lot of them required more RAM than the 1MB my SE had. I then turned to the serial ports available in the back of the machine. The Mac does not come with a lot of software to help in this endeavor, which made me use the SCSI2SD adapter to load the initial setup on, then I could use the software to transfer after that.

I ended up using the Kermit protocol, the same protocol used to transfer software to the Compaq Portable II. The project was run by Colombia University for many years. While they have since transferred it to be an open source project, the original project files are still on their FTP server, and this offers everything from DOS to Mac to C64 binaries. ftp://columbia.edu/kermit hosts all the files, for archival purposes I also uploaded a clone of that folder to archive.org; https://archive.org/details/kermit_202008 . Kermit is not fast, being serial and the Mac can’t support anything over 57600 baud; but it offers compatibility with almost every OS at this point. Get ready to experience what dialup was like all over again.

Required Hardware:

  • Serial Adapter for the modern computer if your system doesnt have one on it
  • RS-232 to mini DIN 8 cable (I used this one)

To start the connection, I will be using a modern Mac as the server (a modern Mac being a 2012 Macbook Air), and a USB Serial cable to connect to the Mac SE as client. Using homebrew on the Mac, you can install “c-kermit”. Once that is installed search for your serial device under /dev/, mine is /dev/tty.usbserial1420. Please note wherever you start kermit, will be the home folder for file transfers, I suggest making a folder somewhere that you will drop files to transfer.

Server

$ kermit

> set port /dev/tty.usbserial1420

> set carrier-watch off   # Assume there is no carrier signal

> set speed 57600          # Or whatever the speed has to be

> connect

Get ftp://columbia.edu/kermit/mac/mackermit.hqx and get it onto your Mac SE, through some means. I transferred the whole “mac” folder from Colombia’s FTP server onto my Mac SE. I would suggest a SCSI2SD adapter for this initial transfer. You may be able to use a floppy, but you may hit issues depending on your model of SE. Mine has a 800kb floppy drive, so results of writing floppies from a modern PC usually end with it not reading them. Modern floppy drives are cheap working at 1.44mb, and the tracks wont align. Once you have the Kermit app on the Mac open it up.

Select “Settings”, at the top, then “Communications”. Here you can set the speed to the max speed supported of 57600 over the default 9600 baud. Both of these are terribly slow… but there is nothing we can do about that. Make sure to select the Phone or Serial port based on which you are using; I used the Phone port.

Sorry for the odd quality, capturing a CRT isn’t the easiest

Afterwards, click the “File-Transfer” menu at the top, then “Set Directory” to set where the files transferred should end up. Then open the same “File-Transfer” menu again and “Get file from server”; here you can type in a filename that exists in the folder you opened Kermit on the Server.

Taking photos of CRTs is not the easiest…

Now be prepared to wait for a while… Eventually the files will be in the folder you selected and you are good to go!

A few things to look out for, if you have a older Mac SE like the one here and it only has 1MB of RAM, that means you can only run Mac OS 6. (https://www.lowendmac.com/oldmac/compact3.html) I may upgrade this system in the future to its max which I believe is 4MB, but for now I am stuck with 6. This also means I can only use DiskCopy 4.2, and some good amount of classic apps will not work on Mac OS 6. The biggest issue is there are a lot of archives that are in DiskCopy 6 format, which I can’t load on the system.

The first thing I thought I would do is extract the archive on an old Mac VM on my modern computer, then transfer the files onto the Mac Se. Here I ran into a lot of issues with the file types that exist. If you want to go down a weird rabbit hole, the classic Macs used an odd 4 letter system for the file type, and 4 letter for which program created it, http://livecode.byu.edu/helps/file-creatorcodes.php . The Mac mostly ignores file extensions. There are programs such as ResEdit (that comes on the provided SCSI2SD disk image I used in restoration) where you can edit these attributes, but it usually leads to weird outcomes. Kermit tends to bring files over as “text”. StuffIt seems to do a decent job of just looking at the file extension and allowing you to expand it, then those files are the correct type. This whole issue is something to look out for, doubly so on a System 6 machine and can not run DiskCopy 6.

