Tarus Balog : Conferences: Australia, New Zealand and Senegal

January 18, 2018 04:43 PM

Just a quick note to mention some conferences I will be attending. If you happen to be there as well, I would love the opportunity to meet face to face.

Next week I’ll be in Sydney, Australia, for linux.conf.au. I’ll only be able to attend for the first two “miniconf” days, and I’ll be doing a short introduction to OpenNMS on Tuesday as part of the Systems Administration Miniconf.

Then I’m off to Queenstown, New Zealand for the New Zealand Network Operators Group (NZNOG) conference. I will be the first presenter on Friday at 09:00, talking about, you guessed it, OpenNMS.

The week after that I will be back in Australia, this time on the other side in Perth, working with our new Asia-Pacific OpenNMS partner R-Group International. We are excited to have such a great partner bringing services and support for OpenNMS to organizations in that hemisphere. Being roughly 12 hours out from our home office in North Carolina, USA, can make communication a little difficult, so it will be nice to be able to help users in (roughly) their own timezone.

Plus, I hope to learn about Cricket.

Finally, I’m excited that I’ve been asked to do a one day tutorial at this year’s African Network Operators Group (AfNOG) in Dakar, Senegal, this spring. The schedule is still being decided but I’m eager to visit Africa (I’ve never been) and to meet up with OpenNMS users (and make some new ones) in that part of the world.

I’ll be posting a lot more about all of these trips in the near future, and hope to see you at at least one of these events.

Mark Turner : Spoken stats from my weather station

January 16, 2018 02:47 AM

Last Christmas (2016), I got an AcuRite weather station from Costco as a gift to replace my falling-apart Oregon Scientific station. It’s a decent little setup, with wireless transmission from a multi-sensor box outside to the panel inside. For the longest time my biggest complaint was its need to use Windows software to archive its data.

Acurite weather station

Then early last year I hooked up the open source weather software weewx to my station. Weewx creates a nice (if simple) graph of weather data (as seen at https://www.markturner.net/wx) and also kicks the data over to my MySQL database so I can save and query those stats. Last month I was able to create a fancy Grafana dashboard that dynamically displays that data in a beautiful format. Now I had taken a $75 weather station and made it much more useful!

Grafana weather graph

But I wasn’t ready to stop there. I got an Amazon Echo Dot as a Christmas gift and decided I wanted to learn how to teach it tricks, including reading me weather from my weather station, not someone else’s. I found a YouTube video of someone using the Echo to call phone numbers. This a neat trick but what really caught my attention was the guy’s phone system reading out his weather data.

I’ve used Asterisk as a home phone server for well over a decade now and have long thought it would be neat to add some text-to-speech (TTS) capability to it. The open source TTS tools are good but not great. The commercial ones cost more money than I want to spend on an experimental setup (though all in all not too expensive … if I weren’t a cheapskate!). That left some middle ground to be explored.

Google has excellent TTS services as everyone knows from using it on their smartphones. Luckily for me, someone built a perl-based tool to send text to Google and fetch the corresponding speech in a wav file. This tool has been rolled into a Github project called asterisk-googletts which is an Asterisk AGI application that gives your Asterisk server the ability to speak. After adding a few dependencies and putting the sample text into my dialplan, I was delighted to dial an extension and hear my Asterisk server talking to me smoothly and legibly.

Once I had that figured out my attention turned to my weather data. Weewx is very extensible and uses the concept of reports to distribute its data. The default one creates a very readable page, the MySQL one dishes the data to my database, and there’s even a forecast one that fetches info from the National Weather Service. All of these are fancy but what I needed was a simple report that put the data into a narrative format that I could feed into Google TTS. After several searches, I was unable to find one I needed. So I built my own.

My narrative Weewx report is built from weewx’s “Standard” report, stripping out the HTML markup. It uses an “if” statement to provide info on whether the barometer’s rising, steady, or falling. I also adjusted the labels in the report to change the abbreviations to their full phrases so that the speech translation said everything properly. The result is pretty good, I think!

The next obstacle was how to get this into my phone server, which lives in a different host. Weewx has an rsync report for sending data elsewhere but I am already using it to push data to my webserver. Rsync seemed overkill for this use, too. I opted for a cron job that pulls down the three-line text file from my weewx webserver and makes this available to Asterisk.

Then I decided that I didn’t want this script running every x minutes when I would likely only be calling it occasionally. Wouldn’t it be better if I had Asterisk fetch the narrative text on-demand? It turns out Asterisk has a CURL function that can be used to directly pull web data, rather than have to make a system call to get it. This was the perfect answer but after a few tries I realized I had not compiled Asterisk with libcurl support. D’oh! I then spent the next half-hour pulling down the latest Asterisk code, installing the libcurl library, and compiling it. I also added some new codecs while I was at it and improved some other stuff along the way.

With libcurl added my system was complete! I could now dial an extension and hear my Asterisk server read my weather stats. Success!

My setup works for me but there’s some cleaning up I need to do to make it public. I hope to put it in a wee_extension format so that it can be easily installed by others. And now that my weather station is properly kicking out narrative text it should be fairly straightforward to get Alexa reading it, especially if I can adapt one of the sample apps out there.

Here’s my current skin.conf file:

###############################################################################
# STANDARD SKIN CONFIGURATION FILE                                            #
# Copyright (c) 2010 Tom Keffer                            #
# Modified in 2018 by Mark Turner 
###############################################################################

[Extras]
    # Put any extra tags here that you want to be available in the templates
    
###############################################################################

[Units]
    # This section is for managing the selection and formatting of units.
    
    [[Groups]]
        # For each group of measurements, this section sets what units to
        # use for it.
        # NB: The unit is always in the singular. I.e., 'mile_per_hour',
        # NOT 'miles_per_hour'

        group_altitude     = foot                 # Options are 'foot' or 'meter'
        group_degree_day   = degree_F_day         # Options are 'degree_F_day' or 'degree_C_day'
        group_direction    = degree_compass
        group_moisture     = centibar
        group_percent      = percent
group_pressure     = mbar                 # Options are 'inHg', 'mmHg', 'mbar', or 'hPa'
group_radiation    = watt_per_meter_squared
group_rain         = inch                 # Options are 'inch', 'cm', or 'mm'
group_rainrate     = inch_per_hour        # Options are 'inch_per_hour', 'cm_per_hour', or 'mm_per_hour'
group_speed        = mile_per_hour        # Options are 'mile_per_hour', 'km_per_hour', 'knot', or 'meter_per_second'
group_speed2       = mile_per_hour2       # Options are 'mile_per_hour2', 'km_per_hour2', 'knot2', or 'meter_per_second2'
group_temperature  = degree_F             # Options are 'degree_F' or 'degree_C'
group_uv           = uv_index
group_volt         = volt

# The following are used internally and should not be changed:
group_count        = count
group_interval     = minute
group_time         = unix_epoch
group_elapsed      = second

[[StringFormats]]
# This section sets the string formatting for each type of unit.

centibar           = %.0f
cm                 = %.2f
cm_per_hour        = %.2f
degree_C           = %.0f
degree_F           = %.0f
degree_compass     = %.0f
foot               = %.0f
hPa                = %.1f
hour               = %.1f
inHg               = %.2f
inch               = %.2f
inch_per_hour      = %.2f
km_per_hour        = %.0f
km_per_hour2       = %.1f
knot               = %.0f
knot2              = %.1f
mbar               = %.1f
meter              = %.0f
meter_per_second   = %.1f
meter_per_second2  = %.1f
mile_per_hour      = %.0f
mile_per_hour2     = %.1f
mm                 = %.1f
mmHg               = %.1f
mm_per_hour        = %.1f
percent            = %.0f
second             = %.0f
uv_index           = %.1f
volt               = %.1f
watt_per_meter_squared = %.0f
NONE               = "   N/A"

[[Labels]]
# This section sets a label to be used for each type of unit.

centibar          = " cb"
cm                = " cm"
cm_per_hour       = " cm/hr"
degree_C          =   " degrees"
degree_F          =   " degrees"
degree_compass    =   °
foot              = " feet"
hPa               = " hPa"
inHg              = " inches"
inch              = " inches"
inch_per_hour     = " in/hr"
km_per_hour       = " km/h"
km_per_hour2      = " km/h"
knot              = " knots"
knot2             = " knots"
mbar              = " milli-bars"
meter             = " meters"
meter_per_second  = " m/s"
meter_per_second2 = " m/s"
mile_per_hour     = " miles per hour"
mile_per_hour2    = " miles per hour"
mm                = " mm"
mmHg              = " mmHg"
mm_per_hour       = " mm/hr"
percent           = " percent"
volt              = " V"
watt_per_meter_squared = " W/m²"
day               = " day",    " days"
hour              = " hour",   " hours"
minute            = " minute", " minutes"
second            = " second", " seconds"
NONE              = ""

[[TimeFormats]]
# This section sets the string format to be used for each time scale.
# The values below will work in every locale, but may not look
# particularly attractive. See the Customization Guide for alternatives.

day        = %X
week       = %X (%A)
month      = %x %X
year       = %x %X
rainyear   = %x %X
current    = %x %X
ephem_day  = %X
ephem_year = %x %X

[[Ordinates]]    
# The ordinal directions. The last one should be for no wind direction
directions = north, north-northeast, northeast, east-northeast, east, east-southeast, southeast, south-southeast, south, south-Southwest, southwest, west-southwest, west, west-northwest, northwest, north-northwest, N/A

[[DegreeDays]]
# This section sets the base temperatures used for the calculation
# of heating and cooling degree-days.
        
# Base temperature for heating days, with unit:
heating_base = 65, degree_F
# Base temperature for cooling days, with unit:
cooling_base = 65, degree_F

[[Trend]]
time_delta = 10800  # 3 hours
time_grace = 300    # 5 minutes 

###############################################################################

[Labels]
# Labels used in this skin

# Set to hemisphere abbreviations suitable for your location: 
hemispheres = N, S, E, W
# Formats to be used for latitude whole degrees, longitude whole degrees,
# and minutes:
latlon_formats = "%02d", "%03d", "%05.2f"

[[Generic]]
# Generic labels, keyed by an observation type.

barometer      = Barometer
        dewpoint       = Dew Point
        heatindex      = Heat Index
        inHumidity     = Inside Humidity
        inTemp         = Inside Temperature
        outHumidity    = Outside Humidity
        outTemp        = Outside Temperature
        radiation      = Radiation
        rain           = Rain
        rainRate       = Rain Rate
        rxCheckPercent = ISS Signal Quality
        UV             = UV Index
        windDir        = Wind Direction
        windGust       = Gust Speed
        windGustDir    = Gust Direction
        windSpeed      = Wind Speed
        windchill      = Wind Chill
        windgustvec    = Gust Vector
        windvec        = Wind Vector
    
###############################################################################

[Almanac]
    # The labels to be used for the phases of the moon:
    moon_phases = New, Waxing crescent, First quarter, Waxing gibbous, Full, Waning gibbous, Last quarter, Waning crescent

###############################################################################

[CheetahGenerator]
    # This section is used by the generator CheetahGenerator, and specifies
    # which files are to be generated from which template.

