Netgate SG-4860 installed

Finally got rid of the last soekris/pfsense router in my empire. This sg-4860 replaces a net6501-70 that had 8 intel interfaces. I “need” (well, use) five, and have plans for a sixth subnet. The Netgate box has six interfaces so it suffices both for the current needs and the planned one-additional subnet. I don’t anticipate ever going beyond the sixth subnet, and if I do there’s always VLAN trunking options to get more interfaces out of the existing box (and/or multi-hop routing via a secondary router)

Installation went without any glitches. Still running pfsense in basically the same configuration; just had to update the interface names in the configuration XML file.

Now the question is what to do with an old, but perfectly functional, nanoBSD/freeBSD box…

Ordered replacement for my last Soekris router

I am down to my last (and largest configuration) net 6501 pfsense router, and just ordered a replacement for it from netgate. I’ve already replaced two other routers in my world (at other locations) with netgate products. The nice thing about them is they are directly supported with pfsense, so it’s just an easy way to go once you’ve decided to run pfsense.

This last one, at the hilltop, has been up now for over 454 days:







The router is (obviously) on a UPS. I’ve had the router for even much longer than that; I’m not entirely sure what made me reboot it over a year ago – probably a software upgrade.

Alas, it is time to replace it, primarily because I want to be able to run the newest versions of pfsense that no longer support 32-bit platforms. This box can run in 64-bit mode, but the board itself lacks one specific feature the generic freeBSD 64-bit build requires. I know I can still run pfsense by taking the stock distribution and wedging in a custom kernel build, but it just seems wiser to replace this box with something newer and fully supported anyway.

I took the easy (albeit expensive-ish) way out and ordered a netgate SG-4860-1U. I use 5 different networks in my configuration (only four made it into the screen capture) and though I could certainly achieve that via “router on a stick” with VLAN trunking and a suitable switch, I prefer to have a router with true multiple NICs on general principles.

Not sure what I will do with the soekris box when the new netgate gear arrives; it makes a great Unix freeBSD sandbox but I really have no use for such a thing. Maybe I can turn it into some ridiculous lego contraption controller someday 🙂

Amazon AWS Route53 Region: us-east-1

This is one of those things that seems hard to find even though it is in fact documented, so I thought I’d post this note in the hope that someday it will pop up on someone’s google and be helpful.

So, here are some keywords of note: This is about Route53, the DNS service in Amazon AWS, and the “region” field. The way I ran into it I was using the DynamicDNS feature in my router (pfsense), which can directly update a Route53 record. But it wants the ZoneID in this form:


I had a ZoneID — they look something like “Z2X8NGLIQTGFO4” (I’ve altered this from what my real ZoneID is of course). But I didn’t know what my region is. In general “my” (best/default) region is “us-west-2” but that didn’t work (generated a complaint about an invalid region). I couldn’t find any way to reveal what the correct region for my Route53 service was.

The reason is … all Route53 services are in us-east-1. That is in fact documented but you really have to dig into the AWS docs to find it if you didn’t already know where to look. So, since it took me a while to find, I wrote this note, in the hope that someone else might stumble onto it via google and get to this answer more easily than I did.

It’s extremely frustrating because the user interface will show you the ZoneID but seems to have no information at all on the Region. It would have been nice if they threw that in the info panel even though the answer is always just us-east-1. Oh well.

2017 WSOP Results

Back from too-much-Vegas. I didn’t go for the entire WSOP I just went for two separate shorter visits. I played fewer tournaments than I have in years past and took more days off; it was much more civilized that way.

I’m reasonably happy with my results. I cashed 64th in a WSOP $2500 NLH (1086 runners). I busted out early in a WSOP six-max. I cashed in several side tournaments, the deepest one being 13th in an $1100 Wynn NLH (486 runners if I remember right).

My Main Event wasn’t very satisfying; I busted on day one. There weren’t any specific bad beats or crazy situations; it was just one of those tournaments where you keep making strong hands that turn out to be second-best and you end up having to pay off the value bets. Then of course you eventually get down to the point where you are looking to jam pre and race. My final hand was a truly well-executed trap that got my opponent all-in preflop w/K8 vs my AK, but … well, I did already tell you that it was my final hand. 🙁

At a Venetian cash game we got confirmation that people still don’t understand the rules about when short all-in raises do or do not re-open betting action. The hand went like this post-flop:

  • Three Players, A, B, C.
  • A bets $45
  • B makes it $135 (a raise of $90 over A)
  • C pushes all-in for $195 (a raise of $60 over B)
  • A calls. He clearly could have raised if he wanted to, as he is facing a total raise of $150 from his initial bet of $45, and of course B’s raise alone re-opened action to A. That’s not the question here, and anyway as it played out he just called.

