Brewing Basics – what you need to start homebrewing

First item!

Charlie Papazian’s “The Complete Joy of Home Brewing” – The Complete Joy of Homebrewing Fourth Edition: Fully Revised and Updated : Papazian, Charlie: Bücher

That’s a great book, full of good recipes and even better advice.

I’m going to assume something here – that your average batch will be about 20-25 liters in size.  There are some kits out there which do 5-liter batches, but given the amount of work that goes into making a batch of beer, it seems trivial to brew only ten bottles of beer.  That’ll be gone in a day or two if you do it right :). 

Next up:  a basic brewing kit. 

Wherever you get it, this should include at least the following:

– a decent sized fermenter (20-30 liters or so)

– a bottling bucket of about the same size as the fermenter (could be a second fermenter, they can do double duty), ported towards the bottom of its side with a spigot/faucet  

– an airlock for the fermenter

– some kind of capper (usually comes with 50-100 caps)

– stirring paddle

– cleaning compound (some brand of Oxi cleaner)

– a siphon for moving finished beer from the fermenter to the bottling bucket.  Bonus points if it can be started without sucking on it.

– thermometer

– hydrometer (measures specific gravity of the beer before and after fermenting) with testing tube

Should cost between 50-75 euros.  Really fancy ones might go to a hundred. 

Usually starter kits will come with a mix of additional stuff, but this is where you’ll be glad you bought the more expensive one.  This one appears to be pretty much perfect:

Next:  a kettle to boil your ingredients on the stove. 

This should be a solid metal vessel of 20-30 liters capacity, with a lid, and make sure it’s compatible with your stove top (i.e., if you have an induction stove, make sure it has a steel bottom).  It doesn’t have to be exactly your fermenter’s capacity, but you want to make sure you have plenty of room in there to avoid boil-overs.

Speaking of which, boil-overs will happen.  They just will.  It’s going to be a hot, sticky mess.  But it’s a rite of passage.  Consider it that you’re making an offering to whichever god rules over alcohol in your pantheon of choice.  Relax, have a beer, and laugh it off.

A kettle is probably going to be your most expensive item on the list here.  Even a 12-liter one runs fifty bucks here in the EU, and the larger, heavier-sides varieties will get up into several hundred Euros if you’re not careful.

On the plus side, your brew kettle can also serve for making soups and stews for large parties, so you can use that as an explanation for your spouse.  Here’s a good one at a pretty reasonable price:  Easybrew Brewkettle 36 liter with tap – buy cheap at Braumarkt

Next Item:  Bottles! 

This part is going to be easy.  Since it takes 1-2 weeks for beer to ferment out, you have some time to buy some beer and empty the bottles, saving them for re-use at home.  If you prefer a crown-capped bottle, that’s fine, but I like the swing-top ceramic caps with the little gasket.  They make the effort of bottling a LOT easier. 

Regardless, you’ll need 45-50 clean and empty bottles to receive your first batch.  If you decide to go with swing-tops like me, I have found that the brand “Mönchshof“ uses a glue which is very soluble in water, and that means the labels will just slide right off in the dishwasher.  If you’re going to do another batch before the first one is finished, you’ll need more bottles – which means emptying more bottles :).  Maybe have some friends over to help you free up some bottles while you watch a game or something. 

I have also found it very useful to buy beer in 11-bottle cases for carrying the brew around.  The 20-bottle ones are workable, but they’re very clunky and hard to manage if you have stairs in your house.  Easier to carry two 11-bottle cases, one in each hand.

Best part of this, is that when a bottle gets old (the gasket starts to develop cracks, etc.) you can simply return it and get a new one from the market.  You also are basically paying fifteen cents a bottle and four or five Euro for a case, whereas you’d pay over a Euro per bottle and eight to fifteen for a case if you purchase them new.   

Next:  A clean, empty book.

Preferably hardcover with a glossy finish, because it might get splashed.  This is going to be your recipe book.  You write down everything in here.  Ingredient list, timing when you added what, the original gravity / finishing gravity, tasting notes, etc.  There’s going to come a day when you hit on a really, really good recipe and you’re going to want to make it again.  If you don’t write everything down, you risk forgetting a critical step.  I still have my original book, goes back to 1992, and I’m really glad I kept it around.

Last Item:  A pre-boxed beer extract kit. 

I’m going to steer you towards extracts as a starting point, because they’re easier to deal with, you’ll have a greater success rate with them, and the beer you get from these is a great jumping-off point.  If you end up enjoying the hobby a lot, I can give you some pointers on what sort of equipment you’ll need for doing a grain mash, but that sort of complication is for when you really want to dig in and start getting nerdy about it. 

So we’ll start with a good solid extract kit to give you the best chances for a great kick-off.

Many extracts come pre-hopped, which is also a good place to start, but I think you’ll want to start buying hops and hopping your beer on your own almost immediately.  We’ll start with an all-in-one kit, but your second batch of beer is likely to be the place where you want to buy hops and hop it yourself.  I’ll mention that in my “optionals” category.

For the hopped kits, good brands include “Mangrove Jack’s”, “Munton’s”, and you’ll quickly start to see some common names.  Here’s a good example of a starter:

Mangrove Jack’s Craft Series Irish Red Ale (

That’ll make 20L of a nice red ale, and everything you need is in the package.  For now you want to stick with ales, as lagers require a cold-storage space for your fermenter.  Unless you have access to a walk-in fridge or you have a separate kuhlschrank that can fit your fermenter, a lager will be…difficult.

You’re ready to brew your first batch of beer!

Here’s the timeline I follow:

Friday night or Saturday: clean and rinse my fermenter, get my ingredients lined up, get the kettle ready.  Cleaned gear dries overnight.

Sunday:  brew day – you can expect a brew to take 2-4 hours from start to finish, depending on how fast you can get your kettle to boil all that volume.  When you start working with all- or partial-grain mashes, that’s going to add another 2-3 hours to your timeline.  With a wort chiller I’ll pitch the yeast as soon as I’ve cooled things down.

Sunday night or Monday morning:  If I didn’t use a wort chiller, by now the wort has cooled enough that I can pitch the yeast.

Fermentation takes 1-2 weeks.  Longer if I do a secondary ferment.

When I’m ready to bottle…

Friday night or Saturday:  Bring the bottles out of storage, make sure the gaskets aren’t cracked, and that there isn’t any gunk in the bottle (PBW if there is).  Make sure I have enough bottles for the volume in the fermenter.  Wash them all with Oxi and park them to dry overnight.

Sunday: bottling day.  Transfer the brew from the fermenter into bottles.  Set aside three bottles and store the rest in a cool, dry place (Kellar). 

Over the next three weeks, I open one bottle each week to test how the carbonation is coming along and see how the beer looks.  Usually it’s ready by week 2, but week 3 is guaranteed to be finished.

Quick advice:

  • Sanitize everything that your beer will come into contact with using Oxi cleaner (I’ll link another variety in my “optionals” section).  Clean and sanitize everything the day before you brew, then let it air-dry overnight turned upside-down so you don’t accumulate wild yeast and other contaminants.  Make sure your work area is clean.  You can’t be too cautious when sanitizing.  Everything else can go perfectly, and your beer will end up tasting like soap or worse because some wild microbe got in and had its way with your beer. 
  • Tap water in this area is perfect for making beer.  Munich has some of the cleanest water in the world, and the mineral content can’t get much better for brewing.  Don’t waste money on getting bottled or distilled water, or additives to change its nature unless you want to really perfectly emulate a specific region.  Excess minerals will fall out of solution during the ferment. 
  • Don’t open your fermenter unnecessarily.  Once you pour the beer in there, cover it (do *not* seal it air-tight right away, as it cools the air inside will contract and create suction, making it really hard to re-open the fermenter) and wait for it to cool down.  Once cool, you can pitch the yeast, and then you seal it air-tight with an airlock to let CO2 out.
  • Don’t pitch your yeast when the beer is still hot!  If you have an infrared thermometer for testing when you’re ill, that’s a perfect tool to check the temperature of the fermenter without opening it.  Once it’s down to 20C or less (might need to wait overnight), you can pitch the yeast in it.
  • “Wake up” the yeast before pitching.  Make 300ml of “starter” using either some of the beer or some table sugar (100g should be plenty).  Dissolve the beer/sugar into the water, let it cool, and then dump the dry yeast in there, stir.  Let it sit for half an hour, the yeast will dissolve and the stuff will get cloudy.  When foam starts to form on the surface, it’s awake and ready to start making beer. 
  • Buy a bottle of cheap, crappy vodka.  Use this in your fermenter’s airlock instead of water.  This is just in case the fermenter cools a little bit and sucks fluid into your beer from the airlock.  Cheap vodka will kill and disinfect anything that gets into it (like fruit flies), won’t add any strange flavors to your beer, and adds an extra layer of protection.  You can also use it to make extracts of spices and fruits to add certain flavors to your beer, or just to have in the kitchen to use with food.
  • Make sure your bottles are clean, inside and out.  Rinse them as soon as you empty them, and run them through the dishwasher.  A small bottle brush is a worthwhile investment, as is some PBW cleaner to get rid of stubborn caked-in residue.  If a bottle has some kind of stuff in it that you can’t get out, don’t use it.  Return it and get a new one.
    • Once you empty a bottle, give it a quick rinse with water and run it through the dishwasher.  Then store it upside-down and open before its next use to avoid dust settling in it or mold growing on it.
  • Don’t be afraid to taste your beer!  Set a little aside before pouring into the fermenter and let it cool to get a taste of what it’s like beforehand.  Some some aside when bottling to build an understanding of what happened in the fermenter. 
  • Don’t stress out.  Just have a beer, relax, enjoy. 

