Windows 11 error message rant

I was given an incorrect security key for a WiFi network.

I tried to connect WiFi but the attempt failed. 

All Windows 11 indicated was 'Unable to connect to this network' - no indication that authentication had failed.

I followed advice for debugging WiFi problems: disabling and re-enabling WiFi, Forgetting the WiFi connection, rebooting Windows 11 and the router, disabling and re-enabling the WiFi device.

An utter waste of time.

If Windows 11 had indicated 'Authentication failed' instead of 'Unable to connect to this network', it would have been a quick fix.

My mistake was to assume that since Windows 11 didn't report an authentication failure, that authentication had not failed. Silly me! 

Why is it so hard from Microsoft to provide useful error messages?

'Unable to connect to this network' provides no actionable information other than what I already know: the WiFi isn't connected. 

Python PEP Caution

I didn't realize until today that Python PEP documents are not static. For example, look at PEP 366. This PEP document was modified many times, from May 1 2007 when it was first created until February 1 2025 when it was last changed. It began as a txt document with history from May 1 2007 to September 16 2022, then was changed to an rst document with history from September 10 2023 to February 1 2025.

Why is this an issue?

Because, when you read a post that references a PEP, unless they provide a copy of the PEP they were referring to, or the commit of the version they are referring to, you can't be certain what they were reading.

While most of the changes don't change the essence of the PEP, some do. You can't know without investigating them all. In the case of PEP 366, substantial changes were made until February 2 2009, after which changes were mostly changes to metadata, formatting and links to referenced resources.

To make matters worse, substantial changes are made even after the status of a PEP has been updated to Finished or Final.

Compare this to the IETF management of RFCs. RFCs are published and don't change substantially. Only metadata is changed to indicate if there are errata or when the RFC is superseded. Corrections are published in separate errata documents. More substantial changes are published in new RFCs that clarify or supersede the original RFC but don't change the RFC.

YouTube alternatives?

Bruce understands the fundamental problem with YouTube, and proposes an alternative: PeerTube, combined with portals to make it easier to find content: multiple portals. The biggest issues will be the monetization,  liability for illegal content, if a node proxies access for others, and security. The big players (YouTube, Meta, Apple, etc.) can have competition de-banked, which would disrupt monetization. Governments are increasing the restrictions and liabilities imposed on content providers.

AI in Firefox

I don't want a browser with inbuilt AI and a configuration switch to disable it: a switch which might inadvertently or maliciously be set to enable the AI features.

An addon that provides the AI features would be better: I could choose not to install the addon and to enable the AI features, an attacker would have to breach security to the extent they could install and enable the addon. At that point, they probably already have access to all my data anyway.

AI systems are, at the current state of the art, fundamentally unreliable and insecure. See, for example AI Agent, AI Spy.

Mozilla has decided that it will build AI features into Firefox. Therefore, I am forced to seek an alternative to the browser I have used preferentially for decades.

Nothing is forever and it is time for change, but not the change Mozilla intends.

It does make me wonder who funds Mozilla and what their real objectives are. 

Configuring WireGuard VPN client on Debian 13/trixie Linux

I am having difficulty configuring a WireGuard VPN client on my laptop running Debian 13/trixie Linux with XFCE desktop and NetworkManager managing network connections, to connect to the WireGuard VPN server I have configured on my router running OpenWrt.

I installed the wireguard package with: sudo apt install wireguard

I installed dbus-x11 package with: sudo apt install dbus-x11

The dbus-x11 package provides dbus-launch. At one point in my trials I was running nm-connection-editor as root (as some posts suggest this is necessary for it to write configuration to /etc/NetworkManager) and got an error indicating dbus-launch was not found. Installing dbus-x11 resolved this.

I tried configuring the VPN client by opening 'Configure VPN...' from the network icon in the XFCE panel (presented by the Status Tray Plugin of the panel). This appears to run nm-connection-editor, which can also be run from the command line.

This opens a window with title 'Network Connections' and two lists of connections: Wi-Fi and WireGuard. I clicked the '+' icon at bottom left and a new window appeared: Choose a Connection Type. I chose WireGuard and clicked Create.

