Katherine Villyard's Blog, page 15

“If you really want to hurt your parents, and you don’t have the nerve to be gay, the least you can do is go into the arts.”
–Kurt Vonnegut Jr. (A Man Without a Country)

[Note: I found this in my drafts folder and decided to publish it.]

One of the things I do for fun when I’m not slaving over a hot computer is… slaving over a hot computer, writing. Yeah, I know. Sadly, if I share here then I can’t publish it elsewhere, and we can’t have that, can we? (Not if we’re a really driven kith, we can’t!)

Sadly for you, poetry doesn’t pay, so you can have all the stuff that no one would pay me for anyway! Woohoo!

Note: I like haiku.

Gaia’s First Dance

Spinning and spinning
Mama’s elliptical path
Luna joins the dance

Food Party

Randy organizes,
and everyone brings munchies.
Nom nom nom nom nom!

Software Frustration

Token rights evade me.
This software is full of fail.
I want an upgrade.

Microwaved Bacon and Fish

When I rule the world,
there will be no stinky meat
in the cube next door.

I also have some performance/found object art…

Originally published in Fantastic Stories of the Imagination, January 2015.  (The site appears to be defunct.)

Tucking his computer science textbook and his Book of Shadows into his backpack, Dion dropped the bag onto the floor at the foot of his bed, and launched World of Warcraft. He selected his realm: Earthen Ring. He was number eighty in the queue. Expected wait time: twenty minutes. Stupid server. He glanced over at the wilted plant on the window sill and waved his wand. It perked up.

His mother wandered into the room, wearing a gold lamé evening dress and hose without shoes. He hid his wand behind his back, but made no attempt to hide the glass of wine on the desk, next to the computer. As long as he didn’t get shit-faced, she had no problem with it.

“Honey, have you seen my rhinestone earrings?” She walked over to his dresser, opened the jewelry box, and looked inside, but Dion knew it didn’t have any rhinestones in it. Just some pentagrams and crystals. “Be careful, baby,” his mother said, picking up the pentagram. “You don’t want to attract the wrong kind of attention.”

Blah blah people will think you’re crazy blah. Like there were no Wiccans in college. “You left them on the bathroom sink, so I put them in the medicine chest,” he said. “I didn’t want them to fall down the drain and get lost.”

She dropped the pentagram back into the jewelry box. “Where would I be without my little man?” She walked over and kissed him on the cheek. Then she left, fancy dress rustling as she headed out the door.

Dion groaned. He was nineteen-years-old and six-foot-one; he was hardly his mother’s little man. “You’re welcome!” He could hear her chuckling in the other room. He glanced down at his computer console again. His position in the queue was now seventy-seven. “I’m not going to have to come rescue you again, am I?”

“Oh, hell no,” his mother said, appearing in the doorway. Her makeup was impeccable, her dress was elegant, her rhinestones sparkled, and she was pinning a corsage to her chest. “I used to date him back when you were a baby. Mr. Kataibates is pure class. You should see what he drives! He has a gorgeous silver…”

“I don’t care what he drives. I care that he treats my Mama right.”

“I’ll be fine, baby. Like my mama always said, it’s as easy to fall in love with a rich man as it is a poor man.” She winked at him. “Don’t wait up, now.”

Dion groaned again and threw a Darth Maul beanie baby at her. He heard the front door close, and pulled out his wand. He murmured a spell and his position in the queue went from seventy-four to two. He wasn’t the best wizard in the world, but computers were easy. He was also pretty good with plants and shapeshifting, which was why he played a druid. They were good at plants and shapeshifting, too.

He wondered again what his father was like — he’d clearly gotten his magical abilities from him, not his mother. But Mom wasn’t talking.

~~~

He was awakened by Sir Mix-A-Lot announcing that he liked big butts and he could not lie. For a moment he thought it was just a crazy dream about rappers in his bedroom, but then he realized it was his cell phone. Rolling over, he groped for his phone in the dark, knocking it off the nightstand and onto the floor. He scrambled and answered, “Hello?” and was surprised by how scratchy and incoherent his voice sounded, even to him.

“Baby, I’m so sorry to call you so late.” His mother. “I’m so sorry, but I need you to come pick me up right away.”

Dion sat up. “Mom?” There was a sliver of light from the streetlight coming in between the bedroom curtains forming a line of visibility over to his computer. He threw a book at the desk to jiggle the mouse, and the screen lit up.

“I’m in the ladies room in the lobby of the Four Seasons hotel, and I’m afraid to come out. I’ll explain when you get here. Oh, shit, I think he’s coming.”

She hung up.

With a sigh, Dion scrambled out of bed by the light of the computer screen. Part of him thought that he should just leave his mother there — she kept getting into these messes, and it wasn’t fair of her to expect her son to get her out all the time. He turned on the bedroom light and hissed at the brightness hitting his eyes, then grabbed his jeans and the first t-shirt he could find — the one that read “you are dumb” in binary — and pulled them on. He put on his socks and sneakers, then crossed the room for his jewelry box and his pentagram.

Then he went into his mother’s room and opened her Bible, which was where she kept her “mad money,” and grabbed three hundred dollars in case he needed to bail her out or something. He grabbed his wand, wallet, and cell phone off his nightstand and stuffed them into his back pockets. There was a mirror over his dresser, and he scowled at his reflection. He looked like a gangly teenager whose mother woke him up for a ride at…

The clock said 4 in the morning.

He swore and stormed out to his car, a cherry red 1984 Chevy Caprice. It was older than he was, but it had some serious juice. He hoped he wouldn’t have to kick some old man ass. His mother tended to like rich pricks with expensive lawyers. He wondered if his father was a rich prick with an expensive lawyer. A rich wizard prick with an expensive lawyer. He snarled.

When he arrived at the Four Seasons hotel, there was a chill in the air but he had his irritation to keep him warm. Especially when the doorman — a thin, pimply white guy in an ill-fitting suit — watched him like a hawk, and the women leaving clutched their purses closer as he walked by. Please. He knew for a fact that black people had been to the Four Seasons before. He resisted the urge to roll his eyes and figured his shirt said it all. The lobby was all marble and fancy wood and rugs and people in expensive clothes with a lot of jewelry. He walked over to the door marked Ladies and was about to knock when a gorgeous, regal Greek woman came out. She was maybe forty, and had dark curly hair piled up on her head and big, gorgeous, intense brown eyes. She wore understated makeup, a little royal blue dress, and pearls. She had a hair comb with peacock feathers on it. She was totally hot, and probably had no use for a skinny teenaged gamer geek. She turned back towards the door and said, “I believe your son is here.” Maybe she was a friend of his Mom’s.

Dion’s mother peeked around the woman, then rushed out and grabbed him by the arm. “Let’s go.”

“See you later, Semele,” said the woman in blue.

“Not if I see you first,” Dion’s mom muttered. On second thought, maybe she wasn’t a friend of his Mom’s.

As they were headed out the door, Dion asked his mother, “Who was that?”

“Mrs. Kataibates,” his mother whispered.

“Mama!” He stopped and stared at her. He looked back at the woman in blue, who crossed her arms and smirked at him in a way that made him grab his mother’s arm and hurry her towards the door.

“I didn’t know he was married,” his mother said.

Bullshit. How long had she known this guy? He was nineteen years old, and she used to date Kataibates when he was a baby. Either Kataibates was a really good liar, or his Mom… He didn’t like either train of thought, but he liked the latter less.

There was a Greek man dressed entirely in black — black turtleneck, black jeans, black leather jacket — waiting next to Dion’s car. There was something about him, a supernatural quality, something more frightening than just Greek mafia. “I’m afraid you’ll have to come with me, Mel.”

Dion’s mother cowered behind him. Dion pulled out his wand and pointed it at the man. “Leave her alone!” A silvery glow came out of the wand and headed towards the man, but he seemed to have a protective shield around him. Well. That, and hexes weren’t really his forte.

The man laughed. “Little boy, do you have any idea who I am?”

Dion shook his head.

“The name is Thanatos,” the man said. He pulled something out of his pocket and everything went dark.

~~~

Dion woke up cold with a damp back and the doorman leaning over him. “Welcome back, kid.” The ground smelled like motor oil.

Dion sat up. “Mama?”

“Gone,” the doorman said. He handed Dion one of his mother’s earrings and the corsage. Up close, Dion could tell the doorman’s suit wasn’t particularly well made. Well, he supposed it was a uniform of sorts.

“Did you call the police?” Dion asked.

The doorman laughed, but there was no humor in it. “No, I value my life. That guy’s Greek mafia, and those guys are untouchable. Olympians. Sorry, kid.”

Dion scrambled to his feet. “Which way did they go?”

“Forget it. Your mother’s in a shallow grave right about now. Go home.” He looked at Dion’s car and said, “I’ll call you a cab.”

Dion looked over at his car and started to swear. That dick Thanatos had slashed his tires.

He grabbed the doorman’s arm. “Which way did they go?”

The doorman shook his head, pulled his arm free, and walked away. Dion flipped him the bird behind his back. His mother might be a… a… the other woman, but she loved him, and he loved her.

He tucked the earring into his pocket and hung the corsage like a pendulum. “Which way did they go?”

The corsage pulled to the right.

