NordVPN

This past January, the plan was to utilize a virtual private network from PureVPN to help support the connectivity needs for our small book-distribution business. The need was two-fold: inside and outside connectivity. After repeated failures to keep the business, particularly our web pages, connected to the outside world, the decision was made to use it only for internal connectivity needs between several computers, including one server and an older MacBook Pro. That quite didn't work out either, so two weeks ago PureVPN was replaced with a different VPN service, NordVPN.

In early November 2022, a one-year subscription plan for basic service was purchased from PureVPN for US$80.83 that included a static IP address. Connectivity problems began soon after installation, and thus a static IP address was soon purchased from altafiber (formerly known as Cincinnati Bell) for US$30 each month to remedy the outside connectivity problems. This scheme has worked well. PureVPN would be used only for internal connectivity.

Internal connectivity with PureVPN did not work as planned, either. PureVPN would simply not stay connected. There was difficulty in simply making a connection; the company's Stateside servers were often busy. Other times, there was no apparent reason why the service could not connect. Connection was spotty on a MacBook Pro purchased new from Apple in December 2022; connection was poor on a 2017 MacBook Pro.

In early April, NordVPN was substituted for PureVPN. The price for a basic, one-year subscription was US$68.85. That price-point comes with the secure, high-speed VPN service; malware protection, and the tracker- and ad-blocker. We are not getting the cross-platform password manager, the data-breach scanner, the 1TB cloud storage, nor the "next-generation" file encryption. NordVPN could not provide the static IP address that we needed; however, internal connectivity issues vanished--even with the six-year-old MacBook. Not one disconnection occurred in the two weeks the computer has been used with NordVPN.

At its core, according to Wikipedia, a virtual private network is supposed to "establish a virtual point-to-point connection through the use of tunneling protocols [encryption] over existing networks." To do that, a VPN user connects to a remote server where the data-protection happens. Nothing will work without access to the remote server. NordVPN stays connected to its server, apparently based in Chicago. After replacing the 2017 MacBook Pro with a MacBook Air utilizing a Macintosh hard drive, an M2 chip, 16 GB memory on Ventura 13.2.1 operating system, the Internet is faster than ever.

A lot of YouTubers are paid to promote NordVPN on their channels. We were intrigued when a credentialed YouTube historian became a paid endorser, and often checked out the website. When our previous VPN failed, it was the first place we went to begin shopping for a new service. NordVPN is easy to use and is competitively priced. Except for our iPhones, now all of our devices from our server to our iPad utilize this VPN service.

[/blog] permanent link

Back to the Future: From Cincinnati Bell to GoDaddy to VPN to Cincinnati Bell again

During the summer of 1999, I worked for a large manufacturing publisher here in Cincinnati. When my older son was born, I was able to work from home and extend my maternity leave. I had a nice work area in my dining room and a fast computer, printer, desktop scanner, and a rock-solid modem. All that I lacked was a high-speed internet connection. When Zoomtown DSL service became available for my subdivision that fall, we quickly had it installed. It was high-speed copper line Internet. In other words, this was Plain Old Telephone Service (POTS) wrapped in modern DSL. Everything was plugged into a socket, and there was no “wi-fi” nor did we have websites. This new Internet service was going to transform my small book-distribution company into a going concern.

Fast-forward to 2016. My side hustle had grown into a thriving business with several websites. Cincinnati Bell came through the neighborhood and offered Fioptics, and our subdivision would have an ultra-high speed glass line run to each home. This was called Fiber-to-the-Home, or FTTH. We declined, however, as CB didn’t offer a static IP address, which was necessary for our business. Also, we found it hard to give up our landline, which was still functional in the event of a power outage. Fioptics was not.

In the meantime, we moved our dozen websites to GoDaddy after Apple discontinued its server platform. As an added benefit, when the Cincinnati Bell network went down, our websites were still up.

In 2019, Cincinnati Bell notified us that they were going to finally cut our copper wires. We were the last home in the subdivision to have glass installed. (By that time CB could accommodate a static IP address.) We quickly became accustomed to the lightning-fast speed of our FTTH connection for our home and the reliability of the GoDaddy platform with its static IP address and email. Cincinnati Bell also became known as AltaFiber.

In October 2022, GoDaddy began migrating its email to Microsoft 365, so we began exploring other providers as the cost would greatly increase. That platform was a virtual private network (VPN) hosted in the US Virgin Islands. On January 1, 2023, we moved our website hosting from GoDaddy to the VPN.

