Upgrade Thinkpad Carbon X1 Gen 6 to Windows 11

My oldest laptop is a Lenovo Thinkpad Carbon X1 (6th-gen Type 20KH). I still use this because it is solid, light, significantly smaller than my standard laptop (LG Gram 16), and I have a couple of handy docks for it. I use the Gram if I’m going to be doing significant writing/development because I need the larger screen, but the 14″ X1 is perfect for non-work travel when I only need light/occasional internet access. So I plan to keep it in service for a while.

Because Windows 10 will be end-of-life next year (October 2025), I wanted to upgrade the X1 to Windows 11. The good news is that it supports Win11 (and is now running it). The bad news is that the instructions for upgrade on the Lenovo website are atrocious. If you follow them, in many cases, your laptop will be rendered temporarily un-bootable.

The underlying problem is that the hard drive on many X1s is formatted using the old MBR (master boot record) partition style which is what’s used by the legacy BIOS mode. Windows 11 security requires secure boot UEFI instead of legacy BIOS. UEFI in turn requires booting from a hard drive formatted with GPT rather than MBR. As long as your X1 is set to boot in legacy BIOS mode from a drive with MBR partition table, Windows Update will indicate that your X1 is not able to run Win11. Microsoft’s PC Health Check program (download here) will tell you why.

The good news is that Microsoft provides tools for converting your MBR formatted drive to GPT in place. The bad news is that the process is tricky and the instructions are scattered across the internet…hopefully this post helps. (Note: even though the conversion preserves all data, back everything up before you start this process just in case). You will want to do the following:

  1. If you haven’t already created one (and most folks won’t have), you need to create a local password for your user account on your X1. This password is different from the Microsoft online account you are probably using with Windows 10. The local password will be required in the next step. Unfortunately, I didn’t note exactly how I did this, but some instructions that may be useful are here.
  2. Check your hard drive to see whether it uses the MBR partition table and, if so, whether it can be converted to GPT (and then convert it). The instructions for this are here. Note that this will require you to boot to a command prompt in a special mode which will require the local password you created in step 1.
  3. If the conversion goes well, you can now reboot your X1, enter the BIOS setup and enable Secure Boot under the Security tab. This will likely enable some other things in your settings like the Trusted Platform Module (TPM) which are required by Windows 11 secure boot.
  4. If that has gone well, you should be able to boot into Windows 10 again and PC Health Check should indicate that your X1 is suitable for Windows 11. Unfortunately, the Windows Update screen in Settings will still say your X1 doesn’t support Windows 11 so you can’t use the automatic updates to upgrade to Win11.
  5. So the last step is to download the Windows 11 Installation Assistant here. When you run the assistant, it should take care of updating your X1 from Win10 to Win11.

My X1 is now running Windows 11 so I can confirm that this works.

A lot of useful information was found on the Lenovo Community Forum here.

Sri Lanka

We took our first vacation since the pandemic this month (January 2024) and traveled to Sri Lanka. It was a wonderful trip. After roughly 24 hours of total travel, with a stop in Istanbul, we started in Colombo (the capital).

Sanjiv Gunasekera and his new wife Sumudu

The impetus for our trip was the wedding. of Sanjiv and Sumudu (Deana’s cousin Janthy and her husband Dehan’s son and new daughter-in-law). The wedding was held on the beach behind The Galle Face Hotel. and the setting was incredibly picturesque. It was my first Buddhist wedding and it was filled with symbolism, and ceremony including Kandyan traditional dancers.

We stayed at the Galle Face which is a venerable and impressive 5-star colonial-era hotel. It has been kept up-to-date; the rooms, hotels, restaurants are modern and classy, but it still conveys the history and gravitas of a hotel that’s been in service since the mid-1800s.

Sri Lanka sits on the equator and can be pretty hot. Although we visited in January, the temperature in Colombo stays in the mid-80s and humid year round. One of the many bizarre legacies of British colonialism is that men in Sri Lanka generally wear western suits. Nothing is more miserable in hot weather than a wool suit, high collar, and tie. Linen is a bit better, but still awful. What makes this even more mysterious is that South Asia has extraordinarily beautiful fashion that is meant for the climate. Deana and I visited an Indian store in Ellicott City (India in Style); they have a huge selection, the owner is wonderful and patient, and for better (Deana’s case) or worse (mine), we bought South Asian formal outfits for the wedding. A Kurta is definitely cooler and more comfortable than a suit although in retrospect I would have preferred linen over silk.

Colombo is a large metropolis with heavy traffic, skyscrapers, and diverse neighborhoods. Like many major metropolises, it is also very fashionable and Deana and I quickly realized our American-tourist clothing needed an upgrade. After several visits to House of Fashion (a popular department store that focuses on clothing) we acquired enough warm-weather, but semi-fashionable clothing (and another suitcase to hold it).