The doorman whistled. He turned, and the doorman was waving him over to a cab. He ran and climbed into the back seat. The cab looked clean, but it smelled like coffee and salami.

“Where to?” the cab driver asked. He was an old man in a fisherman’s sweater with flashing pale-blue eyes.

“That way,” Dion said, pointing in the direction the corsage pointed.

The old man gave him and the corsage pendulum an appraising look. “It’s extra if I cross the river.”

Dion realized that no one was reacting to him practicing magic. He didn’t know if that was good or bad. Maybe the cab driver was “the wrong kind of attention.” Thanatos sure as hell was. Either way, it was too late to worry about it now.

~~~

They followed the corsage pendulum across the river, and through scary, half-deserted streets with boarded up windows and shambling bums who threw empty bottles at the cab as it passed. They finally found themselves in an abandoned warehouse. Dion got out of the cab.

“Wait for me.”

“It’ll cost extra,” the man said. “In advance.”

Dion nodded and handed the man a hundred dollar bill, making sure he saw that he had more where that came from. He opened the warehouse door. It was dark and dirty and smelled musty. There were concrete stairs leading down, and voices. At the bottom of the stairs, a dog growled. Dion wished he’d remembered the beef jerky he had in his backpack for when he didn’t have time for lunch, because he wasn’t any good with dogs. But the corsage insisted his mother was down there, so he pulled out his wand and decided to play Warcraft druid. “Root!” he said, and vines rose up and tied up the dog, who was understandably confused by the whole thing. Since that worked, he decided to try to become a leopard. His beard stubble became kitty whiskers, and he dropped to all fours. He would have thought it would hurt, but instead he felt more athletic. And really hairy. Light became brighter, colors dimmer, edges less distinct. The dog whimpered. Dion thought he smelled something nasty — the dog, gross! No wonder cats hated dogs.

So freaking cool! He couldn’t believe it worked! He changed back and did an insulting little touchdown dance. The dog lunged at him, vines gone, teeth towards his face, snarling and pulling at the end of its chain. Dion leapt back, and almost fell, but caught himself just in time.

He crossed over a footbridge — well, more of a concrete plank over a gutter — and up another flight of concrete stairs. His mother was there, lying on the floor, her pretty dress covered with blood and dirt and her face bruised and swollen. He thought she was dead at first, but then she let out a tiny little sob, and he knew she’d seen him. She didn’t move, though, not even when Thanatos kicked her.

Dion swallowed the hints of bile that welled up in his mouth — a prelude to vomiting, which would reduce his intimidation factor, such as it was — clenched his fists and sized up the other people in the room.

Aside from Thanatos, there was a man and a young, tall, willowy, sad-eyed brunette. The man had long, silky black hair, almost prettier than the woman’s, and was wearing a silk suit and a diamond ring. He was younger than Mrs. Kataibates, but…

“Are you Kataibates?” Dion asked the man.

The man in the silk suit laughed a mirthless bark of a laugh. “Ordinarily I’d be flattered, but since I’ve just learned that my brother-in-law has once again failed to keep it in his pants…” He shook his head. “You should go now. I have many guests, and most of them are not permitted to leave.”

“What the hell?” Thanatos said, starting towards Dion.

“Wait!” the tall brunette said, grabbing Thanatos’ arm. “You can’t kill him.”

“Why not?”

“Because,” the brunette said, “he’s Kataibates’ kid.”

Oh, shit. His father was a rich wizard prick. A rich Greek mafia wizard prick, who probably had an army of expensive lawyers. And an angry wife. Dion resisted the urge to swear. He looked over at his mother, but she didn’t move or look at him.

Thanatos looked over at the man in the silk suit. “Is this true, Polydektes?”

The man in the silk suit raised an eyebrow at Thanatos. The coldness of his stare made Dion shiver, and it wasn’t even directed at him.

Thanatos blinked. “Mister Polydektes. Sir.”

Mr. Polydektes appeared unmollified.

“And don’t think for a moment that Kataibates doesn’t know it,” the brunette continued. “He’s been paying child support for years — under the table, of course, so his wife wouldn’t find out.”

Dion thought of the hundred dollar bills in his pocket and winced. No one seemed to notice.

“Well, she found out,” Polydektes said. “And I’m not going to just let the bitch go. I owe it to my sister to look out for her interests, and if this chick has no respect for the marital vows, well, that’s her funeral.”

“Your sister can take care of herself, honey,” the brunette said.

“It’s a matter of loyalty.”

The woman rolled her eyes, and Polydektes pulled her closer and gave her a peck on the cheek. It was her turn to look unmollified.

“They made my sister cry,” Polydektes said, his voice surprisingly soft.

Dion considered that Mrs. Kataibates hadn’t been crying when he saw her, but said nothing.

“Maybe,” Thanatos said, “if it was supposed to be all hush-hush, he shouldn’t have taken her to the Four Seasons.”

“I’m not leaving without my mother,” Dion said. “So you’re going to have to either kill me or hand her over.”

Polydektes rolled his eyes. “Oh, go away, kid. You’re bothering the grown-ups.”

“I’ll tell you what,” Dion said. “If I can kick his ass” — he pointed at Thanatos — “I get to walk out of here with my mom. Deal?”

Polydektes laughed, but it wasn’t a cheerful sound. “It’s up to you, Persephone.”

The brunette chewed her lip a little. Dion handed her the corsage with a deep bow.

“Deal,” she said. She pulled a black ribbon out of her hair and used it to tie the corsage to her wrist. “Why don’t you bring me flowers any more?”

Polydektes leaned over and whispered something in Persephone’s ear that made her smile.

Dion gave Thanatos a long, appraising look. Thanatos smirked back at him. He clearly didn’t have the magical chops to fight this guy with spells, but Thanatos hurt his mother.

He threw himself onto Thanatos in a flying tackle, punching wildly and shrieking in rage. Thanatos was clearly not expecting that, and was pulling his punches. Apparently he didn’t want to hurt Kataibates’ son.

Dion didn’t pull his punches. He kept hitting until his hands were covered with blood, and finally Thanatos turned on him, his eyes icy. Dion felt his limbs grow cold and numb.

“Root!” Dion said, and vines sprouted up out of the earth and twined around Thanatos. Vines, with thick, lush bunches of grapes covering Thanatos’ shoulders and eyes. Thanatos blinked and looked around, and Dion felt his limbs tingle with the blood rushing back to them. He turned into a leopard, and lunged for Thanatos’ throat. Blood mingled with the sweet taste of grapes in his mouth, rich and intoxicating. He shook Thanatos out like a dishrag, then tossed him aside and pounced again. He tore at Thanatos’ limbs and chest, vaguely aware of screams.

“Stop,” Polydektes said.

Dion ignored him, planting a paw on Thanatos’ chest and gnawing a limb off. And then Persephone was there, placing a hand on his chest. He was going to growl at her, but he was distracted by her sad eyes. They were deep and dark, like the earth.

She reached up a hand and stroked his head, and he leaned into her touch. “It’s all right. Everything will be all right.”

“Damn,” Polydektes said, and shook his head. “You really are my brother-in-law’s kid. You got his temper, that’s for sure.”

Dion ran over to his mother, turning back into a human. He picked her up, and she weakly wrapped her arms around his neck, like a child. “We’ll be going now.”

Thanatos whimpered, and Polydektes leaned over and casually pressed Thanatos’ arm back into its socket, like he was made of clay. Then he looked up at Dion, his eyes unreadable. “That would be wise, yes.”

Dion took a step backwards, then turned and carried his mother as fast as he could. He didn’t look to see if anyone was following him.

When they got to the dog, Dion said, “I just kicked Thanatos’ ass. You don’t want to fuck with me, dog. In the name of Hecate, down.” The dog dropped onto his stomach, growling, but he let them by. They got into the taxi, his mother on his lap, and handed the driver another hundred. It was covered with blood, and he didn’t know whether it was Thanatos’ blood or his mother’s. The driver raised an eyebrow and started the car.

Dion asked his mother, “He’s my dad?”

His mother’s voice was a whisper. “He told me he was divorced. I believed him.”

Dion wasn’t sure he believed her, but it didn’t matter. She was his mother. He had her back.

~~~

Dion looked up from his computer science textbook — stateless firewalls — as his mother swept into the room. She was wearing a white lace blouse and a flowered skirt. She pirouetted. “What do you think?”

His heart sank. “You have a date?”

“Yes, with the nice man who owns the bookstore on the corner,” she said. “I don’t expect to be out too late.”

“Okay,” he said, because there wasn’t anything else to say. She left. He tried to finish his reading, but he was distracted. Who knew what kind of asshole the bookstore guy was? Who knew what other rich assholes his mother might get involved with?

It occurred to him that he apparently had an in with a very rich, very powerful, very dangerous asshole. One who could be an insurance policy against anyone else doing his mother wrong.

So he Googled up Kataibates. There was a phone number for Kataibates Enterprises, which he dialed.

“Kataibates Enterprises,” a perky receptionist said. He could almost hear her smacking gum in the background, and wondered if she was his age.

“Yes, I’d like to speak to Mr. Kataibates.”

“May I ask who’s calling?” she asked.

“His son.”

Her voice took on a suspicious tone. “Which one?”

“The illegitimate one.”

“Which one?” the receptionist asked, her tone dry.

