I wrote this poem circa 2005, about 20 years ago. Normally, I wouldn’t care too much about something written ages ago, but I make an exception for poetry when it has continued to resonate with me at a deeper level. To me, each poem feels like an emotion that is frozen in time… The operative theme that I ascribe to Paranoia is ‘cynicism…but justified’.

• You think you know the way of the world,
• You build your castle of silver and gold,
• In your marble tower you proudly stand,
• And smile upon your kingdom, your land.

• It isn’t so, it isn’t so —
• You do not see the unseen foe,
• There is no stone to hold your fort,
• You have no gun, you have no moat.

• They have no need for dagger or gun,
• They come with hate, not joy, not fun,
• They come to pull you down to the earth,
• To snatch your joy and kill your mirth.

• They come, they come — do you not see?
• This is no place for you to be!
• Run my friend — find a safe spot!
• I shall keep them at bay, no matter what!

• I see you running, keep going, my friend —
• Safety you will find beyond the riverbend.
• Till then I will fight these monsters of hate,
• Fear not for me! Find haven and wait!

• Now that you’re gone, I cast off this mask —
• For indeed I am finished with my task.
• I climb up the tower, this kingdom is mine,
• The food is exquisite, and so is the wine.

• You ask why I lied, maledict me you may —
• You know the way of the world you say.
• When you saved your self, precious though it be,
• Why did you not stay — at least for me?

I use the i3 tiling window manager on Gentoo Linux, and avoid heavy-weight desktop environments like GNOME or KDE. One consequence of this choice is that there isn’t any ‘system theme’ to speak of, that influences ‘Light’ and ‘Dark’ modes within GTK-based applications like Firefox. What this means is that I have no way to switch to ‘Dark’ mode for websites that follow the system theme — like this blog — unless I specially set it up.

My solution for this is fairly straightforward: add a button on my desktop that allows me to switch between light and dark modes. When I click the button, it invokes a script that toggles modes. You can see the button — the one with the 🌓 icon — in the screenshots of my desktop below, right at the bottom of the screen.

Light Mode

Dark Mode

Details

The toolbar at the bottom is rendered by i3blocks, with the following configuration block:

[switch-theme]
full_text=🌓
command=/data/bin/switch-theme

The switch-theme script that the command above invokes is quite simple:

#!/bin/bash
#
# Script to toggle GTK light & dark modes.
#
# The mode is toggled by using the `xsettingsd` daemon,
# which should already be running. The `.xsettingsd`
# configuration file is updated, with exactly one of the
# following values:
#
# Net/ThemeName "Adwaita"     # Light
# Net/ThemeName "AdwaitaDark" # Dark
#
# Note that the Adwaita and Adwaita-dark themes must already
# be installed on the system.
#
# The script sends a HUP signal to the process, causing the
# setting to take effect at once.

set -euxo pipefail

CFG_PATH="$HOME/.xsettingsd"
DEF_THEME="Adwaita"
ALT_THEME="Adwaita-dark"
OLD_THEME=$(pcregrep -o1 'Net/ThemeName "(.*)"' "$CFG_PATH")
KEY="Net/ThemeName"

if [ "$?" -eq 0 ]
then
    NEW_THEME=$([ "$OLD_THEME" == "$DEF_THEME" ] &&        \
        echo -ne $ALT_THEME ||                             \
        echo -ne $DEF_THEME)
    sed -i 's#'$KEY' .*#'$KEY' "'$NEW_THEME'"#' "$CFG_PATH"
else
    echo $KEY' "'$DEF_THEME'"' >> "$CFG_PATH"
fi

killall -HUP xsettingsd

For the script above to work, you must first install the gnome-themes-standard and xsettingsd packages on Gentoo, or their equivalents on other Linux distributions. You also need to have the xsettingsd process running, which I’ve added to my .xinitrc startup script.

Lake 22 is another short and easy hike, an hour and twenty minutes away from Bellevue. It is a roundtrip of 5.4 miles with an elevation gain of 1,350 feet. The toughest thing about this hike was finding parking — it turned out to be surprisingly busy at 8:30am, and we ended up parking half a mile away from the trailhead. In fact, it was so busy initially that we had a large group of people blocking our path ahead on the trail and I started regretting my choice of hike. But fortunately, we managed to break through the crowd and sprint ahead.