Otherwise stick to websites that say they backup with DiskCopy 4, or get more RAM… Then have fun with the system! Write that novel you have always wanted to write without distraction.

Mac SE Restoration

Years ago someone gave me a Macintosh SE, 20MB SCSI HDD, with 1MB of RAM. I had it sitting in storage and decided it could use some new life; this involved what I found out to be repairing, upgrading, and getting parts for the little machine. Then I was able to come up with a modern way to transfer files to it, so I can get software off the web, then get it onto the system without too much hassle, but that is getting ahead of myself.

Cleaning/Repairs

Last time I used the machine I remember it working, but then when I went to turn it on the system gave a sad mac with an error. In looking it up, http://www.midiguy.com/MGuy/MacQs/SadMac.html#anchorSE&II, I was told it was a RAM error. Power cycling the machine would periodically change the error, and once in a while get the machine to power up.

Getting the case off needs a special long screw driver, which I happen to have. The back only has 4 screws and then lifts off. Any repairs to these systems have to be done with a lot of care since there is a high voltage CRT. Very carefully I removed the cables from the motherboard, and then removed the motherboard itself.

After I removed the case and looked at the RAM, it was fairly oxidized. I happened to have a can of deoxite, I removed and cleaned all the ram and then the DIMMs. After, what I will say was jankily setting up the motherboard, it booted the first time. I did notice one of the legs on the the little slots didnt look at good as the rest, but it seems to work fine now.

Luckily for me the 20MB, 3.5″ SCSI drive still works fine. I ran diagnostics on it and them came back clean. I wanted to be able to download files from a more modern system by I will do a different post about that.

There were 2 more upgrades I wanted for this machine; first the original 1987 PRAM battery was still on the board. Fortunately it had not leaked at all, but I still want to remove it. I purchased a new 1/2AA, 3.6V battery holder and thought I could use the expansion slot in the back to hold it. I am not using the slot, and that way when the system goes into storage I can pop the battery out easily. I had recently gotten a new 3D printer (Ender v3 Pro), and made a mounting bracket. It needed to be mounted on the inside of the bracket because of the high of the battery holder, but it works well!

The last upgrade I wanted was some sort of mass storage. (Mass storage being anything over a floppy with a few MB) I do have a second Macintosh, I think its a Classic but I need to go get it. Someone gave me a Zip 100MB external SCSI drive, but to get that working you need at least Mac OS 6, with the driver installed. The Mac also only has a 800KB floppy drive, making it hard to transfer files to. I have a USB floppy drive, but these newer USB drives are fairly locked to 1.44MB floppies, as well as I couldnt easily read the file format for it.

Enter the SCSI2SD (v5.5 Pocket Edition)! I got it on ebay from https://www.ebay.com/itm/SCSI2SD-V5-5-Pocket-Edition/193496539667, I don’t know the seller, but the item is great. It allows you to write a disk image you make with Mini vMac or Basilisk II onto a micro SD card, then boot the Macintosh from it! Boom solid state drive for your Macintosh. This also allows you to kickstart the process of getting an OS and software you need to hook the Macintosh up to something more modern. There are different models of these SCSI2SD adapters and different versions. Apparently v6 is faster for some systems version of SCSI. My main feature I wanted was a DB-25 connector directly on it, since a lot of these adapters come with an internal header, and I wanted this to be able to go between Macs.

In researching I found this blog, https://www.savagetaylor.com/2018/01/05/setting-up-your-vintage-classic-68k-macintosh-using-a-scsi2sd-adapter/ it has a great guide on how to setup the device and even images to get you going! (I backed up a lot of the files related to the adapter on archive.org if years later anyone needs them) I’ll skip over that since that blog covers it so well. The device allows multiple SCSI device emulation. Note, if you have a Macintosh like mine that has an internal HDD, that is SCSI ID 0, so make your device 1 or later. When booting the Macintosh you can hold Command-Option-Shift-Delete-# to boot to that device. With this setup I was able to transfer an OS install onto the ZIP disk (at 100MB plenty of space), and update the internal system.