    # Possible encodings are 'html_entities', 'utf8', or 'strict_ascii'
    encoding = utf8
    [[PlainText]]
            encoding = utf8
            template = narrative.tmpl
            
###############################################################################


#
# The list of generators that are to be run:
#
[Generators]
        generator_list = weewx.cheetahgenerator.CheetahGenerator

And here’s the narrative.tmpl file that goes with it:

#errorCatcher Echo
##
## Specifying an encoding of UTF-8 is usually safe, but if your text is 
## actually in Latin-1, then you should replace the string "UTF-8" with "latin-1"
## If you do this, you should also change the 'Content-Type' metadata below.
#encoding UTF-8
##
#if $trend.barometer.raw > 6
#set $bartrend="rising very quickly"
#elif $trend.barometer.raw > 3.5
#set $bartrend="rising quickly"
#elif $trend.barometer.raw > 1.5
#set $bartrend="rising"
#elif $trend.barometer.raw > 0.1
#set $bartrend="rising slowly"
#elif $trend.barometer.raw > -0.1
#set $bartrend="steady"
#elif $trend.barometer.raw > -1.5
#set $bartrend="falling slowly"
#elif $trend.barometer.raw > -3.5
#set $bartrend="falling"
#elif $trend.barometer.raw > -6
#set $bartrend="falling quickly"
#else
#set $bartrend="falling very quickly"
#end if
At of $current.dateTime.format("%_I:%M %p") in $station.location, the temperature is $current.outTemp. The humidity is $current.outHumidity. The dewpoint is $current.dewpoint. Winds are from the $current.windDir.ordinal_compass at $current.windSpeed. The barometer is $current.barometer and $bartrend. Today's rainfall is $day.rain.sum.

Here’s the snippet from Asterisk’s extension.conf that calls googletts.agi:

exten => 8300,1,Answer()
exten => 8300,n,Set(wx=${CURL(http://weatherstation/weewx/narrative/narrative)})
exten => 8300,n,agi(googletts.agi,"${wx}. Goodbye.",en)
exten => 8300,n,HangUp

One thing I soon found out is that googletts.agi expects the text to be one line. If your weewx report contains multiple lines it will abort without saying anything. Keep that in mind as you’re crafting your template.

If you want to check the output of my weewx report, you can pull down the text-file report here. Note that Apache is serving this up without any MIME types so your browser will probably balk at displaying it, though wget or curl won’t have any problem with it.

Here’s a sample wav file from googletts so you can hear how it sounds:
Enjoy!

Mark Turner : The leadership itch returns

January 16, 2018 01:30 AM

Last Thursday, I attended an RPD Community Meeting at Lions Park Community Center. It was a meeting to answer neighborhood concerns about the recent incident of delayed police response as well as answer any questions about crime in the area. A handful of neighbors attended, the usuals I’ve become used to seeing at CAC meetings, and a bevy of police officers, detectives, and representatives from the Communications Center.

I have two pages of notes on that meeting that I would like to type up into a report, but the point of this post is how at home I found myself feeling in that room. After three years of conducting CAC meetings, I was all too happy to volunteer questions when the presenters asked for them. I didn’t organize the meeting nor was I in charge of it but I certainly felt right at home quizzing these people for things I wanted to know.

In short, I may indeed miss being a CAC chair. More than that, I miss that I wasn’t able to run for City Council. I have not forgotten how absolutely jazzed I used to feel after my CAC meetings. The small taste I got of it Thursday reminded me that this is where I’m in my element. I hope some day I can get there.

Mark Turner : The Space Review: A NEMESIS in the sky: PAN, MENTOR 4, and close encounters of the SIGINT kind

January 16, 2018 01:07 AM

PAN/NEMESIS satellite

Here’s an interesting story from 2016 about spy satellites. Amateur satellite spotters determined that the “PAN” satellite of the U.S. Government were tiptoeing up next to geostationary commercial communications satellites so they could vacuum up the signals being relayed through them. Speculation is that PAN was able to triangulate the position of satellite phones used by terrorists, enabling drone strikes.

This would make a fun new hobby.

After launch, the enigma became even bigger. PAN was placed in a geostationary orbit and observations by amateur satellite trackers (including this author) from Europe and South Africa revealed very unusual behavior. Every few months—usually once every six months—PAN moved to a new position. In a mere four years time, it moved at least nine times to various longitudes scattering between 33 and 52.5 degrees east (see my blog post “Imaging Geostationary satellites, and PAN’s past relocations”). This costs fuel, and it is something you normally do not do with a geostationary satellite, as liberally spending fuel drastically shortens the satellite’s operational lifetime. In late 2013, the relocations suddenly stopped and PAN has remained at longitude 47.7 degrees east. This active stationkeeping at this longitude means it must still be operational, although the satellite obviously has ended its previous roving state. All very mysterious! What was this spacecraft doing?

Source: The Space Review: A NEMESIS in the sky: PAN, MENTOR 4, and close encounters of the SIGINT kind

Mark Turner : Tom Dundon, king of subprime auto loans

January 12, 2018 02:24 PM

Tom Dundon

The local paper is singing the praises of the new owner of the Carolina Hurricanes, Tom Dundon. WRAL Sports Fan The News and Observer’s Luke DeCock and Chip Alexander lauded the “self-made billionaire” in an adoring story today:

Dundon, 46, has no background in professional sports but knows how to operate a successful business and already has analyzed much of the Hurricanes’ organization and operation. He also likes to win.

Let’s talk about this “self-made billionaire” who “knows how to operate a successful business.” Dundon’s successful business was Santander Consumer Holdings USA, the subprime auto lending arm of the Spanish bank, Santander. Dundon founded the business and ran it until July 2015, when he stepped down just as the regulatory heat was being turned up on Santander. Santander Consumer is in the subprime auto loan business, making what some say is 1 out of every 5 loans. For those of you who didn’t see the film The Big Short or slept through the 2008 recession, America’s economy was nearly ruined by the kind of loans lenders like Santander made.

Santander’s business model was piling debt onto people with poor credit – the working poor barely making ends meet who could scarcely afford a car loan, much less one with a 20% interest or more. Last summer, Massachusetts Attorney General Maura Healey announced a $26 million settlement with Sandander’s subprime auto loan division to settle allegations of giving high-interest loans to car buyers it knew could not repay them. From AG Healey’s press release:

“After years of combatting abuses from subprime mortgage lenders, these practices are unfortunately familiar,” said AG Healey. “We found that Santander, a leading player in the business of packaging and reselling subprime auto loans, funded unfair and unaffordable auto loans for more than 2,000 Massachusetts residents. This first-in-the-nation settlement relating to subprime auto loan funding will provide relief to thousands of car buyers in Massachusetts and prevent these practices from being used against our residents.”

… and from the Boston Globe:

Santander’s practice of working with car dealerships that falsified or inflated borrowers’ incomes was “outrageous,” said Massachusetts Attorney General Maura Healey in announcing the settlement Wednesday. The bank would then resell the loans, knowing they were unsound, to investors.

“The global economic collapse wasn’t a cautionary tale. It was a blueprint” for Santander, Healey said.

In other words, Dundon made his fortune by ripping off poor people. This makes Dundon a reverse Robin Hood – stealing from the poor and giving to the rich.

Under Dundon’s leadership, Sandander paid a record fine to the Justice Department for illegally repossessing cars of military veterans:

Santander Consumer USA Inc. has agreed to pay at least $9.35 million to resolve a lawsuit by the Department of Justice alleging that the motor vehicle lender violated the Servicemembers Civil Relief Act (SCRA), the Justice Department announced today. The complaint and the settlement, which is subject to court approval, were filed today in the U.S. District Court for the Northern District of Texas.

The settlement covers the improper repossessions of 1,112 motor vehicles between January 2008 and February 2013. The proposed consent order represents the largest settlement for illegal automobile repossessions ever obtained by the United States under the SCRA.

“This is a just resolution that will provide service members with financial relief and help repair their bad credit caused by Santander’s improper repossessions and fee collections with respect to more than 1,100 cars,” said Acting Associate Attorney General Stuart Delery. “The Department of Justice will continue devoting time and resources to protect our service members and their families from such unjust actions and hold bad actors accountable.”

I have little patience with people who kick others when they’re down, amassing huge fortunes by taking advantage of the poor. That’s scumbag behavior. Let’s not paper over Dundon’s checkered path to riches by politely calling him a successful businessman. As far as I’m concerned, he has a lot of atoning to do.

Read more about the subprime auto loan industry in the New York Times story, Investment Riches Built on Subprime Auto Loans to Poor by Michael Corkery and Jessica Silver-Greenberg.

Warren Myers : they asked the right question

January 11, 2018 06:43 PM

Let me compare the experience I wrote about yesterday to another I had the same year with the first customer I was ever sent to – HSBC.

Just a couple weeks after starting with ProServe in 2008, I was sent to Chicago to do a final PoC for HSBC. Someone else had done a PoC the previous year, but with HP’s acquisition of Opsware, HSBC (along with many other customers and potential customers) held-off on signing a purchase contract so they could bundle “everything” they wanted from HP under one big honking purchase order.

And due to changes in the underlying product architecture, HSBC wanted a fresh demo to play with for a little while before writing-in that line item into their PO.

Enter me. A freshly-minted consultant who hadn’t yet developed a solid cheat sheet. So fresh, I thought staying 20 minutes away in a Comfort Inn to save $12 a night was smart (it’s not – always stay as close to your customer as you can (that is within budget) when you’re traveling). But I digress.

After a set of unexpected flight delays, instead of being able to start Monday before lunch, I didn’t even get to meet the customer team until almost end-of-business Monday. Tuesday morning, my main contact met me at the door, escorted me into their lab, and introduced me to the “spare” hardware I’d be working on – a ~5-year-old Sun server running Solaris 10 (thankfully – they’d only just upgraded from Sun OS 9 on that machine a couple weeks before).

Like my main contact in Nutley later that year, my main contact at HSBC was an old hat Solaris admin – he’d been using and administering Sun equipment for nearly 20 years. Smart guy (but, unlike the guy in NJ that summer, he wasn’t a Sun fanboi purist).

The reason we were using retired (and, possibly, resurrected) hardware was because they didn’t trust one of the sales reps (who had since been fired) who made some pretty sweeping promises to them early on in the sales cycle. And, whomever had been in several months prior to do the first PoC had apparently complained bitterly about “having to use Sun”.

So they partially set me up to fail – but I was too dumb to realize it at the time…a perfect instance of the old phrase, “you can’t fool me, I’m too ignorant”.

I did have to suffer through slow network access (the NIC onboard “supported” 100Mbps … but it was flaky, so it had been down-throttled to just 10Mbps. To put this is a little context, that was slower than my home internet access – even then – 10 years ago!

Wednesday about lunchtime, the HSBC project manager for “HP automation initiatives” introduced herself and through our conversation, casually asked, “if you had your druthers, what kind of hardware would you install SA on to support our environment?”