Now we get to the interesting part. B says “ALL IN”. To review at this point: he had raised to $135 (when facing $45) and now was facing an incomplete raise to $195  from an all-in. The dealer does a quick calculation and says that since C’s all-in, which is not a complete raise, was $60 over the $135, and B’s original raise size (the size of the raise, not the total bet) was $90, that B can raise here because $60 is more than half of $90.

The dealer was misapplying the 50% rule, which is a rule about mistakes (e.g., throwing out $300 if facing a bet of $200) and is not supposed to be used for short all-ins.  I’ve written about this before though more from the perspective of TDA rules and tournaments. But this particular rule applies equally in cash games and tournaments.

At this point the dealer incorrectly allows B’s ALL-IN, and player A questions whether that should have been allowed. The dealer reiterates “yes, because over 50%”.

I wasn’t in this hand and I was a little bit conflicted about what the right thing to do at this point was. The rules explicitly say that players should “protect the integrity of the game by pointing out errors that occur” and this is an error, but there’s also a strong sense of “mind your own business” in cash games. I decided that it was likely someone would be upset either way – whether the error was corrected or allowed to stand and so I blurted out: “I don’t believe that’s correct; the rule is it has to be a full raise”.

At which point the dealer recalculated the $90 and $60 deltas and asked me to confirm his ruling because it was more than 50% of the way (if you are paying attention, you will note that this means the dealer didn’t really listen to what I had to say).  At this point one of the players in the hand SHOULD have called for the floor, but none of them did. I decided I had made the only factual statement I could make and answered all further questions (there were several) with “I’m not in the hand.”

After a few moments of confusion with a bunch of other players chiming in the dealer did the right thing and called the floor over.

The floors at the Venetian are all pretty good and this one gets it right: Ruling: B cannot raise. The floor reiterated that it takes a FULL raise amount to re-open action; the fact that the $60 incomplete-raise of the all-in is more than 50% of the way “there” was irrelevant.

As the hand played out it turns out none of this really would have mattered either way to the action. It was nice to see a confirmation of the rule in practice, and it was nice that no one in the hand threatened to kill me for sticking my nose into their business. 🙂

Goodnight Soekris

Sadly, Soekris is shutting down:

Soekris Engineering, Inc.

April 24, 2017
Due to declining sales, limited resources available to design new products, and increased competition from Asia, Soekris Engineering, Inc. has suspended operations in the USA as of today.

It has been our pleasure to serve our customers over the last 16 years. We are proud that we provided reliable, low-power communications computers Made in the USA to many markets worldwide.

Thank you for your business.

I built several pfsense routers with various soekris boxes and they’ve all been running flawlessly for years. I just looked at my router at the hilltop and it has been running for 381 days without a reboot (this router is on a UPS for no especially good reason but it does allow for long uptime runs).

The box has no fan, no moving parts (the filesystem is a nanobsd configuration on a CF card), it’s rack mountable, and it has six ethernet ports (I added a 4-port PCI card). It’s awesome.

The pfsense folks sell hardware (Netgate) now customized with pfsense right out of the box. I have one of their boxes in another location and it works perfectly well too, though I wish they’d support a nanobsd configuration (for the read-only filesystem and the alternating/two-boot-slice concept for updates).  Eventually I’ll change out the soekris boxes for newer gear; but for now … 381 days  of uptime and counting.


Oldest “Neil Webber” reference

Inspired by finding some thirty-year-old code of mine online, I wondered if there were any even older references… and I found one!

In the summer of 1979, having just graduated high school, I worked on a macro intepreter for the Initial Graphics Exchange Specification while I was a summer intern at the National Bureau of Standards (now called NIST). I wrote an interpreter for the MACRO statements that were proposed as part of that specification.

I found several copies of the full version 1.0 IGES specification online. This one is in text form:

Being text you can easily search it for “Neil Webber” and find my name. 🙂

The actual design of the MACRO language syntax is a hoot and reflects the FORTRAN language practices of the time. For example, variable typing is determined by the first letter of the variable name.

