Mostly about my amusement

Year: 2018 (page 1 of 1)

Norton Security Premium Renewal Scheme

I’ve been using Norton security products since the time of the flood. It works, I have protection for the kids devices as well as mine. Every year close to the end of my subscription I get an email that goes like this.

Hi! Your Norton Premium Security subscription is about to expire! Please authorize this payment of $109. Oh, and your credit card on record isn’t valid anymore. We would have just charged you for the full amount but the number isn’t working.

Have you met our Personal Savior Lifelock™? Have you? HAVE YOU MET LIFELOCK? LIFELOCK! LIIIFFEELOOCCCKK!!!! PRAISE TO THE LIFELOCK!!!!

I may be paraphrasing it and/or exaggerating just a little. Not that much.

Last year I called them on the phone and got a very professional person and here’s how the conversation went.

Me: Why would I pay over $100 for that when for $50 I can get the same thing from Costco?

Norton Rep: It’s not the same thing and you do want to renew, right?

Narrator’s Voice: It was the same code, same product and same protection. From the same company.

I ended up getting a discount that matched Costco’s price. It’s been another year and my subscription is due again.

This week I had a repeat of that but instead of a phone call it was an online support chat. That’s cool, I prefer that as there’s not really a he said/she said possibility. We both kept a copy of the chat log.

Amazon had a deal for the same package except for 15 months of coverage and only for $35. With tax it came out to $38.01.

After some back and forth, the polite person inform me that if I did buy that, come back to the chat and reference the still open case. They could add that 15 months once I gave them the code and that’s exactly what I did. I’m good till April 2020.

Here’s where it gets weird. After I validated that my coverage for updates, A/V signatures, etc. was good I received an email from Norton complaining that my credit card info wasn’t good (the card was long cancelled) and that I risked not getting coverage. I went online and disabled automatic renewals.

I’m still protected but only until April, 2020. I can deal with that.

This is how Companies Lose Their Customer’s Trust

In the past I would have cheerfully left on automatic renewals. I think that Software as a Service (SaaS) is a good, sustainable business model. I just don’t like it when companies try to take advantage of me. I no longer trust Norton or their business practices.

Two years in a row I have had to contact Norton just to get the price that they should have offered me in the first place for renewal. They opted to try and get me to renew for $109 automatically. I saved $71 and got another 3 months of coverage thrown in by purchasing the same product from Amazon.

I feel like Norton would rather slip in that expensive renewal than give their customer a discount that I can get just by purchasing the exact same product from their retail channel.

Renewals are a big Part of a SaaS Business

It’s not just the initial sale that gets companies revenue. The renewals are just as important as the initial sale.

I use Cisco Umbrella (I am employed by them) as my main protection on the Internet. It’s the enterprise version of the free OpenDNS and it’s good. For protection I recommend everyone sign up at OpenDNS, install the IP Updater so your settings keep for your household and go. It’s amazingly effective.

I use Norton as a supplement to that protection. I use it out of habit in case there’s something that Umbrella missed. Umbrella has missed a thing, I review my Umbrella logs and Norton logs as well. The Bad Stuff is caught by Umbrella and that means my local copy of Norton never has to deal with it. Life is good.

Norton’s renewal process and pricing is making me re-consider that relationship. I won’t have to deal with this till 2020 but my memories are long and this process was tiresome last year.

If there’s something comparable that crosses platforms I use then I don’t see why I would consider renewing Norton any longer.

Octoprint and Reverse Proxies

I have two active 3D printers, each hooked up to their own Raspberry Pi 3 running Octoprint. I like to manage them from my iPhone when I’m about. I don’t want to expose my IoT devices to the Internet without some precautions.

Here’s how my Internet connected house is setup.

Simple network diagram

The diagram was created and edited in Free online tools FTW.

My FIOS router on the left listens on port 80 and 443 and forwards that traffic to my Ubuntu Linux Server. On that server I run Apache2 with mod_proxy enabled. 

I run ddclient to update a DNS name with my floating IP address. I use virtual hosts on the Ubuntu Linux Server to receive all external http/https requests. All http requests on port 80 get 301’ed to https on the same host. 