We also realized how essential our driver (Amal) was. Driving in Colombo makes driving in New York City look trivial. Aside from the fact that Sri Lankans drive on the left (UK-style), driving anywhere in Sri Lanka is not for the faint of heart whether in dense urban settings or narrow mountain switchbacks. Even in rural areas, overtaking (passing) is an art-form and there are novel road hazards (like elephants) one may not be accustomed to. If you go to Sri Lanka, get a private driver; it is the single best thing you can do. If you can get Amal, you should do so; he is a gem. You can reach him on WhatsApp (the calling app everyone in Sri Lanka uses) or on his website. I’ll talk more about this later in this post.

While in Colombo, we spent time with Deana’s family members including her cousins Lakshman (who lives in Australia), Lakshme (who lives near us), and Dev (who lives in the UK), her mother’s brother: Uncle Rasa and his wife Jaya, her relatives Somes (Colombo), Subo (UK), and Subo’s brother Ram and his wife Kala (Toronto). Lakshman entertained at his condo where I made my one and only mistake of having a drink with ice – Mr. Montezuma made me pay for that drink for about a week. Really really really don’t drink tap water or use ice in Sri Lanka. Anything you drink must come from a sealed bottle or be boiled. Dev took us to the charming Barefoot Cafe (where by coincidence we again saw Lakshme and Lakshman)

From Colombo, we traveled to Nuwara Eliya which is in the mountainous central region of Sri Lanka. There we stayed at another venerable colonial era 5-star hotel: The Grand (which, true to its name, is spectacular). The rooms are amazing, the grounds are beautiful, and the scenery is stunning. Nuwara Eliya is in tea country: the mountainous central part of Sri Lanka. Unlike Colombo (and much of the island where the climate is tropical), the mountains are delightfully cool and dry – a near perfect environment. The area around The Grand is known as “Little England” and is full of European-style architecture and the culture of the area is unique. We had high tea daily, visited a tea plantation and factory,

By coincidence, Subo was staying at The Grand at the same time and Deana was able to spend some time with her there. Did I mention how spectacular the gardens are?

From Nuwara Eliya, we traveled to Kandy, Sri Lanka’s second city and religious center. At Kandy we visited the Temple of the Tooth (the holiest Buddhist temple) and went to a cultural show with traditional dances including an impressive display of fire dancing and eating. Kandy is spectacularly scenic. We stayed at the Amaya Hills (another 5-star hotel) which sported stunning rooms and incredible views. Coincidentally, Deana’s relative Subo and her husband Ram and his wife Kala whom we had been with at the wedding were also staying at The Grand at the same time so we got to meet with them there again.

While staying in Kandy, we visited two ancient Buddhist temples; one was a UNESCO World Heritage sites: the 1st century BCE Dambulla Cave Temple. Both temples involve some climbing; Dambulla is built atop a 500′ rock so there are a lot of steps involved….but they’re worth it and somehow not nearly as difficult as the climb at Sigiriya (later). There are 5 caves at the top, each filled with massive ancient statues and every inch is intricately painted. Of the historic and religious sites we visited, I found Dambulla by far the most impressive. Note: there are a *lot* of monkeys at Dambulla.

From Kandy, we traveled to Sigiriya. On the way we visited the Sri Muthumariamman Hindu Temple in Matale. This is a very old temple which is incredibly intricate

Once we reached the Sigiriya area, we stayed first at The Heritance Kandalama, an unbelievable eco-hotel located in the midst of a nature preserve. It’s really hard to overstate how amazing the Kandalama hotel is. We started in Colombo at a very impressive 5-star hotel and somehow each hotel kept getting better; the Kandalama was hands-down the best. The hotel was designed by a famous Sri Lankan architect (Geoffrey Bawa) and is simply perfect. It is integrated with its natural surroundings in ways reminiscent of Frank Lloyd Wright. From the moment you arrive at the hotel, it is apparent that it has been built to blend in with its surroundings. The hotel is on a lake deep in a nature preserve; wildlife is everywhere and you truly feel like you’re in the jungle. The first night, monkeys stole Deana’s coffee cup and when it rained, several families of monkeys camped out on our balcony. The night was filled with the sounds of birds, monkeys, elephants, etc.

Prema Cooray

While at Kandalama, we had a chance meeting with the former chairman of the board of the corporation that built the hotel (and a whole chain of similar hotels): Prema Cooray. We had tea with him and he spent quite a long time with us; he is retired, but sharp as a tack, charming, and regaled us with the stories of how the hotel was built, the obstacles it faced (financial, political,etc.and how they were overcome). While we were at Kandalama, we experienced our only rainy day (and it was a great place to experience it); we enjoyed the hotel and spent a good deal of time talking with a delightful young artist from Bahrain (Abdulla Buhijji).