So I answered what I’d use: each server in each SA Core (they were going to have 3) should have 16+ x86-64 CPUs, at least 32 GB RAM, and ample storage (at least 100 GB just for the install, let alone extra space which might be needed for the software and OS libraries). Oh. And it should be running RHEL – don’t use Solaris as the host OS for HPSA.

She pressed me to find out why I suggested this, and I told her, “because SA is written on Linux, and the ported to Solaris; every major issue SA has run into in the last few years regarding OS conflicts has happened on Sun hardware & OSes.”

A little while later, she thanked me for our conversation, thanked me for getting SA up and running so quickly (even on half decade out of date hardware, I had it installed and ready to demo to them in only a little over 1.5 days), which gave me time to go through its functionality, show-off some new things in 7.0 that hadn’t been possible (or as easy) in 6.1 (or 6.5, or 6.6), and even be told I could head out to the airport a little early on Thursday! Win-win-win all around.

Fast forward a few months.

I get a phone call from the engagement manager I’d worked with on the HSBC PoC week, and he asked me if I had a current passport. I told him, “yes,” and asked him why he wanted to know.

He then informed me that HSBC was getting ready to finalize a $12+ million dollar hardware, software, and services sale … but would only be buying SA if I was available to install it.

That’s cool – getting asked back is always a Good Thing™ … but what does that have to do with having a current passport? Bob elaborated: HSBC has a policy of vendors doing installs on site (not weird). And two of those “on site” locations were not in the US: one would be in London England, and the other in Hong Kong. “Would I be able to do that?”, he wanted to know.

“Yes. Yes, I would.”

“OK,” he said, “I’ll send travel dates and details in a few days.”

I hung up, then wondered if I’d said “yes” maybe a little too quickly: who gets asked to be the installation engineer who’s holding-up the finalization of a multi-million-dollar sale? Especially when I knew there were folks at least as qualified, if not much more so, available?

This was my first experience with being asked-back as a consultant (I’d been asked-for when I worked in Support, but that was very different).

And, ultimately, it’s what led to the single best services engagement I had for quite a while. And giving me a [partially] company-paid vacation to the UK. And getting my first stamps in my passport. And establishing a friendship with a customer contact in London who’ve I’ve stayed in touch with ever since.

All from not knowing the “project manager” was actually high-enough up in the HSBC management chain that her recommendations/requests for external personnel would be honored even on big contracts – and being truly honest with her when she asked what I viewed as a casual, throwaway question in a loud computer lab on a cool Wednesday afternoon in April.

The upshot is to always treat everyone you meet as “just another person” – whether a CEO or a janitor, they put their pants on the same way you do: one leg at a time.

Warren Myers : but, i got them on sale!

January 10, 2018 06:43 PM

Back in August 2008, I had a one-week “quick start” professional services engagement in Nutley New Jersey. It was a supposed to be a super simple week: install HP Server Automation at BT Global.

Another ProServe engineer was onsite to setup HP Network Automation.

Life was gonna be easy-peasy – the only deliverable was to setup and verify a vanilla HPSA installation.

Except, like every Professional Services engagement in history, all was not as it seemed.

First monkey wrench: our primary technical contact / champion was an old-hat Sun Solaris fan (to the near-exclusion of any other OS for any purpose – he even wanted to run SunOS on his laptop).

Second monkey wrench: expanding on the first, out technical contact was super excited about the servers he’d gotten just the weekend before from Sun because they were “on sale”.

It’s time for a short background digression. Because technical intricacies matter.

HP Server Automation was written on Red Hat Linux. It worked great on RHEL. But, due to some [large] customer requests, it also supported running on Sun Solaris.

In 2007, Sun introduced a novel architecture dubbed, “Niagara”, or UltraSPARC T1, which they offered in their T1000 and T2000 series servers. Niagara did several clever things – it offered multiple threads running per core, with as many as 32 simultaneous processes running.

According to AnandTech, the UltraSPARC T1 was a “72 W, 1.2 GHz chip almost 3 times (in SpecWeb2005) as fast as four Xeon cores at 2.8 GHz”.

But there is always a tradeoff. The tradeoff Sun chose for the first CPU in the product line was to share a single FPU (floating point unit) between the integer cores and pipelines. For workloads that mostly involve static / simple data (ie, not much in the way of calculation), they were blazingly fast.

But sharing an FPU brings problems when you need to actually do floating-point math – as cryptographic algorithms and protocols all end up relying upon for gathering entropy for their random value generation processes. Why does this matter? Well, in the case of HPSA, not only is all interprocess, intraserver, and interserver communication secured with HTTPS certificates, but because large swaths are written in Java, each JVM needs to emulate its own FPU – so not only is the single FPU shared between all of the integer cores of the T1 CPU, it is further time-sliced and shared amongst every JRE instance.

At the time, the “standard” reboot time for a server running in an SA Core was generally benchmarked at ~15-20 minutes. That time encompassed all of the following:

  • stop all SA processes (in the proper order)
  • stop Oracle
  • restart the server
  • start Oracle
  • start all SA components (in the proper order)

As you’ll recall from my article on the Sun JRE 1.4.x from 6.5 years ago, there is a Java component (the Twist) that already takes a long time to start as it seeds its entropy pool.

So when it is sharing the single FPU not only between other JVMs, but between every other process which might end up needing it, the total start time is reduced dramatically.

How dramatically? Shutdown alone was taking upwards of 20 minutes. Startup was north of 35 minutes.

That’s right – instead of ~15-20 minutes for a full restart cycle, if you ran HPSA on a T1-powered server, you were looking at ~60+ minutes to restart.

Full restarts, while not incredibly common, are not all that unordinary, either.

At the time, it was not unusual to want to fully restart an HPSA Core 2-3 times per month. And during initial installation and configuration, restarts need to happen 4-5 times in addition to the number of times various components are restarted during installation as configuration files are updated, new processes and services are started, etc.

What should have been about a one-day setup, with 2-3 days of knowledge transfer – turned into nearly 3 days just to install and initially configure the software.

And why were we stuck on this “revolutionary” hardware? Because of what I noted earlier: our main technical contact was a die-hard Solaris fanboi who’d gotten these servers “on sale” (because their Sun rep “liked them”).

How big a “sale” did he get? Well, his sales rep told him they were getting these last-model-year boxes for 20% off list plus an additional 15% off! That sounds pretty good – depending on how you do the math, he was getting somewhere between 32% and 35% off the list price – for a little over $14,000 a piece (they’d bought two servers – one to run Oracle RDBMS (which Oracle themselves recommended not running on the T1 CPU family), and the other to run HPSA proper).

Except his sales rep lied. Flat-out lied. How do I know? Because I used Sun’s own server configurator site and was able to configure two identical servers for just a smidge over $15,000 each – with no discounts. That means they got 7% off list …
tops.

So not only were they running hardware barely discounted off list (and, interestingly, only slightly cheaper (less than $2000) than the next generation T2-powered servers which had a single FPU per core, not per CPU (which still had some performance issues, but at least weren’t dog-vomit slow), but they were running on Solaris – which had always been a second-class citizen when it came to HPSA performance: all things being roughly equal, x86 hardware running RHEL would always smack the pants off SPARC hardware running Solaris under Server Automation.

For kicks, I configured a pair of servers from Dell (because their online server configurator worked a lot better than any other I knew of, and because I wanted to demonstrate that just because SA was an HP product didn’t mean you had to run HP servers), and was able to massively out-spec two x86 servers for less than $14,000 a pop (more CPU cores, more RAM, more storage, etc) and present my findings as part of our write-up of the week.

Also for kicks, I demoed SA running in a 2-CPU, 4GB VM on my laptop rebooting faster than either T1000 server they had purchased could run.

Whats the moral of this story? There’s two (at least):

  1. Always always always find out from your vendor if they have a preferred or suggested architecture before namby-pamby buying hardware from your favorite sales rep, and
  2. Be ever ready and willing to kick your preconceived notions to the sidelines when presented with evidence that they are not merely ill thought out, but out and out, objectively wrong

These are fundamental tenets of automation:

“Too many people try to take new tools and make them fit their current processes, procedures, and policies – rather than seeing what policies, procedures, and processes are either made redundant by the new tools, or can be improved, shortened, or – wait for it – automated!”

You must always be reviewing and rethinking your preconceived notions, what policies you’re currently following, etc. As I heard recently, you need to reverse your benchmarks: don’t ask, “why are we doing X?”; ask, “what would happen if we didn’t do X?”

That was a question never asked by anyone prior to our arrival to implement what sales had sold them.

Mark Turner : Got Robocalled? Don’t Get Mad; Get Busy. — Krebs on Security

January 08, 2018 04:07 PM

Several times a week my cell phone receives the telephonic equivalent of spam: A robocall. On each occasion the call seems to come from a local number, but when I answer there is that telltale pause followed by an automated voice pitching some product or service. So when I heard from a reader who chose to hang on the line and see where one of these robocalls led him, I decided to dig deeper. This is the story of that investigation. Hopefully, it will inspire readers to do their own digging and help bury this annoying and intrusive practice.

Source: Got Robocalled? Don’t Get Mad; Get Busy. — Krebs on Security

Tarus Balog : Welcome to 2018

January 04, 2018 04:11 PM

I love New Year’s. Not exactly the party on New Year’s Eve, as I tend to spend it as a quiet evening with friends, but the idea of starting over and starting fresh.

It is also a good time to reflect on the year past. While 2017 was pretty tumultuous for the world at large, for OpenNMS it was a pretty good year.

Our decision to split OpenNMS into two versions is still paying off. We did three major releases of Horizon (19, 20, and 21) as well as point releases every month there wasn’t a major release, and Meridian 2017 finally came out, although later than I would have liked. Horizon users get to experience rapid advancements in power and features while Meridian users can relax knowing their system is very stable and secure.

While it is hard to pick out the best features added in 2017, I’d have to go with OpenNMS Helm and the Minion.

Helm allows you to combine and manage multiple instances of OpenNMS from a Grafana dashboard.

OpenNMS Helm

The Minion is our foray into the whole “Internet of Things” space with an application that can be installed on a small device and used to send remotely collected data to a central OpenNMS instance. Minions have minimal configuration and can be configured redundantly, yet they have the ability to collect massive amounts of monitoring data. We’re very eager to see what novel uses our users come up with for the technology (we have one customer that is “Minion-only”, i.e. they do no monitoring or collection from the central OpenNMS instance at all and instead just put two Minions at each location).

As for the OpenNMS Group, the company behind OpenNMS, we experienced modest growth but still had a record year for gross revenue. What is more exciting is that net income was also a record and several hundred percent above last year, so we are going into 2018 well positioned in our Business Plan of “Spend less than you earn”.

2018 should be exciting. The OpenNMS Drift project brings telemetry (flow) data into OpenNMS, and we are working on some exciting features regarding correlation which will probably involve new machine learning technology.

As always, these features will be available as 100% free and open source software.

Personally, I added three new countries to my list, bringing the total number of countries I’ve been in to forty. I had a great time in Estonia and Latvia, and I really enjoyed my trip to Cuba.

One last thing. If you are reading this you are probably a user of OpenNMS. If so, thank you. We are a small but dedicated group of people creating this platform and often we don’t get much feedback on who uses it and what they like about it. The fact that people do find it useful makes it worthwhile, and we wouldn’t exist without our users and clients.