People who are inconsiderate enough to park their cars with unnecessary gaps, thus depriving others of precious parking spots — some say these are the folks who end up in “Parking Hell” when they die…where they’re forced to drive around mindlessly looking for parking spots, and everytime they find one, someone else swoops in and takes it from them. (Some others disagree, they say they just get sent to Capitol Hill in Seattle to find parking.)

This might be a bit of a quirk, but when it’s just us, Anu and I prefer to get to the turnaround point of the hike as quickly as possible. We might take a break every couple of miles to have a few sips of water, but we seldom pause to take in the sights or take photos. No, all that must wait until the return journey.

Lake 22 offers a pleasant view with calm waters. There’s actually some snow and ice on the mountain across the lake, which reflects on the surface of the water. There are some gorgeous views of the landscape along the trail. You also pass by several gushing waterfalls. Quite a few old tree trunks lie along the route.

I quite enjoyed seeing the diverse flora along the trail. The most interesting of the lot is a orange-and-yellow wildflower called ‘Western columbine’ (aquilegia formosa). That’s the one on the right, below. I also noticed some wonderfully polished rocks that absolutely deserved to be photographed.

Overall, our parking situation added an extra mile for us to walk, but I’m not sure if that ought to count as part of the hike.

Imagine that you live in a weird apocalyptic future, and you want to keep your home safe, so you find yourself a sturdy front door and a high-quality deadbolt to secure it with. Everything is set, and you’re satisfied that you’re safe.

Hardly a minute goes by before you hear a knock on the door. It’s a hooligan trying to get in. You know you’re still safe, and you shoo the person away the best you can without opening the door, but a minute later there’s another knock. And then yet another — it never stops. Checking who’s at the door is tiring work, and you can’t take it anymore. You could ignore all knocks, but you do occasionally get guests, and apocalypse or no, you mustn’t ignore your social circle. What do you do?

You come up with an ingenious scheme. You let your prospective guests know that when they come to your door, they will need to use a special knock sequence that you can recognize. Only when you hear this knock sequence will you bother to even check who’s at the door. “Ignore my protocol at your own peril!”, you warn them all.

The problem with running a public SSH server on your home network is less weird but otherwise not too different from the situation above. Even after securing your server with state-of-the-art certificate authentication and unbreakable ciphers, you find people (mostly automated bots) still trying all day to connect to your server with passwords. While this is not personally tiring, it does end up consuming compute resources and polluting your authentication logs (and as a consequence, obfuscating real problems). One solution to this problem is analogous to the one above — you ask your users to send a few packets to specific ports in a particular sequence, before accepting an SSH connection on the usual port. This works out especially well if the user is you — for instance, if you are using SSH to connect remotely to your home server, and you don’t need to grant access to anyone else.

Here’s how you get this going:

On the server —

• Step 1: Enable netfilter in your Linux kernel for packet sniffing.
• Step 2: Set up the nftables firewall to start automatically.
• Step 3: Configure a port knocking sequence in your firewall rules.
• Step 4: Open up the relevant ports on your home network router firewall.

Steps 1 and 2 are usually specific to the Linux distribution you use, and I would recommend looking up its documentation. For reference, Gentoo’s documentation can provide a general idea of how this is done. Step 3 is accomplished using nftables rules that you can load (and save). Step 4 is router-dependent. For instance, my eero app has a relevant section in Settings → Network settings → Reservations & port forwarding.

✗ Test that you can no longer connect directly over SSH.

On the client —

• Step 5: Set up your SSH configuration to knock on ports.
• Step 6: Test your SSH connectivity.
• Step 7: DONE!

To set up Step 5 on the client-side, you can create a simple knock script in your PATH, make it executable, and configure your SSH client to execute it automatically before connecting to your server.

✓ Test that you can once again connect over SSH.

And it’s as simple as that.

Today’s hike was a relatively easy one, 5.6 miles roundtrip with 1,585 feet elevation gain, with the trailhead along the I-90 corridor. This is, of course, the Teneriffe Falls Trail — not to be confused with the Mount Teneriffe Trail, which begins at the same trailhead but continues for 13 miles all the way up to the summit.

The waterfall at the top was a relatively calm one. In fact, it was only on the way back that we discovered it had even been in plain view about half a mile before getting the top, and both Anu and I had completely missed it on the way up. Perhaps we had been too engrossed in our conversation then.

We picked and ate some salmonberries (rubus spectabilis) on the way down. The yellow ones taste a tad like tomato. We did not eat any of the red-berried elder (samucus racemosa) — they are poisonous if eaten raw! We found a good deal of purple foxglove (digitalis purpurea) that added to the natural beauty of the woods.