Our plans changed a bit due to the rain, so from Kandalama, we traveled to a nearby hotel: the Cinnamon Lodge in Habarana. Cinnamon Lodge is another highly rated hotel, and if we hadn’t just come from such incredible hotels, would have been impressive. As it was, the lodge felt a bit dated and even though it was actually very pretty. We took a dip in the pool and chatted with two nice British pensioners and the food was quite good. The rooms were reasonably spacious, but were set up as bungalows some distance from the main hotel; like many more traditional Sri Lankan settings, the rooms were air conditioned, but the bathroom was open to the air and overall, it just couldn’t compete with Kandalama.

From Habarana, we visited Sigiriya, another UNESCO World Heritage Site. This too was spectacular: the site of an ancient palace built atop a massive rock surrounded by water gardens. The gardens around Sigiriya are still being excavated, but they are both beautiful and amazing feats of ancient engineering. The earliest activity at Sigiriya was 3rd century BCE and the palace was built in the 4th century CE. As was recommended, I paid (a very small amount) for a guide who was knowledgeable and explained the detailed history of the site as we traveled through it. He was extraordinarily patient with me as I trudged up the 1200 steps (foolishly having gone around noon when it was pretty warm), having to stop several times. The guide does the climb several times a week and was a cardio-god, not even breaking a sweat. The climb is 590′ (59 stories) pretty much straight up…so it will give you a workout. It’s also not great for anyone with even a slight fear of heights. There are several important sites on the climb that did not permit photography including the famous maiden frescoes and mirror wall.

After Sigiriya, Amal arranged a safari through a nearby nature preserve the objective was to see elephants and it very much delivered.
It’s hard to convey just how beautiful the scenery is in Sri Lanka.

…and I will never again complain about deer in the road; this is what a road hazard looks like in Sri Lanka and it is not uncommon. I think the safari was one of the high points for Deana; we saw a ton of wildlife. Like so many things, the safari was arranged on very short notice by Amal. Having a private driver is like traveling with your own travel agency. Everywhere we went, Amal knew the hotels, sites, people, and could arrange whatever we wanted at a moment’s notice, usually for much less than we would have paid if we booked them ourselves.

From Habanara, we moved on to Anuradhapura, one of the 3 ancient capitals of Sri Lanka (along with Kandy and Polonaruwa). Unfortunately, we didn’t get to Polonaruwa due to rain and concerns that some roads might have been flooded.

In Anuradhapura, we stayed at very different lodging: the Arachchi Heritage. This is a private home with two separate, private guest suites and a staff that makes it effectively a boutique hotel. The house is spectacular, like something out of Architectural Digest. It is on a lake and its design, in many ways, reminded us of Kandalama: tightly integrated with nature. The positioning and design of the house capture a constant breeze so even though many parts of the house are open to the outdoors, they remain cool even on a hot day. The house won a Geoffrey Bawa design award. The owners: Chandrika and Siri were charming and wonderful hosts. The food was outstanding, every bit as good as the 5-star hotels and made to order!

While staying at Arachchi, Deana took a cooking lesson given by Chandrika and the in-house cook. The food was really delicious and I couldn’t believe how many dishes were prepared each meal for just two guests. The food at all of the hotels was just amazing; I had hoppers for breakfast every day, often along with pittu and idli. For lunch and diner I had Sri Lankan roti and all sorts of curries: dal, banana blossom, beet, snake gourd, and more.

We visited the extensive Anuradhapura archeological sites and museum. This was the site of an ancient capital and center of education and monastic knowledge. 5000 monks lived on 500 acres with extensive housing, baths, dining, sanitary systems, and remarkable feats of ancient engineering. Our guide (also arranged by Amal) was a young man named Jagat who was knowledgeable, extremely fluent in English, and very enthusiastic about Sri Lanka and its history. We had lunch with Jagat and Amal at the Aliya Resort Hotel in Sigiriya; their website doesn’t do them justice; it was incredibly beautiful and if we visit again we will try to stay there. In general, although Anuradhapura is worth seeing for its historical significance, I didn’t find it as impressive as sites like Sigiriya or Dambulla.

We returned to Colombo from Anuradhapura a day early because Deana had been making plans with relatives and family friends throughout the trip and we needed more time. We stayed at the Kingsbury hotel for the rest of our time in Sri Lanka. It was another 5-star modern hotel with impressive restaurants and facilities. My only complaint about the Colombo hotels is that they frequently host weddings and other events and the parties go on *late*; it wasn’t uncommon for the music outside to go on until 11:30pm or midnight. Sri Lankans like to party.