So, Happy New Year, and may 2018 exceed your wildest expectations.

Mark Turner : The time Santa rescued me

January 03, 2018 02:06 PM

A visit from Santa at sea

Over the holidays, I found myself thinking back to another Christmas of over 25 years ago.

I was serving in the Navy on the USS Elliot (DD-967) and it was yet another Christmas away from home. I was in a funk at the time though now I’m not sure which one of the many possible causes was responsible. I’m pretty sure I was nearing the end of my enlistment. I definitely remember that the deployment was ending and we were bound for San Diego. Maybe it was because I had been butting heads with some of the other guys in my division (we didn’t always get along and when I finally earned some rank I became more comfortable with confronting the slackers and assholes). Maybe it was simply because I didn’t know what I should be doing with my life. Still don’t, actually.

But there I was at sea. It was about 8 AM. I had been working midwatches and had just come off of twelve hours of nighttime duty. I was in my rack, exhausted and feeling depressed. I just wanted to sleep and make the time pass as quickly as I could.

This morning would be different. Announcements over the 1MC kept interrupting my sleep, announcing the arrival of Santa Claus. I snickered at the idea that some guy had dressed up and been delivered to the ship via helo (yes, kids, Santa travels by helicopter at sea). I kept my eyes shut and tried to go to sleep but my thoughts kept drifting back to how goddamn lonely I was feeling.

One more announcement came across. Santa was getting ready to leave, it said. Last chance.

I blinked.

Listen, you dumbshit, I thought. Yeah, I’m feeling down. I could be anywhere but here now. But some guy actually went to the trouble of putting on a Santa suit and getting hauled around the battlegroup. Dammit, I’m going to show some appreciation.

I leaped out of my rack, threw on my coveralls and a Santa hat, and made my way admidships to the ship’s library.

As advertised, there was Santa in the back of the room with a sack of gifts. I waited behind one other sailor before I went up to Santa, shook his hand, and got my picture taken. The smile you see is actually genuine.

I returned to my rack shortly afterward but I was a changed man, no longer dragged down by my pity party. It doesn’t matter what the gift was or that it was a fake Santa or that it was a mere thirty second event. My attitude had totally changed. It was the boost that I really needed right then.

I don’t know who that Santa was, but his visit was a gift I still appreciate today.

Mark Turner : ‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign • The Register

January 03, 2018 12:20 AM

A massive security issue has been found in Intel’s processors that will very shortly have a huge performance impact on almost all computers. Details are sketchy at the moment but it’s not looking good.

Remember the Year 2000 (Y2K) bug? This is likely to eclipse Y2K. Why? Because patching broken software is trivial but patching broken hardware is all but impossible. We will feel the effects of this design flaw for years. Soon nearly all computers you interact with (including online services like Facebook, SalesForce, Netflix, etc) could be from five to thirty percent slower.

When I purchased a new Intel processor last year, I did so thinking it would give me a decade or more of service. Now it’s already obsolete. If any class-action lawsuits spring up over this I would be willing to join in. This is ridiculous.

A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – specifically, PCID – to reduce the performance hit.

Similar operating systems, such as Apple’s 64-bit macOS, will also need to be updated – the flaw is in the Intel x86 hardware, and it appears a microcode update can’t address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder.

Source: ‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign • The Register

Bonus link: Some technical speculation on the bug from “pythonsweetness.”

Mark Turner : Cheap Thoughts: Microcell towers

January 01, 2018 10:02 PM

A microcell site outside of the gas station at Raleigh’s Costco.

I’d been a bit puzzled by all of the microcell sites I’ve seen popping up around town. The first I found was the one behind Adventure Landing on Capital Boulevard a few years ago. Since then, more and more have appeared at locations like Hillsborough Street near N.C. State, Cameron Village Shopping Center, Red Hat Amphitheater, St. Augustine University, outside the Subway on Creekside Drive, and the one pictured above outside of Costco on Six Forks Road near Wake Forest Road.

Many of these new towers sit almost literally in the shadow of massive, existing towers. Why were all of these micro towers going up in places that already have clearly good coverage?

Then the Eureka moment hit me. These cheap, utility-pole cell sites are poaching cellphone users away from the massive towers and collecting the connection fees!

You see, mobile phones will connect to whatever tower appears stronger. Thus, a station on a utility pole might provide a stronger signal to a phone than a massive tower just a block away, simply from the fact that it’s closer. These microcell sites are positioned as close as possible to places where people congregate, whether its a sporting event, a mall, a university, the local gym, or even the gas line at Costco.

It cost AT&T, for example, a massive investment to get a tower permit, pay for a property easement, do a frequency survey, and load up their new tower with antennas and transmitters. On the other hand, these microcell providers rent space on a utility pole, bolt on a few suitcase-sized boxes, and the money comes rolling in. As long as a competitor doesn’t leap-frog them to get even closer to their customers they can bleed the full-size tower site dry of calls and data.

So, here’s where things could get even more interesting for someone who dabbles in disruptive technology! What if femtocells, the phone-book-sized cellphone signal booster boxes, were scattered here and there? What if any business owner could easily create their own, indoor cell site for their customers to use? What if the local sandwich shop made money not only on bread and deli meats but also collected fees from their customers’ cell phone companies while they dined? It could happen, and make those utility-pole cell sites obsolete as quickly as they appeared.

We live in interesting times, don’t we?

Mark Turner : The Promotion and Marketing of OxyContin: Commercial Triumph, Public Health Tragedy

January 01, 2018 05:45 PM

I stumbled upon this old but still relevant paper on the National Institutes of Health website, tracing our country’s current opioid epidemic directly to Purdue Pharmaceutical’s aggressive marketing campaign.

It is truly frightening to consider how many lives have been sacrificed – and continue to be sacrificed – in the name of profits for the pharmaceutical industry. These are real people who trusted their health care providers and were let down. So many families have been shattered and it makes me extremely angry.

America’s health care system is badly broken and needs a drastic fix.

Purdue promoted among primary care physicians a more liberal use of opioids, particularly sustained-release opioids. Primary care physicians began to use more of the increasingly popular OxyContin; by 2003, nearly half of all physicians prescribing OxyContin were primary care physicians.19 Some experts were concerned that primary care physicians were not sufficiently trained in pain management or addiction issues.

Primary care physicians, particularly in a managed care environment of time constraints, also had the least amount of time for evaluation and follow-up of patients with complicated chronic pain.

Source: The Promotion and Marketing of OxyContin: Commercial Triumph, Public Health Tragedy

Mark Turner : Hello, 2018

January 01, 2018 05:25 PM

New Years 2018 arrives in Raleigh City Plaza during the First Night Raleigh celebration

It’s New Years Day 2018 and I sit in my comfortable home office, coffee in hand and a pile of technology surrounding me. The weather is a brisk 22 degrees Fahrenheit as we’re in the middle of a brutal cold spell. I’ve been spending the past week and change catching up on home projects, mostly of the indoor variety.

When it was still warm enough to feel one’s limbs outside I worked more on our fence, digging up more than half of our old fenceposts. The ones that are left are anchored by concrete and not as eager to be ripped from the ground. On a future warmer weekend I will pry these out as well. For now, we have a mostly-open yard for the first time in a while.

Other projects include updating the phone software for my son’e temporary phone. I set up a Windows VM so I can move Windows completely off my laptop. I got my Snort instance running again. I created a script to automatically restart my VMs. I extended my UPS wiring to the downstairs wiring closet. I also solved my EdgeRouter’s puzzling DHCP problem. Oh, and I helped clean out our attic and took down most of our Christmas decorations.

One thing I haven’t done enough of is blogging. Several fits and starts were made in 2017 but I didn’t cough up the kind of posts that I used to have, and that’s sad. It’s been a crazy year with so many shiny objects dangled in front of me (i.e., political drama) that I have been distracted from the things I’d rather do. Thus, my days as a social media consumer (a.k.a. spending time on Facebook) will be severely curtailed this year and I will spend more time being a social media producer here on my blog and elsewhere. It’s not that I don’t love y’all and what you’re out doing but I need to get back to my creative outlets.

Spending a little time this morning searching my blog turned up some amazing posts, many from twelve or so years ago. The subjects probably don’t really matter to most people but they were important to me. Reading them reminds me of how much care and passion I once infused in my writing. I’m out of practice and that’s a shame. I can still scare up time for posts so I certainly should.

I’m working up a highlights series on 2017, so stay tuned. And expect more from me here as I continue to figure out what I’m supposed to be doing here on Planet Earth.

Magnus Hedemark : 2018 Student Camera Project: An Introduction

December 30, 2017 03:23 PM

“Magnus, I want to learn photography. What kind of camera can you recommend for a budget of no more than $300?”

This challenge is given to me often. And it’s surprising how many come up with the same $300 budget. Sometimes I hear $500, but that’s uncommon. Let’s stick with $300. I have some ideas about how to do this in 2018, but I’m going to actually try doing this myself and work with this camera to learn its ins and outs so I can be sure I’m recommending something that I would be okay with using myself.

What is a student camera?

A student camera is a camera that someone learning serious photography can use to effectively develop their knowledge and skills while creating images that are pleasing enough to make the whole experience worthwhile. They don’t require a lot of features.

Here are some of the things I would require out of a student camera:

  1. Easy manual aperture control.
  2. Easy manual shutter speed control.
  3. Easy manual ISO control.
  4. Interchangeable lens system with a common mount.
  5. A prime lens in a “normal” focal length (effective focal length between 40-58mm).

Film is still a completely valid way to learn photography. And there are effective arguments to be made about why film might be a better way to learn photography than digital. But I’m not writing this for that audience. That ground is already really well-covered, and advice from 20-30 years ago is still mostly sound today. If you’re subscribing to that school, any cheap film SLR with a 40-58mm range prime lens is going to do it for you. The Pentax K1000 is the go-to for many students, coupled with a 50mm lens.

I’m embarking on this journey for people who want to learn digital photography. Most of the things that make the Pentax K1000 great can be applied to the selection of a digital camera, as well:

  • The K1000 has a prominent aperture control ring right on the lens barrel close to where it mates to the camera body.
  • The K1000 has a large tactile knob on top of the camera which allows the photographer to quickly set shutter speed up or down by a factor of one f/stop without having to take their eye out of the camera’ viewfinder.
  • With the K1000, ISO was inherent to the film used. It could not be changed without finishing a roll of film and selecting the next roll for a different ISO. This is one of the advantages to digital photography, in that the ISO can be different for every image.
  • The Pentax K1000 had a family of lenses that could be interchanged with the K-mount bayonet system. Additionally, other lens systems could be used by way of simple adapters.

2018 Student Camera Requirements

Let’s take what we can learn from the K1000, but take some of what we know from 2018 technology and trends to come up with something more effective for the modern student.

  • Manual aperture, shutter speed, and ISO controls should be easily accessible without drilling through menus to change them.
  • Let’s aim for a mirrorless camera. This will keep size/weight down, and make it a lot easier to invest in affordable vintage lenses, which can be very high quality for a very low price.
  • One prime lens in the “normal” focal length range.