First setup https on the virtual host as you normally do. Before trying to reverse proxy, have a default index.html file and make sure that works. I use Let’s Encrypt for the TLS certificate as it’s free and easy to setup.

Here’s reverse proxy configrution. is the internal IP address of my first Octopi. Make sure the DNS name is working first before trying to test anything.

ProxyPreserveHost On
ProxyPass "/"  ""
ProxyPassReverse "/"  ""


ServerAdmin webmaster@localhost
DocumentRoot /var/www/vhosts/

<Directory /var/www/vhosts/>
        # Options Indexes FollowSymLinks MultiViews
        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
        Options -Indexes
        AllowOverride All
        Order allow,deny
        allow from all
<Location />
        AuthType Basic
        AuthName "Wrapper Auth"
        AuthBasicProvider file
        AuthUserFile "/var/www/external.htpasswd"
        Require valid-user

That <Location /> section on the bottom? That’s important. That’s the section that says “You need a password to access this URL” and protects the Octopi setup from passerby’s on the Internet.

What I tell you three times is true.

  1. Do not expose any IoT devices on the Internet without encryption and passwords.
  2. Do not expose any IoT devices on the Internet without encryption and passwords.
  3. Do not expose any IoT devices on the Internet without encryption and passwords.

It’s just a bad idea. The wonderful Gina Häußge who writes and drives the Octoprint software knows this and has an excellent guest post on her blog about that access. This post is how I accomplished the Reverse Proxy method.

The password is created using the htpasswd command.

$ sudo su - www-data -s /bin/bash -c "htpasswd -c /var/www/external.htpasswd bob"
New password:
Re-type new password:
Adding password for user bob

I sudo as the www-data user so that the ownership of that file will be set as I want it. This creates a file with bob and his hashed password in it. The AuthUserFile directive will use that. If you have a valid user ID and password, you get in. If not you don’t get access.

The configuration gets copied for a new Pi. Just change the IP and ServerName and you can re-use this for other Octopi installations. By having an encrypted password protected access to your Octoprint setups, you can monitor and control your 3D printers from anywhere you have Internet access.

New Kossel 3D printer

I’ve had my Monoprice Duplicator v2 for almost 2 years and it developed some problems.

  • The firmware lacked safety features I wanted. I could have (maybe) updated the code but I’m not sure how many features would fit. The board on it is an old Melzi clone and I would need to buy another board just to update that one.
  • The printer needed love and attention. I started getting layer shifts, the bed surface began to look like the surface of the Moon and prints started suffering from layer shift.
  • really like 3D printers that auto-level (tramming) in some fashion. That’s my favorite feature on the Prusa Mk2s and it generally just works. Leveling this printer’s bed was a real challenge. 

When I started looking the Ender 3 was the low end printer to get. It looks modifiable and a friend of mine likes his. He also purchased a Kossel delta printer and I was hooked.

Mini-Kossel vs Cartesian

Most 3D printers have a rectangular or square bed that moves forward and back for the Y-axis. The hot-end (the part that extrudes melted filament) moves left right on a rail for the X-axis and that whole rail moves up and down for the Z-axis. 

What makes this printer different is that the bed does not move. The bed has a 240 mm diameter and is round surround by three columns. Movement is controlled by sliders on those columns moving up and down together. It’s very cool to see.

Since the bed does not move that makes what is being printed in place very stable. The head can move and I print infill at 100 mm/s. The perimeters of my 3D print are set at 50 mm/s but I can safely increase that to 80 mm/s without any worries and that’s fast.

ANYCUBIC Linear Plus Kossel

I don’t think the manufacturer produces this printer anymore. The support section is still there but it’s no longer listed as product. That’s cool; it cost me $218.40 with free shipping from Aliexpress.

The build took me about 90 minutes. The kit is already half-assembled and very straight forward. The end stops screws made me want to punch a kitten as the screws would not set all the way in. I will probably print new ones out of ABS and re-do them. Also not all of the screws or t-nuts were of the best quality and stripped easily. For what I paid I am not complaining.

I did a test leveling as detailed in Anycubic’s manual and looked for a kitten to punch. The process is just awful and resulted in a bad first layer.