This opens a window with title 'Editing WireGuard Connection 1'. The default connection name is 'WireGuard Connection 1'. I changed this to 'wg0'.

I completed the form on the WireGuard tab, including a peer with details of the WireGuard server on my router. It all seemed simple, except that  when adding the peer I was unable to enter the preshared key until I realized that the icon at the right of the field value text box is clickable and brings up a menu of options, the default being: The password is not required. With the default setting, the input textbox is disabled. 

But the connection didn't work. When I re-opened it in the connection editor, I found that sometimes the Preshared key input of the peer configuration was blank and sometimes the Private key input of the connection was blank. There were no pop-up errors or indications that the connection didn't work, but the connection wasn't created and the checkbox beside the VPN name in the pop-up from the network icon in the XFCE panel wasn't checked.

Eventually I found that when I tried to bring up the connection, there logs from NetworkManager in syslog, including:

2026-03-02T10:25:50.614594+13:00 tpt590 NetworkManager[849]: <warn>  [1772400350.6144] device (wg0): No agents were available for this request.
2026-03-02T10:25:50.614731+13:00 tpt590 NetworkManager[849]: <info>  [1772400350.6145] device (wg0): state change: need-auth -> failed (reason 'no-secrets', managed-type: 'full') 

When I added or edited the peer, I could enter the Preshared key after selecting 'Store the password only for this user' or 'Store the password for all users'. I could save the peer configuration then immediately reopen it for edit and all settings remained. But if I saved the connection then reopened it then opened the peer for editing, the Preshared key value was gone. And sometimes the Private key value of the connection was gone. It isn't obvious to me when the Private key value is cleared. Often, but not always, when I open the connection in the connection editor, the Private key value is gone - reverted to blank, though my selection for only this user or all users remains.

If I edited the connection and the Private key was present, then edited the peer and added the Preshared key and saved the peer but didn't save the connection (i.e. the connection editor was still open), then I was able to bring up the connection and the error about missing key did not appear. But as soon as I saved the connection, the Preshared key was lost and I was unable to bring up the connection. 

The WireGuard site does not provide documentation for the NetworkManager nm-connection-editor.  At least, not that I could find.

I don't know what package provides the functionality for editing WireGuard connections: whether it is part of XFCE, NetworkManager, WireGuard or some other. The forms I see are a bit different from what I see in posts about GNOME connection editor, which makes me think it might be desktop specific. It clearly relates to NetworkManager: the configuration editor is launched by running 'nm-connection-editor', but I suspect there is a plugin provided for WireGuard. Thus far, I don't even know where to ask: there are multiple forums for each of these components.

I am able to configure a client using the 'wg-quick' script and a configuration file I wrote by hand. Or by using the ip and wg commands directly. Bringing up the connection this way results in some configuration in  /run/NetworkManager/system-connections, but none of the keys are in the generated file.

I don't know if I'm missing some package or using the connection editor incorrectly or if it is actually misbehaving. Maybe the keys are supposed to disappear from the connection editor. I see some suggestions that they are stored by some sort of agent. But I haven't yet found any helpful documentation about this.

Update: 

I have found source code for nm-connection-editor and it includes modules for WireGuard. I have also found posts that assert that support for WireGuard is built in to NetworkManager: that the wirreguard package and wg command are not required.

I have also found that importing the WireGuard configuration that worked with 'wg-quick' into NetworkManager with the command:

sudo nmcli connection import type wireguard file ./vpntest.conf 

creates a connection file in /etc/NetworkManager/system-connections that can be brought up and down from nm-applet, which runs from the network icon in XFCE panel.

This creates a configuration similar to what I created using nm-connection-editor, except that all the keys are present.

I am still undecided where there is a bug in nm-connection-editor or I am using it incorrectly, to cause it to lose the Private key and/or Preshared key. I see implications that a key/secret store may be used to store them. But the keys are sometimes lost with no error message, which is very unhelpful even if, technically, it is not a nm-connection-editor bug that causes it.