“Dion,” he said.

“I’ll… tell him you’re on the line.” She’d heard of him? Really?

There was a pause, and then an older man picked up. “This is Kataibates.” He hesitated, and when he spoke again, his voice sounded uncertain, almost vulnerable. “Dion?”

“You and I need to talk,” Dion said, “about protection for my mother.”

Password managers. You want one. Let’s do this in Q&A format, shall we?

Q: WTF is a password manager and why do I want one?
A: Have you ever forgotten a password? Do you use the same password on every site? Is your password “Ihave2manypasswordsOMGWTF!” or something like that? If so, you want a password manager. A password manager is a secure place to store all your passwords.

Let’s break that down, shall we? (A: Yes!)

Q: How does this help me if I’ve forgotten a password?
A: If you’ve ever forgotten a password, you know how OMGANNOYING that is. It happens. A lot. And most sites have “password recovery” options, but if you’ve forgotten the password to your recovery email, that doesn’t help. If you have a password manager, it remembers your passwords for you and you can just fish it out and paste it in, or, in some cases, get it to autofill. (Of course, you need to put the password in the password manager before it can remember it for you.)

Q: Yes, I use the same password on every site. What’s wrong with that?
A: If hackers manage to compromise your password on one site, they go to other sites and enter your username and password on those sites, too, trying to hack them as well. (Go here and enter your email address. They’ll tell you if your email address is associated with any hacks. Then change the password in the pwned place and every other place you use the same password. UGH!)

Q: Okay, okay. I see what you’re talking about. Is this hard or annoying?
A: Not really. How you get started depends on what password manager you’re using.

Q: Uh. I have a choice? How do I pick?
A: It depends on several factors, including what operating system you use on your computer (Windows, Mac, linux, iPad) and how you use your computer.

Q: How I use my computer? What?
A: Yep. If you mostly use a web browser, you might want a password manager with browser plugins. If you use the computer lab at college a lot, you might want something portable. If you’re like me and hiding stuff in your password manager, you probably want something that does attachments. If you want it to sync to your phone, or across devices, that’s something to consider. If you’re super-paranoid like me, that might be a factor in what you choose. But seriously, most well-known, reputable password managers are good (you probably don’t want to download Bill and Ted’s EXCELLENT Password Manager). LastPass, KeePass, 1Password, and Dashlane are probably the best known. I’ve also used SplashID because a former employer bought me a copy. They’re all fine.

Q: Whatever. Pick something for me?
A: Okay, the two I’m most familiar with are KeePass and LastPass. If you use other people’s computers a lot, or the college computer lab, or don’t have admin rights on your computer and/or aren’t allowed to install things on it, or are just a paranoid weirdo like me and/or enjoy tinkering, you want KeePass. Otherwise, you probably want LastPass. LastPass is a browser plugin that automatically syncs across your devices, including your phone. (You can sync KeePass manually using Dropbox, a thumb drive, or a cable to your phone, or even install third party browser plugins and the like, but it requires more human intervention. LastPass is dead simple.)

Q: How do I get started with LastPass?
A: Download and install the browser plugins. Come up with an amazing password. I recommend going here for something easy to remember, and then writing it down on a piece of paper (I know) and hiding it somewhere secure after you’ve memorized it. Then go to a bunch of sites and log in. If you’re using the same password everywhere, take this opportunity to change those passwords to a bunch of random character strings that LastPass will generate and remember for you. Install the browser plugins/software on all your devices. LastPass will sync all your passwords and back them up for you. Don’t forget your LastPass password! LastPass doesn’t know it. (That’s why I said write it down on a piece of paper and hide it somewhere secure.) There’s a recovery procedure, but you need access to a computer that was running LastPass before.

There are other security features, like two-factor authentication and lockout by country, which I highly recommend enabling. (By the way, for two-factor authentication I like Authy, which is available for Android and iPhone and more and backs up your secrets for you–give Authy a good password that your password manager generated for you.) But if you were using the same password for every site, you’re already a million times more secure than you were. Security is a continuum, not either/or.

Q: How do I get started with KeePass?
A: Download and install the software–the main site is Windows but there are ports for Mac and Linux, as well as Android and iPhone/iPad. (If you use school computers a lot, or other computers you don’t own, or if you’re not allowed to install software, or if you share your computer, use the portable version and a thumb drive. Otherwise, the full install is fine. They’re pretty much identical. If you have a Mac at home and use Windows at school/work, the various ports can read each other’s databases so that’s fine.) Come up with an amazing password. I recommend going here for something easy to remember, and then writing it down on a piece of paper (I know) and hiding it somewhere secure after you’ve memorized it. Launch the software and create a new database using that amazing password you just came up with. Then start entering passwords (boring, I know!), taking this opportunity to change them to random KeePass generated strings if you’re using the same password everywhere. My KeePass is super-organized in subgroups (because I imported entries from four different password databases, yikes, and also because I’m just like that) but you can just throw them all in there willy-nilly if you prefer. It’s up to you.

DO NOT FORGET YOUR KEEPASS PASSWORD. There is no higher power that can recover it for you. (Like I said, write it down, memorize it, hide the written down password somewhere secure.)

Now you need to worry about backing it up. (Because you don’t remember any of those random strings, yes.)

If you’re already backing up your computer, make sure your password database is in a location that’s being backed up and you’re done. If you’re not, consider backing up your computer. In the mean time, you might want to set up a thumb drive with the portable version, copy the database over, and use the synchronize feature to keep them the same. (Tip: You probably want one database, not a work database and a home database, because then you need to remember what’s stored where, and if you end up working from home or taking a break at work you might end up with the wrong database. KeePass has a “synchronize” feature that helps.)

There’s more here–this is an excellent guide. I personally don’t use Dropbox or other cloud providers to sync files because I’m a paranoid freakazoid. But if you’re not storing, you know, corporate stuff, it’s probably not as big a deal. Security and convenience are enemies, and you need to find a balance that works for you so you’ll stick with it.

Q: What if I try one of the password managers and don’t like it?
A: Try a different one! (Import from LastPass to KeePass/Import from KeePass to LastPass, although if you have a very small number of passwords it might be easier to just install the plugins and log in.) Think about what, specifically, you don’t like and go from there. (If it’s ALL TOO HARD OMG try LastPass.)

Q: Security and convenience are enemies?
A: Yes. Enemies. They really hate each other. They’re not, like frenemies that have the occasional hatesex or anything, they want each other to die. (You probably don’t want one of them to die, alas.)

This is for your home network, yes.  I tried several how-tos, and basically had to figure it out for myself.  Here’s how I did it.

Preface:  I have two LANs;  one for computers, tablets, and phones, and the other for IOT devices, including my Roku (which cannot use a VPN).  I’m using Opnsense 18.7, so menu item labels or locations might change in the future.

Step 1:  Get all your certificates and such from your VPN provider.  They might give you a single file with labeled sections or a series of files.  You need:

somename.ovpn  (If you open this file with Notepad or Wordpad, it contains all the below except for the username and password, but it might also contain other directives for your provider.)CA.crt (Certificate Authority–it might be a section of your .ovpn file.)TA.key (OpenVPN Static key–Some VPN providers will give you a username and password instead of a static key. It might be a section of your .ovpn file.)User.crt (User Certificate–it might be a section of your .ovpn file.)User.key (RSA Private Key–it might be a section of your .ovpn file.)

Step 2:  Log into Opnsense and navigate to System -> Trust -> Authorities.  Click Add.

Put anything (within reason) in “descriptive name.”  I suggest the name of your VPN provider.Leave Method “Import an existing Certificate Authority”Paste the contents of your CA.crt (Certificate Authority) file.  If you just have one big file, copy and paste the CA certificate including the “begin” and “end” bits.Click Save.

This Certificate Authority should now show up in Opnsense on the Authorities page.  Opnsense should fill in information about your VPN provider here that it got from the certificate.

Step 3:  Navigate to System -> Trust -> Certificates.  Click Add.

Leave Method “Import an existing Certificate”Put anything (within reason) in “descriptive name.”  I suggest the name of your VPN provider.Paste the contents of User.crt into Certificate Data.  If you just have one big file, copy and paste the user certificate including the “begin” and “end” bits.I think I pasted the contents of User.key into the private key area, but the How-To I followed left this blank, so apparently both work.Click Save.

If you view Certificates, Opnsense will now have more information about your certificate (including email address of issuer, etc.).

Step 4:  Navigate to VPN -> OpenVPN -> Clients.  Click Add.

This is where the How-To guides started to fall apart for me.  You might need to trial and error a little here.  You’ll also need to open that .ovpn file with Notepad or Wordpad (if you haven’t already).

Put anything (within reason) in “description.”  I suggest the name of your VPN provider.Server Mode: Peer to Peer (SSL/TLS)Protocol: (check your ovpn file)Device Mode: (check your ovpn file)Interface: (Your WAN interface–it’s probably literally called “WAN”)Local port: (mine is blank, but check your ovpn file)Server Host or Address: (check your ovpn file)Server Port: (check your ovpn file)Server host name resolution: Ticked

Cryptographic Settings:

TLS Authentication: Ticked unless you’re using username and password instead.  (If you’re using username and password, put them in the blanks.  If you’re using TLS, paste the data in your ta.key file here, AKA OpenVPN Static key.  If this option doesn’t appear, enter everything else, click save, and look again.)Peer Certificate Authority: Select whatever you called it in step 2.Client Certificate: Select whatever you called it in step 3.Encryption: (check your ovpn file)Auth Digest Algorithm: (check your ovpn file)Disable IPV6: Ticked

Click Save.