I installed Mac OS 6.0.8, later editions need more than 1MB of RAM. For anyone with a similar system I would suggest running in Finder mode, and not Multifinder. Multifinder kept running low on RAM when trying to run applications. At this point the system is up and running, reliably, and I was able to put some games on it. I will have another article about using our old reliable Kermit to transfer files to the Mac!

Email Alerts on Different Platforms

Different network gear I have has had many problems trying to get email alerts working. I thought I would document them. All of these systems use a service gmail address I made on free/public gmail to send alerts to me.

Sophos, and LibreNMS gave me no problems; if you have issues with them drop a comment below and I can post my settings.

Ruckus AP

The trick to getting Ruckus Unleashed, I used “smtp.gmail.com” and port 587. The issue I ran into is the service email I use to send emails had a long password. Ruckus Unleashed v200.8 supports a maximum of 32 character passwords. I would also mention it dumps the password raw into the logs, so make an account you dont care much about.

Unifi Controller

After digging through logs and getting lots of “There was an error sending the test email to x@gmail.com. Failed to send email for unknown reasons.”, I found one post that mentioned a fix for the console log of “fail to send email: api.err.SmtpSendFailed”. You need to once again use smtp.gmail.com, and port 587, but since its TLS, you need to counter intuitively UNCHECK “Enable SSL”.

Altair 8800 Kit

This post will be a bit more brief than some of the others, I was relaxing around Thanksgiving and put this together. Only afterwards did I realized that I was having such a good time, that hadn’t taken too many photos.

The kit comes from Chris over at https://www.adwaterandstir.com/altair/. The version I have is The Altair-Duino v1.4, which came in a bamboo box. There are now other versions, some with acrylic cases! This post will be about version 1.4.

The Kit

The kit comes with all the parts you need inside the box. The main controller is an Arduino, hence the name The Altair-Duino. There is an SD card that you bend the prongs on (more on that later) which holds the disk images. This is a fun straight forward kit, that comes with everything you need minus solder. The Arduino came with the firmware it needed, and the SD card came with disk images preloaded onto it.

Assembly

The kit comes with a spiral notebook of instructions on how to put it together. These are great, color photos of step by step what to do. You can see them here, https://www.adwaterandstir.com/instructions-14/ , keep in mind this is for my specific version. Like many of the other kits, the longest part of this kit is soldering all the LEDs and resistors onto the board. There are a few ribbon cables that go into place, and you are set. Be slightly careful when putting the switches in, they can be a tighter fit into the holes which is great for stability, but they are at the center of the board and it can flex. Once you get it all in the case and screwed down, clearance is a bit low, so make sure the board is ready to go in, when you put it in.

The one part of the setup that is a bit scary, the system comes with a SD card reader that sits flush with the board; if you want it to be accessible from the back of the case you need to bend the 4 legs on it. I used my trusty Radioshack wire stripper/pliers for that!

Software

I connected over USB, the kit also supports Bluetooth on Windows, to get the serial line out and console in. The system supports loading a bunch of programs that are included. The creators website, https://www.adwaterandstir.com/operation/ includes a bunch of guides on things to do. I loaded up CP/M and for fun, of course Zork!

A easy kit to put together, and a fun little project. I now am amassing a wall of these projects, and will have to get a new shelf for this one. Then I will just wonder where Chris found 256mb micro SD cards!

Windows Server DNSSEC Error 9110

TL;DR; Check that your Domain Controllers are in the correct OU and that Microsoft Key Distribution Service is running

I ran into an issue recently when DNSSEC signing a dns zone where Windows Server 2019 gave a very vague error, and would only display that error after 10 minutes of timeout. This made iterating on it very slow since every change I made was a 10 minute wait. Every guide to setup DNSSEC mentioned right clicking the zone, then clicking sign and as long as you select the default it should just work. On another domain, that happened for me and it just worked; except the one original one that kept timing out.