Focal lengths on digital cameras can be a bit squirrely. I don’t want to fry your brain with this too much right now, but understand this much: a “normal” lens is a lens that approximates the field of view of the human eye. There’s not broad consensus on any one focal length here, but for the purposes of this series we’ll say that a “normal” lens is anything from 40mm to 58mm on a 35mm film camera. But here’s the problem: those numbers change when you’re not talking about 35mm film. Most digital cameras have a sensor that is smaller than a 35mm frame of film, which effectively changes what a “normal” focal length should be.

So if our student camera has a very common APS-C sized sensor, that means our “normal” focal length range needs to take the smaller sensor size into account. We’ll be looking for something in the 26-37mm range for such a camera.

Oh, and I almost forgot the most important part:

  • Total camera package must cost under $300.

Stay tuned for Part II. We’re actually going to assemble a student camera with specific components that you can go out there and purchase.


Mark Turner : Broken DHCP on the Ubiquiti EdgeRouter Lite

December 29, 2017 02:44 AM

The Ubiquiti EdgeRouter Lite (ERL), an amazing little networking box.

Back in October I finally squeezed gigabit speeds out of my AT&T Fiber connection by switching from my old OpenWRT-based TP-Link Archer C7 routers to an Ubiquiti EdgeRouter Lite (ERL). The Archer hardware could not keep up with gigabit speeds but the ERL can.

I love the ERL! It’s only about $100 but it’s a very powerful device! Previous versions of the firmware were a bit cryptic (at least in the UI area) but the latest one provides a lot of functionality (and wizards).

I had followed one such wizard to do my initial setup with the ERL back in October, after upgrading it from version 1.9.1 of EdgeOS to EdgeOSv1.9.7+hotfix.4. All seemed to work … except for it properly pulling a DHCP address from AT&T. See, I have bypassed AT&T’s PACE router in favor of my own and the ERL now does everything but the initial 802.1x authentication that opens the port on AT&T’s switch.

Why do you need to use DHCP on your AT&T link? You can put a static IP on your end of the link but AT&T offers DHCP leases of 14 days and expects you to use them. If your box (i.e., my ERL) doesn’t renew its IP near the end of those 14 days, AT&T considers the link to be dead and shuts down the connection. At this point, the only way you’ll get it going again is to reconnect the AT&T router and let it do its 802.1x authentication again. This is a pain, so avoiding it is very useful.

So, I was bopping along with a static IP address and all seemed good until two weeks later when my (invisible) DHCP lease expired. I’d switch back to the AT&T router and be going again only to have it die again in another 14 days. It was getting frustrating.

When it hit me again last night, I decided to use some of my holiday time to troubleshoot and fix it. After poking at it practically the entire day, I have determined that there is a bug in the DHCP client shipped with the new EdgeOSv1.9.7+hotfix.4 firmware. The included Internet Systems Consortium DHCP Client 4.1-ESV-R7 will happily ask for an IP assignment and AT&T’s server will happily provide one but the DHCP client stupidly ignores it. It acts as if it didn’t hear it and continues to request an IP.

I got smart and found the documentation that explains how to add a Debian repository to the ERL. Using the DHCP client I installed from Debian I could magically get an IP assignment.

Bingo! Problem solved (or at least worked around).

I plan to report the issue to Ubiquiti tomorrow so that it can be fixed in future releases. For now, though, if you have an EdgeRouter that won’t accept an DHCP address, try loading a new DHCP client on the ERL.

In spite of the hours I spent tracking this down today, I’m still insanely happy with my EdgeRouter Lite!

Mark Turner : Burglars enter her home. Cops take an hour to get there.

December 20, 2017 05:14 PM

Imagine being on your own with these guys for almost an hour

Yesterday evening one of my neighbors found herself in a terrifying situation. Three would-be burglars had targeted her home and two of them had just quietly entered through her back door – while she was home! If her very large dogs hadn’t alerted her and scared them off she could’ve found herself face to face with these young men.

She did what any panicked homeowner would do – she called 911 and waited for help to arrive.

And she waited. And waited. And waited.

Two strangers had just entered her home while she was inside and the first Raleigh police officer did not arrive until a full fifty minutes later. By that time the intruders trail had gone cold, too cold for the K9 unit to track them. Officers were apologetic, telling her the department is understaffed.

My neighbor said later that the dispatcher misclassified the break-in as a “Level 2” incident, meaning the officers didn’t even get dispatched until 20 minutes after the incident. Even so, if it takes 30 minutes to round up enough officers to respond to a B&E that is far too long.

No one should have to wait this long for assistance in a life-threatening emergency. This is completely unacceptable. If the Raleigh Police Department is this understaffed then the City of Raleigh needs to get this fixed.

I know the Council recently approved raises for our first responders. Has that boosted recruitment? Why or why not? What else can the city do to ensure the safety of its citizens?

I can’t imagine what I would’ve done had this happened to me. The City of Raleigh needs to do whatever it takes to get more officers in the Raleigh Police Department and to keep happy the ones who are there now. What we have now puts everyone’s safety at risk.

Neighbors will be asking the Raleigh City Council next month to allocate more resources towards our police.

Mark Turner : I-Team Exclusive: Sen. Reid discusses UFO study | LasVegasNow

December 20, 2017 02:04 PM

Former Senator Harry Reid discusses his Pentagon UFO study project.

Did anyone notice what just happened here?

1. The U.S. Government has confirmed it has been studying UFOs.
2. This study has been quietly supported at some of the highest levels of government.
3. A video of a compelling UFO encounter has just been officially released by the U.S. Government.
4. One of the highest ranking former members of Congress didn’t run away from these events but proudly claimed them.
5. In spite of all this, the world didn’t end. People didn’t run for the hills. Mostly everyone shrugged.

These are all remarkable events and unthinkable even a few years ago. If all the people who made this happen escape without being publicly crucified we may see more of these disclosures.

Is society becoming ready to accept the truth of other life in the universe?

The existence of the UFO study was first reported by the I-Team back in October. That’s when a high-ranking intelligence officer in charge of the program quit to take a job with a private company.

Over the weekend, news of Harry Reid’s role in the study surfaced in news reports. The senator gave his only on camera interview to the I-Team’s George Knapp.

Harry Reid’s interest in UFOs dates back to 1989 because that is when George Knapp first had conversations with him on the topic.

In the years since, Reid quietly collected more information, met with scientists, intelligence officials, and other experts, and finally authorized a study that was carried out by a company created by a Las Vegas billionaire.

Since the story broke on Saturday, Reid has been bombarded with media requests, but he gave his only on camera interview to the I-Team.

The release this weekend of videos recorded by military pilots is unusual because, officially, the U.S. government stopped collecting information about UFOs back in 1969, when the Air Force canceled Project Blue Book. But in the decades since, pilots and others continued to encounter technology that is beyond anything known on earth.

Source: I-Team Exclusive: Sen. Reid discusses UFO study | LasVegasNow

Warren Myers : what if

December 19, 2017 11:17 PM

you blogged as often as you tweeted, facebooked, linkedinned, instagrammed, plogged, pinterested, google plussed, mastodonned, etc?

For many of us, that would be 4, 10, 20, 100, or even more blog posts per day.

Wonder how differently we would view/utilize social media if we took that approach?

Just a thought.

Mark Turner : Navy pilot recalls encounter with UFO: ‘I think it was not from this world’ – ABC News

December 19, 2017 01:17 AM

I’m still fascinated by this story of retired Navy F-18 pilot Dave Fravor intercepting a UFO off of San Diego in 2004. I admire this guy’s courage in sharing the story.

His statement, along with the official video, illustrates just one of many, many similar encounters that have taken place but were never publicly shared.

Retired Cmdr. David Fravor spent 18 years as a Navy pilot, but nothing prepared him for what he witnessed during a routine training mission on Nov. 14, 2004.

“I can tell you, I think it was not from this world,” Fravor told ABC News. “I’m not crazy, haven’t been drinking. It was — after 18 years of flying, I’ve seen pretty much about everything that I can see in that realm, and this was nothing close.”

Source: Navy pilot recalls encounter with UFO: ‘I think it was not from this world’ – ABC News

Mark Turner : Glowing Auras and ‘Black Money’: The Pentagon’s Mysterious U.F.O. Program – The New York Times

December 18, 2017 02:24 AM

In the $600 billion annual Defense Department budgets, the $22 million spent on the Advanced Aerospace Threat Identification Program was almost impossible to find.

Which was how the Pentagon wanted it.

or years, the program investigated reports of unidentified flying objects, according to Defense Department officials, interviews with program participants and records obtained by The New York Times. It was run by a military intelligence official, Luis Elizondo, on the fifth floor of the Pentagon’s C Ring, deep within the building’s maze.

The Defense Department has never before acknowledged the existence of the program, which it says it shut down in 2012. But its backers say that, while the Pentagon ended funding for the effort at that time, the program remains in existence. For the past five years, they say, officials with the program have continued to investigate episodes brought to them by service members, while also carrying out their other Defense Department duties.

Source: Glowing Auras and ‘Black Money’: The Pentagon’s Mysterious U.F.O. Program – The New York Times

Mark Turner : How this sign put Berkeley in the center of the cellphone safety debate

December 18, 2017 02:18 AM

If you’re in the market for a cellphone or tablet in the City of Berkeley, you will probably notice a sign displayed near the register of a cellphone retailer, or on store shelves.It’s a flier alerting customers of possible radiation exposure from mobile devices.

“Berkeley is the first city in the country to get stores to post warnings. It’s a small step, but it’s an important step,” said Joel Moskowitz, PhD, director of UC Berkeley’s Center for Family and Community Health at the University’s School of Public Health.

In 2009, Moskowitz turned his focus from scientific research on the health effects of tobacco to cellphones after a visiting scholar from the National Cancer Center in South Korea exposed him to scientific literature looking at whether mobile phone use increased the risk of tumors.

“The cellphone manufacturers want you to keep a minimum distance away from your body and you should find out what that distance is,” Moskowitz said. “If you keep the device by your body you will exceed the safety limits provided by the FCC.”

Source: How this sign put Berkeley in the center of the cellphone safety debate

Mark Turner : There I Was: The X-Files Edition | Fighter Sweep

December 18, 2017 01:50 AM

On the morning of 14 November 2004, Dave and his WSO launched into the clear blue Southern California sky about a hundred miles southwest of San Diego. Their Call Sign was FASTEAGLE 01. His wingman and WSO launched just after them in FASTEAGLE 02. They climbed overhead the ship and rendezvoused in normal fashion before setting off to their assigned work area in the open ocean south of USS Nimitz. Normal day, normal ops for the pre-deployment work up cycle they were in the middle of.

The Nimitz Carrier Strike Group had been on station for a few weeks already, working to integrate the operations of the carrier with her various support ships, including the Ticonderoga Class Guided Missile Cruiser, USS Princeton. As far as Dave was concerned, it was a standard day in a normal work up cycle. Another step in the long journey in preparing the ships of the Strike Group and the planes of the Air Wing to work harmoniously for their upcoming combat deployment.