I didn’t design this language syntax all I did was implement a processor that could run the macros and generated IGES statements from them. I vaguely remember that I called the program “bigmac” because it was a macro processor and it was “big” (meaning 64K-ish). It ran on a PDP11 under v6 Unix.

The IGES 1.0 document was published in 1980. This is the oldest reference to any of my work that I can find – partly because I’m pretty sure this would be the oldest bit of my work that was ever referenced anywhere.

I have not, unfortunately, been able to find any copies of the source code of the macro processor. I’m pretty sure NBS released it because part of the point of asking me to implement it as a summer intern was to show that the MACRO capability wasn’t “too hard”. I’m sure my program was probably an embarrassing mess of bad technique; on the other hand, having a summer intern implement the MACRO processor probably helped make the argument that it wasn’t “too hard” to do. 🙂

Thirty year old code almost still compiles (and does still work!)

Thirty years ago, in February of 1987, I published some code of mine on net.sources:









There is so much deliciousness in this old post, including evidence that my affinity for the word “actually” goes a long way back.

Because I was a hardcore Amiga nerd back then (as opposed to simply now being an all-around hardcore nerd), I also submitted the program for inclusion in the “Fred Fish Amiga Source Disks” that he (Fred Fish) used to curate. It was included on disk #66 and still available as “MallocTest” online here:

For reasons surpassing understanding, I decided to download that code, unpack the archive (that itself took some research), and see if it still compiles and works.


Well, almost. It generated over 40 warnings on my Mac, mostly related to modern declarations of C library functions vs the mismatched (if even present at all) declarations in the code.

It did generate one fatal error – one of my functions does not return a value but is not declared void. I’m pretty sure that’s because the “void” type wasn’t universal back then, and in any case it was common practice to just fall out the bottom of what were implicitly void functions (that had been implicitly declared as “int”).

So, I had to fix that to get it to compile; here’s the diff that made the thirty-year old compile:

> void add_to_events (struct memevent *);
< add_to_events (m)
> void add_to_events (m)

With that change, it still compiles and works! The code itself is a time capsule of everything that was wrong with software development back in the late 80’s, including most importantly the fact that the malloc/free library on a given machine might have a bug in it that this feeble test could uncover (which, apparently, it did, though I have since forgotten which platform I was researching malloc/free problems on at the time).

Presented, for your amusement:


FeelTech FY3224S Grounding Modification

I have one of those cheap FeelTech FY3224S  (FY3200S 24Mhz version) function generators. Sometimes sold under different brand names, including “Moo Hoo” and no-name at all, and sold by  “banggood” (not making that up!), amazon, and other online stores.

There is an extensive thread about these on that includes this post about getting a shock from the device:

I was just using my Feeltech FY3224S and felt something biting me…the culprits turned out to be electrons…I was getting a shock.  When I measured AC voltage with a multi-meter from any of the ground points on the Feeltech (e.g. the outside of the BNC connectors) to AC ground, I had around 19vrms

Here’s another blog referencing this same problem: He measured 82V peak-to-peak. On my device I measured 45V rms or so with nothing connected to the outputs, and measuring between the BNC grounds and earth ground. As all of these write-ups point out, there isn’t enough current to be dangerous; you “just” get a tingle. The problem is caused by the use of a switched-mode power supply not properly implemented for use with floating DC outputs (which this device has).

The best, but most complex, fix is to rip out the switched-mode power supply and replace it with a linear supply suited for floating-DC output configurations.

An easier solution, which many others have also done, is simply to tie the DC grounds to earth ground. In other words, don’t let the DC outputs float. I decided to do that, with a switch enabling me to go back to the original (floating) configuration if ever needed for some specific reason.

The eevblog thread is full of examples of people doing exactly what I did, so it’s not anything new. I’m just documenting it here on the assumption someone might find it useful anyway.

The original back of my generator looked like this:

You will note that the A/C input is two-prong and is not polarized.

I had a so-called “mickey-mouse” (C5/C6) power inlet that doesn’t take up much more space than the original two-prong inlet. I enlarged the opening as necessary with a rasp to accommodate the three-prong inlet. I also had a suitably-sized SPDT round rocker switch (SPST would have sufficed) and mounted it as shown below:


The idea of mounting it there is that the ground symbol already present serves as the label for the down-position of the switch; I wired the switch so that when it was down the BNC grounds would in fact be grounded to the earth ground. If you are wondering why the C5/C6 connector is sometimes called “mickey mouse” take a closer look at the above picture and you should be able to figure it out.