On the morning of Saturday, January 14, the VPN crashed and our websites plus our company email went dark. We spent hours online with their tech support to no avail but we still had working home Internet and email through AltaFiber. On Sunday afternoon we were still offline, but we connected with AltaFiber in an online chat. A technician would come on January 17 to configure our CB-supplied router with a static IP address so we could continue hosting our own websites. The VPN charged us $80 for a year of Static IP address service, but it had failed. We would use AltaFiber’s Static IP address “bolt-on” service for $30 each month.

The technician came as promised on Tuesday afternoon and worked for four-and-a-half hours to configure our router with the AltaFiber system. He spent a long time on the phone with HQ, as a co-worker at the office near our home had not previously configured our ip address as was the intended plan. We had also wanted the connection from the router to our new Mac Mini server to be wireless; however, a Category 6 ethernet cable was used to make the connection. Using a cable provided an advantage in that we could save the wi-fi to run our in-office webservers.

Though we are not using our VPN for its intended purpose, we are using it for our in-office network. We have a little pureVPN icon on our laptops to connect to the VPN system, so we can view our own websites away from the AltaFiber network on our own wi-fi connection.

We are still using MaraDNS to give our domain name to the outside world. Puck is still our backup. We use lighttpd as it is similar to the old Apache web server. Maddy is our email mail service that handles both SMTP and IMAP.

Those twenty-odd years ago I never would have dreamed that we’d have more than a dozen websites, including SmallBizMac. A high-baud modem running on POTS was the best of that era. Now we are using a static IP address running on fiber via an ethernet cable so we can keep our outside network on the outside and keep our inside network running wirelessly in the office.

Below is a photo showing a Category 6 ethernet cable running from the CB-supplied router to our Mac Mini server.

Our VPN was up for about two weeks and then it failed. We are now going with Cincinnati Bell/altafiber Static IP address.

[/blog] permanent link

Self-hosting an internet presence

For about 15 years, we hosted our own web and email presences on a Mac server in our office, using the Mac OS X Server platform (first a specific OS version, later an app) to handle the hosting and the configuration. Apple began deprecating Mac OS Server in 2018, and discontinued it altogether last year.

That's a shame. Mac OS X Server was a terrific platform and an ideal tool for small Mac-based businesses. With a little investment of time and learning, businesses could have a robust web presence and save on hosting fees. That was always our rationale.

When Apple announced the phase-out of the server platform in 2018, we reluctantly opted to move to a commercial hosting platform. Cheap-Domain Registration, a GoDaddy reseller, has been our domain registrar for 20 years. We decided to purchase a hosting and email package from them, and it worked reasonably well at a reasonable price.

Until now.

GoDaddy recently announced that they would be migrating their entire email platform to Microsoft 365, without any input from their customers. This was not an opt-in process--the email was simply moved with five business days' notice, and a three-month "trial" period to adjust was provided. After that, email, which had previously been included with their service, would become a separate subscription feature that would amount to a significant cost increase.

The cost increase--along with the heavy-handed way the migration was implemented--was too much. So we decided to go back to our roots and begin self-hosting again.

We wanted to share a bit about the toolset we've chosen for hosting. Because Apple no longer provides simple configuration tools for web and email hosting, we assembled our own packages, and created simple interfaces for their daily use.

Our criteria for choosing web, email, and DNS programs was simple: small, lightweight, easy-to-configure programs. And for service providers, we opted for simple and cost-effective.

For the Internet backbone and static IP, we decided to host behind a Virtual Private Network with a dedicated IP address. PureVPN fits the bill nicely, with an inexpensive annual fee, support for static IP's and port forwarding--one of the only services we found that offers this. Fortunately, the Mac Mini that we purchased to use as our server machine supports automatic VPN connection, so that integrates well. We run a periodic script on the Mac Mini to ensure the VPN connection is always on.

For DNS, we found MaraDNS, a simple, robust DNS server. It builds from source code with a single command, and its core configuration is contained in a single file, plus individual entries for each domain we host. We have set MaraDNS up as the authoritative DNS server for our domains, for greater control, and use Puck as a backup external DNS server. This setup has worked very well and we have had very little DNS downtime.

For web, we are using lighttpd, a fast and light web server. lighttpd is similar to the venerable Apache web server that comes bundled with macOS, but is somewhat smaller in its options and is simpler to configure. Our needs are modest--mostly static HTML pages with some CGI--and so lighttpd is more than sufficient.