What Dave didn’t know was for the past several days, Princeton had been picking up some bizarre returns on their Death Star-worthy SPY-1 radar. On several occasions beginning 10 November, the Fire Control Officer and the extremely experienced Fire Control Senior Chief had detected multiple returns descending from far above the radar’s scan volume–somewhere higher than 80,000 ft. The targets, dubbed Anomalous Aerial Vehicles (AAVs), would drop from above 80K to hover roughly 50 feet off the water in a matter of seconds.

Source: There I Was: The X-Files Edition | Fighter Sweep

Mark Turner : Don’t keep cell phones next to your body, California Health Department warns | TechCrunch

December 17, 2017 10:43 PM

Having worked with radio and radar in the military and also having had the danger of microwave radiation drilled into me as part of obtaining an amateur radio license, I’ve always thought that following prudent precautions with mobile phones is a good idea. I never, EVER keep my phone in my pocket while in a moving vehicle, a time when its transmitter is the most active. I limit the length of my calls, and choose text over voice whenever I can (texts use much less of the radio). I also make sure my phone switches to WiFi for its data whenever WiFi is available.

Smartphones are damn near indispensable but one has to respect the RF radiation they create. While there might not be agreement on the health effects they cause, mobile phones undeniably do create a lot of RF radiation.

As this week’s gutting of Net Neutrality shows, the telecom industry owns the FCC. If mobile phones really do pose a health risk don’t count on the FCC protecting you.

The California Department of Public Health (CDPH) issued a warning against the hazards of cellphone radiation this week. Yes, the thing we are all addicted to and can’t seem to put down is leaking electromagnetic radiation and now California has some guidance to safeguard the public.

The CDPH asks people to decrease their use of these devices and suggests keeping your distance when possible.

“Although the science is still evolving, there are concerns among some public health professionals and members of the public regarding long-term, high use exposure to the energy emitted by cell phones,” said CDPH director Dr. Karen Smith.

Source: Don’t keep cell phones next to your body, California Health Department warns | TechCrunch

Mark Turner : “Suspicious” event routes traffic for big-name sites through Russia | Ars Technica

December 16, 2017 01:04 AM

Russia briefly hijacked key Internet sites Wednesday through manipulation of BGP, the Internet’s routing tables. In a war, you can bet that the Internet will be one of the first targets. Is Russia testing its plans?

Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional.

The unexplained incident involving the Internet’s Border Gateway Protocol is the latest to raise troubling questions about the trust and reliability of communications sent over the global network. BGP routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks. But despite the sensitivity and amount of data it controls, BGP’s security is often based on trust and word of mouth. Wednesday’s event comes eight months after large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian government-controlled telecom, also under suspicious circumstances.

Source: “Suspicious” event routes traffic for big-name sites through Russia | Ars Technica

Mark Turner : Japan coastguard rescuing more North Korean ‘ghost ships’ as sanctions, food shortages drive fishermen into farther waters | South China Morning Post

December 15, 2017 08:23 PM

A severe shortage of food and foreign currency amid harsh international sanctions are contributing to rising numbers of North Korean “ghost ship” fishing vessels washing up in Japanese waters, analysts said.

Dozens of North Korean fishing vessels wash up on Japan’s coast ever year, but last month Japanese coastguards registered 28 cases, the highest monthly number since records began in 2014.

Meanwhile, there have been multiple cases of “ghost ships” found packed full of bodies, with 18 corpses recovered so far this year. During the same period, there has been a record number of North Korean fishermen rescued alive – 42 this year compared to zero in 2016.

Japanese authorities say it is often hard to determine exactly how they died as the boats often drift for months before washing up in Japan.

“Fishermen are desperate to meet annual catch goals, which are elevated to higher levels every year,” said Toshimitsu Shigemura, professor emeritus of Waseda University and North Korea expert.

Source: Japan coastguard rescuing more North Korean ‘ghost ships’ as sanctions, food shortages drive fishermen into farther waters | South China Morning Post

Mark Turner : US F-22s intercept Russian jets over Syria, fire warning flares – CNNPolitics

December 15, 2017 07:41 PM

This is one of the most underreported stories. For over 40 minutes, U.S. fighters escorted Russian fighters who had strayed beyond the agreed-upon demilitarization line. Such encounters could very, very easily end in tragedy. Russia is taunting us.

Two US F-22 stealth fighters intercepted two Russian aircraft Wednesday after the Russian jets crossed the Euphrates River in Syria, flying east of the “de-confliction line” that is supposed to separate Russian and US-led coalition aircraft operating over Syria, two US defense officials told CNN.

The US jets fired warning flares during the intercept of the two Russian Su-25 close air support jets according to the officials after they crossed the de-confliction line multiple times.

One of the officials said a Russian Su-35 fighter jet was also involved and that the aerial encounter lasted “several minutes.”

Source: US F-22s intercept Russian jets over Syria, fire warning flares – CNNPolitics

Mark Turner : AIM taught us how to communicate in real-time online – Houston Chronicle

December 15, 2017 07:36 PM


AOL shut down AOL Instant Messenger (AIM) today. Rest in peace, h0tgrits.

Toward the mid-1990s, America Online (by then going by its nickname, AOL) was the company through which most Americans accessed the Internet. As many as half of the CD-ROMs produced at the time bore the near-ubiquitous AOL logo, offering early computer users the opportunity to surf the Internet for a flat fee – at the time, US$19.99 for unlimited monthly access.

With nearly half of U.S.-based Internet traffic flowing through AOL, the stage was set for a social evolution of sorts that shifted our collective relationship with technology and each other. AOL Instant Messenger, or AIM, was launched in May 1997 as a way for AOL users to chat each other in real time, via text.

The service’s Dec. 15 shutdown was announced, notably, on a new real-time text communication channel, Twitter. That is just one testament to AIM’s lasting effects on how people use technology to connect today.

Source: AIM taught us how to communicate in real-time online – Houston Chronicle

Mark Turner : North Korean TV appears to show early ‘A-bomb photo’ – BBC News

December 15, 2017 06:52 PM

Remarkable. I’ve long suspected that North Korea has always been further along with its nuclear capability than the rest of the world realizes. Could this photograph be proof, or is this another case of NK “accidentally” exposing information to keep us all guessing?

On a related note, I’m fascinated with North Korea.

North Korean TV footage of an arms and munitions industry conference appears to show the country’s former leader Kim Jong-il inspecting one of the country’s first ever atomic bombs.

A 30-minute bulletin showing the 12 December conference in the capital Pyongyang has North Korea watchers agog at the picture’s appearance in the conference hall.

The photograph, never before seen in the West, is visible for only a few seconds as the camera sets the scene for the industry conference, attended by Supreme Leader Kim Jong-un, the son of the late Kim Jong-il. It hangs among others showing North Korea’s “achievements” in arms production, alongside scale models of ballistic missiles.Because of its fleeting appearance from a distance, experts are holding fire on a positive identification of the device as an atomic weapon. But the photograph has notable similarities to recent photographs of Kim Jong-un inspecting the country’s first (claimed) hydrogen bomb.

Source: North Korean TV appears to show early ‘A-bomb photo’ – BBC News

Mark Turner : Here’s what the new Disney/Fox merger looks like – Axios

December 15, 2017 04:33 PM

I’m not too happy about the proposed merger between Disney and 20th Century Fox. Pretty sure we need less media consolidation, not more!

Walt Disney Company announced Thursday that it has agreed to acquire the entertainment assets of 21st Century Fox, including Fox’s movie studio and entertainment television networks, as well as Fox’s international TV assets.

Why it matters: The new mega-media company will have better leverage to compete with tech giants like Netflix for entertainment viewership and more opportunities to expand Disney’s legacy sports brand, ESPN.

Source: Here’s what the new Disney/Fox merger looks like – Axios

Mark Turner : Denver cops warn of phone scam brewing at local bars – The Denver Post

December 12, 2017 03:25 PM

This is a very convincing scam and there’s no reason it couldn’t happen here in Raleigh. Keep up with your phone and do NOT call it and give your unlock code to whomever answers it!

Denver bar patrons are being warned of a popular new scam aimed at collecting financial information from stolen or lost smartphones.

Since May, there have been 37 cases of scammers posing as helpful bar owners who get access to stolen smartphones and then drain financial accounts from the phone’s apps, say Denver Police.

The scam begins when crooks steal smartphones from unsuspecting bar customers. They then wait for the phone’s owner to call the phone the next morning in hopes of getting it back. The crook, who often identifies himself as a helpful bar employee, asks the phone’s owner for their pass code to verify ownership.

The phone’s owner, thinking the crook is only trying to make sure the phone is returned to the rightful owner, gives the crooks the pass code. The scammer now changes all the owner’s passwords and then moves money via the apps the owner uses to reimburse his friends.

“Now, not only is her phone truly gone, but so is her money,” say police.

Source: Denver cops warn of phone scam brewing at local bars – The Denver Post

Mark Turner : Fence is structurally complete!

December 12, 2017 02:08 AM

My fence: it’s critter-proof now!

I nailed on the last few pickets to our new fence yesterday. These took some time because they had to be custom-sawed to fit the odd gaps left when the full pickets didn’t line up. Rather than stop and cut individual boards during my previous fence work days, I chose instead to keep motoring so I got more surface area done. Thus, there were about ten or so odd-shaped pickets to create.

A few hours of measuring, cutting, and nailing on Sunday and I had the fence structurally complete. It is now critter-proof. I put in the last board as the sun was going down and then took out a section of our old fence so that we could enjoy our entire backyard for the first time ever. Hurray!

Now I need to go back and trim down the too-tall posts and 2x4s. I may even cap the posts to better weatherproof them. Then I will take down the old fence and either haul it to the dump or find neighbors who might want to scavenge it for spare pickets. I’ll also have to fill in the holes left by the old fence posts. Still a bit of work to be done but I’m getting there!

Mark Turner : NASA Considers Magnetic Shield to Help Mars Grow an Atmosphere

December 12, 2017 01:39 AM

I first read this story last week and it’s been on my mind ever since. It’s beyond our current capabilities to generate a planet-sized magnetic field but we can possibly block solar wind enough to bring Mars back to life. Utterly fascinating!

The Planetary Science Vision 2050 Workshop is happening right now at NASA headquarters in Washington DC. The workshop is meant to discuss ambitious space projects that could be realized, or at least started, by 2050.One of the most enticing ideas came this morning from Jim Green, NASA’s Planetary Science Division Director. In a talk titled, “A Future Mars Environment for Science and Exploration,” Green discussed launching a “magnetic shield” to a stable orbit between Mars and the sun, called Mars L1, to shield the planet from high-energy solar particles. The shield structure would consist of a large dipole—a closed electric circuit powerful enough to generate an artificial magnetic field.

A magnetic shield to protect Mars

Such a shield could leave Mars in the relatively protected magnetotail of the magnetic field created by the object, allowing the Red Planet to slowly restore its atmosphere. About 90 percent of Mars’s atmosphere was stripped away by solar particles in the lifetime of the planet, which was likely temperate and had surface water about 3.5 billion years ago.