The various How-Tos debate whether you need to paste the advanced settings from the ovpn file into the advanced settings on the Add Client page.  My tunnel didn’t work until I cleared all that data out.  Sigh.  In other words, try it without the advanced settings and see if it works first.

Step 5:  Check to see if your tunnel is working by navigating to VPN -> OpenVPN -> Connection Status.

You should see Status Up with a Virtual IP and all that good stuff.  If you don’t, navigate to VPN -> OpenVPN -> Log File and see if it says anything useful there.  You’ll probably then have to go back to Step 4 and tweak the settings to look more like your .ovpn file.  You might also need to contact your VPN provider if you’re really lost.

You cannot proceed further until you have a working tunnel.

Step 6:  This is where the other guides really went off the rails for me.  (Sorry, guys!)  This is what I did.  It may or may not be the best way to do it, but it worked.  Navigate to Firewall -> NAT -> Outbound.

Click “Hybrid outbound NAT rule generation (automatically generated rules are applied after manual rules) ,” then click Save.

Click Add.

Interface:  OpenVPNTranslation target:  “Interface Address”Leave everything else any or default.

At this point, all of your traffic is going through your VPN.  YAY! except that Netflix, Hulu, etc. are now giving you an obnoxious “You appear to be using a proxy/unblocker, turn it off or no media for you!” message.  This is where my having the Roku on its own LAN makes things easy.  If you don’t have your network segregated like that, you can assign a static IP to your Roku or other streaming device and do the following steps with that static IP.

Step 7 (optional, unblocking Netflix on your Streaming Devices):  Navigate to Firewall -> Rules.

If your streaming devices have their own network card in Opnsense (mine do):

Navigate to Firewall -> Rules -> Opt1 (or whatever that network card is called).Click AddLeave everything default except changing the Gateway to WAN_DHCP (or whatever it’s called).Click Save.

If your streaming devices have static IPs on your regular LAN:

Navigate to Firewall -> Rules -> LAN.Click AddLeave everything default except changing the source to your device’s static IP and the Gateway to WAN_DHCP (or whatever it’s called).  (If you have more than one, create an Alias first in Firewall -> Aliases -> View, click Add.  Type host, add however many lines for however many streaming devices you have, click save, and use that Alias as the source.)Click Save.

If you want to get super-fancy and still access Netflix from any computer while sending all other traffic through the VPN, you probably need to create an alias with this information and route all traffic to that destination through WAN_DHCP.  That’s, like, more than I really wanted to get into for this article, though.  You can also turn off the VPN, or create a rule that sends your laptop straight through WAN_DHCP and turn it off or on, but those both suck (IMHO).

Happy tunneling!

Okay, with all the securing all the things posts, it occurs to me that I haven’t actually explained this. (I did, however, explain this in depth for an interview at Large Internet Company, so it’s probably higher-level than I thought.) One of my first jobs included writing CGIs (web-based programs) that logged into and/or proxied other sites for our authenticated users. (That’s legit; it was a college that had paid for an online database service and wanted to provide access to their students. There are now products (google EZProxy, for example) that do this, but this was back in the wild wild west frontier. But I digress.)

Okay. You fire up your computer from a dead sleep. You launch a web browser and point it at http://www.google.com. What happens then?

The first thing that happens is your computer asks your DNS (Domain Name Server) for the IP address of www.google.com. Because these names are easy for humans to remember but computers still use the IP address. (You know what an IP address is, right? It’s a number that looks like 123.122.12.123–four numbers between 1 and 255 inclusive separated by dots. These numbers allow your computer to actually find the remote server on the internet. I’ll just leave that there for you to take as written unless someone really cares, LOL.) Unless you’re using something like Open DNS or Google’s DNS–basically, unless you change what your ISP gave you when they gave you your IP address–that DNS server is probably run by your ISP.

Your DNS server doesn’t actually store any IP addresses permanently (unless they’re Authoritative for a particular domain, like your ISP, and they might/probably actually separate those out between authoritative DNS servers and client query DNS servers). If someone else has requested www.google.com recently, however, it stores the answer for however long Google’s DNS servers told it it could cache the answer (this is called TTL, or Time To Live). If no one has requested www.google.com recently, or if the old answer has expired, it goes out to the servers that are authoritative for the .com domains and says, “Who’s authoritative for google.com?” Those domain servers give your local DNS server that IP, and your local DNS server goes out to that IP and says, “What’s the IP for www.google.com?” Google’s DNS servers give them an IP address and how long they can store that answer. When your local DNS server has an answer it likes, it gives that answer back to you.

Your web browser than opens a connection to that IP address on port 80 (the port for unencrypted web browsing traffic) and requests the main page (“GET /”, perhaps with a status number and header information about your browser and what kind of media you’re willing to accept and such, but the “GET /” is all that’s required. If you have telnet, you can actually do this manually and see what you get back). The www.google.com web server sends you back an unencrypted HTML file and closes the connection. If there are embedded images, your browser requests each of them in turn while it loads the page.

If you have a fast connection, this all typically happens in milliseconds. Well. Unless the page is full of ginormous images, hahaha.

If you instead request https://www.google.com, the DNS dance is the same but there are some additional moves on the actual file requests. Your browser gets the web site’s public key from the web server and uses that to request a symmetric key to encrypt the traffic, and then moves on to the file requests and deliveries. Oh, and this happens on 443 instead of 80, because that’s the default port. Unless your site has numbers on the end of the URL, like https://my401kprovider.com:8124 or something.

Aside: I previously mentioned a “man in the middle” attack; that’s where someone steps in between you and the web server and sends you a fake key and does the encrypt and decrypt dance between you, proxying the content. This is part of why you should pay attention to whether or not that padlock is green in your URL window, yes. There’s a whole system of who certifies whether the certificate is good; there are certificate authorities and your browser has some public keys for the authorities stored. (Some malware messes with those, too. Your antivirus might also be man-in-the-middling you to scan encrypted content for viruses. There’s some debate as to whether or not this is benign, and whether the advantages outweigh the risks–I think it depends on the user. You can tell both in your AV settings and by clicking on the padlock and asking for more info. Some AV companies also sell certs, so if you have Symantec or Comodo and the cert is from Symantec or Comodo that doesn’t prove anything, but if it says Avast, yeah, that’s their HTTPS scanning feature at work.)

The email client dance is similar; There’s the DNS dance of “who is mail.yourmailserver.com?” followed by really short requests sent by the software to authenticate you (your username and password) and get the content, and a similar encryption dance if you’re using encryption (which I recommend, yes). You can use telnet to send mail from the command line, which someone did in a previous embedded video.

Here’s a short demo of sniffing.

They [TM] can possibly do this to you at that nice free public wifi spot you’re using.

They need to be on your network. This is geographically limited, by which I mean that if you’re in Kansas and visiting a server in Kansas, someone in England or Japan can’t see this stuff unless:

They’ve compromised something on your network,They’ve compromised something between you and the site you’re visiting, orThey’ve compromised something near the host you’re talking to.

However, that shady person at the coffee shop’s free wifi could see this stuff just fine. These attacks typically occur somewhere near you.
They cannot see anything going over SSL, like web pages using https, unless they’re man-in-the-middling you, which is a whole different thing. Er. That’s more than I wanted to get into, but… it’s unlikely, unless the free wifi itself is messing with you.

Anyway. You can fire up Wireshark right now and possibly see your housemates’ passwords if they’re using insecure connections. (I once showed my ex his passwords over Wireshark.  Heh.)

What I’m getting at is:

Use SSL (https, secure connections on your email client, etc.) wherever you can.Public wifi is super, super insecure. You probably want to use a VPN on public wifi.

I’ve been trying to get people to encrypt their email, and send me encrypted email, since 1995 or so.  Here’s why:  email is cleartext.

What does “cleartext” mean?

Well, if your ISP is having you send your email out through port 25, you can do this.  (I’ve done it myself to test my own mail server at work.)

That’s basically what happens, automated, when you send your email out through a client. So unless your ISP has you send your mail out over SSL (they’ll probably give you another port to use, like 465 or 587), anyone sitting between you and your ISP’s outgoing mail server can potentially sniff that mail. (Like, that malicious person at the free wifi hotspot you’re using.)

So, you have an encrypted connection to your outgoing server, or you’re using https to access webmail. YAY! People sitting between you and that server can’t sniff it.

(Note: It’s even worse if you aren’t encrypting the connection to your incoming mail server in a mail client. Your username and password are sent cleartext over the wires.)

Don’t relax yet.

What happens next is that your outgoing mail, or SMTP, server goes through the same process with your recipient’s SMTP server. This connection may or may not be encrypted and you have no way of knowing this unless your ISP refuses to talk to other servers that don’t encrypt. (Posteo.de says they do that.) Then the mail is stored on a server disk unencrypted until you or the recipient access it.