This picture shows the inside wiring:

I added the green wires going from the ground on the power inlet to one side of the SPDT switch, and from the center (pole) to the ground lugs on the back-side BNC connectors. But what about the front connectors? Well, all the DC grounds on this device are all connected together, so grounding these back here grounds them all. Obviously, the same observation leads to the conclusion that I did not need to tie both ground lugs together back here; just connecting to one or the other would have been sufficient. However, these two connectors are hooked up to the main board by two separate wire assemblies each with its own separate plug/jack, so by wiring both grounds here the grounding will still be effective even if one of those plugs works its way loose someday. But, realistically, that green connection between the two BNC ground lugs is superfluous.

In the original configuration the input power was not polarized; consequently sometimes the front panel switch was interrupting the hot A/C lead and sometimes it was interrupting the neutral A/C lead, depending on how you plugged the unit into the wall. A three-prong plug is obviously inherently polarized, and I made sure to hook up the power inlet such that the hot side went to the switch so that the input power would be fully cut off at the switch when the device is off (vs the circuit being interrupted only on the return/neutral leg).

I buzzed out the connections to make sure I knew which one was which:

This shows that the connections, when viewed from the back of the mickey-mouse connector, match up with the connections when viewing the plug face-on (the picture shows the not-connected configuration). From there I looked up which prong in an outlet was hot vs neutral. I was reasonably certain I knew this but looked it up again anyway. I carefully labeled and checked my approach 17 times to make sure I wasn’t confusing myself between the “outlet left/right” view and what I would see when soldering the back of the connector.

Obligatory safety disclaimer: don’t try any of this if you aren’t knowledgeable and skilled with 110VAC circuits. I’m not even going to tell you which one of the prongs is hot vs neutral because if you need me to tell you that, you probably shouldn’t be doing this!

Once I wired up the 110V inputs everything was ready to go back together. Here is is all buttoned up:

I used my label maker with a black-on-clear cartridge to add the FLOAT label at the top of the switch. The ground symbol already there serves adequately as a reminder for the other position. I didn’t quite get the FLOAT label lined up exactly right. I could fix it, but the switch is going to stay in the “ground” position 99.99% of the time, and all this is in the back of the unit, and only some of my overly OCD friends will notice or care. It stays as is.

With everything buttoned back up I tested the grounding:

This is showing 600 microvolts with the rear switch in the ground position. I should mention that the other multimeter lead was hooked up to a convenient ground elsewhere in my lab set up and that ground was coming from a different wall outlet. Many of my circuits are “home run” back to the panel so there might in fact have been a hundred feet (or more) of romex between these two ground connections. So a non-zero ground potential difference doesn’t surprise me, if we consider “600 microvolts” to be “non-zero” (and not a meter artifact either).

In the original, floating, configuration we get 48 volts:

That will tingle! Obviously the switch will usually be left in the grounded position and if I need a floating function generator I’ll just have to be careful, or spring for a “real” piece of kit instead of this $60 cheap, but rather useful, hack piece of equipment.

One last point, as mentioned in the eevblog threads and elsewhere. The USB port on this device is not ground-isolated. So if you want to float the device (the original configuration), AND you have a computer plugged into the USB port, AND if your computer is grounded (which it won’t be if you have a laptop running off a battery), then the USB ground will de-float the generator output. I suppose it’s also possible that if your computer is floating then the 45 volt “tingle” might make it to your laptop? Ick. In any case, it’s something to be aware of.

I did buy a USB isolator board from Adafruit. This can be used externally if I ever need to float this generator AND have the USB hooked up; alternatively I may explore permanently installing it into the device on general principles. The primary use for the USB port is for defining custom waveforms, which is something I don’t have any immediate need to do. So for now the USB isolation goes onto the “to-do” list and in the meantime I’ve got a function generator that will no longer “tingle” me unless I want it to.

Update: FY2300H

There is another version of the generator out now, the FY2300H (model numbers go backwards? lol!). A 60MHz version is more expensive than my 24MHz version: $330 vs around $90 for mine, but also obviously can provide faster waveforms. Here’s one at Amazon:

They seem to be available at varying prices for other speeds at AliExpress. The cheapest is $80 for a 6MHz version, and I found links for $130 for a 25MHz version though they were out of stock as I write this.