Optional Stuff

Hops and hop bags – Hops are basically green flowers, which produce an oily acid called “alpha acids” which are responsible for bittering and preservation of your beer.  I generally prefer full-flower hops myself, but I have also used pelletized hops with no problems at all.  Hop bags are disposable muslin cloth sacks that you can cram your hops into and tie off, then drop in the kettle for boiling.  When done, you can fish them out with a strainer and rinse with boiling water to recover the wort that is clinging to your hops.

Warning for Pet Owners hops both before and after use are deadly poisonous to dogs and cats.  Something in the alpha acids of the hop turns into a weird alkaloid in their digestive system, which will destroy their liver and kill them painfully.  Spent hops should go straight into covered trash.

Bottle filler – this is only marked optional because most of the starter kits don’t come with it automatically.  Costs less than five bucks, and will save you a lot of grief opening and closing the valve on your bottling bucket.  Basically you attach this to your bucket with a short length of silicon hose, open the valve on the bucket, and now you have a spring-loaded filling wand.  Abfüllröhrchen | Hobbybrauerversand, 3,19 €

Wort chiller – your hot pre-beer in the kettle is called “wort”, and getting it down to cool temperature quickly is a valuable trick.  This helps prevent contamination, and makes your wort more comfortable for the yeast you’re going to add.  A chiller is a great tool to accomplish this.  Usually these come in the form of a big copper or steel coil that you attach to your faucet with some silicon hose.  You attach the hose to the faucet, dip the copper coil into the boiling-hot wort, turn on the cold water (making sure the return hose empties into the sink), stir a bit and in minutes your wort will be at pitching temperature.  That’s a big plus. 

Measuring pitcher – a 3L or 5L plastic pitcher can be really useful in getting water into various containers that might not fit under your kitchen faucet.

Funnel – if you have a fermenter with a small neck (most of the clear PET plastic ones will), a funnel is a must-have.  Most brew shops have big funnels for just this purpose.

Paper towels – remember how I said you’d have boil-overs?  Yeah, you’re going to spill water, too.  You’ll be glad to have a few extra rolls of paper towels around.

Kitchen scale – something that’ll handle measuring up to a couple hundred grams will be sufficient.  When you start measuring hops for your own brew recipe you’ll need to start being more precise.

Irish Moss / Finings – there are several types of “fining” products, the best of these I’ve found to be “irish moss”, which basically is a dried seaweed called “caragheen”.  You add this to the boil about fifteen minutes before you turn off the heat, and it ends up in your fermenter.  Because it is very mildly charged, it attracts proteins out of solution during the ferment, which improves the clarity of your finished beer. 

Unhopped Malt Extract – sometimes it’s difficult to determine which malts are already hopped and which ones aren’t.  BrewFerm is a brand that makes it pretty clear – they include a marking just above the title of their malt type with “unhopped” in black.  You can also usually assume that if a can of malt comes with its own yeast and is marketed as a “kit”, then the malt is already hopped.  Weyermann is another brand that specializes in unhopped malt extract, though theirs is offered in only large-size containers of 4kg each.  That’s about 1kg too much for a 20-liter batch, but if you’re pushing up into the 25L range it can work out just about perfectly. 

Blowoff hose / silicon hose – during the first day or three of the ferment, a beer can be…enthusiastic.  It’ll push up a big load of foam, and in the limited confines of a fermenter, the only way out is through your airlock.  This will happen, it’s just part of the deal.  But if you set up a blow-off hose instead of an airlock for those first few days, you’ll catch the excess and can direct it into a waiting bucket or pitcher for disposal.  It’s also useful to have a few meters of extra hose around for when you buy a wort chiller. 

Beer “enhancers” – these are sold in 1kg bags, usually labeled for light, dark, etc.  They’re generally 50/50 dry malt extract and brewer’s sugar.  If you want to up the alcohol content of your beer without dramatically affecting its character, adding one or more of these is very useful.  Gozdawa is a really solid brand for these. 

Carbonation Drops – if you go “by the book”, then at bottling time you normally would dissolve a cup or so of malt into some water and add that to your finished beer, which would give you just enough sugar in each bottle to provide natural carbonation.  An alternative to this is “carbonation drops”, which are basically small sugar pills.  You add one to each bottle, fill and cap, and your sugar requirement is dealt with.  I did the cup-of-malt thing for a thirty years, and tried the drops a few years ago – both methods work very well, and the drops add a dose of convenience at bottling time which I really like.  I’ll probably keep using them for most brews. 

Oxi Cleaner– Stuff like “Chemipro” (Chemipro® OXI 1kg Braureiniger Reiniger für alle leicht beschmutzten Materialien und Flaschen beim Bier selber Brauen : Küche, Haushalt & Wohnen) is really good for sanitizing your gear before you brew / ferment, and great for cleaning bottles.  You mix some with hot water, rinse your gear with it, and let it air-dry overnight.  Very helpful, very easy, and a 1kg bottle of this stuff goes a really long way. 

PBW cleaner – PBW (Multifunktionelles Reinigungsmittel für die Nahrungsmittel- und Getränkeindustrie 450g : Gewerbe, Industrie & Wissenschaft) is sort of the “big brother” to Oxi, and when you have equipment that has particularly stubborn staining or gunk on it, you make some of this PBW with hot water, fill the container, and let it sit overnight.  PBW can eat almost any organic contaminant.  Definitely want to rinse the equipment with clean water after exposure to PBW, and make sure there isn’t any left in the container.  It will ruin the flavor of your beer if there’s some that gets left over in a fermenter or bottle.

Bottle brush – definitely worthwhile, though you won’t need it much.  Your friends and family will end up returning bottles to you on occasion that have been allowed to get a little moldy.  Having a brush and some PBW will be a good thing.

Bottle tree / drying rack – bottle trees are a set of threaded racks that fit on a large base designed to collect drip-waste, usually cost about twenty bucks, and are super-useful when you are washing and drying your bottles.  This one is similar to (might be the same one) as mine:  Abtropfständer für 80 Flaschen | Hobbybrauerversand, 19,99 €.  The top rack will seat a bottle rinser, so you can set up your system to do a quick three-squirt with Oxi from the rinser, and drop the bottle directly on the rack. 

Bottle rinser – if you’re getting a tree, get the rinser.  Flaschenspüler Avvinatore | Hobbybrauerversand, 15,99 €.  Make a liter or two of hot water with a little bit of Oxi in it, and fill the bowl up, and park the rinser on top of the tree.  You then can give each bottle a couple of squirts of solution to clean it out for sure, set it to dry on the tree, and leave it overnight to be ready for bottling day tomorrow.

Bottle jet – this is a device that screws onto your faucet where the aerator goes, and is able to direct a jet of water up into a vessel.  Very handy for rinsing out fermenters and bottles.  Deluxe Stainless Steel Bottle Washer, 19,95 € (

Posted in Uncategorized | Leave a comment

Open Source: A Qualified Failure

Been having a discussion on another board regarding the “open source” movement, and whether it has been a force for good or bad. And I have to share my thoughts on this, that it has been resoundingly terrible – the open source movement has been the worst thing to happen to computer science since the invention of the bug.

I can think of at least a half dozen companies that had truly innovative and competitive products, companies which died as a result of the plethora of half-baked “free” versions of similar software which never lived up to promise, and which invariably failed in critical ways.  Some of those companies were gearing up to offer competitive desktop OS software that could have forced Microsoft to the table and could have generated honest competition with MS.  

Instead, we get a constant barrage of 80%-finished products which have no coherent product management behind them, which are almost never backwards-compatible (or often forwards-compatible).  Often including “poison pill” GPL licensing that prevent any sane company making a finished version.  

Oh, and did I forget to mention that all these “god’s gift” open-source products are rarely given anything more than a cursory testing regimen?  And when no one is QC’ing this beatch, anything could and will go wrong with them.  I recall all the numpty Linux heads back in ’99 and ’00 trumpeting about how having open source was more secure than proprietary software…don’t hear much out of them any more, not since it was discovered that SSL had a major breach which had existed for twelve years being exploited with no one noticing. 

Nope, open-source is a hobbyist infection that has caused immense and crippling damage to the entire industry of computer science.  It reminds me of the obsession with Communism as a utopia back in the ’50s.  Lots of idealists with no real plan for how to actually make it work as intended.  