We visited with Aunt Amithi (Deanas mother’s closest friend); her husband had been an architect and her house was quite beautiful. I wish I’d taken more photos. Amithi herself was lovely and sharp as a tack.

We met Deana’s grade-school (St. Bridget’s Convent) friend Jaish for tea at the Tintagel, another impressive Colombo hotel. Jaish is now a fashion designer and was delightful.

We spent time with Deana’s cousins Janthy and Vilo and Janthy’s husband Dehan who took us to Nuga Gama; a restaurant in the middle of a swanky cosmopolitan hotel that had been created to give them feel of a rural village. At various times there were dancers and other entertainers such as this traditional comedic “devil-dancer”.

We visited Deana’s cousin Punya, her husband Dil, and their daughter Pulisticka (Puli) Jayathilake and her daughter RIddhi near her old house on Kinsey Road. It was neat that Riddhi represented the 5th generation from her family at St. Bridget’s Convent school in Colombo 7.

Deana’s father’s best friend’s son Dev Devendra and his wife took us to lunch at the beautiful Royal Colombo golf club. They are an awesome couple; their daughter lives in relatively nearby Reston, VA and Deana has already been in touch with her.

We had dinner with Deana’s cousin Prabha and her husband at the very nice Chinese restaurant in the Kingsbury hotel.

There’s a lot more to write, but I’m out of gas on this marathon post. It was an amazing trip and one I hope we’ll do again soon. The people were wonderful, the country is beautiful, and we had the benefit of traveling at a time when the exchange rate worked very much in our favor (1USD = 320 LKR). Tourism is a key business for Sri Lanka and it suffered badly during the pandemic. They really want tourism to return which makes for great synergy: tourism dollars and amazing value for tourists; so it is a *great* time to visit Sri Lanka; I highly recommend it!

The day after we returned home…

Fortunately, Maryland and climate change being what they are, it was 70F the following week…

To help with your next game of six-degrees of separation:

  • Subo’s maiden name was Sobodhini Nagesan; she was Miss Sri Lanka 1977
  • Dev Devendran knows Ranil Wickremesinghe and his family; we bumped into a nephew at the Royal Golf Club.

Has Amazon ruined eBooks?

I used to like the Kindle platform and between Deana and I, we have purchased quite a few of them. Unfortunately, over the years, Amazon’s greed has ruined it and today, I’m done with the Kindle.

eBooks should be amazing. The zero-power persistence of eInk combined with cheap flash storage, wifi, and powerful microcontrollers should have made it possible to have an entire library in your pocket. The hardware is great, electronic distribution saves natural resources and, by nearly eliminating printing and distribution costs, eBooks should be able to lower book prices and give authors a higher share of sales.

The problem is that Amazon got greedy. Kindle editions now cost as much or even more than a real physical book, but much worse is that you can’t really buy a book for Kindle at all anymore, you can only rent it. I say you’re renting the book because you don’t own it in any meaningful sense: you can’t lend it or gift it to a friend when you’re done with it; amazon retains full control. Would you buy a car or a house that you couldn’t sell when you were done with it?

DRM – Digital Rights Management – is the technology that allows amazon to retain full control of a book that they’ve ostensibly sold to you.The solution might be to only buy books in the .epub format which does not include DRM (so you actually own what you’ve bought). You can read more about that here. Fundamentally, the issue is a legal concept called “first-sale doctrine“; you can read more about the eBook problem in this very good article.

Over time, Amazon has gradually raised prices and limited what you can do with a book you’ve “bought” until Kindle eBooks no longer make sense to me. It’s a great example of how monopolies hurt consumers: amazon owns more than 2/3 of the eBook market. Shame on amazon for ruining a good thing.

Netbeans 16 with Tomcat 8.5 on Windows

Getting Tomcat 8.5 to work with Netbeans 16 on Windows is maddeningly difficult in large part because the windows service installer for Tomcat doesn’t set the defaults that Netbeans needs.

If you’re on this page, it’s because you’ve been frustrated with it too. The magic formula to install tomcat correctly seems to be:
1. Set the server shutdown port to the default expected by Netbeans (8005) not the default (-1)
2. Add a Tomcat Administrator (e.g. user name=Tomcat password=Tomcat
3. Add manager-script to the Roles

Raspberry Pi alternatives

Libre ROC-RK3328-CC Single Board Linux Computer

When folks need a small embedded linux machine for control applications, a Raspberry Pi is usually the first thought. I’ve made good use of Raspberry Pi Zeros and 3Bs but have been reluctant to adopt the RPi 4 due to the apparent need for active cooling, high power consumption, very poor availability, and high pricing (it makes little sense to use an RPi when you could use a much more powerful x86-family platform).