Marlin 1.1.9 to the Rescue

I’m a big fan of opensource software and the process for leveling this printer with Marlin is detailed in this Youtube video. It was that video that convinced me to get this printer. Da Hai knows what he’s doing and has his configuration files available to download. My version is the larger size and I started to modify Marlin to adjust for my bigger version.

I promptly fell on my face too; I do not know what I’m doing in Marlin. Some searching and I found this excellent blog post which is a review of the same printer and how the author was able to upgrade to that version of firmware.

I tested, made a couple of minor changes such as the printer display name and adjust how auto-home works and poof! I updated the firmware.

Everything worked. I used the process from Da Hai’s video to measure the surface and printed away. It just worked. I’ve added Anycubic’s Ultrabase, re-leveled the print bed and just went.

There are some test prints that you do to make sure everything is working. I printed 3D Benchys, I printed a 6 gear bearing (it prints in place) and they printed fine. The measured bed leveling produced a perfect first layer.

Then I changed the PLA to some from Inland (I had been using the roll that shipped with the printer) and printed this print in place iris box. I have never been able to successfully print this one before no matter how I tuned my printers. You make some small cuts on the base and rotate the bottom from the top. I didn’t have much success in the past but the pieces always were locked together and would not move. The results were great. I had no problem with this one at all.

Printed in place iris box

There are some artifacts in the print but it works. The printer is very precise.

Not for a First 3D Printer

This is my 3rd filament 3D printer. I’m comfortable with compiling the firmware, with the assembly, etc. but I do not recommend someone buying a Kossel printer unless they know what they’re doing.

The manufacturer’s documentation was very good. The printer was easy to assemble. Without the new firmware, without the very helpful posts and videos, I may have had a much harder time at it.

Since I do have some experience I’m having a good time playing with this latest toy.

This is not a Gutenberg Review, It’s a Blog Post

WordPress users are fantastic. This review and how the reviewer brought it back. My reply is a blog post so here we are and below is my reply.


Hello Jan. I usually write the text all in plain form inside a blog post, then split it with some h2 h3 h4 headings and adding images.

PERFECT! Seriously, thank you for that. 😉 I read many reviews and your reply cheered me up immensely. I’ll let more qualified people reply to that.

About this not being a blog, I beg you pardon if I was OT, but then please tell me, is there an official forum where WordPress users can freely discuss about matters like this?

I’m getting very off topic but the thing with blogs is that they frequently devolve into a mess of either positivity (never saw that myself but I’m keeping an open mind) or negativity (OH YEAH, ALL THE TIME!)

The site is divided into sections for support of the WordPress code, support of plugins and themes, and reviews which is feedback.

When someone leaves a review here it is not a blog post. It’s their experience for that theme or plugin. Though as you know we’ve good software for blogging about that.

If someone leaves a review that is substantive about that plugin or theme then that’s fantastic. Gutenberg’s 4.9.8 callout had the desired effect. People are trying it and for the most part even their 1 star reviews have provided good feedback to improve it.

If someone just vents, hate posts, rage replies then that’s not for here. I don’t think you’re surprised that happens. Such behavior has a limited value and a short shelf-life here. These forums are moderated and no, that’s not censorship in case anyone wants to chime in that way.

You left a review of reviews. I commented about that as a moderator. You replied in an excellent fashion and brought it back to feedback about this plugin and editor. Much thanks!

*Drinks coffee, probably too much but here we are.*

The people who are coding Gutenberg, who are driving it forward, who support the users, who are doing this on their own time for the community are good people. These forums are 100% staffed by volunteers. I know you get that but others will read this and again here we are.

For their efforts they generally get a “thank you” but some disparage them, cast aspersions on their intentions and motivations. The whole effort gets accused by some and something negative and those users are occasionally downright mean and cruel. That may get tolerated on some blogs but that’s abuse and isn’t tolerated long here.

*Finishes off coffee, I’m sure you see a theme with me.*

Thanks again for the update. It’s the weekend so someone may not get to it soon but you’ll get a reply about your experience and some follow up questions.

In America it’s pronounced “CUE”

I’m a little miffed and want to write this down.

My mother and I went to the local Giunta’s Meat Farms (it’s called MEAT FARMS, how can I not like that place?) and wanted to get a few bottles of wine. There’s a local wine and liquor shop on the other end of the same strip. We walked there to save time and a few miles.