Look at what’s going on in advancements in computer science just this year. AI developments are going bananas, with all manner of cool opportunities coming up. The drivers behind these? Proprietary software companies competing with one another. Not one single open-source project is in the news as a source of innovation, among what, like six new releases this week alone? I will grant freely that TensorFlow and PyTorch are popular tools within certain AI circles, but I will also suggest that these tools succeed not because they are open-source, but in spite of that. They are single-purpose tools, not AI products themselves.

Open source is a failure. Worse, it is actively retarding the advancement of computer science and engineering. It traps good minds into thinking they are accomplishing something, when in reality they could have been contributing to a better future for everyone – including your grandma, who still doesn’t know how to use her computer. I submit we’d have had “Cortana” or “Siri” or (insert name here) being a genuinely useful version of “Clippy” driven by something like GPT3+, twenty years ago, if we’d not had this massive and worse-than-useless distraction. If all those good intentions had decided to put themselves to work and formed a collective association of ethical coders instead of the dippy “protest coding” it turned out to be, the world would be a very different, and very much better place. We – as software professionals – would also have had an opportunity to form a power base that could influence the companies that shape the future, and drive it towards better practices.  

But we didn’t. And we have been paying for it for decades. 

I will also step down from this pulpit for a few moments to point to places where “free” options have been extremely successful – highly-focused, simple applications. In these spaces, my argument falls short. PuTTY, FileZilla, Apache, Chromium, again TensorFlow, Docker, these spring immediately to mind (though in the case of Docker, I think it was just some script-kiddies who couldn’t figure out what they needed to build a clean installation script, so they just decided to clone the development desktop environment instead and call it a “dock”). They are very narrow in scope, and have very little “wiggle room” for interpretation of their purpose. A talented developer could whip something like that up over the course of a summer and call it done. They also don’t present themselves as highly-marketable apps – I can’t think of the last time someone in my orbit who actually paid for web server software or an FTP client. I will openly admit that in cases such as these, the open-source community has stepped up and provided apps which probably wouldn’t have found a simple commercial solution.  

But all that said, I stand by my original point – we are far worse off having the open-source “movement” around, than had we let the commercial proprietary companies have at each other. We still would have had “freemium” software and the variety of “private” projects by hobbyists acting under non-profit status, and we also would have had a lot more success as an industry.

Posted in Uncategorized | Tagged , | Leave a comment

On the Nature of Black Holes…And Relativity

For some time, I’ve contemplated the nature of these mysterious behemoths, and I feel they have been somewhat misrepresented in their public image. Possibly misunderstood even among the scientific community. I’d like to address them from the stance that rather than being a place where “physics breaks down” as we often hear, they are instead a place where we observe “physics at its most extreme.”

Specifically, it has always bothered me to hear people say “when this object falls in…” This is, and always has been, physically impossible. Relativity insists that it will never be possible to cross the border of a black hole. Yet this is something we have actually observed – we’ve seen stars “fall in”. I am going to point out that we aren’t seeing them “fall in”. Not at all.

Relativity has several things to say about objects falling into a black hole, how the distortion of spacetime caused by gravitational acceleration will twist things up – let’s address each of the effects, and then I’ll go over how those effects then imply the formative moments of a black hole’s birth. Finally, a brief summation.


OK, so let’s deal with the first, and easiest to view, aspect. That aspect is time. We’ll use an astronaut in our example to keep things “classic” – Major Tom (thanks, Mr. Bowie). He’s falling towards a black hole. A big one, a “gentle” one to use the phrase from the character Romily in “Interstellar”, so he’s not going to be spaghettified. (If it were a smaller hole, then yes, he’d get torn up and yadda yadda yadda all down to atoms or subatomics if you carry it to that extreme. That’s an aside.)

The apocryphal story is that if it’s a big enough hole, he could conceivably cross the surface without being killed and possibly see what’s inside, but like an astronomical Cassandra, Major Tom will never be able to get the message out as to what’s in there.

That image is, to put it bluntly, false. He’s never going to pass the horizon. The border he’s never going to cross is in actuality a surface, rather than a “horizon”. It has been represented in popular media as a non-physical boundary that simply represents where light can no longer escape. In actually what it is, is a solid surface upon which Major Tom – or at least, what’s left of him – will impact and merge. And we’ll get to that in a little while.

Back to what I started with – time. Let’s begin by looking at how time represents itself as a dimension of space. Hermann Minkowski first twigged to the nature of time in this fashion back in the late 1800s, while studying Maxwell’s laws of electrodynamics. He represented time as an additional dimension on top of the three we are already familiar with, which helped to explain why Maxwell’s laws came out looking so elegant. He posited that if you were to lay out a 2-dimensional diagram of X and Y coordinates, by “rotating” one’s perspective those axes could represent length, width, breadth, and time. When you use X being one of the space axes and Y being a time axis, then a thing which is at rest in space would be represented by a vertical column as it “traverses” time. Any motion within space would tilt that line of traverse to an angle.

And when one reaches c, then in practical experience time ceases to pass, because there’s no wiggle-room for the object to make any progress on the time axis (or, as it turns out, on any other). On the graph it would look like a 45-degree angle, but from an experiential perspective time just stops.

There’s absolutely no place for Major Tom to move in time. Space has been compacted to its fullest extent – in effect, all four dimensions are compacted into a point (if you drew it on a chart, any X or Y axis would only allow a single value, with no “range” to maneuver on). But it does not rip. That’s one of the kickers here, which conflicts with what you often hear when people say “Oh, the laws of physics break down inside a black hole.” No, they don’t. They reach their limits, but there’s no break-down. First off, because there really is no “inside” the black hole. Externally, it’s not really a hole, it’s a ball to our perception, it’s a solid piece of matter – for all intents and purposes space has compacted to a one-dimensional point that happens to have perceptible size to us, and what we have been calling its “horizon” is the solid surface of that point – and the accumulation of black hole matter upon it.

What kind of matter is that? That I couldn’t tell you. But Einstein’s relativity makes it quite clear that everything halts at the surface, where acceleration reaches c and space-time becomes completely compacted and clogged. And we’ll get to why soon. First things first. As we said, time this is the easiest one to conceive of – and because of the enormous gravitational acceleration, time locally drops to nil.

From Major Tom’s point of view, time is ambling merrily forward for him as if nothing abnormal were happening. However, the universe around him speeds up and up and up. As he falls towards the surface of the hole, his perception of the universe experiences a dramatic change.

The rest of the universe is ticking forward as expected from outside of the effect of the hole. So as Major Tom’s experience of the universe swiftly tightens, light and matter continue to fall into the hole, and any of it that comes from a vector that intersects Major Tom will line up right behind him. Depending on how the hole twists space up, there may only be one vector from which things approach the center of gravity.

All of that stuff falling on the hole throughout the lifetime of the universe, or at least the lifetime of the hole, hits him all at once. It’s been energized by the gravitational acceleration, and it all lands on his ass as he goes in. So basically as he’s falling, as he reaches the surface, he gets blasted with the most powerful pulse laser ever invented or ever to occur in nature. In effect, an X-ray laser nuke has just gone off behind him. Whatever internal structure hasn’t been torn asunder by tidal forces is going to be completely annihilated by the influx of a lifetime’s worth of matter-energy hitting him all at once.

Remember, looking at him from the outside, there’s no time going on. So there’s no time to stretch this event out in. It all piles up to occur in a single moment, a now, which comprises the lifespan of the hole. So he floats in thinking it’s going to be a gentle ride and he’s going to cross the surface to get a peek inside, and just as he reaches it, bam, he gets blown away by the biggest space laser ever. I guess we’ve discovered those space lasers.


Back to the discussion. Major Tom also represents an element of mass and/or an element of energy. When he reaches the hole, what happens to his mass? “What happens” is kind of a misnomer, since there’s no time for things to happen, but linguistically it’s what we have to work with. As a result of relativistic effect his mass rapidly ratchets up to infinity. Now this is impossible from the perspective of someone outside of the hole’s reach. We know he weighs 80kg, his suit weighs 120kg, so he’s 200kg of “stuff”. His mass can’t be more, according to conservation of energy, so obviously he can’t be of infinite mass. We’ve measured black holes. They have specific masses (usually expressed as a number of solar masses), we can see them dance with solar partners, we can see what happens to orbiting material. And we can calculate their overall mass, so obviously they don’t reach an infinite mass.

But according to relativity, as he approaches lightspeed, his mass literally reaches a state of infinity. And now that I’m looking at how this works, I can see why physicists hate infinities so much, because they really shouldn’t exist. But yes, he does reach an infinite mass. It is unavoidable – he is approaching lightspeed, and the math is undeniable. What’s more, we’ve observed mass changes in objects which follow the changes predicted by relativity. It really is happening.

But we have two measurements here, one from outside the hole’s effect and one from within it. Both are equally valid, according to relativity.