This is where encrypting the contents come in. If I send someone an encrypted email, my outgoing mail server and their incoming mail server know that:

the mail came from my email addressthe mail is addressed to their email addressthere is a cleartext subject line.

The contents, however, look like:

—–BEGIN PGP MESSAGE—–
Version: GnuPG v2

hQIMA7RxPzPiyyNTAQ/+INv2GhVp9fCdib7JkzmEis8jw2Qtoazrp5mXDxwRG9Qv
evYhcnY8GIcwkMvYRTMlFfmcS4D/iZTmvPfj9+fZ0piHUWC3zYUgXDIm77821edr
Hfs158zPmmrAbX2ZtsG3GfNnhkCZHQceKuD4pKCAuoa2tlkvNwYTCuWH6g741YyY
Dllci00n5WB1dlR0lhUMhx42jpLW5q2Gco42axqZ1sAPDBSII4+I24LSL5cYr98E
DAJq98T2SgSF2jtGCwBg+xmRFOt2UPPP5fhxz8UnmHbdiFdVXbF0Wb/FiAydXCOl
OqkEVhGraPG9kPs9otBkP469fHAXlnBifBdioHVIArzmrsvXQyeT4kfGgd5aLoAr
pAKuSQmaaEjRmu0rUyKB5NnfNzd4djyDeJA+iVfexSDz7xY8rSRAXWJjFcQmGEg/
+7xdpr/qK/VD9m8htF0Th6kLs2EV+3tlmjNwjC4Jlt3l9wpSHwno9rIFLZaka4Br
GgJ6sKbPC/4mzKhbJV+I4pMGvCnEbzeEwlGFWlAoPE1Vg4JO2oNVrjTAS6Y+qKLP
rDGRcwBqS9FbM94KLKx9WUgpV1FBXMG7uHDKfxIT75yfQXeOJ26GhCxNYjJuvvUn
vlQzGrVmn9XdpgnGngjXMMLyyPnPGzDSCTAMeIjlHO7s73iFc7Bzho3ucMNQJH7S
ZQGr4l0YcjlYu7b1Z12BFW+9v6wjVBJsha2KwwqK9ukFt4GK//Lymd3n8sVkCfot
JWOW+u0ArTiX/I1OAlGM7+1Qe8XUzuSADTOmSMbUYpY+W7o6V7dhNE3lTfEyChNQ
8V2kgbjn
=l7cD
—–END PGP MESSAGE—–

By the way, even though I’ve posted that to my blog, only the person who has the private key can read that.

This isn’t new technology. It’s actually old. The reason everyone isn’t using it is because it’s not set up by default, and because the people you email are probably not using it already and you can’t if they don’t.

If you’re a webmail user, there’s Mailvelope, which I haven’t used. For everyone else, Enigmail for Thunderbird is awesome. GPG4Win used to be kind of buggy but it’s gotten really good–I particularly like the “encrypt/decrypt clipboard” feature, which I’m using instead of Mailvelope for webmail.

Then, all you need is a recipient’s public key. (You always encrypt to the recipient’s public key.) The way it works, in short, is that each person has two keys: one public, one private. They give the public key to you and keep the private one a secret. Only the private key can decrypt something encrypted with its public key. So only one person can read what you’ve sent, and that’s the person who’s got the private key. (Here’s more.)

If you’re a Windows user, you probably want to do your daily web surfing as a non-administrative user. This is because any process you launch (on any operating system) runs with your account’s permissions. That means that if your browser runs into an exploit, that exploit basically runs as you.

My sister is a Mac user, so I know that when she goes to make an administrative change to her Mac, it asks her to confirm her username and password. I used to use Ubuntu on my primary system and can tell you that something similar happens there.

This makes sense, because they’re both based on unix and that credential prompt is based on sudo.

This isn’t how it works in Windows.

By default, the first user you set up in Windows is an Administrator, and subsequent users aren’t. (You can add or remove privileges later.) When you go to make an administrative change, since Vista Windows will ask you to click the much mocked “Are you sure?” button if you’re an administrator, or prompt for credentials if you aren’t. (Some people even turn the “Are you sure?” prompt off completely. Don’t!)

The “Are you sure?” button is technically called “UAC,” or User Access Control.

By using an unprivileged, non-administrative account, you force Windows to ask for account credentials. This limits the damage a browser exploit can do. It also means you have to remember two usernames and two passwords, but there you are. This also means that if the malicious process somehow manages to break out of UAC prison and bypass the “Are you sure?” prompt, it’s running as an account that’s not allowed to make those changes, anyway, and is out of luck.

(Since the Electric Velocipede site appears to be defunct.  Originally published December 11, 2013.)

She knew the signs of drowning; she’d seen it many times. Mouth below the waterline, arms pressing the body up out of the water for a breath. He didn’t cry out for help, but then again, they never did. Breathing took precedence. He didn’t kick, didn’t thrash. He didn’t have the energy to waste.

She always felt sorry for mortals. So vulnerable, especially in the water. The poor things just couldn’t manage.

As the ship sailed away, oblivious, she swam over to him and lifted him out of the water. He wrapped his arms around her neck, and she headed easily to the nearest shore, a couple of miles away. She found herself thinking of the mothers she’d spotted on ships, carrying their toddlers who clung for dear life. As she kept swimming, he went limp.

It was a small island, and as the water became shallow, she transformed her tail into legs and dragged him up on shore. It was so very difficult; she was always surprised by how heavy things were on land. Out of the water, it was hot and dry. It even smelled dry.

Up on the beach, he coughed up water. She held him and patted his back as he spat seawater onto the shore. He barely seemed aware of her, of anything really, but that was how it was with her previous rescues, too. And then he slept, and she watched over him until the moon was high in the sky. And then she slept, too, on the dry gritty sand.

When she woke up the next morning, he’d draped his shirt over her. Silly mortals and their nudity taboos. When she met his eye he blushed and looked away, and she pulled the shirt over her head. It was fairly nice material, finely woven.

“Decent now?” he asked.

“More or less,” she said.

He glanced over at her, sidelong, looking up at her under his lashes. “Did you carry me to shore, or did I dream it?”

She just smiled. “Is there anything to eat?”

He shrugged and looked around. “I’m more worried about water.”

She smirked.

“Drinking water,” he said.

She cocked her head, then looked around, sniffing. There. She could smell fresh water up the hill. She stood and walked.

“Where are you going?” he asked. He followed her.

Water, definitely. Fresh water. Flowing. She could sense it. “I think I hear something.” She scrambled up a rocky sandy hill, the ground hard under her bare feet. How did humans get used to it?

Behind her, he swore. She glanced back. He was barefoot, too.

“Do you have a name?” she asked.

“Lawrence,” he said. “Lawrence Fisher.” He bowed smartly.

She eyed him up and down, to his obvious discomfort. Black hair, olive skin, dark eyes, British accent. “You don’t look British.”

“My mother was Italian,” he said.

“But you’re not.”

“No, milady,” he said. “I’m as British as brown beer. My father sent me to Eton. I’ve only recently returned to Napoli, to seek my fortune.”

She resisted the urge to snort—look how well that had turned out—and headed back up the hill.

“What about you, milady? Will you honor me with your name?”

She turned and cocked her head at him for a moment. Finally, she said, “Ondine.”

“Is that your Christian or given name?” He cocked his head back at her and smiled a sly, flirtatious little smile.

She felt her smile broaden. “Yes.”

He laughed. “As you wish, Milady Ondine.”

She continued up the hill. There was a stream, and the types of trees and such that grew in fresh water stretching up further past the hill. He rushed towards it, and then stood there, expectant.

“Ladies first.”

“I’m not thirsty,” she said.

He raised an eyebrow, and she sighed and drank out of her cupped hands. Then he came forward and drank, over and over. She thought he would never be done of drinking. She would have thought that he’d had enough of water bobbing in the ocean, but apparently not.

When he’d finally drank his fill, he sat down next to the stream and looked up at her. “I don’t suppose you know where we could find food?”

She resisted the urge to laugh. She could catch enough food for them both easily in the ocean. “What, you mean like sandwiches and tea? Little cakes, perhaps?”

He smiled. “You’re quite odd,” he said.

She just smiled back at him.

“Where do you come from?” he asked. “You don’t look British, either.”

“Somewhere far away,” she said.

“Perhaps you’re the empress of China,” he said. He was teasing, but it was gentle teasing.

She laughed, but didn’t say anything. She supposed she could tell him that in ancient times she’d been worshipped as a water nymph, that when people stopped believing she moved to the ocean and lived in Greek shipwrecks because the amphorae made her feel at home. She could tell him she was more powerful than any empress. She could tell him anything, but she knew that what he’d believe was that she was a shipwrecked girl, possibly from the Caribbean or someplace equally exotic.

Well. The ocean would be plenty exotic to the likes of him.

He shook his head. “Quite odd, indeed. I think I spotted crabs on the beach. We could build a fire, perhaps.”

They made their way back down the hill, and he started walking up and down the beach lifting rocks. While he was gone, she gathered fallen branches and piled them up on the beach, then whispered, “Exure!” The wood burst into flame.

Lawrence returned bare-chested with an undershirt full of crabs. He was really quite attractive for a mortal. He said, “How did you do that?”

“A girl needs to have some secrets,” she said.