This isn’t the place we normally buy wine at. Usually we go to a store on Old Country Road that is ran by a nice Korean American couple. They’re from Argentina and they speak Spanish perfectly. I’m ashamed of my 2 year-old level grammar when they speak. They’re nice and know their wine. Some of their recommendations have been very good.

The place we went today had a person who felt the need to educate my mother about wine and tried to convince her that she wanted a rosé. She doesn’t like that type of wine, said so and he continued his hard sell. She and I shortly told him “thanks, but we know what we’re looking for”.

Mom has been educated about wine well before he was born. I swear, he was mansplaining wine to her.

As we’re checking out, Mom asked him if the store carries Don Q rum. She pronounced it “don COO”. He looked at us weird and feigned that he didn’t know what we meant. Finally he says

Oh, you mean “dän CUE”. No, we don’t carry it.

To which I replied

We’re Puerto Rican, we pronounce it “don COO”.

No big deal, right? While we are finishing up paying for the wine, that’s when he explained.

In America it’s pronounced “CUE”. You can try stores in Brentwood or Wyandanch.

Oh. That’s how it is in “America”. Good to know.

A little background about Long Island. Both of those towns are considered “minority” places and not in a flattering way. You know when that Orange Racist, who’s also currently president, talks about MS-13? He’s usually using Brentwood as his example.

There’s nothing wrong with those places and yeah, we’ve been to both towns before. There are some amazing Hispanic restaurants in Brentwood.

As we’re walking out and I’m holding the door for Mom, she clearly says out loud:

We are never shopping in this store again.

Unless that person’s brain condition got to his ears, he received the message loud and clear. In America we can choose which stores we shop in. **** that guy and his racist attitude.

Time-lapse 3D printer videos

I have two 3D printers and each has a webcam. I use Octopi (Octoprint on a Rasberry Pi) and can stop bad prints from my smartphone if I need to. Some materials are difficult to print and hours into it I can cancel the print job. I tried attaching the webcams to the printer’s heated bed so that I can get stable time-lapse 3D printer videos.

This didn’t go too well. I have both printers in Ikea Lack table enclosures and adding an arm to the bed meant that the camera would smack into the front door of the enclosure. When the bed moved back and forth the camera shook. This made for blurry videos. To address this, someone came up with software to pull it off with a stationary webcam. It’s called Octolapse and you can review the code on Github.

Software Plugins to the Rescue

My favorite software platforms can be extended by add-ons or plugins. Octoprint is no exception.

The Octolapse plugin waits for an event in the print job, moves the bed and extruder to a position you set and then snaps a frame. I use when the layer change for that event. After the frame is snapped the print job resumes. When the layer shift happens again it repeats and snaps another frame.

The results are fantastic. I turned off autofocus on the webcam to prevent some blurriness. Here’s a time-lapse of a multi-color snake I printed. It took 6 hours and 45 minutes. The video is 6 seconds long. It’s not a tall print so there’s not many layers to snap images.

The default Octopi time-lapse print is 1 minute and 37 seconds long and looks like this.

I have not tuned the Octopi video settings and the quality isn’t very good. The reason that the Octolapse version is better is because it’s not a moving image exactly. It’s a collection of sharp still photos stitched into a single video.

This is a better solution than a moving camera attached to the print bed. You can put the camera anywhere and obtain smooth, sharp, time-lapsed videos of your prints. I will probably put my webcams on a small stand and position it closer to the bed for larger full results.

It does add a little time to the print because the plugin inserts the commands to move the bed and extruder, snaps a photo, then goes back to printing. For each layer this is repeated. But the prints typically take hours to print and the time added is negligible.

This is a very elegant solution. The plugin has profiles for my Original Prusa i3 Mk2s MMU and one for my Monoprice Maker Select v2. I’ve not sorted out the Monoprice (the bed needs leveling and isn’t working too well right now) but once I have, I’ll post videos from that printer too.

Yes, I use Facebook and I’m deleting their apps

Take a moment to peruse the story about Cambridge Analytica. One outcome of that is that I remain a Facebook user but their apps and data are removed from my phone. I recommend all people I know to delete their apps. Here's why.

Control what you share

I use Facebook for a number of reasons.