Recently, we’ve had validation of the Higgs field being responsible for granting mass to matter. As matter passes through space, it meets resistance in the form of inertia, which increases as the relative velocity increases, and the Higgs field is responsible for that resistance.

Call this a prediction – someone might have already posited this, I don’t know, I haven’t read 100% of the literature – but prediction nonetheless: with objects subject to the intense gravitation close to the surface of a black hole, the Higgs field will be bound up so tightly that it causes a localized mass of effectively infinite magnitude. I think we’re going to find that the Higgs field “spreads out” over the four dimensions, such that when time flows at its most free in deep space and uninhibited by objects of mass, one’s experience of the Higgs will be at its most minimal, “at rest” as it were. As spacetime gets constricted, however, there will be less “room” for the Higgs to spread out in, and as a result any matter within constricted spacetime will have to contend with a compressed Higgs field. It would follow that the Higgs bozon which was recently discovered at the LHC, might appear to us at different energy levels depending on how loosely or tightly local space is constricted. If we were to set up a properly-sized collider in zero-G, then the Higgs particle will be observed at an energy lower than the 127GeV we see it when performing detection on the surface of the earth.

Update 7/5/2023: Could it be that mass itself, or the Higgs which influences it, is a dimension? Similar to how we experience the dimension of time, perhaps we experience this other dimension as mass?

So to boil it down, the effect of the Higgs field will be inversely proportional to the availability of the various dimensions, including time. That would mean that the Higgs field expresses itself across all four spatial dimensions, and when those dimensions are compacted in the presence of a large attractor, the normally constant effect of the Higgs field is applied in a smaller space, thereby it is concentrated into whatever remains of them. This then grants a layman’s explanation for why mass increases for objects approaching lightspeed (Einstein was far better at math than I am, and his expressions are a much more accurate version of this).

Back to Major Tom – as we watch him slow down and fade away, his space becomes more constricted, and as a result his mass takes a sudden, steep increase as he gets nearer and nearer the surface. And as a result, he begins to exert more and more gravity upon himself. Of course, time is dropping away too, so the acceleration of this gravity is less and less notable to him, its per-second-per-second affect being peeled away by the very dilation that is amping up his local mass. It may become sufficient to overcome his internal structural integrity, much as there could be tidal forces that spaghettify an object. Except in this case, the object might collapse upon itself.

This is observed in the accretion disk, where fusion from stellar gas continues to happen, despite the star(s) being ripped apart and their own internal gravity no longer sufficient to maintain fusion of their material. The pressure within the disk builds up not only because of the volume of the material, but because the material itself is becoming more massive.

From outside, the material approaches the hole, becoming more massive but at the same time running more slowly, so as we see it the light emitted from the material begins to fade. It doesn’t emit as rapidly (photons per second) because less time is passing, and the emissions that do occur are red-shifted due to acceleration, thereby dimming what does get emitted, so overall it is steadily disappearing from view. From its own perspective, the material is compacting, going through fusion well beyond iron (at which point it stops emitting energy and consumes it instead) and into the compaction of atomic nuclei into neutronium, and possibly deeper into quark material. This will happen in the milliseconds before reaching the surface, but it will happen to all material falling in.

So it’s likely that Major Tom is going to compress locally to a point where his atoms will begin fusing. But externally his 200kg still adds to the mass of the hole (minus what gets converted into emissions that escape as he accretes). He will likely turn into at least a ball of tin foil with a hot mess of biological matter inside it as it descends.


Now that’s all great. However, we’re we’ve got one more effect that we haven’t talked about yet.

His length.

Relativity’s conservation of angular momentum demands something particularly curious (which yes, has been observed) in addition to the dilation of time and escalation of mass. As it approaches c, an object’s length begins to compress, to the point where it will approach zero.

At lightspeed, its length is nil.

Along the axis of gravitation, Major Tom steadily becomes thinner and thinner, to a point where at the surface he achieves two-dimensionality.

As if his problems weren’t enough already.

We’ve already seen above, as his mass ratchets up and time slows, he gets compressed as his suit collapses around him, becoming a gross mess inside a tin-foil ball. But because of relativistic warping of his length, it appears more like a tinfoil plate. It will be a roughly flat one, its curvature matching that of the hole’s surface, as the force of gravitation will be straight towards the center of gravity.

Time has stopped. His mass has skyrocketed to Infinity. His length has lessened to close to zero. He has become a two-dimensional, infinite mass for which time has ceased – and this is where the really interesting part happens, he never crosses the surface.

At some point that mass and its attendant gravitation, along with his vanishingly small length, will exceed the Chandrasekhar limit on its own in the direction of the axis of gravitation. Major Tom becomes, all by himself, a black hole. He becomes the surface.

Our observations of stars vanishing “into” a black hole, I submit, are not transits of a boundary. That stellar material is quite literally becoming black hole stuff, plastered on the surface of the existing hole. The Chandrasekar limit isn’t describing where the boundary is – it’s describing where the beginning of maximal compression takes place, the surface of an object. Unfortunately, determining that requires mathematics beyond my capacity.

I submit here, that a black hole is not some “empty space” with a teeny tiny singularity inside – it is a solid body. It is made up of all the maximally compressed matter and energy that has ever fallen into it, bound up in maximally compressed spacetime. What we see as city- or solar-system-sized “holes” are solid objects whose surface exists spread upon a medium of spacetime that has been compacted as far as it will go. Just as a neutron star is a solid body of compressed matter, a black hole is simply the most compacted form of matter and energy there is, within the most compacted form of space-time there can be. Rather than breaking down the laws of physics, a black hole is the embodiment of them. It represents those physical constraints at their most extreme. Within it, we have achieved some phase of matter beyond what we know – matter and energy have become a single homogeneous material.

I don’t know this for sure, I obviously can’t look. I can’t see that closely. This phase of matter may be a fluid, it may be a solid, I don’t think such qualifications can be applied here.

But we’re still dealing with a form of matter that has been maximally compressed. And rather than being a rip in space-time or a hole in space-time, what we are seeing is the expression of matter and space-time at its most extreme. And no, the laws of physics do not break down inside a black hole. They reach their limit, their theoretical maximum of whatever measurement we’re trying to imply or measure, but they do not break.

Space being stretched to its maximum in this instance, we will have the result of what amounts to a spherical “pit”, which when graphed will look like the classical “stretched cone” diagrams everyone sees when talking about black holes. But in at least two dimensions the thing will have a property of motion, as it will be rotating – and continuing to accelerate in its rotation, if it has an active accretion disk. That rotation will steadily decrease over time, as it bleeds rotational energy into a steady, monotonous gravitational wave.


These all have implications on the formation of a hole, how it occurs at its initial moment.

I keep calling it a hole simply because the terminology has been there since I was a child. It’s not a hole, it’s a ball. It’s a solid ball, solid all the way through (which can appear deceptively large). From the moment that the maximal compression was reached, in the heart of a dying star. Or the moment that the primordial soup at the Big Bang reached maximum compression.

Which, when one considers it, may lead to the question of why isn’t everything already a black hole? During the bang, things were compressed pretty tightly, and it seems logical that things should have just remained together as a black hole. But then we get into “inflation”, wherein expansion exceeded the speed of light, which would certainly explain how we turned black hole matter inside-out and spewed out a universe.

(I put quotes around inflation for a reason – there is a clarification that can be done there, that what we consider “inflation” is actually evidence of a collision between two universes, one of space-time and one of matter-energy, but that’s a topic for a different essay.)

That spewage of universe back at the beginning doesn’t necessarily have to mean that all matter escaped black-holedom. There may very well be quite a bit of our universe still bound up in black hole material, fragments of the original impactor sailing around through space.

These original fragments may explain where some of the biggest holes originated from – superdense clumps that formed during an uneven expansion in the first moments of the universe. Who knows? Maybe the Great Attractor is simply a black hole so enormous that it would completely overwhelm our concept of size. We wouldn’t see it, because it’s not feeding, there’s nothing for it to feed upon. I don’t know. There would probably be some sort of residual image of it that JWST or a later telescope would be able to see, or a hint of it in the cosmic background, perhaps a lensing effect around it, or a greater red-shift directly before it and a blue-shift to the light lensed around it.

All of this black hole matter, the maximally compacted matter and energy, this exists in what is likely to be a homogeneous purest state of the stuff we consider to be “normal” matter. This stuff forms when gravitation – the warpage of space-time – compresses that matter to the point where it overcomes all of its own interacting forces.

When a star goes into collapse, gravity finally winning out over fusile pressure, all that mass cramming down towards the center, sooner or later some small pocket goes into maximal compaction. The atomic nuclei get pressed together, fusing far past iron and creating an energy vacuum, completely off the periodic table and into neutronium, that tiny core neutron star with overlapping gravitation not just of itself but from all the other crushing material coming in, the accumulation of forces finally reaching the tipping point of c.