He shrugged and speared a crab on a sharp stick. It kicked and struggled as he thrust it into the fire. If crabs made noise it would have been screaming; its little square mouth opened in agony as it tried to writhe off the stick.

She felt terribly sorry for it, but not sorry enough to deny Lawrence his dinner. Besides, she was hungry, too. So she pulled a crab out of his undershirt and speared it lengthwise, in hopes of killing it before cooking it. It didn’t struggle, so at the very least she damaged its brain, such as it was.

He cocked his head at her, but said nothing. They sat in companionable silence cooking their crabs. Then they cracked the shells between rocks and ate. It was a messy dinner, but delicious. Lawrence ate two crabs. She only ate the one.

After dinner, he lay back and looked up at the sky. “What manner of lady are you, Ondine?”

She knew what he wanted to hear. What type of people she came from, whether she was a gentlewoman. Whether and where she’d gone to school. How she’d come to end up naked in the ocean.

Mortals.

“I’m a good swimmer,” she said. She lay down and looked at the sky, too.

They lay there in silence until Lawrence started to snore.

#

Lawrence had to admit, it wasn’t every day a man woke up on a beach with a nude woman. But he supposed it wasn’t every day that a man woke up alive after being thrown overboard. Estelle had said she was a widow; how was he to know that her husband was not only alive but on the boat with them? He was lucky to be alive.

It was hardly his fault, either. He blamed his father. His father had withdrawn all support after he graduated Eton, as if that was enough for a young man to make his way in the world. Well, clearly Estelle had been a bad idea. He should have stuck with Vanessa. Vanessa might be older than Estelle, but she was much more respectable. If he’d stuck with Vanessa, he never would have ended up stranded.

As for Ondine, she was lovely, but he couldn’t place whether she had money or not. In fact, he couldn’t place her at all: her country of origin, whether she was noble or common, what manner of resources she might have off this island. It was a bit disturbing, to tell the truth. A pity, really; he’d much prefer a young pretty fair-haired girl to a lonely widow, but unless she had resources . . .

Ondine’s hair lay spread out around her on the beach, and her shapely legs were exposed below his shirt. It really wasn’t decent. She didn’t seem embarrassed, either. He wondered briefly if she was a girl who hired out for morally questionable things. She didn’t seem lewd, though. It was more like she was too innocent to realize she should cover her legs. Perhaps she had never been exposed to the more unpleasant side of life.

She must have realized he was watching her because her eyes met his. He wasn’t used to women who made eye contact. Her eyes were deep blue, and full of intelligence. What was she? Had she been raised by pirates, or something equally lurid?

“What does your father do?” Lawrence asked.

Ondine just laughed at him and stood up to walk along the beach. She waded into the water, and sat with the water halfway up her back.

His shirt would likely be transparent when she got out. He would see everything.

Embarrassed, he headed back up the hill to the spring and drank some more water. This was a fine mess. Why couldn’t he have been one of his father’s legitimate children? He was the oldest, so he could have been a future baron. Instead, he was reduced to seducing rich widows.

He supposed he could marry a gentlewoman, if her father was daft enough to let his daughter marry a man without prospects. No, no, he needed a lonely widow. Someone who could make her own foolish decisions without any parental interference.

Ondine was innocent enough that she must have people looking for her. He wondered if they were frantic. He knew no one was frantic over him, except maybe Vanessa. Aside from her, there would be idle curiosity if he never came back at best. And if he did come back, who knew how long that would take? Would he be so old that no woman would want him?

He sat and huffed out a loud breath. A depressing line of thought, that. Most sailors were terrified of being stranded. Being stranded was certainly no great joy, but it was far worse to think he might waste his youth out here alone without any prospects or chance of betterment.

Had Ondine carried him to shore? Maybe she was from the Caribbean. He’d heard that women there were half-wild, swimming in the ocean and such.

That must be it. Her father was likely the governor of some tiny Caribbean colony. Some place with hardly any Europeans in it, full of Negroes and wild Indians. It wasn’t really the station in life he’d been aiming for, but it was better than he had now.

Steady there. He didn’t really know anything. He just had a theory that might fit.

He headed back down the hill to the beach. She was sitting there with sand stuck to her legs. She smiled at him.

It occurred to him that it didn’t matter whether she had money or not. If she had money and he got her with child, she’d have to marry him. And if she didn’t, well, he could still marry Vanessa.

He sat beside her, a bit closer than was proper. “Are you from the Caribbean?”

She smiled, mysterious, and made no attempt to move away. “I’ve been there.”

So her father was a captain of a merchant ship, perhaps? No, no, he must be a colonist. Who would take a girl to a wild place if they weren’t going to stay? A high-ranking military officer, perhaps?

He moved closer, a look of concern on his face. “Do you think your people are worried about you?”

“Of course,” she said, but there was an undertone to the remark that he didn’t quite follow. “Just as I’m sure there are people worried about you back in England. Your parents, I’m sure.”

His father’s wife considered him an embarrassment. Proof of his father’s poor moral character and all that. She’d probably be delighted to think he was dead. “I’m sure.”

He couldn’t tell whether he’d convinced her or not, but he supposed it didn’t matter. “How likely do you think it is that we’ll be rescued?”

“Oh, I don’t know,” she said. “But I’m not in any hurry, are you?”

He started laughing. “What, are you engaged to a rich old man or something?”

She laughed, too. “No. I was just bored where I was.”

Bored. “What manner of woman are you, Ondine?”

She gave him a flirtatious sidelong glance. “I rule the seas.”

He laughed. “So you’re a pirate queen, then?”

“You’ve figured out my secret.” She giggled. “I’m afraid I lost my sword when I was dragging you to shore. And the parrot got bored and flew back to the ship.”

He moved closer, conspiratorially. Their shoulders were touching now. “Did your people mutiny?”

She snorted. “They wouldn’t dare.”

Lawrence laughed awkwardly.

“So be glad I don’t have my sword, or I’d be robbing you right now.” She wagged her finger at him.

“I haven’t anything for you to take, milady,” he said. “I was thrown overboard after being robbed.” It wasn’t completely untrue; Estelle’s husband Roderick had taken his purse before throwing him over, saying that he’d stolen Roderick’s treasure, after all, and Roderick might as well return the favor.

Bloody bastard.

“But that’s horrible!” Ondine seemed to be very interested in his arms.

He glanced down, where there were finger-shaped bruises on his arms. Roderick had been quite large and imposing, and had had friends. Rather than explaining, he just hung his head.

She waded into the ocean and came out with seaweed, which she wrapped around his bruises.

“Are you a witch, Ondine?”

“My father knows things,” Ondine said. “Things he taught me.”

A ship’s physician, perhaps. He supposed he could ask, but she probably wouldn’t tell him.

And then she kissed him on the nose, and he forgot his questions.

#

Poor Lawrence. Robbed and then thrown overboard to his probable death. Ondine wondered how people could be so horrid, but then she remembered how her father always said that mortals were mysterious creatures, the best and worst all mixed up in them in a great tangle that no one could unwind. He certainly seemed helpless, although she suspected he wouldn’t appreciate her pointing that out.

His eyes had closed as she kissed his nose, and when he opened them they were dazzled. For a moment she remembered what it was to be worshipped as a goddess. She leaned forward and rested her head against his forehead. It was warm, and pleasantly damp from perspiration. His breathing slowed, deepened, but he didn’t make a move. He smelled wonderful, like sex, and he was looking down her shirt.

No. She couldn’t honor him by taking him as a lover. He wouldn’t respect it. Mortals and their ridiculous taboos.

So she smiled at him and pulled away, standing up. “Are you really so eager to be rescued, Lawrence?”

He blushed and looked away. “Not eager, milady. But we can’t live here forever, can we?”

No. She supposed they couldn’t. She’d tire of crabs for dinner, for one thing. “Of course not.”

Ondine walked over to the fire, which was starting to die down, and tossed another branch into the flames. Sparks and smoke leapt up into the air, but they avoided her as a natural enemy. She’d blow a ship off course to come and fetch Lawrence. They’d take him back to Europe and his people, and she’d go home to her father and mother and sisters.

She looked back at Lawrence. He was still sitting motionless where she’d left him, his eyes dilated.

She’d just follow them back to shore and make sure no one tossed him overboard again. There was no point in wasting her effort saving him thus far, after all.

Just not right away.

Instead, she went and caught some fish, chasing them down and stunning them with spells while Lawrence lay on the beach staring up at the sky. She felt very sorry for the fish, flopping and asphyxiating on the sand. It was unnatural for them to die on the dry earth. But she was hungry and so was he, so there she was. She did cast a spell to ease their suffering, at least. When they were dead, she cooked them on a spit over the fire. She usually ate them raw, but didn’t think Lawrence would like that.

Lawrence’s nose twitched, and then he sat up and opened his eyes. “I thought I was dreaming. How did you catch a fish?”

She just smiled.

“You are from the Caribbean, aren’t you?” he asked. “Do tell. I promise, I won’t tell a soul your secret.”

Ondine laughed. “I’m originally from Greece, but I spent some time in the Caribbean, among other places.”

“I knew it!” he said. “What is your father, a ship’s captain? An officer? A governor?”

“Something like that,” she said, and turned the fish.

Lawrence sulked. “Why won’t you tell me? He’s not a pirate, is he?”