Note this interesting broken-english description:

With the new design of power supply, the utility model eliminates the disadvantage of small amplitude signal interference of the power supply of the hand-held instrument. (10mV small signal still has the perfect signal feature)

and as you can see from the pictures, it has an external wall-wart power supply. Presumably they provide one that is implemented properly and thus fixes the AC mains leakage problem of the power supply built into the FY3200 series. If I didn’t already have my other unit I’d probably buy one of these, even at the higher price (which will likely come down over time if you wait) rather than perform the modifications shown here, especially since that would give me a generator that could DC-float without AC mains leakage whereas the grounding modification only fixes the leakage when you aren’t floating the generator outputs.

pfsense router – almost 1 year uptime

I’m running a pfsense router on a (somewhat obsolete now but still serviceable) dedicated soekris box as the router for my (40 acre) hilltop “empire”. I have a somewhat complicated network topology: my Time Warner cable modem is in a building at the bottom of my hill but my house is uphill about a quarter-mile (as the wires run) away. I have a multi-mode fiber connection between the cable modem downhill and the router uphill, from which four internal networks emanate:

  • HILLTOP: my internal network.
  • GARAGE: runs back down the hill (on another fiber pair) to a separate maintenance equipment garage building.
  • DMZ: a true, isolated, DMZ topology for a few servers I want to allow access to from the network at large.
  • PUBLICWIFI: a no-password open-WiFi network for my guests; it is also appreciated by maintenance personnel working on stuff up here on the hill. Access control for this otherwise-open WiFi access point is provided primarily by the fact that the signals don’t reach the edge of my property line (at least in all the places I’ve tested for this). If you can get the signal the presumption is you should probably be allowed to surf the internet on my dime 🙂

The pfsense software makes it easy to configure these networks with appropriate firewall rules; for example no traffic is routed between the PUBLICWIFI network and any of the other networks (other than the WAN network to the outside world of course).

About a year ago I put the router on a UPS just because the mean time between power failures up here is about 2-3 months. Anecdotally, thunderstorms are the primary source of periodic, short, power outages/glitches.

Here’s the network statistics report:

Statistics for the hilltop network

As always, you may wish to click to view the image full size.

During the 322 days of uptime:

  • 2.5 terabytes have arrived at my router from the internet. That’s about 7-8GB per day, most of which is presumably netflix or porn (for network tests of course).
  • Of the 2.5TB, 2TB went to the house network and 0.5TB went to the maintenance building where my property manager works.
  • The DMZ served out 5.6GB (a whopping 17MB per day). There are some status servers on this network that my property manager and I periodically surf to check in on things if I’m not here.
  • The public WiFi pulled 20GB down from the internet (about 62MB/day). The maintenance workers don’t seem to surf very much porn 🙂

I had a 12-pair multi-mode fiber installed to run up/down the hill and I am using two of the pairs. One pair runs from the cable modem up to my router. Another one runs back down the hill to the GARAGE to carry the (internal) network back down into the maintenance building. These runs are each about 1300 feet, or about 400 meters. The fiber transceivers I’m using (StarTech MCMGBSC055) are supposed to be good for 550m at 1Gb and appear to be functioning well. There are zero errors across the board except for one output error recorded in the entire year. My guess (and it is purely a guess) is that the output error occurred during a power failure. My router is on a UPS but the transceivers are not, so a power failure that happens during a packet transmission might show up as an output error. Otherwise I’m at a loss to explain how there could be an *output* error detected by the router; I’m guessing what really happened is that the ethernet connection between the router and the fiber transceiver went down when the power failed in the middle of a packet transmission. The router is on the UPS but other network gear is not; the only point of the UPS here is to shield the router from the strain of unnecessary power-glitch reboots; it is not intended to keep my network up during outages.

Knowing a little bit about the waveforms and the technology that makes all this stuff work, I am always impressed that stuff like this actually *does* work.

So far the 1Gb link is faster than my cable modem connection. I’m not going to be able to go to 10Gb without laying new (single mode) fiber. The fiber run is in a conduit with periodic access/pull points, so supposedly this will be possible, but it won’t be especially cheap or easy. Since I have some spare pairs I may be able to get more bandwidth in the future with link aggregation; I’ll worry about that technical problem when/if my internet connection exceeds 1Gbps from the ISP (when is google fiber coming here?!!!)