Maybe it’s only a few atoms in size, maybe it’s the size of a full neutron star, but spacetime as well as matter achieves that maximal compression. From here, we end up with layer upon layer being forced onto the hole, each atom or molecule or quark plastering itself upon the surface, relativistic effects forcing them to each become black matter like a quasi-stellar onion.

And that star’s death continues to force-feed the hole, layer after layer of stuff being put down. It all goes through the same process we described for Major Tom previously. Space scrunches up and Its time slams to zero, the Higgs field goes crazy and its local mass explodes into infinity, and its length renders it effectively two-dimensional as it settles onto the horizon. Within its own Schwarzschild radius, the spacetime completely locks up, it crystallizes for all intents and purposes.

And as a side note, this is probably the only place in the universe where “vibration” cannot occur, and therefore perhaps the temperature would be considered to be absolute zero.

I want to term this stuff “black matter”, rather than dark matter, because it’s important not to confuse the two. Dark matter doesn’t interact with normal matter, whereas black matter interacts like a drunken undergraduate on spring break. Get too close to the door, and you’re going to get dragged into the party, never to escape the same again.


To synopsize, the popular conception of a black hole as a hole, as somewhere that physics breaks, is a false image. It may be due to the naming of it, the conceptual implication of the use of our language resulting in people viewing these as largely empty spaces. But Einstein laid out the rules very clearly – there can be no “hole” there, no demarcation border to be crossed.

Within our universe, we have limits – and a black hole does not exceed or break these limits, rather it embodies them. It is a solid form, of similar nature as other “strange” stars such as neutron stars and quark stars. Its black matter is the ultimate expression of the laws of gravitation being applied to “normal” matter and energy, maximally compacting that material into a homogenous ball.

With space having frozen in place in endless layers, this ‘cosmic onion’ also ends up preserving the matter which has fallen upon it – but any such matter has itself already been annihilated by the additionally infalling matter-energy, and maximally compressed into black matter itself.

Posted in Astronomy, Cosmology, Physics, Science | Tagged , , , , | Leave a comment

Protected: My Accenture Exit Interview

This content is password protected. To view it please enter your password below:

Posted in Uncategorized | Enter your password to view comments.

Delphi is 27!

We’re coming up on the 27th anniversary of the release of Delphi, a programming system that pretty much defined a big chunk of my career. It’s always been a great “secret weapon” in building fantastic software, and I’m proud to say I helped steer it for a few years back in the early 00s.

This year, we lost one of the core members of our team from back then, Danny Thorpe. Generations always come and go, but this one hit kinda close to home. We weren’t best friends, you know, just reasonably good ones. And this year, the anniversary makes me think back to the members of our team who aren’t around any longer.

There’s a lot of reasons to love working with Delphi. I guess I just didn’t realize there were a lot of ways in which the building blocks within it and behind it carry the echoes of all those old friends. But there they are.

I’m going to go back this weekend and reinstall my old copy from back then just so I can do the ‘team’ hotkey and raise a glass to our old friends, those who are both here and those who are gone.

Happy anniversary, everyone ).

Posted in Uncategorized | Tagged , , , | Leave a comment

An Open Letter to the Democratic Party

Are you people that stupid?


I used to think “No, they can’t be that dumb. They have to see this.” But apparently it has escaped notice.

I genuinely would not have thought so, but I guess someone has to spell this out for you. 

You MUST stop treating the Republicans as a political opponent.  They are no longer “another party.”  They are an avowed enemy of the United States of America, a genuine domestic enemy.  And you are failing to protect us from them.  While they wage an un-declared war against the people of the USA, you amble on merrily forward, pretending that your big old “Infrastructure Bill” is going to matter after Jan 20 2024. 

While you screw around, they are establishing with State legislatures the option to ignore election results and install their own people in office.  That is a DICTATORSHIP.  It is not the United States.  They are extinguishing the USA and you are sitting by, idle. 

Republican governors are establishing their own “state civilian military” forces, and you sit idle, thinking that the Justice Department will fix things.  Do you have any idea what those forces are for?  You haven’t thought about it much, have you?  You think it’s some kind of idle fantasy of theirs, don’t you? 

Let me spell out the situation for you, using a hypothetical situation that is likely to unfold next year. 

November 2022:  The House of Representatives becomes majority Republican due to gerrymandered districts.  A new Speaker of the House is appointed, likely to be a Trumpist such as Jim Jordan, or worse.

December 2022:  A MAGA militia member cultist assassinates President Biden and VP Harris.  Trumpist is 3rd in line of succession and is sworn in as 47th President.

December 2022:  Protests nationwide against the MAGA takeover occur.  Republican States with “civilian military” gun down protesters indiscriminately.  Locally, any allegations or charges of murder are dismissed using the Rittenhouse trial as precedent/justification.

Throughout 2023:  Republican State legislatures “reform” elections to be submissions of an electoral slate that they approve, ignoring any outcomes suggested by voters. The Federal Legislature is either completely stonewalled, or is in Republican hands. If the latter, the Filibuster is dismissed and Republican legislative agenda – which enshrines their one-party rule forever – is passed, signed by the “President”, and rubber-stamped by the “Supreme Court”.

2024:  gerrymandering re-captures the Senate for the Republicans if they don’t already have it, and a combination of gerrymandering and vote dismissal further entrenches the House in the hands of the Republican Party.  The Presidential election results are dismissed by State legislators, and Republican slates of electors are the default state of being for the United States.

At this stage of the play, legislation becomes driven wholly by Trumpist Republicans.  Elections are no longer of any consequence, and “democracy” as we know it in the USA is dead.  With gerrymandering the norm to claim legitimacy, Trumpists and sleaze-bag Evangelical Theocrats start amending the Constitution with rubber-stamp State Legislatures. The USA as we know it is dead.

This sort of fascist takeover has already happened in several countries worldwide.  It must be seen for what it is:  an attack on the USA, aided by an organized foe within our borders waging an un-declared war against us, funded by internal dark money and extranational money.

We’ve seen just how insane and violent these Trumpists are – they cannot be allowed to lay hands on the levers of power within our country again.  If you have any inkling of history at all, you know where this leads.

The strongest military force in the world cannot be taking orders from these lunatics.  QAnon followers with access to nukes?  Delusional fanatics with nuclear weapons? By 2030 we’d be in a nuke fight with China.

And you want us to be excited about your goddamned infrastructure bill? 

If you care in the slightest about the future of the world, you had best take this seriously.  They already tried a coup in 2020.  They are refining their process and taking steps to guarantee its success in the coming months and years. 

And if you stand idle, it’ll be you they end up sending to the gulag.  Assuming they don’t just publicly execute you on camera, on the front steps of the Capitol building.

Posted in Corruption, Crazy, Evil, Politics, Teabaggers | Tagged , , , | 2 Comments

Setting Up A New Fortigate Firewall

Sooo…my Cisco Meraki subscription runs out next month, and Cisco doesn’t want to talk to me about what their re-licensing options are. I like my MX64, the interface is really nice, and the device is super effective. But I can’t find out what they want to charge me for a fresh license, or even if they will sell me one. Their partners wouldn’t respond, they themselves wouldn’t respond, so I took the logical next step.

And I upgraded to a Fortinet firewall. I wanted a NGFW with full-service features, Fortinet’s got it. I wanted one that had a great rep, they got it. I wanted a good, clean UI, and they got it. Well, mostly they got it. I’ll say this – Meraki’s UI has Fortinet beat on intuitive nature, clean look, and logical division of features. It’s just better. But Meraki’s UI has a flaw: it is entirely cloud based. If I have a problem with my firewall, chances are high that I can’t reach the internet. And that means I have no method to work with my firewall unless I happen to have all the CLI memorized and the Meraki unit decides to be kind to me while trying to authenticate my login with Putty.

So I got myself a little Fortinet, a model 40F. Much like the Cisco offering, Fortinet uses the same web interface and commands across the board of their product line, so if you learn one you can run them all. Nice touch, that.

And it’s just so cute.  Who’s a widdle firewall?

And much like the difference between the UIs, the setup had a similar situation.  Fortinet just required a bit of a push over the finish line, and it was a frustrating push.  With the Meraki, it was quite literally a plug-it-in-register-go affair.  You could add more complicated configs after setup, but if all you needed was an above-average firewall that would let you go after setup, that was the bomb.  I had it in and running in ten minutes. 

Next-Gen v. Traditional Firewalls

You keep hearing about “NGFW” devices in network circles, but what exactly are they? 
Briefly, traditional firewalls worked on a port-and-IP basis, blocking undesirable connections by simply turning away traffic that wasn’t addressed acceptably.  Maybe it came from the wrong country, or asked for a port that wasn’t “open”.  This is called “intrusion prevention.”

NGFW devices do that too, but additionally they can inspect the contents of the packets that are accepted, and are able to filter traffic that contains unacceptable content.  For example, a NGFW might know to look for viruses or dangerous payloads in email traffic. 
As well, the NGFW is usually enabled with frequent updates to its library of dangers, or it may even perform cloud-based real-time inspection to catch zero-day threats.  A Fritz!Box just doesn’t do that.