In setting a custom DNSSEC signing policy I noticed that there were different keystores each of which gave a different error. This made me think it was something to do with the specific one I was using. It was time to troubleshoot the service itself not DNSSEC.

I got a list of the services from a known good, and signing, domain controller; then compared that to the bad one to see what was different. Part way down the list I noticed that Microsoft Key Distribution Service was failing to start, and if I tried to start it, there was an error.

Group Key Distribution Service cannot connect to the domain controller on local host Status 0x80070020.

Checking the Event Log showed an issue in finding the Domain Controllers on the network (error above), which was weird because it is a Domain Controller… In looking at where this system was placed in the domain tree, I saw it had been moved from the original OU for domain controllers to another place. I dragged it back, after applying all the GPOs that were on that other folder to the original Domain Controller folder. Then held my breath, hit start on the Key Distribution Service and it started right away.

After that DNSSEC signed with no issues. Long story short, dont move your DCs it’ll only end in pain. And to the one other person on the internet who has seen this problem and never solved it, 5+ years ago https://www.reddit.com/r/sysadmin/comments/3dedwm/dnssec_will_not_sign/ there is your answer!

Managing devices via SNMP v3 in LibreNMS

I started to deploy LibreNMS at home as a way to see all the systems on the network and any outstanding issues they may have. This is outside of log aggregation that I plan to do with ELK. Its been fairly smooth, running through the installation guide, https://docs.librenms.org/Installation/Install-LibreNMS/ for CentOS 8 (my standard Linux flavor at home for servers) was a breeze, then we just needed to add SNMP devices. I’ll post more when the whole system is together and I have a chance to put dashboard together, but for now I thought I would post some snags I hit.

Devices Screen in LibreNMS

SNMP v3 is considered a lot more secure than older versions, so I am sticking with that wherever possible. There are a few commands you need for SNMP v3 in its strongest mode that makes sure no one can read the data, authpriv. Username, password, crypto password; password and crypto password also have different modes available. AES or DES for crypt, and MD5, or SHA for password hashing. Some devices now offer SHA-256, or SHA-512; LibreNMS does not, so lookout for that, a few of mine had to drop down to MD5 to find a matching mechanism. Every device defaults to port 161 with UDP for SNMP. You can also run SNMP over TCP.

Before I dive into different devices and how to configure them to work with LibreNMS/SNMP, I suggest getting familiar with snmpwalk as a command. It lets you quickly test and figure out if your setup is working, since if the settings are wrong in LibreNMS device setup, it erases them for you to start again. Some devices have you white list or select which IPs will be reading SNMP, testing from your LibreNMS host can save you some pain as well.

Windows

Windows Servers easily support it, and have a guide on the site. This page walks you through it, https://docs.librenms.org/Support/SNMP-Configuration-Examples/ and a lot of other devices. This is one where the easy solution is SNMP v2, Windows does allow easy white listing for SNMP servers, that made me feel good enough about the security over not having SNMP v3.

Linux

snmpd via the link above. Your stock LibreNMS host gets a premade config, that can be easily copied.

Ruckus/Brocade Switch on FastIron Switching Firmware 8.0.90d

The below commands add SNMP v3 to the switch. You need to make a group that you specify which privileges it has, then add a user to that group with the required password and crypt password that SNMP v3 in authpriv mode needs. Here 192.168.3.10 is my LibreNMS host, librenmsuser is my user, xxxxxxxxxxxx is my password and yyyyyyyyyyyy is my crypto password.

snmp-server host 192.168.3.10 version v3 priv librenmsuser
snmp-server group librenms v3 priv read all write all notify all
snmp-server user librenmsuser librenms v3 encrypted auth md5 xxxxxxxxxxxx priv encrypted aes yyyyyyyyyyyy

Unifi

The Unifi devices gave me the most difficulty. Ubiquti has a few different product lines that are fairly different, thus searching wasnt always the easiest. I saw a few people say they dont really support SNMP or they only supported v1. Unifi device do support full SNMP v3 😀 They even have a cute icon in LibreNMS!