Source: NASA Considers Magnetic Shield to Help Mars Grow an Atmosphere

Jesse Morgan : Fix for Citrix Receiver SSL Error 61 in Chrome on Linux

December 10, 2017 05:27 PM

Found this here, which fortunately fixed my issue with 3 lines:

sudo mv /opt/Citrix/ICAClient/keystore/cacerts /opt/Citrix/ICAClient/keystore/cacerts_old
sudo cp /opt/Citrix/ICAClient/keystore/cacerts_old/* /usr/share/ca-certificates/mozilla/
sudo ln -s /usr/share/ca-certificates/mozilla /opt/Citrix/ICAClient/keystore/cacerts

Jesse Morgan : Xenoblade Chronicles 2 Review

December 10, 2017 03:17 AM

I bought Xenoblade Chronicles 2 as a fluke- I’d heard the first one was good, and there was an article prior to it coming out suggesting that it was the game to play after Breath of the Wild. Well, I’ve put a week or so into it so far and here are the takeaways.

  • The battle system is an over-complicated mess where you don’t actually battle, you just wait for permission to press buttons. It’s completely chaotic and near impossible to follow and you feel like a spectator rather than a participant.
  • Once a battle is done, all damage is healed. There’s no consequences. other than dying and having to “try again”
  • Oh, each of these battles takes an eternity to finish. Walk from point A to point B, and have 30 battles. But if you die half way through, you get to go back to the beginning and do it all over again.
  • The map system sucks, as does the fast travel. You can’t scroll the overlay map to figure out where you need to go, just follow the stupid compass arrow and hope it’s leading you the right way (it’s led me to solid walls already, resulting in me giving up on that side quest. The fast travel screen is just unintuitive, and the map it shows doesn’t correlate with the overlap map in any meaningful way.
  • The voice acting. My god- I was embarrassed when the first mustashe-twirling govenor guy showed up because it sounded like… I don’t know, like a horrible person doing a Scotty from Star Trek impression.

I’m on chapter 3, and at this point it feels like a trudge. to get through the game. I keep hoping it’ll get better, but it isn’t. and to top it off, I bought the digital download like a fool so I can’t even resell it. I just spent 3 hours grinding my way to the next section only to die and start over.

What a disappointment.

 

Mark Turner : Chronicler of Islamic State ‘killing machine’ goes public

December 09, 2017 07:07 PM

Bloggers can save the world.

For nearly two years, he’d wandered the streets of occupied Mosul, chatting with shopkeepers and Islamic State fighters, visiting friends who worked at the hospital, swapping scraps of information. He grew out his hair and his beard and wore the shortened trousers required by IS. He forced himself to witness the beheadings and deaths by stoning, so he could hear the killers call out the names of the condemned and their supposed crimes.

He wasn’t a spy. He was an undercover historian and blogger. As IS turned the Iraqi city he loved into a fundamentalist bastion, he decided he would show the world how the extremists had distorted its true nature, how they were trying to rewrite the past and forge a brutal Sunni-only future for a city that had once welcomed many faiths.

He knew that if he was caught he too would be killed.

Source: Chronicler of Islamic State ‘killing machine’ goes public

Mark Turner : Was Al Franken’s punishment fair? – The Washington Post

December 08, 2017 01:22 PM

Sen. Al Franken resigned yesterday. A shame, I believe, as his situation is more nuanced than others. Here’s a good commentary on whether his punishment really fits his alleged “crime.”

Franken presents a more difficult case both because of the quality of the evidence against him and the nature of the alleged transgressions. Much of the alleged behavior took place before he joined the Senate, which doesn’t make it acceptable but does make it different. Some of the Senate-era behavior is offensive but less serious; a hand on the butt during a photo op is different from a tongue down the throat. And some is anonymous, albeit corroborated by other witnesses, which should give all of us pause. The final, and perhaps last-straw, allegation involved an unnamed former Democratic political aide who claimed Franken, while a radio host, attempted to forcibly kiss her, announcing, “It’s my right as an entertainer.” Franken said the story was “categorically not true.”

Consider: One of Franken’s colleagues, New Jersey Democrat Bob Menendez, is under federal indictment for allegedly taking bribes in the form of lavish gifts and using the power of his office to help a campaign donor/friend in dealings with the federal government. Menendez’s trial ended with a hung jury last month, after which the Ethics Committee announced it would resume its inquiry into his conduct.

If senators have the patience to let the ethics process proceed in the Menendez case, why not with Franken? What about weighing whether some lesser punishment than what was essentially forced resignation would better fit Franken’s circumstances?

The right policy is zero tolerance. That does not answer the question about what is the right punishment, or what proof there should be before it is meted out.

Source: Was Al Franken’s punishment fair? – The Washington Post

Magnus Hedemark : Team Fujifilm

December 08, 2017 04:01 AM

You’ve heard me sing praise of my aging Ricoh GR. And it’s true: the GR is a fantastic little camera, and holds up pretty well for something that’s almost five years old. But gradually I’m spending more and more time shooting a Fuji X-T2 these days.

This is not going to be a review. This is going to be a chance for me to share some thoughts about how the Fuji is changing my photography, and changing how I look at photography.

The X-T2 will never replace the Ricoh GR. That’s a ludicrous thought. The big benefit to the GR is that it could fit into a pants pocket if I were willing to risk re-introducing dust to the sensor. This has happened before, and it’s a real pain to clean out, so I’d like to avoid having that happen again.

But the X-T2 can replace my DSLR. In this case, a Canon EOS 70D. The bare body is just a little bigger than my Ricoh GR. But it works with a lens family that is often compared to Leica glass. I mean, it’s really really good. Maybe not Leica good. But I’m happy.

What I wasn’t expecting is that this camera is fully replacing the need for film in my life. I was shooting less film since I took up the GR anyway. But at this point, with the X-T2, I’m feeling pretty safe saying I’m done with it. Shooting actual film no longer gives me any advantages like it once did. Everything I ever wanted from it is now offered by this camera and by modern digital workflows.

24852256_314508545734668_4200036831787473065_n

This scene offered a very challenging exposure. The X-T2 made it easy.

It’s taken me a little while to warm up to this camera. It was so different from everything I’d been used to before, but now we’re starting to really click. One of the reasons why is that I’m slowing down. At the same time, the X-T2 really speeds up the process of composing and exposing and image.

Composing is sped up by the sheer virtue of being mirrorless. I can see in my EVF exactly what my final image will look like, because I’m looking at a live view straight from the sensor.

Exposure is sped up by the latest firmware release. With highlight blinking turned on, I can quickly eyeball a composition and see if I’m blowing out my highlights anywhere. The image above of my wife drinking a bottle of tea being a great example. The meter indicated that the image was properly exposed even while my EVF was showing me large areas with blown out highlights. I sped up my shutter speed accordingly until I exposed well for highlights. What you see above is a straight out of camera jpeg.

And that’s something worth mentioning. I’m very much a RAW shooter. Fuji offers great, rich RAW files. But more and more I find myself being perfectly happy taking a JPEG straight out of camera and publishing it. I’ve got some presets that I’ve been building up and fine-tuning that give me a few key looks that I really like, in both color and black & white. The image above was taken with my Color Portrait preset. Want to try to recreate this preset with your own Fuji? Try this:

  • DR: 400
  • Film Simulation: PRO Neg. Std.
  • Grain Effect: Off
  • White Balance: Auto (I will manually change this often when I’m shooting, but default is AWB)
  • Highlight: 0
  • Shadow: 0
  • Color: -2
  • Sharpness: -3
  • Noise Reduction: -1

Hey, speaking of noise reduction, I should mention low light performance. It’s kind of insane how clever this camera is at dealing with high ISO. I’ll write something up about that and create some image samples to go with it.

I’m taking fewer photos these days, but in part it’s because I’m slowing down. I think I’d learned some bad habits, some real spray and pray type shooting. Being able to see the final image has encouraged me to really take it all in and make adjustments before hitting the shutter release. Oh, and bonus: no more “chimping”.

What about for travel?

24273493_312471479271708_3164967834338291596_o

This wee duplex in Ardagh Village, County Longford, Ireland was photographed with the Fujifilm X-T2 and Fujinon XF35mmF2 R WR lens.

I would never dream of taking my Canon EOS 70D to Europe on holiday, but I didn’t hesitate to do just that with my Fuji system. I was just starting out, so I didn’t have much glass yet. I brought with me a Rokinon 12mm, Fuji 35mm F2, and Fuji 18-135mm. That last one won’t travel with me again. It’s not a bad lens, per se, but it’s the first and only Fuji lens that I’ve experienced so far that doesn’t wow me. The 35mm and the Rokinon 12mm are, on the other hand, nothing short of fantastic. I wouldn’t hesitate to travel with either one again. Bonus points to Fuji for offering not just a weather sealed body, but an array of really top notch weather sealed lenses. The 35mm F2 being one of them. I’ve since added the Fujinon XF23mmF2 R WR to my lineup and I think it may be stuck to my X-T2 more than anything else now. Coming from the Ricoh (18mm), the 23mm Fuji is only a little longer and offers a very natural feel. In fact, I’m really feeling now like I wish the Ricoh were also 23mm. Bear in mind, 23mm on these APS-C digital cameras is equivalent to about 35mm focal length on a full frame sensor.

Oh, one of the other things I love about the Fuji… or really any mirrorless removable-lens camera: vintage lenses. Fuji and other cameras like it make it super easy to mate vintage camera lenses to new cameras. I’ve got a bit of an old Rokkor lens collection, so it’s good to have them back in use.

24297238_311018799416976_2381427677489322782_o

Taken with Minolta MD Rokkor-X 45mm f2 on Fuji X-T2. This lens cost me all of $12 on eBay.

What’s next for me?

  • Sell off my Alien Bees. They are fantastic, and did a great job for me when I was shooting Canon. But the Godox system is where it’s at now for Fuji shooters, and I’m getting on board. The money from the Alien Bees will be reinvested into Godox gear.
  • Pick up a Fuji X100F. I need a go-everywhere camera. The X100F is a little on the big side, but I’m determined to figure out how to make this work for me. It’s also got the 23mm focal length that I love, and the same sensor/processor as the X-T2 so it’ll be easier to have a continuity of aesthetic with all of my new work.
  • I’d really like to get a hold of a Metabones Speed Booster for my Minolta lenses, and maybe another for M42 if the first one blows my mind.

Mark Turner : Millions Are Hounded for Debt They Don’t Owe. One Victim Fought Back, With a Vengeance – Bloomberg

December 07, 2017 06:18 PM


I’ve often talked about tracking down these debt collectors but this guy got to the kingpin. Gives me hope!

On the morning a debt collector threatened to rape his wife, Andrew Therrien was working from home, in a house with green shutters on a cul-de-sac in a small Rhode Island town. Tall and stocky, with a buzz cut and a square, friendly face, Therrien was a salesman for a promotions company. He’d always had an easy rapport with people over the phone, and on that day, in February 2015, he was calling food vendors to talk about grocery store giveaways.

Therrien was interrupted midpitch by a call from his wife. She’d gotten a voicemail from an authoritative-sounding man saying Therrien was in some kind of trouble. “I need to verify an address to present you with your formal claim,” the man had said. “Andrew Therrien, you are officially notified.”