Not so much the Fortinet. 

Which is why I’m writing this:  I want you to be able to do a fast setup and avoid the stress I had. 

So let’s go through it, shall we? 

When you get your new device, you pop open the box and the first thing you see is a “quick start” manual, which will do you no good at all.  I’ll explain why shortly. 

Beneath that, you’ll get a net cable, a power adapter (standard wall-wort with various national plug adapters), and of course the device itself sealed up in a plastic bag.  As well, a little sticky that has some simple steps on it. 

Position yourself within arms’ reach of your internet modem/router, and lay your things out around you in easy reach.  Have a laptop or other computer powered up and ready here.  Minimally you’re going to need the Fortigate device, its power adapter, two patch cables (LAN cables), and your computer. 

Important:  Don’t Get Ahead Of Yourself.  I had this device up in my office, getting it revved up to take over from the Meraki, and I was setting port forwards and a bunch of other stuff prior to the following steps.  That was a mistake that cost me a few serious head-scratches.  Some of that stuff conflicted with the basic setup and cost me time.

Yeah, that’s the sticky

1. Follow the instructions on the sticky, but not in the order given.

Do the “Cloud Setup” first.  Go register your name and enter the “cloud key” like it says.  

Next, assemble the power plug and plug the little critter in.  Attach your laptop or other computer to the device using the included cable.  Turn off WiFi if it’s on, and either enable DHCP (in which case you then need to tell your adapter to renew its IP) or set it to IP with a subnet mask of 

If you have a mac or an iPhone, do that Apple stuff.  Whatever. 

Open a browser and go to HTTPS://  < Note the “S” there.  Gotta have that.  The device by default won’t feed you a page if you’re not on HTTPS.  You should at this point be given a web page interface to the device.  By the way, the login is “admin” with no password.  It’ll prompt you to change that when you enter.

Should look a little like this (I pulled my ISP’s IP and the license server’s IP just to avoid confusion – your IPs will be different)

By the way, go look for my article on passwords.  You want to set a good one for your firewall.  And keep it safe in a manner that you won’t forget it.

It will also prompt you to register your device.  Ironically, you won’t be able to, so just tell it “later”. 

If it does not give this to you for some reason, get your vendor on a chat line or a phone line and have them walk you through enabling the web GUI (details can be found here:  I didn’t have this problem, so I don’t anticipate it to be common on new devices.

All good so far?  I hope so. 

2. Plug the Fortigate in to your modem/router.

I have a “Fritz!Box” 7490 here (yeah, I run multiple firewalls in a chain, call me paranoid if you have to), but this will work from a regular modem or other router, too.  The physical structure of your network when you do the setup should break down into the following:

Wall Socket > modem/router > Fortigate device

Where “>” represents a physical cable (it might also be wireless, but I’m not getting into that here).  So the wall cable goes into the “WAN” or “Internet” port (or whatever similar word they’re using on the brand you have).  You’d normally then have 2-4 “LAN” ports beside that which are supposed to lead to your computer or a switch or something. 

Take the second of your patch cables and plug it into the “WAN” port of the Fortigate (the first is running from the Fortigate’s LAN port to your PC), and the other end of it should go in one of those LAN ports on your modem/router. 

Wait a few seconds, and then in the UI page of the Fortigate, navigate the left-side menu to Network > Interfaces.  You should see at the top of this page a little indicator showing which ports are active on the device.

That’d be what I’m talking about right there.

You can hover over the ports, by the way, and they’ll give you a read of the connection details.  Nice touch there, Fortinet, I appreciate that attention to detail. 

Fly-by hints are nice. IP blocked to protect the innocent.

This would be a good time to go into your modem/router and fix the IP it gives your Fortigate, just so you have a record of it somewhere. 

3. You’re all done!  Happy surfing.  No, just kidding, this is just where they dump you on the side of the road.

No, really.  This is where they leave you.  On my old Meraki, that’d be fine, because I could get out to the internet from here and start goofing around and playing World of Warships or reading stupid Facebook posts.  But really, you’re not done here.  If you try to get out to the internet (go ahead, I’ll wait) you’ll find that your browser just gives you the finger.  Usually in the form of “DNS can’t be resolved” or something equally useful.  Also, in the Fortigate dashboard you’ll see under “Licenses” that none of them are confirmed and there’s a red bar that says “Unable to connect to Fortinet servers” or something like that.

@Fortinet – here’s where you guys dropped the ball.  A couple of simple defaults would have saved me (and who knows how many other people) a few hours of grief and head-scratching. 

Are you still at the “Network > Interfaces” page?  If not, go back there.  You have to configure something.  In my case (with a model 40F) there aren’t too many interfaces to choose from, and mine is called the “Physical Interface”.  Yours probably shows up as “wan” or something similar.

That’s the bugger right there.

Double-click on its name or right-click and choose “edit”. 

Here’s what you get taken to next – most of it won’t need to be modified, you just need to review it and be passingly familiar with what’s in here:

Let’s touch on these points in red.

The items highlighted in red there are ones you need to pay attention to.

  1. Alias – give your WAN connection a meaningful name.  Even if you only have one WAN hookup, it doesn’t hurt to name it after your router or your ISP so you know what you’re looking at.
  2. Leave role as “wan”.  If you’re using others, then you probably know enough that this article isn’t telling you anything new.
  3. Depening on how your modem/router hands out IPs to equipment, pick the appropriate style here.  My Fritz!Box is set up to use DHCP, and I’ve told it to always give the Fortigate the same IP when it sees it, so that’s the route I took here.  If you prefer to fix the IP within the device itself, then you’ll want to set it up on Manual. 
  4. DNS – confirm that your DNS server is set correctly.  If you don’t know what I’m talking about, ignore this for now.  I prefer to use Google’s DNS servers for my stuff, so the Fritz! Hands that off when an IP is requested.  Your mileage may vary. 
  5. Default gateway – for the Fortigate, its default gateway out to the internet will be your modem/router.  Ensure that this value represents the IP that your modem/router presents inside your walls (not the value it uses on the world-facing side).

Record your default gateway value in notepad or something.  You’ll need it shortly.

4. Here’s The Biggie

We’re at the point where the biggest “missing link” should have been.

@Fortigate – again, a short add here will save your customers some grief.

Devices like a regular modem/router or regular commercial firewall products that you can buy at MediaMarkt or Best Buy, etc., have a default rule in them: “If I get traffic coming in on the LAN ports, and the address isn’t in my house, squirt it out to the internet to find its way.” 

That rule doesn’t exist here on the Fortigate.  Which is why if you try to reach a Google server right now, your system will tell you to go spin.  So, we have to create it and give it to the Fortigate, so it knows that it should do its job. 

Navigate on the left-hand menu to “Network > Static Routes”.  There’ll be a big bag of nothing there.  At the top, choose “Create New”, and you’ll get this:

Just need to tell the Fortigate where the door is so it can let your traffic out.

Leave “Destination” alone.  That represents the address of the packets the firewall receives.  Grab that “Interface” drop-down and choose the Wan interface you configured (you did give it a good name, right?) a few moments ago.  It should populate the Gateway Address for you automatically, but if it doesn’t, you can enter it because you recorded it in Notepad or something when I told you to. 😊

When you’re done, it should look like this:

It assigns this just from choosing that drop-down.

In computer-speak, we’re creating a default static route that’ll go into the route table of the device.  In human language, that means “When the firewall sees an address on a packet it doesn’t recognize, it throws it out the window into the Internet to get handled.” 

@Fortigate – Really folks, you should just include this as a default.  Experienced users can always delete or disable it.  How many people buy a firewall and then don’t have a default like this? 

Don’t worry about Advanced Options or anything, just make sure to “OK” it.

At this stage, I re-booted my firewall (just pull the power and put it back in) to get it to take up the new route.  I suspect if you go get a coffee or something instead it will eventually pick up the rule and apply it without this, but I didn’t want to wait. 

Now that the static route is in, you should be able to connect to the internet from your firewall.  At the top right of the page, you’ll see an option for a command-line interface:

That’s it, right there ^^

Click on that, and in the faux terminal that pops up, enter:

execute ping

You should be getting back something that looks like this:

Queue John Mayer singing about 1983…

You can also now connect out from your computer connected to the firewall.

The dashboard of the Fortigate should now also show under “Licenses” which ones are active, and that red “unable to connect” bar should be gone.

By the way – you can now safely set up your port-forwarding rules.  If you’d done so before this, your default way out into the internet would have conflicted with rules already governing the default gateway, and you’d be wondering why the Fortigate won’t accept your default route outwards. 

That sucked, for about a half an hour.

5. You’re in the Home Stretch now

So, you bought a firewall, and you’re all set to connect to the internet.  But this isn’t just some plain old Fritz!Box, this is a Next-Generation Firewall that can protect you in all manner of ways that you should expect out of a 21st Century product. 