LibreNMS Device Setup

First I was in the Unifi controller attempting to set v3 info. As noted above there are several pieces of info you need to be able to enter into LibreNMS to get a SNMP v3 client to work. The Unifi interface was confusing because it just mentioned Username and Password?

Unifi SNMP Screen

I thought this may enable SNMP on the Controller itself to read data for devices, but checking netstat showed no new ports or anything changing. So what was happening when I change this setting? That’s when I noticed my AP was back in Provisioning Mode because a setting just changed. ITS CHANGING THE AP ITSELF! AH!

AP IN Provisioning Mode

The latest Unifi Access Points are just little Linux computers, if you ssh onto them and type “help” you get only a few commands, but a quick double tap of tab shows you have all the normal Linux commands.

BusyBox v1.25.1 () built-in shell (ash)


  ___ ___      .__________.__
 |   |   |____ |__\_  ____/__|
 |   |   /    \|  ||  __) |  |   (c) 2010-2020
 |   |  |   |  \  ||  \   |  |   Ubiquiti Networks, Inc.
 |______|___|  /__||__/   |__|
            |_/                  https://www.ui.com/

      Welcome to UniFi UAP-AC-Mesh!

UBNT-BZ.v4.3.13# cd ..
UBNT-BZ.v4.3.13# more snmp.conf
agentaddress udp:161,tcp:161
createUser DanIsTheBest SHA SECRETS! AES SECRETS!
rouser DanIsTheBest authpriv

Going back one level I was able to quickly find snmp.conf, which had all the settings I need, and here they are for anyone who needs them.

Unifi APs Use the following for SNMP v3:

  • Port 161 in UDP and TCP
  • Username is the username you made on the Settings screen
  • Password is your password you set with SHA as the hashing method
  • Crypto is the same as your password, in AES mode
  • SNMP v3 auth mode is authpriv

Sophos XG

This one is also fairly straight forward, you need to go to Administration -> Device Access and set which vlans you want to have access to SNMP. Then go to SNMP at the top and setup your general info and then SNMP v3. This is one OS where for passwords they support MD5, SHA-256, and SHA-512; I had to use MD5 since I couldn’t get SHA mode on LibreNMS to connect to either of those newer SHA standards. I will also mention, when you commit your settings in Sophos XG it takes a few minutes for them to take effect. Set everything, then wait at least 2-3 minutes for it to start working, I was jumping around and couldn’t get my settings to take, then waiting a few minutes allowed it all to start working.

How to use AD users as Admins on Sophos XG v18

As I will be speaking about more on this site soon, I use Sophos XG Home for my homelab (just upgraded to v18). I was attempting to have specific a OU in AD to be able to login and administer the firewall but kept hitting issues. That’s when I found this one support thread, https://community.sophos.com/products/xg-firewall/f/authentication/10879/add-domain-user-account-as-administrator and thought it was worth amplifying.

Setting up AD auth in the product is straight forward, set your domain search as wide as you are comfortable with, because next you import groups that are under that search. Next, make sure to hit the little icon that imports all the AD groups you want, it is easy to overlook.

Import groups button

Now go to the Services tab, and include your new AD servers in your group for Admin Authentication methods. The guides say to make AD first, and in testing I just put one of the servers above local; but this shouldn’t matter too much, local auth still works.

Admin Authentication Methods

Now here is the trick that got me. TO HAVE THE USER SHOW UP IN THE USER AREA OF AUTHENTICATION, YOU MUST HAVE THEM LOGIN TO THE USER PORTAL FIRST. Thus the User Portal needs to also be setup to allow AD auth. After that, the user will appear like below, and you can click in to edit them.

User admin panel

Clicking into the user you can make them an Admin, and set their group. You have to provide a email at this point for the user. BEWARE, MAKING THE USER AN ADMIN IS NOT REVERSIBLE! IF YOU WANT TO MAKE THEM A NORMAL ACCOUNT AGAIN YOU NEED TO DELETE THE USER, AND IF THIS USER IS USED IN ANY FIREWALL RULE OR SETTINGS THIS WILL BE BLOCKED UNTIL THEY ARE REMOVED FROM ALL OF THEM. One fix for this is to make them part of a Admin group that has no rights to anything, but that doesn’t feel like the proper way.