With RPis out of stock for months and being scalped everywhere, I decided to try a Libre Computer ROC-RK3328-CC which is footprint/form factor compatible with the Raspberry Pi and can run Ubuntu, Raspberry Pi OS, Armbian, Debian, Android, and many other OS. The docs are here. The board comes in two versions: 2GB for $45 and 4GB for $55 – those prices are with free one-day shipping via amazon prime and they are available immediately. I bought the 4GB version which is 4x the memory of an RPi 3B+; the memory is also DDR4 vs. the DDR3 used on the Pi. The board is easily passively cooled; I bought the custom heat sink ($10) although any similarly sized heatsink should work fine.

I tried Ubuntu desktop but was disappointed by the bloat and installed Raspberry Pi OS (a Debian derivative) instead and am very happy with it; I installed the desktop (not lite) version. The board is DIN-rail mounted using this high-quality mounting solution. It runs several minicom sessions monitoring/logging other embedded boards as well as a Postgres database and Java backend data collection application. Even over TightVNC, it feels snappy and doesn’t break a sweat (stays between 45 and 47C); it is using less than 1/4 of the available RAM (but would have used nearly all of the RAM on an RPi3).

Other upsides: 4K video (mainly of value for HTPC applications) and USB 3.0 – much more important because it makes it worthwhile to connect an external SSD which will be much faster and more reliable than uSD storage. The main downsides relative to the Raspberry Pi are: no WiFi/Bluetooth and no Pi-compatible camera connector. I didn’t need those for my application (which is rack-mounted and connected to Ethernet), but if you need either, you can easily solve them via USB connection.

For storage, I use Sandisk Extreme uSD cards. 64GB costs $11 and is plenty of storage for my application (I’m only using 6%); if I need more, storage or speed, I’ll use an external M.2 card connected via USB 3.0. Note: there is a huge difference in performance and reliability between SD storage cards used in RPi applications; some cards won’t work at all, some will work but at half the speed of others (see this performance comparison). I’ve tried a bunch and settled on the Sandisk Extreme which offer good speed with a cost only slightly higher than lesser cards; the benchmarks bear this out. If I were doing something more disk-intensive, I’d consider either a board with a native M.2 interface (like the Odroid M1) or an x86 board with a native SATA or M.2 interface.

Note: uSD cards aren’t meant for frequent writing (as in linux logs), so if you want your card to last, I strongly recommend using a utility like log2ram that creates a small RAM disk for the /var/log partition (you can add others) and then periodically flushes that partition to SD storage. This will dramatically lengthen the life of your SD card; see here for more info.

Home Network VLANs

Cyber security is a growing problem and the rapid growth of IoT is only making things worse. Many homes are now inundated with “connected” devices, many of which are vastly less secure than your typical home PC (which itself is fairly insecure). Connected devices usually have much smaller and less capable microprocessors, making it harder to implement robust security mechanisms. Their software also receives far less scrutiny than the software in popular operating systems and they typically receive software updates infrequently. With so many devices online these days, from thermostats to cameras to appliances to streaming sticks, it’s just a matter of time before those are hacked and if those devices are on the same network as your computers and document/photo storage, all of those are at increased risk.

One strategy to help lower risk is to create separate networks in your home for the devices containing sensitive data (taxes, family photos, documents, etc.) and for your internet-enabled devices. For example, you might have separate networks for:

  • Home computers and storage
  • Printers
  • Guests
  • Streaming devices (e.g. Amazon Fire Sticks and Fire ReCast or TiVos or …)
    that need to communicate with each other and the internet
  • IoT devices (cameras, appliances, thermostats, etc.) that only need to communicate
    with the internet.

There are two main ways networks are formed these days: wired (Ethernet) and wireless (WiFi). Most modern WiFi access points let you create a separate isolated guest network that has its own ssid and where the firewall rules allow each host on the network only to access the internet; they can’t access each other or your home network. Providing separation and isolation for your wired network is a little more complex.

The easiest way to do separate your wired devices is to put them on separate networks connected by a router. You can create separate networks by physically wiring them separately, with each network only connected to the router, but that’s often inconvenient;
you may have a streaming device and a computer in the same room and you don’t want to run two wires. Another approach is to use intelligent Ethernet switches that support a feature called Virtual LANs (VLANs).

WIth VLANs, you create separate networks by assigning each network a number and then controlling which network(s) each port on your switch participates in (they can participate in more than one). Lots of companies make intelligent (aka managed) switches including Netgear and Ubiquiti. Netgear offers an inexpensive line of semi-intelligent GbE switches that support VLANs called ProSafe Plus. These can often be had on eBay for $20. Ubiquiti makes a more feature-rich line of switches, part of their UniFi series and their 5-port Flex Mini switch is a strikingly good value if you buy a 4-pack (around $29/switch…unheard of for a fully managed switch).