  1. My extended family uses it. I love my family, (yes, even you and especially YOU) and they use Facebook. As far as I am aware, my family extends from Puerto Vallarta in Mexico to Puerto Rico to parts of Asia and Europe. This is a very 21st century thing and it works.
  2. Many of my school friends use it and I like to maintain some form of contact with those people. I went to school with some very cool folks. 
  3. Support groups. I'm a 3D printer user (I can stop at any time, I am not an addict) and some of the most effective sources of information are on Facebook.
  4. SOCIAL ISSUE AWARENESS! That one deserves a shout. Many people organize and discuss issues that are important to me. Like it or not, my Facebook feed is a source of information about many topics. Gun control articles? Check. Liberal causes? Check. Funny kitten videos? Check, Check.

All that is valid and anything I put on Facebook I do so with full knowledge and forethought. When I upload an image, video, comment or post to Facebook I know what I'm doing. That is no longer something I control once I do that.

When I share something on Facebook I expect it to be innocuous. My phonebook isn't that.

What else is Facebook obtaining that I don't control?

Visit your Facebook settings page and download a copy of your data from Facebook. You can do so via this link.

Depending on how much data you've shared, that can take a while. Mine took 10 minutes before Facebook notified me the download was ready.

Download and extract that zip archive. Open the index.htm file with your browser and click the Contacts Info link. My whole smart phone address book there. This wasn't somehow cross indexed from other users, I 100% never gave Facebook my cellphone number. If they got that, it wasn't from me.

They have the number of my employer's travel booking hotline. Really? I only added that a few weeks ago when I had to fix some work travel bookings in a hurry.

They could have easily gotten my own moble number from users who mistakenly uploaded that via the Facebook Messenger app as apparently I did. I'm reasonably sure that is how Facebook harvested my phone's data.

This is something that I take great care to not do. That's a line too far for me to cross and I do not want Facebook, or any social media site to get phone numbers, names and email addresses from me. I routinely tell the LinkedIn app the same thing: stop asking for that info.

And yet, there is my phonebook in my Facebook data download. I've tried to eliminate it from Facebook and I have not succeeded yet.

They know which apps I've installed too

Now visit the Applications link on your downloaded data. That is a historical list of applications on phones that I've wiped and disposed of years ago.

There's even more there about what ads I've looked at, etc. but I'm OK with those. I don't mind anyone tracking what I do on their site. It's not my site and that I can retrieve that data is a good thing. I don't think Facebook is "E-V-I-L" but when it comes to data collection I think they're stunningly blind to what they are doing.

"You are not a Facebook user, you are a Facebook product."

That's entirely correct and I don't disagree with that.

In the United States, data belongs to the person who collected it. That may not be true in other countries but within the U.S. that is 100% correct. This will not change as our government historically puts companies before people.

In Europe and other places, that isn't always the case. There are penalties for this sort of behavior. What I explicitly share on a site is acceptable. What the site backdoors from me is not.

I'll keep using Facebook from a web browser for now but there's no way I'll trust them on my phone again.

I want that contact data removed from Facebook. I want to believe that Facebook will honor that wish. But I have no reason to believe that they will do so.

You see, Mark Zuckerberg's statement isn't about Cambridge Analytica abusing user data. It's about how someone beside Facebook did that and was caught. It's just public relations now. If you are aware of that and are careful then you may want to keep using Facebook for now. But not on a phone, that trust has just gone out the window.

Wildcard certs via Let’s Encrypt

I just reduced 14 Let's Encrypt certificates down to 2. This is possible because the free service went live for wildcard certs. This has great implications for people who use the WordPress Multisite feature or routinely light up new virtual hosts in the same domain.

You can read Let's Encrypt's understated announcement here.

On my VPS I run Ubuntu 17.10 and it has a version of certbot that you can get from the official repo. Sadly, it's the 0.21 release and wildcard certs need ACME v2 support and that's only in release 0.22 and greater.

Here's what I did

On the command line I cloned cerbot from Github.

git clone
cd certbot
sudo ./certbot-auto

You'll see something like so. On my main box it asked if I'm OK with installing more Python packages. A quick installation of those dependencies and I was ready to go.