User panel making a user an admin
Error if you try to delete a user tied to policies

Then you should be good to go!

Troubleshooting

Some troubleshooting techniques I used while fixing this: if you don’t have the user imported into Sophos XG, and attempt to login to the Admin panel, you will get “Wrong username/password” and looking at the logs in Sophos you will see “Wrong credentials entered for x@domain”. This is not exactly true and can throw you off. If you login to AD and look at your servers Security logs, it says “User login successful”. That is a good indicator that at least your login is working correctly, don’t get fooled by AD saying success, while Sophos says wrong; the user just needs to login to the User panel first to link the accounts.

Credential Guard on an AMD/Gigabyte system

Recently at work we have been rolling out Credential Guard on our Windows clients. I didn’t know that much about it, so I did some research: https://www.youtube.com/watch?v=urqXgBbVyWY this is a decent video that goes over what Credential Guard does. The high level bits are; it uses Hyper-V to create a secure container that holds your credentials. Then if your main Windows environment is compromised, in theory, the badie cant see your network hash and use it to gain access to stuff. This is just a quick post in case you haven’t heard or dug into a cool new security feature.

There are a few requirements to run Credential Guard, the first is you need Intel or AMD hardware support for virtualization which basically any system in the last 5+ years should easily have. You also have to be running with UEFI and Secure Boot enabled. Both are a good idea anyway, its 2020. This Microsoft page has a PowerShell script you can use to test if your machine is ready and enable bits you need on Windows, https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage .

The easiest way to check if its working, or even configured is to type “msinfo32” in the start menu. Then you can see which security tools are running and which are just configured. This is a nice panel because you can easily see if SecureBoot and Credential Guard are working. There are lots of guides on how to get this working, I want to go over some of the caveats to running this.

Caveat 1: Credential Guard breaks Single Sign On for 802.1x connections. This forces you to use certificate auth with User/Machine level certs. https://www.neighborgeek.net/2016/08/windows-10-credential-guard-breaks-wifi.html for more on that.

Caveat 2: Be careful with your motherboard. I have an AMD system I deployed this on, to get SecureBoot working I had to disable CSM (Compatibility Support Module), and after rebooting not only did my keyboard not want to work, but I had to enter my Bitlocker recovery key. That I should have remembered since I made a UEFI change. The keyboard issue seems to be the B350 motherboard in Fast Boot mode has issues with some USB keyboards. After disabling FastBoot that I got it working happily. With an NVME drive, letting the machine fully load each time and not using fast booting only delays the system a couple of seconds, but lets all the devices initialize.

Homelab: Ubiquiti Mesh Link

In my apartment I needed to get wired networking with VLANs across the apartment. I didn’t want to run a wire since I thought my roommate would not appreciate that. I wanted to have a switch near my desk, that allowed different devices I have like file server, desktop, and a few other things to have a wired link; then, connect to the modem/firewall and rest of the networking gear across the apartment.

Long story short, I ended up using a trick I didn’t know would work till I tried it. I have 2 x UAP-AC-M, they work decently well, topping out at 867Mbps and 2×2 MIMO; as well as being able to get them on sale in a 2 pack for a decent price made them a great deal. I have run 1 of them for 4 years as my main access point. Then when I wanted to get this wire connection in a new room configuration I tried to do a wireless uplink to the second one. This makes it mesh with the first access point. Now the important item I don’t seem written anywhere but works well (caveats below):

Ubiquiti access points in wireless uplink/mesh will bridge that network to the wired port on the device

This means if you have a trunk port going into your original/base mesh AP, you will have the same trunk port coming out the other end. This also means anyone who is running mesh points, and hasn’t secured the wired port may want to think about doing so. I am will skip over HOW to set this up, Ubiquiti has a good guide https://help.ui.com/hc/en-us/articles/115002262328 to walk you through it, and most APs can do wireless uplink at this point; this is more about saying it can be done, and works well from my experience to anyone thinking about implementing this or wants a solution for their home/apartment that is not powerline networking. The APs I have are 2×2 802.11AC, I’m sure with a 4×4 AP like the AC-Pro as your base you may see better performance on higher trafficked lines.