With NetGear switches, you *must* update the firmware to the latest version before using it; older firmware versions have serious security vulnerabilities. You configure the switch using its web interface. Under VLAN, select 802.1Q, then Advanced. Under VLAN Configuration, enter a unique VLAN ID for each network you want to create. VLAN 1 is the default network. Then under VLAN Membership, select which ports on the switch belong to which VLANs. Ports can be configured as Tagged or Untagged. Select Tagged (‘T’) for the ports that go from your switch back to the router (or another switch). Select Untagged (‘U’ for the ports that go to a computer/device/appliance. The Tagged port that goes back to your router should be a member of every VLAN. The Untagged ports that go to your devices should typically be members of only one VLAN. Finally, under Port VID, set the Tagged trunk port to use a PVID of 1 (main network) and then change each port that participates in a dedicated LAN to the number of its VLAN.

Consider an example: a 5-port switch (NetGear GS105eV2) is connected as follows:

  1. Trunk port (uplink to the router) – Tagged, member of VLANs 1,2,3
  2. PC you want on your main network – Untagged, Member of VLAN 1, PVID=1
  3. Streaming device – Untagged, member of VLAN 2, PVID=2
  4. DVR – Untagged, member of VLAN 2, PVID=2
  5. IoT device 1 (e.g. IP Camera) – Untagged, member of VLAN 3, PVID=3

The streaming device and DVR are both on VLAN 2 so they can communicate with each other as well as accessing the internet through the router. The IoT device is on VLAN 3 so it can only access the internet through the router; it cannot access the Streaming devices or the PC. This is important because if the IoT device is hacked, the hacker has not gained access to your home network.

The switch connects to a router (possibly going through other switches). The router must be configured to do the following:

  • Create a network for each VLAN. For example
  • A DHCP server should be configured for each VLAN
  • If the router contains a switch, create a virtual interface for each VLAN on the switch
  • Create firewall rules that determine how traffic can flow into, out of, and between each LAN (usually just into and between/local). For example, VLAN1 should not allow incoming traffic from the internet unless it is in response to traffic that originated on VLAN1. VLANs 2, 3 should only allow incoming traffic from VLAN1 or in response to traffic that originated on VLAN2 or VLAN 3 respectively.
  • If you run a server at home, it’s best to put it on its own VLAN and create firewall rules that only allow incoming traffic from VLAN1. Then use port forwarding on the firewall/router to bypass the firewall rules for specific TCP ports (e.g. 80, 443).

If your network is large, document it using yEd or similar.

Git and SVN

OK, I know that tool wars are for noobs, but this is going to be a rant.

I’ve been doing software development for decades and have used a lot of version control systems. I’ve been particularly fond of the rcs/cvs/svn series that has been in use continuously since the early 1980s. That line of version control systems has grown steadily and incrementally, adding functionality while retaining compatibility. SVN is now a very mature and easy to use version control system.

Along came git. Git has become immensely popular, in large part because software development is an industry dominated by the young. The young have no history to build on and so don’t understand the value of continuity and compatibility. To them, newer is always better. They are also remarkably tolerant of kluged software, often conflating excessive complexity with “power”.

Git has some clear benefits, most notably the local repository which effectively buys you a 2-tier commit structure. That’s good and SVN should develop a similar concept. Git is also very good for its intended use case: distributed project development with no central control (i.e. many open-source projects). Git is particularly nice when some of the developers have limited internet access. However, I find git problematic for a host of reasons that are rarely discussed. The biggest issue is that I have never worked on a project using git where users didn’t get into trouble. By trouble I mean losing work or having to find a git guru to help them be able to continue working. I’ve never seen that happen with svn. Never.

Moreover, one of the principle git criticisms of svn (the central repository) is actually the way most companies want to work. Central repositories live in secure data centers, are automatically and regularly backed up, and allow easy and fast access control so when a contractor/employee/etc. leaves, their access to the repository can be closed immediately. It’s why GitHub is so popular: it’s a central repository.

Git evangelists flood the internet with a-git-prop, much of it wrong or severely outdated. GitHub is also a massive proponent of git, pushing it mercilessly. There is no similar entity evangelizing for SVN and so the sheer force of marketing has been driving a lot of git’s success, but here are some sober analyses that present the other side of that coin:

Ultimately, both git and svn are mature version control systems and no serious software projects would fail because they chose one over the other. However, for those finding this page and interested in picking a version control system, you might do well to to read some of the links above to get a more balanced perspective before making your choice. I use git when I must, but given the choice, I use svn.

For SVN users interested in git, here’s a useful article:
Git for Subversion Users (codemag.com)

Big Buddy portable heater

As the pandemic re-surged this Fall, we started finding socially distanced outdoor get-togethers getting a little chilly. So I bought a Mr. Heater “Big Buddy” portable propane heater to help extend the season.