But as with the “tell it to send my traffic to the internet” case, we have to actively tell the firewall to use those abilities

@Fortigate – really?  You ship all these cool features and you ship with them disabled?  The FW can’t ask “what am I licensed to turn on” and then turn that stuff on in a policy for the user?  At least provide some basic enabled stuff, folks. 

Let’s turn on the goods you paid for. 

This is the stuff you pay annually for, the really solid protection measures.  You might have bought your device without any subscription, in which case you can skip this step, but I suspect you wouldn’t shell out that kind of bank just for an intrusion-protection brick. 

In the left-hand menu, head for “Policy & Objects > IPv4 Policy”.  There will be one or more rules already present in that bucket.  What you want is the one that is titled “internal > [your WAN name here]”.  Open that one up and edit it. 

You’ll get a screen something like this:

This is fully configured for me, see below for what would be some good ideas to perform on your own.

First, give it a name.  I use “Default Permitted” because this policy will by default permit someone to issue requests out to the Internet, and will only interfere if the target has some issue.  Hence, by default it permits the traffic. 

Incoming interface refers to where the firewall is seeing the traffic originate.  In this case, it will come from my internal network.  Outgoing is where the traffic wants to go – in this instance, out the WAN into the wild, wild internet.

Source/Destination should be “all” in this case.  I’m defaulting to allow almost anything, after all.

Schedule – how or when is this rule going to run?  You can create rules that apply only during office hours, or ones that turn off when the kids are at school, etc. 

Service – this refers to what protocols are covered (HTTP, mail, pings, yadda yadda).  Kind of a poor choice of name for a pack of protocols.

Action – in my case here, “accept”.  If I wanted to shut everything down by default then I’d use deny.  If, for example, I was operating a high-security bank or defense contractor, I’d probably start with “deny” and add exceptions for accept.  But, this is my home network, and I want my Netflix, so Accept it is. 

The Firewall/Network options should be left alone.  If you’re comfortable enough to dork around with those, you don’t need to be listening to me ramble on.

Now, here’s what you paid for: “Security Profiles”.  By default, these things are turned off.  Turn them all on.  Your device will eventually complain to you if you don’t have a license to run a particular profile, and you can turn it off then.  This section should have been called services, because really that’s what they are – paid services that add value beyond just the hardware and the Fortinet SOC chip. 

Take note of the “Web Filter” – you’re probably going to want to go in and adjust a few things there, as this is what governs the content filter for your network.  For example, I occasionally play on pokerstars, but gambling sites are by default blocked.  So I wanted to loosen that rule a bit.  I also wanted to block certain types of site from my net which my kid doesn’t need to see, so reviewing those settings was pretty important. 

Once you’ve enabled what needs to be on, make sure “Enable this policy” is green and “OK” this to apply it.  The line entry should now look a little bit like this:

Safe as houses.  Well, hopefully more, since most accidents happen around the home…

6.  You’re All Done!  Seriously, this time.  Time to wrap up.

So, from the perspective of a home or small business, you should now be good to go.  If you are going to implement a security fabric, that’s really beyond the scope of this little how-to (and if you’re familiar with that angle of Fortinet’s stuff, you probably didn’t need this guide anyway). 

Anyway, I hope this helped to walk quickly through the setup of your new Fortigate, without all the hair loss and whiskey drinking that my own setup ended up putting me through.  If it did help you, let me know in the comments.  Makes me feel good to know that I helped at least one person avoid the trouble. 

Happy (safe) computing 😊. 

This all seems like a lot of trouble…

Yeah, admittedly it is a bit of a pain in the ass.  But I have to say, as an IT person reading the news, the cost of a NGFW is pretty worthwhile.  In the case of Fortinet, you pay about six to eight hundred euros for the device itself and a one-year subscription to the security services.  It’ll be a two or three hundred per year after that.  Other vendors of similar quality cost about the same.  That’s not cheap. 

But then, losing my entire ripped video or music collection would represent a few hundred hours of work that would have to be re-done.  Worse still, losing the first eight years of digital photos of my kid would really chap my ass too.  And I haven’t even touched on the potential for identity theft or potential monetary loss if my digital bank statements got stolen.  Or if my network somehow became compromised and my work laptop got exposed.  I think it’s safe to say that anyone who runs their business on computers needs the kind of protection a NGFW offers.

None of these problems is a certainty, and none of them is even a probability.  I know my stuff, and I’m not likely to have a fault in my own behavior.  Likely being the key word.  I can still make mistakes.  Hell, even Jason Momoa has a squad of bodyguards.  Jason freaking Momoa. 

I’ve got a family now.  My kid has figured out how to download stuff to her tablet (thanks, Google, for the Family Link – I know exactly what she’s getting into now).  My mother doesn’t necessarily have the same paranoid instincts I do about mail attachments.  My wife is pretty darn sharp, but she can make an error just as I can.  Who knows what some cretin in a professional hack-farm is designing right now to screw everyone over with? 

I know I won’t necessarily be prepared to deal with it.  So, I outsource it to the best minds in the business.  They will see the news about that guy before I ever do, and will be working on a fix before I’m done with my coffee that morning.  They’ll jet it into my device while I’m still getting dressed.  

I like that. 

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Justice Must Be Served Upon Them

Unfortunately, ‘taking the high road’ is what led us to where we are now. Taking the high road fails to oppose people who don’t give a shit what road you’re on. I’ve been extremely vocal about this stuff for probably the last fifteen years – mainly because I can see where it is headed.

In fact, it’s why I left the USA to live overseas in 2008. It comes down to this: it only takes one side to wage a war. When that side has determined that war is its preferred / only option, they will proceed. Pretending that isn’t happening by the other side(s) only enables it.

The Republican party has been sleepwalking into war against our citizenry for the last thirty years.

They’ve had outlets for their (often religiously-inspired) violence overseas during much of that time. However, their latest batch of leadership took the racist trappings of the Teabaggers and dressed it up with the criminality of the Trump family, while adding in Trump’s own sympathies for the American Nazis and the KKK.

And those fucking people *NEVER* just “walk away” from power.

They (individually) almost had their hands on the brass ring. Their own guy did have it there, and despite the leashes on it, he nearly brought our country down. They can *see* it is in their reach. These filth are compelled to grasp for power, in their urge to abuse others with it.

For those who committed crimes while Trump was in office, Trump included, pursuit of that power is quite literally a life-or-death struggle.

So FOX, OAN and Newsmax, these are just the “pravda” wing, the modern apparatus that Joseph Goebbels would have jumped for joy to have at his beck and call. And they know they can pave their way to fortune with the racism, with the hate. So they’ll keep blathering it on, because that’s how they keep pulling in support for their attempts to create their own version of “America”.

And the only way to fight them without actually barricading the doors and burning down their office (which I think I would prefer), is to call them out for shame, for ridicule, for prosecution.

It won’t end there. They’ll never stop coming back, until we kill enough of them and their children to convince them that this is a bad path they are on. By opposing them though, one encourages others of good nature to oppose them as well, and it fights the fear that these would-be dictators want to use against the rest of us.

So yes, speak out against them. Even if you’d never pull a trigger against their forces. It might not feel like you’re doing much, but you’re signaling that what they are saying is not okay – you recognize it. And you endorse speaking out against it by your own action.

But be ready – it won’t end with just talking. They *will* convince themselves that war is the way, and when they stop sleepwalking it, we had better be ready to put them down like the rabid dogs they are.

I mentioned prosecution earlier. Justice must be served upon them, as I said in the title of this post. Prosecution, you ask? Yes, prosecution. There is a crime here, being committed in front of cameras and in broad daylight. Almost daily it is being committed. What might it be, you wonder?

Accessory After The Fact. Also, Misprision of Felony.

The perpetrator determined to be an Accessory After The Fact is someone who assists someone who has committed a crime, after that person committed said crime, with knowledge that the crime was committed, and with intent to help that person avoid arrest and/or punishment. It is a form of obstruction of justice, and can be prosecuted as such. So when Elise Stefanik steps in front of a camera and tries to levy blame onto a primary victim of the Jan 6th Insurrection – trying to deflect blame onto Nancy Pelosi, who was a target for assassination by the insurrectionists – she is committing felony obstruction of justice and is an Accessory After The Fact.

When Representative Andrew Clyde downplays the insurrection and claims the Republican terrorists were no more than “tourists”, he is an Accessory After The Fact.

When Trump himself attempts to gaslight the media with his blather of “so much love” and fabricates that the police “greeted them with open arms”, he is an Accessory After The Fact.

Misprision of Felony is itself a felony crime, prosecutable against anyone who, having knowledge of the commission of a felony, conceals said crime and does not as soon as possible bring that crime to the attention of a a judge or other civil / military authority under US code.

So when we do find that Jim Jordan, or Lauren Boebert, or their staffers have knowledge of collaboration with insurrectionists and failed to report those crimes, they are guilty of misprision.