She burst out laughing. “No, nothing like that.” The fish was ready, so she handed Lawrence the stick.

“It’s too bad we don’t have plates,” Lawrence said, and took a bite.

After dinner, they lay on the sand side by side while he pointed out constellations to her and told her the old stories. She knew the stories already, having heard them when they were new, but it was interesting to hear how they’d changed over time. It was warm and balmy and smelled like the ocean, and there were gentle breezes and the sounds of palm trees in the wind. His hand reached out and touched hers. It was adorable and shy of him.

She could get used to this all too easily.

#

When Lawrence woke up the next morning, he was alone. And then he saw the ship sailing by.

He scrambled to his feet and shouted and waved. “Here! Over here!” and “Ondine! Ondine! They’ve come to rescue us!” and “Hello! For pity’s sake, hello!” When the rowboat headed towards him he was so happy that he almost cried.

“Ondine!”

The two sailors came up on shore, and one of them, a tall thin fellow, said, “Well, come along, then.”

“Wait!” Lawrence said. “There was a lady! We can’t leave without her.”

“Where is she, then?” the other sailor asked. He was short and stocky, and missing teeth.

Lawrence glanced over at her side of the fire. His shirt was lying there. He walked over and picked it up. “She was wearing this.”

“What?” the stocky sailor asked. “There’s a naked lady wandering about?” The two sailors laughed. It was an ugly sound that made Lawrence’s lip curl. “Come along, then.”

“But . . .”

“People often imagine things when they’re stranded alone,” the thin sailor said. “Keeps you sane, it does.”

“Come along or stay behind,” the stocky sailor said. “It’s your choice.”

“I can’t leave her behind,” Lawrence said.

“We’ll have to carry him,” the thin one said.

“I won’t carry him,” the stocky one said. “If you won’t leave him behind, you can carry him after I knock him out cold.” He cracked his knuckles.

Lawrence put up his hands. “I’m coming, I’m coming.” He looked around and thought maybe it would be safer for Ondine if she didn’t show up naked with these two brutes about.

“Let’s find the naked lady,” the stocky sailor said, and smirked.

They searched for hours, but they never did find Ondine.

#

Ondine watched Lawrence’s protests and struggle, and saw the men search for her. His concern was very sweet, if unnecessary. Her hair floated around her like seaweed as she followed the rowboat to the ship. How slowly these mortals rowed!

The rowboat was pulled up onto the ship, and she swam up and flattened herself against the prow, like one of the carved figures above. It took little effort to cling to the front of the ship with the water pressing her back against the prow, just a small amount magic sufficed. She only needed to be aware enough of her surroundings to notice if someone was thrown overboard, after all.

After dark, she rose up above the waterline and looked up at the ship. She wondered where Lawrence was, if they’d given him some place to sleep or if he was lying on the deck looking at the stars. She thought she heard someone sobbing up on the deck, but there was no way to tell who it was without climbing up and looking. She hoped it wasn’t Lawrence.

Ondine transformed her tail into legs and climbed up the side of the ship. She peeked over the edge of the railing. Lawrence lay there on the deck, bruised and weeping. Three sailors stood over him, menacingly.

“I haven’t anything to give you,” Lawrence said, his voice choked with tears.

“That pretty accent and you haven’t any money?” They laughed.

“Not a farthing,” he said.

“I don’t believe you,” one of them said.

“Oh, certainly you haven’t any money on you,” another said. “But back in England, there must be people who would pay for you.”

“If you can’t pay,” another man said, “you’ll work. You’ll work, or you’ll taste the lash.”

He stepped towards Lawrence, and Ondine hopped over the railing. She raised her arms and the wind rose. The men stepped closer, leering. Her hair whipped around her in the rising wind, almost like she was still underwater, and lightning struck overhead.

“Ondine,” Lawrence whispered.

Lightning struck the man menacing Lawrence, sending him overboard along with the smell of singed hair and clothing. If he was still alive to struggle against drowning, she couldn’t hear it.

She took a step towards the other men, and they backed away, then scattered—much like the clouds. She knelt next to Lawrence and petted his hair.

“What are you?” he asked.

“You imagined me,” she said.

“I do not think so,” he retorted.

“If the sailors give you any trouble,” she said, “tell them you’re under the protection of a sea witch whose mother wears necklaces made out of dead men’s hands.”

Lawrence passed out.

Ondine snorted. She wouldn’t actually make necklaces out of their hands to give to her mother. Hand necklaces had been passé for years.

#

When Lawrence woke up, he was alone on deck with the sun shining down on him. He moved to a shady spot and watched warily for more thieves.

They never came.

When he went down to the mess, men gave him a wide berth. No one seemed to want to risk angering him. Lawrence wasn’t sure whether it was because the sea witch was real or because he was mad. He supposed they weren’t mutually exclusive. But no one suggested he earn his keep for the rest of the voyage.

He was relieved to reach shore anyway. He was lonely on the ship, and if Ondine existed she didn’t come back. He wasn’t sure if he wanted her to come back, either. She was scary.

He stopped at his nasty little flat—the poverty of his situation repelled him—and changed into something decent. Then he headed to Vanessa’s. Vanessa was a youngish widow who adored him. Her hair was just starting to show the faintest bit of gray and she had laugh lines around her eyes. Her husband had been a military man who’d left her alone for long periods of time before his death, so she was used to making her own decisions.

Lawrence knocked on her door. She opened it, and her face lit up. Vanessa said, “I was so worried about you when your ship came back and you didn’t.”

So he came in, and told her the whole story about being thrown overboard after being robbed, and ending up on a desert island and eating crabs. Well. Not the whole story, clearly. He sounded a lot more heroic when Ondine wasn’t in the story. He suspected Vanessa wouldn’t enjoy the parts of the story where he was stranded with a naked woman, even if he’d been a gentleman, and who was he to tell her things she didn’t want to hear?

“My poor darling,” Vanessa said. “I can’t imagine! You were so lucky to be rescued when you were.”

“Yes,” Lawrence said. “I can’t eat crabs for every meal.”

“So resourceful,” Vanessa said, and put an extra biscuit on his plate. “I think you’ve lost weight.”

Vanessa was a good woman. He could love her.

“I thought you’d tired of me,” she said.

“Never,” Lawrence said, and kissed her hand.

Vanessa blushed and asked the maid to bring them more sandwiches. The maid scurried off, and Vanessa withdrew her hand.

Lawrence looked around the sitting room. A lot of books, a lot of knickknacks from her husband’s trips abroad. The furniture was lovely.

This was the life he wanted.

The maid came back with more sandwiches, more than he could eat. He was sorry when it was time to go home to his miserable flat.

There was a lady standing outside his flat. He didn’t recognize her at first because she was dressed as a proper lady, but it was Ondine.

“Milady Ondine!” he said, and bowed. “I tried to keep them from leaving without you . . .”

“I know.” Her clothes were quite expensive. Maybe she had more money than he’d thought. “Are you well, Lawrence?”

He nodded. “What are you, Ondine?”

“You know what I am.” Ondine’s smile was deep, mysterious, like the ocean. And she wore a magnificent string of pearls around her neck.

A sea witch? It was a bit hard to believe, but he’d seen it with his own eyes.

“Aren’t you going to invite me in?” Ondine asked.

“I haven’t a maid,” Lawrence said.

“I don’t mind a mess,” Ondine said.

He’d meant that she’d have no chaperone. How oddly innocent she was. One would think that a sea witch would be more worldly. Or, he supposed, perhaps not. “Do come in.” He opened the door and held it for her, then led her up the narrow staircase.

He opened the door and held it for her, and she stepped in. It was dusty from his time out at sea, and his furnishings were cheap. He was ashamed of the rough table and chairs, the flimsy bed, the threadbare rug. She looked as out of place there as . . .

As a sea witch.

Well. However much money she might have—and he didn’t even know for a fact that she had as much money as her attire suggested—he certainly didn’t want to marry a sea witch, of all things. Witchcraft was hardly an entrée into respectable society, after all.

“What, precisely, is a sea witch?” he asked.

She just laughed at him.

He leaned over and kissed her hand. Then he moved in closer and kissed her lips. They were soft. Ondine didn’t resist at all.

Lawrence said, “I’m so glad you’re all right.”

She laughed. “I was never in any danger.”

That’s what she thought. Those pearls would buy a fine wedding ring for Vanessa.

#

In ancient times she’d taken mortal lovers. She’d watched them grow old. Usually they were lovers for a night only. Sometimes, they’d tend her shrine.

But the ones she’d rescued were always special, somehow. Especially when they knew it. They were usually the most devoted, the best shrine keepers, the most passionate lovers.

Lawrence kissed her again, and she straddled his lap, placed her hands on either side of his face, and kissed him back. He was hers. Her creature. She’d pulled him out of the sea and from certain death, after all. And then she’d saved him from the sailors. Surely, having saved his life twice, it was hers.

Lawrence moaned, and his hands slid up her bodice and pulled her closer. Yes. She’d keep him, take him to the shore and build him a nice house there. “Do you know how to help a lady dress, Lawrence?” she asked.

He nodded, and she turned so he could unlace her dress. It was an epic undertaking; she really didn’t care for the fashions of the age. Finally, she was as naked as she had been when she’d first arrived on the island.