Mr. Heater Big Buddy

In the process, I’ve learned a few things about propane heaters I’ll share below:

  • Gas or Electric Heat: Propane heaters are characterized by their heat output in BTUs; electric heaters are typically characterized by their power consumption in Watts. You can convert electric power consumption to BTUs by multiplying it by 3.41. So a 1500W heater (about as big as you can put on a typical circuit in your house) will generate the equivalent of 5115 BTUs. For comparison, the Big Buddy heater has 3 output settings: 4000, 9000, and 18000 BTU. A typical propane patio heater generates 48000 BTU or more. Bottom line: propane heaters can generate much more heat than electric heaters. An electric heater is probably insufficient for outdoor heating.
  • Gas vs. Electric Cost: at typical electricity costs, a 1500W heater will cost under $0.22/hour to run. Exchanging an empty 20lb propane tank for a filled one costs about $20. 1lb of propane will run a Big Buddy heater on low for around 5.5 hours so the cost to run is around $0.18/hour. Note: if you use disposable 1lb propane camping cylinders instead of 20lb refillable tanks, the propane cost is much higher…see more below.
    Bottom line: heating with propane can cost about the same as with electric.
  • How much heat: I should start by saying that I like things warm. It’s also really tough to heat a substantial area outdoors since the heat dissipates into the environment so quickly. Anyone with a fire pit knows that it’s only hot within a few feet the pit. In our early trials, the Big Buddy on high output made a 55 degree day acceptable when we were outdoors and fairly close to it (2-3 feet). I doubt it will be enough when temperatures drop below 50F; that probably will require the bigger patio heaters (and even then, not if it’s windy). I expect the Big Buddy would heat any enclosed and properly ventilated space (e.g. a garage with ventilation) fairly quickly even on very cold days. There are lots of testimonials to that effect.
    Bottom line: Good for Spring and Fall evenings outdoors and for emergency indoor heat (see more on indoor use below).
  • Getting Propane: heaters like the Big Buddy can run on the super common 20lb refillable propane tanks used for outdoor gas grills as well as on one or two 1lb “camping” propane tanks. The camping tanks are usually disposable (DOT 39) and are *much* more expensive. At Home Depot and Lowes, 1lb disposable tanks cost around $5.50 each so heating using them costs around $1/hour (at the low-heat setting). Obviously the 1lb tanks make the heater much more portable.
  • How long will a tank last: propane heaters can generate a lot more heat output, but at their higher outputs, they consume a lot of propane. At high output (18K BTU), the BigBuddy consumes roughly 1lb of propane per hour, so it will cost roughly $1/hour when run from a 20lb tank and more than $5.25/hour when using disposable 1lb tanks. The larger 48000+BTU patio heaters can get expensive to run (several dollars/hour) even when using refillable tanks.
  • Refilling 1lb tanks: people try to save money by re-filling disposable 1lb camping cylinders from 20lb refillable tanks. There are loads of gadgets on Amazon specifically to do this and tons of youtube videos showing how. This is a BAD IDEA. Those cylinders are regulated by the US Department of Transportation (DOT) and they make it very clear that this is dangerous and you should not do it. They even made a video…see here. There is only one company that appears to make a legally refillable 1lb propane tank: Flame King (see here). I suspect they have a patent. You can get them at Lowes and elsewhere, but they are out of stock everywhere. A nice video on the refillable cylinders is here.
  • Indoor Use: according to the manual (and everything I’ve read), the Big Buddy can be used indoors for emergency use only (i.e. if your heat is out due to a power outage). There are some caveats: you can only use it indoors on low or medium settings (depends on where you use it: bedroom, bathroom, etc.). You need to crack a window for ventilation and you shouldn’t sleep with it on. You shouldn’t have a 20lb cylinder in your house so you need to use it with 1lb cylinders indoors. I wouldn’t run a combustion heater indoors without a Carbon Monoxide monitor in the same room (I have these anyway since our house is heated by natural gas).

  • Adapter hoses: if you’re using the Big Buddy outdoors, especially in a fixed location like a patio, you’ll probably want to use it with a 20lb refillable tank both for cost and convenience reasons (you won’t constantly be replacing 1lb cylinders). Mr. Heater makes an adapter hose that you can use with a standard 20lb tank. NOTE: the Mr. Heater hose is made of a special material that won’t leech oil into the propane and eventually clog (ruin) your heater. If you use a 3rd party hose, it will be cheaper and more flexible, but you *must* use it with an oil filter (the manual provides the part number) and you must replace that filter annually (it fills with oil and then stops working). I’m using it with a 20lb tank and the hose.
  • Stove fan: the Big Buddy used to come with a built-in battery-powered fan to help circulate the warm air. They don’t come with the fan anymore; I heard it was due to tariff restrictions. A number of people have added stove fans to their Big Buddy (lots of youtube videos) and I really like the idea. A stove-fan is a heat-powered fan (uses a built-in thermo-electric generator that converts a heat differential into electricity) so no batteries; they’re meant to sit on top of a wood-burning stove. People use a Dremel (rotary tool) make a notch in the fan body that will let it lock into the top of the Big Buddy grill. I’m going to look into that (make sure it’s safe and that the heater won’t destroy the fan); there are loads of stove fans on amazon.