For the moment, I will ignore nm-connection-editor and use 'nmcli connection import' to create configurations. Or edit the files manually, now that I have a working example.

FWIW, the working configuration in /etc/NetworkManager/system-connections is:

 

[connection]
id=vpntest
uuid=0fb0c5dd-9494-4854-b0a9-33659c21d5c1
type=wireguard
interface-name=vpntest

[wireguard]
private-key=REDACTED

[wireguard-peer.q0wK24nJWvlC+pZQ6wzGzsaqiI41vONaf8wtXjG7xzA=]
endpoint=64.246.80.42:51820
preshared-key=REDACTED
preshared-key-flags=0
persistent-keepalive=25
allowed-ips=192.168.1.234/32;

[ipv4]
address1=192.168.9.2/24
method=manual

[ipv6]
addr-gen-mode=default
method=disabled

[proxy]

 

The redacted keys are as created by 'wg genkey'

 

OpenWrt router connected to Lightwire wireless internet service

I installed my own router for access to Lightwire wireless internet service because with the router provided by Lightwire I was unable to forward port 443 to one of my own nodes. Lightwire uses HTTPS for remote administration of their router and was unable to use an alternate port for their purposes.

Lightwire documents that customers may use their own routers but has no documentation of how to do so. I received instructions from support, in follow-up to my ticket asking why my attempt to forward port 443 wasn't working. 

The requirements for configuring the router were:

• PPPoE connection
• Traffic must be tagged VLAN ID 10

I started with a router with a fresh install of OpenWrt v24.10.

I connected to a LAN port and configured WiFi interfaces using the web interface, then connected via WiFi.

I disconnected the network cable from the router provided by Lightwire and connected it to the WAN port of my router. 

I logged in to the web interface and edited the wan and wan6 interfaces under Network > Interfaces by clicking Edit and then changing the protocol from DHCP to PPPoE and entering the username and password provided by Lightwire in the PAP/CHAP username and PAP/CHAP password fields. All other options left unchanged. Clicked Save then Save & Apply.

As I wasn't sure how to set the VLAN ID via the web interface, I logged in via ssh and edited /etc/config/network and changed the configuration for interfaces wan and wan6, changing option device from 'wan' to 'wan.10'. After the change, the sections were:

config interface 'wan'
	option device 'wan.10'
	option proto 'pppoe'
	option username 'REDACTED username'
	option password 'REDACTED password'
	option ipv6 'auto'

config interface 'wan6'
	option device 'wan.10'
	option proto 'pppoe'
	option username 'REDACTED username'
	option password 'REDACTED password'
	option ipv6 'auto'

Then I rebooted with command reboot.

With these changes, the router connected to the Lightwire service and I had Internet access again. But now with a router fully under my control, allowing me to forward port 443 to one of my servers.

Ordinary Men

I was reading Christopher Robert Browning's Ordinary Men recently.

It's a sobering thought that ordinary men can be made to behave so badly. That the inclinations to morality, empathy, compassion and decency are so feeble that they can so easily be overcome.  That aggression and hatred are so easily stirred, to become dominant in so many, with so little resistance, comment or criticism.

What is happening in the United States now is not yet as evil, but it is already far from the civil, decent, compassionate and caring society that made so many in the world envy and long for it. The rule of law and due process seem on the wane, leaving only brute force. Ordinary men, turned brutal and violent and uncaring.

There is some criticism, but not nearly enough to stop it. Barely enough even to slow it. Which makes one wonder how far will it go this time, before there is some real resistance? How many will die? How many will suffer.

There is a long history of violence and destruction. It is far easier to destroy and terrorize than to make a great, civil society. There are very few left who experienced the evil of WWII and they are now too old and feeble to have much influence. To resist the inclination to violence and evil. And history shows us that without such resistance, violence is almost inevitable. The inclination to it is too much a part of human nature.

Civilization requires active support and defense, else it will crumble and decay and be overcome, yet again. The time is now. 

Even ordinary men.