For email, we have found a very pleasant discovery--Maddy. Maddy is an all-in-one mail server, meaning it handles both sending email (SMTP) and receiving and storing messages (IMAP). We had run into considerable difficulty trying to build other commonly-used mail servers such as opensmtpd for outgoing and tpop3d for incoming and storage--various errors prevented building or smooth operation, and there did not seem to be any pending fixes. Maddy, however, built from the get-go and worked almost out of the box with very simple configuration. The one complexity was linking Maddy to an external mail server to avoid the modern difficulties that come with self-hosting a mail server. We use sendinblue for our exteral relaying; this service has a generous 300-email-per-day threshold for its free/basic package. After a fair amount of trial and error and even open tickets with sendinblue, our configuration was successful and email now works fine.

macOS does include under-the-hood support for email, web, and DNS--that has not changed. But these are much more difficult to configure without the nice GUI that Mac OS Server provided. Additionally, we were concerned that OS updates would require extensive re-configuration of each of these tools in our OS. The server app largely handled that for us, but we have less confidence that this would go smoothly with manual configuration. The setup we have assembled can function independently of the OS version. The migration project took about six weeks of part-time work, and we are not eager to re-do all this work simply because Apple ships a new Mac OS version.

Shortly, we will be terminating our hosting and email services with GoDaddy, leaving them just as our domain registrar. This forced migration to Microsoft's email platform is costing them most of our business.

[/blog] permanent link

What every woman wants from Santa Claus
Or, why I got an Apple Watch for Christmas

I love my iPhone; I really do, and it goes everywhere with me, most of the time. To the coffee shop, on a nature walk, and to lunch or dinner dates. I’ve had an iPhone since 2011 as it was a family Christmas present in that the four of us each got one.

I love the fact that my iPhone has added more functionality over the years. I can run my business on my phone when I’m on vacation. During summers at Cedar Point, I could check delivery times for customers while we were waiting in line for the Gatekeeper roller coaster.

That was until the iPhone got bigger and I could no longer slip it into one of the teeny, tiny pockets in my capri pants. Or I when I discovered that my new “must-have for summer” linen shorts had no pockets at all. iPhones and thrill-rides do not mix; an unsecured i-device could end up flying into the no-go zone under a high-velocity ride. That exact thing happened at Cedar Point in 2015 when an Ohio teacher lost his iPhone on the Raptor. His attempt to retrieve it ended in tragedy.

After a time, I no longer had my iPhone with me on thrill rides. My kids would put my iPhone in one of their button-up cargo pockets and there it would stay for the rest of the day. I would go get a soda and would not have my iPhone, which was with one of my sons elsewhere in the park. There was not a pocket in anything that I packed that could accommodate my iPhone 11 and its protective case. Then this past summer my younger son got an Apple Watch and he sync’d it to his iPhone. “Look, Mom,” he said. “I can text you even if my iPhone is in the car.” I immediately thought of the last time we were at Cedar Point, when I was finally able to retrieve my iPhone after dinner.

I was really impressed with my son’s watch. He had text and phone and photos. He had maps. He was also keeping tabs on a summer project with friends. And yes, he had a watch.

Last week I went out to get coffee with a friend and forgot to put my iPhone in my purse before I left the house. I had no pants pockets, as women’s clothing is sorely lacking in that department, so I made a note to myself to put it in my handbag. I got busy doing something else so it was left behind. It was okay, though, as I had my Apple Watch on. I make it a point to put my Apple Watch on my wrist first thing every morning. I have an Apple Watch SE (2nd generation) (GPS + Cellular). It was $299 on Amazon and Apple Care was $49.99 for two years of coverage. The monthly fee for Cellular is $10 added to my iPhone bill. I can’t surf the ‘net on my wrist but I can quickly email a customer when I’m notified that her order has shipped.

The Apple Watch is the best early Christmas present I have ever gotten. I can text and call and send emails regardless of where my iPhone is. My watch even tells me when I’ve left it behind.

We are all going back to Cedar Point next summer so we can ride Gatekeeper and Iron Dragon again. Most of my summer clothing still doesn’t have pockets but I have a few things with mini-pockets where I can safely stow my Apple Watch. I can leave my iPhone in a CP locker all day and still be connected. And, I’m getting an iPad for even more functionality during the road trip to get there.

What every woman really wants for Christmas are not just lots of new i-gadgets, but plenty of functional and fashionable pockets. An Apple Watch with cellular will do nicely, though. Reasonable pockets in women’s clothing will not come anytime soon, but Santa has made connected, useful watches available until they do. Santa really delivered this year.

[/blog] permanent link