And these crimes must be punished to the fullest extent of the law. To fail to prosecute invites a repetition of those crimes. These people, and their ideology, must be ended.

On top of that, we have discovered now that to allow fascist ideology to go unpunished invites insurrection. The American Nazi party, and all of its offshoots, as well as the KKK and its offshoots, are long past due to be declared as terrorist organizations, their membership hounded down and exited from society with extreme prejudice. People need to be made aware that their choices to follow vicious and anti-American agendas come with severe consequence.

We have coddled these freaks for far too long.

Posted in Uncategorized | Leave a comment

The Storm Continues

About a year ago, I wrote “The Perfect (Digital) Storm“.

In it, I stressed “Authoritarian Behavior” as a key element to a dystopian hellish future.

Some few months earlier, I wrote “The Worst Enemy We Have Ever Faced As a Nation“.

In that, I pointed out that the Republican party had become a nation-eating cancer.

To quote Ian Malcolm (Jeff Goldblum’s character in “Jurassic Park”): “Boy, do I hate being right all the time.”

Since writing those pieces, we’ve found out that Trump not only incompetently handled the Covid-19 crisis, he intentionally mishandled it, leading to the 2nd-Degree Murder of over 500,000 Americans alone. We’ve seen him – and the entire Republican party behind him – use police to attack crowds of peaceful protesters. We’ve seen the Republicans attempt an overthrow of a fair and lawful election on Jan 6, 2021, which was also an attempted assassination of the 1st and 2nd in line of succession. We’ve been watching a slow-motion coup as Republican state legislatures enact laws that dismiss the results of elections they don’t favor.

It’s time for people to step up and act.

I fully support not only an investigation of the Jan 6 insurrection, but expulsion of all Republican members of Congress or the Senate who voted against such an investigation. And so should any and all persons regardless of political party, if they hold even the slightest loyalty to the USA.

Because attempted insurrection must be punished.

ON TOP of that investigation, I think it behooves everyone to recognize something *extremely* important here: the Republican party has begun its metastasis into a violent terrorist group.

As an organization it must be treated as a domestic terror organization, and its donors and supporters put on notice that any further support will be considered support of terrorism.

I warn anyone within sight or earshot – if you fail to treat them as what they show you they are, you encourage their action. They have already led an attempted multiple assassination and coup attempt.

They do not understand “reason” or “compromise”. They only understand violence.

Hence it must be visited upon them with such severity that no individual member will be willing to broadcast or act upon his/her support of their “cause”. Their leadership must be tried and have justice visited upon them in the harshest form, and we should not be afraid to sit more than a few of them in the chair upon conviction.

The *only* reason we are seeing this happen today is because we were too timid and allowed prior Republican administrations off the hook for their crimes. So emboldened, Republicans no longer take “justice” seriously. Why should they?

And if we do not harsh down on them now and demonstrate that their brand of crazy carries unbearable consequences, they will do this again. And eventually they will succeed.

And when they do, the US will be run by a pack of violent half-wits who will believe any crazy conspiracy theory they are fed – which will include and result in the execution of gays, Jews, liberals, or anyone else who opposes them.

Posted in Uncategorized | Leave a comment

Wrestling with Jira

I recently upgraded the home network here, and pulled a load of stuff back in from my AWS cloud. Not because I thought AWS was bad or anything, I just needed to satisfy some geekdom here in the house, and this seemed like a good way.

So…long story short, in the last eight weeks or so I’ve become comfortable with SuperMicro mainboards, lots of RAM, replacing Xeon CPU coolers, setting up iSCSI on Synology NASes, Installing and maintaining Hyper-V (I was going to go vmWare, but the cost for me as a personal user was prohibitive…and I refuse to run command-line trash unless I absolutely have to).

And Installing Jira.

First problem I encountered, Jira forgets to let you know that you don’t have the correct JVM version running on your machine, and it doesn’t bother to carry it along with itself, nor does it direct you to pull a copy down, so swing on by the Java page and get the latest-greatest onto your server in advance.

Now, Jira’s base demo install with its own bundled database is pretty simple. Pull it down, let it run, record the account names you give it, voi-la, done.

But if you try to get it to load on MS SQL Server, you better have a steady supply of blood pressure medicine, or you’d better read on.

Pertinent details: this is running on a Microsoft Windows Server 2019 Standard edition virtual machine, hosted within a WS2019 DataCenter edition host computer. The guest VM has an external switch, so it can reach out to the internet (for now, might change to internal only in a while) when it needs to.

My SQL server uses a named instance, which is both good sense and as it happens “best practice” in Microsoft circles. This seems to have escaped the notice of the folks at Atlassian, though, because Jira doesn’t know a goddamned thing about named instances. Maybe that’s because the folks who write it are using Java, and that’s always been a solution looking for a problem. Anyhow, my personal gripes with Java aside, for some reason Jira appears to be ignorant of how MS SQL uses named instances.

When it installs, Jira creates a configuration file called “dbconfig.xml” within its installation directory (to be specific, in the [Atlassian directory]\Application Data\Jira directory). Pretty simple little file, contains only the details necessary to connect the JDBC driver to the host database for your Jira install. When Jira’s service app wakes up, it reads from this file in order to get its parameters set correctly.

In order to get that file built properly, Jira will ask you for details regarding your setup during its installation. It’s the second thing you’ll see when you start up. Looks just like this:

As you can see here, you pick your DB type from the drop-down, give it the host name as either a resolvable name or an IP (in my case I used a name), a port (1433 is standard for SQL Server, more on this later), the name of the database you created for Jira to use, the login name, the login password, and a schema name for it to use.

Most developers would test this once the wrote a step of this importance. You’d think a company with the kind of cash Atlassian has could afford a proper QA team to put this through its paces, wouldn’t you? Yeah, I was surprised as well. The install screen’s code completely borks up the dbconfig file.

Once you realize that the regular install will simply not proceed (because “test connection” and “next” both bomb, timing out because it can’t even connect to your server), you’ll end up discovering that there’s this little Java applet called “config” which you can invoke from within the Jira directory. You have to get to it through a command line, but it has a handy little GUI into which you enter data similar to the above. But then config borks up the file in a similar fashion.

What you end up with is something like this (value you entered appear as “YOUR_SOANDSO_HERE” in Red):

<?xml version="1.0" encoding="UTF-8"?>

    <validation-query>select 1</validation-query>

Schema name is fine. That’s no problem. Same with your user name and password. The problem is in the assembly of the “URL” line there. In the case of a server running MS SQL with a named instance, Jira is going to need more, and correct, information. That URL line will have to end up looking something more like this:


Notice the following:

1.  The semicolon preceding “serverName” is removed.

2.  The serverName should include the instance name, just as you would when logging into SSMS or literally any other software program on this freaking planet.

3.  You must add an additional parameter, “instance=[insert your instance name here]”, following the server name and preceding the databaseName.

4.  The parameter “portNumber=1433” is removed (including a port # reference on an instanced connection string will confuse MS SQL, and will override the instance with the port number – so if your instance uses a different port #, that’s yet another problem).

There are a few threads running around on the net which allude to various aspects of this solution, but I was never able to find all of the points needed to correct the situation in one post.  Hence, I am attempting to include them all here.  I posted to this effect on the Atlassian community as well (where one of their “community leaders” had some particularly bad advice).

The final file should read something like this (substituting your own values where I have “YOUR_SOANDSO_HERE”, of course), as this is taken directly from the final working dbconfig.xml which got me up and running:

  <validation-query>select 1</validation-query>


Notice you have to have the instance name in both the servername, and in the new “instance” parameter. And you delete the port parameter if it is present. And before you ask, yes, I do rankle at the thought of storing my password in an unencrypted text file on disk. However, if someone has access to that disk, there are a host of far larger problems that will have already taken place. All of which are bigger than someone having my Jira SQL password.

And that should get you past the problem with dbconfig.xml. I hope this helps someone else who will of course run into this problem, at least until 2024, which is when Atlassian will be discontinuing sales of its software products and moving everyone onto the Atlassian cloud. (I have to wonder if they made that decision because they had so many damned problems with their installations.)

Anyhow, I anticipate more than a few customers will be in process of migrating away from Atlassian products when that happens. I know of several major firms who won’t stand to have their information stored on a non-approved cloud platform, and Atlassian’s will have some serious hoops to jump through to win approval. As well, there are lots of little firms who simply don’t want to get tied into a monthly bill if they can run something on-prem.

Now I don’t want to give the impression here that I hate Jira. Quite the contrary. I’ve been using it for over a decade (almost two), and the only reason I fought with this goddamned thing for so long was because I want it to work, I want to use the damned thing. And I wrote this up in the hope that others will be able to work with it, too. Am I ashamed of whichever coder made this grotesque error? And the QA staff that let it escape into the wild? You bet I am. And I hope the shame of this makes them fix it.

But if they don’t, well, that’ll be a sad day when I finally decide enough is enough and end up moving to GitLab or something.

Posted in Uncategorized | Tagged , , , , , , | Leave a comment