Lawrence’s eyes were hungry. His breath was rough. She reached over and pulled off his jacket, then started to unbutton his shirt. His undressing, while nowhere near as epic as hers, was still quite the project. He really had lovely olive skin though—he must have gotten that from his mother.

He pulled her close and kissed her, his erection pressing into her thigh. They fell back on the bed together, and she climbed on top and straddled him. He was everything she’d hoped, strong and passionate. They ended up making love three times. The third time Ondine called him a satyr, which was saying something because she knew satyrs. They were good lovers, too—a bit rough, perhaps. She preferred humans. They had a sensitive quality to them.

They slept, finally. She fell asleep with her arms around him, musing to herself how she’d set him up in a little house in Napoli or Capri, and he’d want for nothing. All of the ocean’s wealth was at her command, after all. He snored a little, but she didn’t mind. He looked so sweet and vulnerable in her arms, his hair adorably mussed and his long lashes flickering slightly from time to time. He’d grow old, of course, but that’s what mortals did.

When she woke up, he was gone. She thought he might have gone out to bring them something to eat, but when he didn’t return after a few hours she stood up and looked around the flat. There were love letters from someone named Vanessa, and some textbooks, and a meager set of clothes. So Ondine dressed herself. It took quite a long while to dress, and even longer to realize that she couldn’t find her pearls.

Surely Lawrence wouldn’t steal from her, would he?

She closed her eyes and pictured her pearls. Ondine could almost place them on a map—three streets down, turn right, second door on the left. Bastard! She could hear thunderclouds rumbling outside.

She stuffed one of Vanessa’s love letters into her reticule and walked to the place where her pearls were. It was a jeweler, an odd little white-haired man.

“Where did you get those pearls?” she asked. “They’re lovely.”

“An Italian youth brought them in,” he said. “Traded them for some cash and an emerald ring. Said he was getting married.”

What kind of fool was Lawrence? He’d seen what she was capable of. She could strike him with lightning. She could suck the air right out of his lungs. She could make him burst into flames. If he’d asked her for the pearls, she would have given them to him. She would have given him anything.

Lightning struck outside the shop, and rain started to pour down. She didn’t care.

Ondine went down to the shore and murmured a spell, and shipwreck gold washed up on the beach. She filled her purse to overflowing with it and took it back to the jeweler, who was delighted to return her pearls and give her modern money for the rest of it. She told him that it belonged to her father, which she supposed was true. Then she hired out a horse and carriage to take her to the address on the letter.

It wasn’t a palace or anything, but it was a perfectly respectable house with a perfectly respectable garden. The driver helped her out of the carriage. As she approached the door, she could see Lawrence in the window, drinking tea and smiling. A perfectly respectable maid came out of the house and shook out a throw rug.

The maid muttered, “It’s a disgrace! A youth half her age!”

Ondine had no cause to criticize on that count, so she turned back towards the carriage.

The maid asked, “Can I help you, Miss?”

“No, thank you,” Ondine said. “I must have the wrong house.”

#

The jeweler had given him quite the princely sum for the pearls, which more than paid for a lovely engagement ring for Vanessa. The jeweler also promised to take the ring back if she said no, which Lawrence thought was a friendly and sporting touch.

So he headed off to Vanessa’s, ring in pocket. She’d set him up nicely as a respectable gentleman. His life as a person of no consequence was over. He proposed to her on his knee in her parlor, and she wept tears of joy and said yes. They discussed whether they wanted a big wedding, and decided on something small and intimate. He suspected she didn’t want to give her family time to talk her out of it, which was quite clever of her, really.

The wedding was small, mainly attended by his father and Vanessa’s sister. His father scowled when introduced to Vanessa, scowled at the minister, and scowled at him. Lawrence didn’t care. His father would come around soon enough, in the face of his new money and title. Vanessa’s sister said it was lovely to meet him, but she clearly didn’t mean it.

As the minister said, “Dearly beloved, we are gathered here today to join this man and this woman in holy matrimony,” Lawrence saw a woman wearing black, who slipped in the back. She was wearing a veil, like a widow, but the hair stood up on the back of Lawrence’s neck.

She was also wearing a magnificent set of pearls.

As the ceremony continued, Lawrence felt like there was a rock in his stomach. He didn’t know why Ondine would be there, but he couldn’t imagine it was for any positive reason.

Finally, the minister said, “If anyone present knows of any reason why this man and this woman should not be joined in holy wedlock, speak now or forever hold your peace.”

Ondine stood. She said, “This man is a thief.”

“Please don’t,” Lawrence said.

“I would have given you anything you wanted,” Ondine said. “I would have given you the pearls if you’d asked me for them. I have more.”

“You can’t give me what I want,” Lawrence said.

He thought he saw Vanessa preen next to him out of the corner of his eye, but didn’t dare take his eyes off Ondine. Let Vanessa think whatever she wanted, as long as she still married him.

Ondine removed the veil, and her hair spilled out and cascaded down to her waist. She wore pearls in it, and what looked like seaweed. “What are you, Lawrence?” A stiff breeze rushed up the aisles, lifting her hair.

Lawrence realized that there was nothing he could say that would mean anything to Ondine. She wouldn’t understand. She was too innocent, too unworldly. She didn’t understand men, particularly men of a certain quality, or polite society. She really was a creature completely outside civilization.

“What are you?” he asked Ondine.

“You know what I am,” she said. Thunder sounded outside.

“What’s happening?” Vanessa asked. “Who is this woman?”

“You look so innocent asleep,” Ondine said. She was paler than he remembered, and her hair looked almost damp. “You fooled me.”

He didn’t have an answer for that.

“If you ever sleep again, you’ll die,” Ondine said, and lightning struck so close that his hair literally stood on end. Then she turned and walked away.

Vanessa burst into tears and ran out of the church.

He chased Vanessa out the door. “Wait!”

“Clearly, your morals are as loose as your father’s,” Vanessa said. “I have no desire to marry a libertine.” Tears welled up in her eyes. “What manner of man are you, Lawrence?”

He didn’t have an answer for that, either.

#

Ondine went home, to the ocean, where she belonged. Where she had a tail instead of legs. Where things made sense. To her father, old and bearded and wise, and full of good sense.

“I didn’t think I needed to warn you about mortals again,” he said.

Later, he said, “I went up on land to look for him.”

Ondine scowled.

“I didn’t speak to him.” He smiled, a dark wicked smile. His blue eyes flickered amusement from behind his heavy silver eyebrows. “He looked tired.”

She would never understand mortals and what they had become. Never.

And yet, she knew instantly when Lawrence had thrown himself overboard. Mouth below the waterline, arms pressing the body up out of the water for a breath. He didn’t cry out for help, but they never did. Breathing took precedence. He didn’t kick, didn’t thrash, just kept pushing his body upwards.

She lifted him out of the water. He looked worn and haggard.

“Stupid mortal,” Ondine said. “You don’t have to drown yourself to die. You only have to fall asleep.”

Lawrence burst into tears, like a spoiled toddler. “I’m afraid.”

She felt a flicker of pity despite her anger. He was such a child. She supposed he was really very young.

“Please,” he said. “Please. Lift the curse. For pity’s sake, please. I’ll do anything you want.”

She could take him to Capri, she supposed. Ironic, considering how Ondine had wanted to set him up in a villa here. Not that she wanted that any more.

“What do you want from me?” he asked. “I can’t give you your pearls back. The jeweler said you already had them.” He reached into his pocket and pulled out the ring. Vanessa’s ring. “Take it.” His voice turned accusing. “It’s not like I have any further use for it. You’ve seen to that.”

Ondine let go of Lawrence, and he slipped beneath the waves. Peacefully, like he was falling asleep.

I set this up to be modular and reusable, because I like reusing things.  This doesn’t actually move your system databases.  It just outputs a change script and a revert script.  You still have to run the generated script, then log on to your server and stop the services and move the files yourself.  In my example, I’m moving TempDB from C (ew) onto better storage.
declare @dbname sysname,
@oldpath varchar(255),
@newpath varchar(255)

set @dbname='tempdb'
set @oldpath='C:\Program Files\Microsoft SQL Server\MSSQLSERVER\MSSQL\DATA' --no trailing slash
set @newpath='H:\HappyStorage' --no trailing slash

/*  Generates your change script */
SELECT 'alter database ' + @dbname + ' modify file (name=' + name + ', filename = ''' + replace(physical_name,@oldpath,@newpath) + ''');'
FROM sys.master_files
WHERE database_id = DB_ID(@dbname);

/* Generates a revert script */
SELECT 'alter database ' + @dbname + ' modify file (name=' + name + ', filename = ''' + physical_name + ''');'
FROM sys.master_files
WHERE database_id = DB_ID(@dbname);

/* Tells you where the files are now */
SELECT name, physical_name
FROM sys.master_files
WHERE database_id = DB_ID(@dbname);
GO

Sample output would  include, in the top window:

alter database tempdb modify file (name=tempdev, filename = 'H:\HappyStorage\Data\tempdb.mdf');
alter database tempdb modify file (name=templog, filename = 'H:\HappyStorage\Log\templog.ldf');

Copy and paste that into a new window, and run it if you’re sure it’s right.

You can, of course, use this for MSDB or any other database you want to move.