Press c to cancel. You want wildcard not single hostname certs. Now type this as one line.

sudo ./certbot-auto certonly --manual --server

The server argument is the important one and points to the new V2 API. I could modify the configuration but I'd have to remember what/where I did that. This is easier for me. Certs generated using the V1 API will work and renew with the new one so there's no worries there. The manual argument prompts you through the steps and ask what domains to use.

Normally this is not a manual process. But for the ACME V2 API, an additional check is required and I don't have a certbot plugin to interface with my DNS provider.

When prompted for the domain name I used "*" and was instructed to create a DNS TXT record for as well as a file in with a generated name and content.

If you can put that file on the right web server, if you can update your DNS, then you're considered legitimate. Just make sure you wait for DNS to propagate first before proceeding. You can check if it has (at least for Google) using this link.

I have Namecheap and after a quick visit to that dashboard, I waited for the new TXT record to populate, I created that special file and hit enter.

POOF! My server was validated and the certificates were placed in /etc/letsencrypt and a few minutes later my many hosts were updated to point to that new wildcard cert. I repeated this for my other domain and I'm good.

WordPress Multisite and wildcard certs

If you are running multisite then this simplifies your life tremendously. You can and should have one virtual host for your installation. In my case, they're underneath *

In my nginx configuration, I modified the server_name line to add * and I removed the other vhosts files. They were pointing to the same directory for WordPress and they're not needed anymore.

Less is more. I've been waiting for this since they announced it and lighting up new web server instances while maintaining transport level encryption is such a good thing. Let's Encrypt continues to make the web a more secure place.

Prusa MMU for the MK2s

I think I can call the multi-material upgrade of my Prusa Original i3 Mk2s a success. It took me about a day to put together and another day of tuning but I like the results and the prints look good.

Here's what you get with the upgrade kit.

  • A new E3D v6 with multi-material heat break
  • An additional daughter board to drive the extruder motors
  • All of the new plastic parts in ABS
  • Bondtech gears for the extruders
  • Bowden tubes
  • Spool holders for 4 rolls
  • All the fasteners needed

The instructions on Prusa's site are very good. I setup my laptop on the kitchen table, put the printer next to it and got to work. I took my time and spent 7 hours last Saturday just assembling it. A few quick tests and all was right in the world.

The Bowden tube setup is different and I need to get used to it. I had a clog on extruder 2 and had to  unscrew the Bowden tube from the print nozzle to clear it out.

I did have to butcher my Lack table enclosure. I run my printer in the basement and that gets cold. Enclosing the printer guarantees that I'll get better prints.

Less S3D, more Slic3r PE

The one thing I am not thrilled with is the software. I use Simplify3D a lot because I generally get better results. S3D's supports are magical and just pop off. In the past I would use Slic3r PE only when I needed to.

S3D does not yet support the Prusa MMU. There is a single color profile that I found on the Internet and that works well. But for multi-color prints it's Slic3r PE or nothing. This isn't too bad for me because once the bed is level and the z height is adjusted (-0.867 mm on mine, I set the PINDA probe a little higher) I get good first layers.

The default printer profiles generally work. The only adjustment I make is to set the first layer speed to 20 mm/s. After that it's full speed ahead.

The Purge Block

If you look at the image with this post, you'll see that each multi-material print has a block next to it. When the printer changes filament the head moves to the block and prints a 60 mm by 10 mm layer. By the end of that the nozzle is primed and the color can be applied.

That layer of block either gets completely filled in or if there's not filament change a small infill is applied for the next layer. Here's a closer look at the 2 color Moai.

That print has 2 filaments on every layer. That purge block is solid at 60 mm x 10 mm x 60 mm. I don't really think that's wasteful as it keeps the results clean. I may play with those settings to reduce the size.

Here's the fun thing: if I printed 1 or I printed 10 on the same job then the purge block is still the same size. It has to be the same height as the print itself because the print nozzle cannot descend. That would risk hitting something else on the print bed. Next time I'll print more than one and lay it on it's back. That should reduce the purge block and get more use out of the filaments.

Where to Get Objects to Print?

You can make them yourself but Thingiverse is loaded with many good models. There's more than a few that my kids already want me to print. It will be a while before I really make my own.

In the meanwhile I have a printer that can do up to 4 different materials in one go. That's cool and I'm having fun with this hobby.