This setup has worked well for me for over 6 months now, I can easily hit the 300Mbps I get from my internet connection on a desktop plugged into this meshed AP’s port; I also get 6ms pings to servers while playing games. You get the benefit of real commercial grade antennas and radios in the APs you are using instead of a tiny wifi chip in a laptop, desktop, or device. This also lowers the number of wireless devices (since all the wired devices would have been wireless instead). I also disabled the secondary AP from hosting any of the SSIDs I have in the apartment, so it just works as a wireless uplink. My apartment is not big enough for 2 AP’s for devices.

Caveats

I am looking to move away from this setup for a few reasons. It has worked well and if you are in a pinch I would recommend this setup much more than powerline networking which I have also tried and used several times. I am hoping to move to 10gb/s networking at home with my growing homelab setup; thus, no more wireless link. The other limitation that 99% of people probably would not care about is that you can not do jumbo packets over wireless, so that means it can not be done from all I have read over a wireless link of this type.

Network Topology

The first caveat is that this configuration slightly confuses the access point when it first starts up. The first 60 seconds or so when the access point is online it will think the wired connection is its uplink and attempt to ping out over it. After that it realizes it cant hit anything and will go to wireless uplinking. Sometimes everything just works then, sometimes I have had my switch be confused about where traffic should go and had to power cycle it; in this case it was just a Netgear Prosafe switch with VLANs, not especially smart, but not the dumbest switch. This is similar to a enterprise networks re-converge time when a link is downed. Overall it is rarely a problem and these APs are solid and can go months between restarts, but this is something to lookout for.

Remember that if a Ubiquiti AP cant get an IP, then it doesn’t broadcast SSIDs; this is important since if the base AP boots (like after a power outage) and doesn’t get a DHCP address quick enough, it wont broadcast, then the mesh side will never find an uplink to connect to.

Management

With the earlier mentioned topology issues you can run into, that can make management difficult. You need to make sure the base side of the network is stable. You can get into a position where you did a bad config push or a setting is wrong on the secondary/mesh side and the only way to fix the config is bringing that AP back to the original wired network and pushing a config to it, before the secondary AP can go back into wireless uplink mode.

US Patent US10530642B1

One of the projects I currently work on at work, and have for the last few years is how to go from a blank stack of servers to a fully configured cluster with my companies software running on it. While some projects were starting and getting going in the open source field when I started this project 5+ years ago, a lot of them kept rewriting their API every minor version rev. That started my down a path that has now become a decently large internal network booting infrastructure, and managing interconnects to our inventory system as well as other systems such as Tenable Nessus. I recently was awarded my first patent! This one is specifically about how my system interacts with the inventory to dynamically assign systems as they come online to clusters.

https://patents.google.com/patent/US10530642B1/en?oq=US10530642

My part of the code was all written in Java and continues to evolve as a platform, I hope to open source a good amount of it down the road. I started the project by reading the RFCs for DHCP/PXE and then writing code. I have grown to enjoy writing libraries and some project this way of adhering to the standard (more on that some other time). The general platform can handle ProxyDHCP PXE booting, and then uses iPXE to create menus and boot systems. I spent many hours debugging different vendors PXE code and BIOS vs UEFI to get all the systems to work. The platform now supports plugins for many different aspects of server configuration.

I could write page about small details I have learned a long the way; one issue that has been driving me crazy recently, if you want to ProxyDHCP instead of using your main DHCP stacks these days is Secure Boot. iPXE does not have a Secure Boot signed image, I have tried to get Microsoft to sign it but they will not unless you are selling a product using that the sign iPXE. I am not I just wanted it for internal use. That means you may want to use grub2 as your loader, but there is a bug that has been outstanding for over 6 years and makes ProxyDHCP with grub basically impossible, https://savannah.gnu.org/bugs/?55636 which is sad.