Ultimately, I like the Big Buddy; it is well made, portable, and does most of what I wanted. I like that it can be used indoors as an emergency heat source and outdoors to extend the season a little. However, if you plan to entertain much outdoors during cold weather, you probably will want something bigger (a patio heater)…and be prepared to go through a lot of propane (fine with 20lb cylinder, not so fine with 1lb cylinders). In cold weather, the Big Buddy helps if you’re close to it (like 1-2 feet away), but don’t expect to be outdoors in shorts during the winter. An electric blanket/throw is actually the best solution.

Stay safe and warm!

SDG1025 Waveform Generator TCXO Hack

I have some low-cost Chinese arbitrary waveform generators for analog design/test work below ~25MHz. They are not lab grade, but they are inexpensive and offer a rich feature set if you can live with their warts. If you’re not familiar with waveform generators, this is a good introduction.

This post examines an upgrade to the Siglent SDG1025 (see: datasheet, user manual), service manual). One of the main shortcomings of this generator is that it uses a basic crystal oscillator as its frequency standard which delivers around 10ppm of frequency accuracy at room temperature and might be as bad as 50ppm. While that’s fine for many applications, Siglent includes a spot on the main board for a TCXO so you can upgrade this to 0.1ppm accuracy for under $20. You need to remove the crystal and add the TCXO and one jumper wire; see how-to links: here and here.

After installing the TCXO, I tested the SDG1025 accuracy using its frequency counter feature to measure a signal from a Marconi 2025 RF signal generator which was slaved to a rubidium frequency standard (in my Anritsu spectrum analyzer). A few things to note:

  1. The frequency accuracy was improved to 0.1ppm as advertised
  2. The frequency counter input requires a strong signal: with +10dBm input, it was accurate only to 12.5MHz; with +13dBm input (the max my RF sig gen can output), it could count accurately through 27.5MHz. The manufacturer specifies it to 200MHz.

Of the two low-cost waveform generators I own (Rigol DG1022 and Siglent SDG1025), I prefer the Rigol, but both are useful toolsand the TCXO hack certainly improves the SDG1025 frequency accuracy.

Some useful links:

12.5MHz max counter frequency
Can’t measure 13MHz
Can’t measure below 20kHz accurately
Can’t measure below +10dBm

GE Microwave Repair

I bought an over the range GE microwave (model JVM3160) oven less than 4 years ago. It was a bear to install, so I was pretty disappointed this week when it started blowing the circuit breaker each time I tried to use it. I really didn’t want to have to install another oven. Fortunately, it turned out to be a defective door-closure switch and an infuriatingly bad design.

First, the design problem: microwave ovens have small electronic switches to detect whether the door is closed and prevent the oven from turning on if it is not (for safety reasons). Unbelievably, GE decided that blowing the fuse is a good way to prevent the oven from turning on. While that is technically true (it does stop the microwave), it’s a ridiculous way to do it since it gives no indication of what’s actually wrong and could create a much greater hazard if the home’s wiring, fuse, or circuit breaker were inadequate. Combine this with use of cheap switches that fail within a few years and I question whether I should ever buy another GE product.

Thank goodness for the internet because this turns out to be a common problem and others had figured it out. After disassembling the front panel (something you can do easily without removing the oven from the wall), I found that one of the three door detect micro-switches was indeed not working. I removed, repaired, and replaced the switch and the microwave works. I suspect the switch will fail again, but replacements are inexpensive and widely available so next time I’ll know what to do.

If you have a GE microwave that’s blowing fuses, and are comfortable with basic electronics, this youtube video explains clearly how to access the microwave’s electronics without removing the oven from the wall, how to test the switches, and how to remove the switch assembly for repair.

Update: the original switch did indeed fail again after a few months, so I replaced it with a new switch purchased on amazon here and the replacement has worked like a champ ever since.

Disclaimer: It should go without saying, but microwave ovens use high voltages; you should never open or work on any appliance without unplugging it and knowing what you are doing. Although it is not exposed in this repair, microwave ovens also contain a high voltage capacitor that retains a dangerous charge even when the oven is unplugged. If you don’t know what you’re doing, play it safe and call a repair professional.