A few minutes later, Therrien’s phone buzzed. It was the same guy. He gave his name as Charles Cartwright and said Therrien owed $700 on a payday loan. But Therrien knew he didn’t owe anyone anything. Suspecting a scam, he told Cartwright just what he thought of his scare tactics.Cartwright hung up, then called back, mad. He said he wanted to meet face-to-face to teach Therrien a lesson.

“Come on by, asshole,” Therrien says he replied.

“I will,” Cartwright said, “and I hope your wife is at home.”

That’s when he made the rape threat.

Therrien got so angry he couldn’t think clearly. He wasn’t going to just let someone menace and disrespect his wife like that. He had to know who this Cartwright guy was, and his employer, too. Therrien wanted to make them pay.

Source: Millions Are Hounded for Debt They Don’t Owe. One Victim Fought Back, With a Vengeance – Bloomberg

Magnus Hedemark : 5 best practices for getting started with DevOps

December 05, 2017 01:21 PM

(as originally shared at OpenSource.com)

Are you ready to implement DevOps, but don’t know where to begin? Try these five best practices.

DevOps often stymies early adopters with its ambiguity, not to mention its depth and breadth. By the time someone buys into the idea of DevOps, their first questions usually are: “How do I get started?” and “How do I measure success?” These five best practices are a great road map to starting your DevOps journey.

1. Measure all the things

You don’t know for sure that your efforts are even making things better unless you can quantify the outcomes. Are my features getting out to customers more rapidly? Are fewer defects escaping to them? Are we responding to and recovering more quickly from failure?

Before you change anything, think about what kinds of outcomes you expect from your DevOps transformation. When you’re further into your DevOps journey, you’ll enjoy a rich array of near-real-time reports on everything about your service. But consider starting with these two metrics:

  • Time to market measures the end-to-end, often customer-facing, business experience. It usually begins when a feature is formally conceived and ends when the customer can consume the feature in production. Time to market is not mainly an engineering team metric; more importantly it shows your business’ complete end-to-end efficiency in bringing valuable new features to market and isolates opportunities for system-wide improvement.
  • Cycle time measures the engineering team process. Once work on a new feature starts, when does it become available in production? This metric is very useful for understanding the efficiency of the engineering team and isolating opportunities for team-level improvement.

2. Get your process off the ground

DevOps success requires an organization to put a regular (and hopefully effective) process in place and relentlessly improve upon it. It doesn’t have to start out being effective, but it must be a regular process. Usually that it’s some flavor of agile methodology like Scrum or Scrumban; sometimes it’s a Lean derivative. Whichever way you go, pick a formal process, start using it, and get the basics right.

Regular inspect-and-adapt behaviors are key to your DevOps success. Make good use of opportunities like the stakeholder demo, team retrospectives, and daily standups to find opportunities to improve your process.

A lot of your DevOps success hinges on people working effectively together. People on a team need to work from a common process that they are empowered to improve upon. They also need regular opportunities to share what they are learning with other stakeholders, both upstream and downstream, in the process.

Good process discipline will help your organization consume the other benefits of DevOps at the great speed that comes as your success builds.

Although it’s common for more development-oriented teams to successfully adopt processes like Scrum, operations-focused teams (or others that are more interrupt-driven) may opt for a process with a more near-term commitment horizon, such as Kanban.

3. Visualize your end-to-end workflow

There is tremendous power in being able to see who’s working on what part of your service at any given time. Visualizing your workflow will help people know what they need to work on next, how much work is in progress, and where the bottlenecks are in the process.

You can’t effectively limit work in process until you can see it and quantify it. Likewise, you can’t effectively eliminate bottlenecks until you can clearly see them.

Visualizing the entire workflow will help people in all parts of the organization understand how their work contributes to the success of the whole. It can catalyze relationship-building across organizational boundaries to help your teams collaborate more effectively towards a shared sense of success.

4. Continuous all the things

DevOps promises a dizzying array of compelling automation. But Rome wasn’t built in a day. One of the first areas you can focus your efforts on is continuous integration (CI). But don’t stop there; you’ll want to follow quickly with continuous delivery (CD) and eventually continuous deployment.

Your CD pipeline is your opportunity to inject all manner of automated quality testing into your process. The moment new code is committed, your CD pipeline should run a battery of tests against the code and the successfully built artifact. The artifact that comes out at the end of this gauntlet is what progresses along your process until eventually it’s seen by customers in production.

Another “continuous” that doesn’t get enough attention is continuous improvement. That’s as simple as setting some time aside each day to ask your colleagues: “What small thing can we do today to get better at how we do our work?” These small, daily changes compound over time into more profound results. You’ll be pleasantly surprised! But it also gets people thinking all the time about how to improve things.

5. Gherkinize

Fostering more effective communication across your organization is crucial to fostering the sort of systems thinking prevalent in successful DevOps journeys. One way to help that along is to use a shared language between the business and the engineers to express the desired acceptance criteria for new features. A good product manager can learn Gherkin in a day and begin using it to express acceptance criteria in an unambiguous, structured form of plain English. Engineers can use this Gherkinized acceptance criteria to write acceptance tests against the criteria, and then develop their feature code until the tests pass. This is a simplification of acceptance test-driven development (ATDD) that can also help kick start your DevOps culture and engineering practice.

Start on your journey

Don’t be discouraged by getting started with your DevOps practice. It’s a journey. And hopefully these five ideas give you solid ways to get started.


Magnus Hedemark : Oops, I did it again

December 04, 2017 02:27 PM

I’ve been an avid photographer for about ten years now. For much of that time, I did photograph models. But about three years ago, I got tired of all the drama it brought to my life and so I took a hiatus from it.

That hiatus was broken on Saturday when I took Candace to the local park for a casual shoot. We used my Fujifilm X-T2 camera and a 50 year old lens, the Minolta MC Rokkor-PG 58mm f1.2. What this lens lacks in clinical sharpness and contrast, it makes up for with gobs of character. This allowed me to get images that really didn’t require much in the way of post processing, which is just how I like it.

Click below to see the full set.


Mark Turner : Mountain Lingo: Where Did “Ma-Maw” and “Pa-Paw” Come From? | Appalachian Magazine

December 04, 2017 02:28 AM

My maternal grandparents were called Me Ma and Pa Pa. I don’t know if this came from their living in Florida or their growing up in Louisiana.

Lately, I have grown fascinated with Appalachian-English, particularly of the words we use and have heard our entire lives, but are completely foreign to any of yu’ns who might be read’n this from some w’ars else’t!

What are the origins of these titles? Not everyone is in agreement (imagine that in 2017 America!); however, it seems that the prevailing theory is that “Mamaw” comes from a Lowland Scot term “Ma Maw”, meaning, “My Mother”.“Ma” was used when addressing one’s own mother, while “Maw” is used when addressing others of one’s own or others mothers.But what about Pa-paw? Where did this word come from?

Source: Mountain Lingo: Where Did “Ma-Maw” and “Pa-Paw” Come From? | Appalachian Magazine

Mark Turner : Skimmer was on Raleigh ATM at State Farmers Market for nearly 3 months | WNCN

December 04, 2017 01:51 AM

When first reading this story, I got the state farmers market confused with the state fairgrounds. I know I’ve used the state fairgrounds ATM this year but I know I’ve not used the farmers market ATM this year.

Raleigh Police arrested a man for credit card theft after investigators say he installed the credit card skimmer in the Farmers Market ATM. Police say he installed it on July 2 and a service technician found it and it was removed on September 24.

Source: Skimmer was on Raleigh ATM at State Farmers Market for nearly 3 months | WNCN

Warren Myers : on entropy, password/passphrase complexity, and if you’ve been part of a data breach (spoiler alert: you have)

November 30, 2017 05:47 PM

I wrote an article on passwords, passphrases, entropy, and data breaches for my employer’s blog: https://augustschell.com/passwords-passphrases-complexity-length-crackability-memorability-data-breaches

Tarus Balog : Update on Expensify

November 29, 2017 05:38 PM

I recently posted a rant on how a vendor we use, Expensify, appeared to be exposing confidential data to workers with the Amazon Mechanical Turk service. In response to the general outcry, they posted a detailed explanation on their blog.

It did little to change my mind.

So apparently what happened is that they used to use the Mechanical Turk from 2009 to 2012, so if you we a customer back then your information was disclosed to those third party workers. Then they stopped, supposedly using some other, similar, in-house system.

But, some genius there decided that the best way for certain customers to insure their receipts were truly private was to have them use the Mechanical Turk with their own staff. I covered that in my first post and it is so complex it hardly registers as a solution.

Of course, they decided to test this new “solution” starting the day before the American Thanksgiving holiday. This was done using receipts from “non-paying customers”. While we pay to use the service (not for much longer), if you were trying it out for free your receipts were exposed to Mechanical Turk workers. Heh, if you aren’t paying for the product you are the product. The post goes on to talk about the security of the Mechanical Turk service, which was surprising because they went on and on about how they didn’t use it.

What really angered me was this paragraph:

The company was away with our families and trying hard to be responsive, while also making the most of a rare opportunity to be with our loved ones. Accordingly, this vacuum of information provided by the company was filled with a variety of well-intentioned but inaccurate theories that generated a bunch of compounding, exaggerated fears. As a family-friendly business we try hard to separate work life from home life, and in this case that separation came at a substantial cost.

Well, boo hoo. If you truly cared about your employees you wouldn’t start a major beta test the day before a big holiday. I spent my holiday worrying about my employees’ personal data possibly being exposed through the Expensify service. Thanks for that.

What pisses me off the most is this condescending Silicon Valley speak that their lack of transparency is somehow our fault. That our fears are just “exaggerated”. When Ryan Schaffer posted on Quora that nothing personal is included on receipts, he demonstrated a tremendous lack of understanding about something on which he should be an expert. As they turn this new leaf and try to be more transparent, I noticed he deleted his answer from the Quora question.

Smells like a cover up to me.

Look, I know that being from North Carolina I can’t possibly understand all the nuances of the brain-heavy Valley, but if Expensify truly does have a “patented, award-winning” methodology for scanning receipts, why don’t they just make that available to their customers instead of using the Turk? This long-winded defense of the Turk seems like they are protesting too much. Something doesn’t make sense here.

I’ve told my folks to stop using SmartScan and that we would move away from Expensify at the end of the year. If you use, or are planning to use, Expensify you should deeply consider whether or not this is a company you want to associate with and if they will act in your best interests.

I decided the answer was “no”.

Mark Turner : In Vancouver, 50% of trips are by foot, bike, or transit. This video shows how they did it. – Vox

November 29, 2017 01:28 AM

Vancouver, British Columbia, has aggressive aspirations for sustainability. Its goal is to be entirely powered by clean energy by 2050 — not just electricity, but transportation and heating as well. (I talked to city manager Sadhu Johnston about it in July 2016.)

As part of that effort, the city adopted the goal of 50 percent “sustainable mode share” by 2020 — half of all trips in the city taken by walking, biking, or transit rather than automobile.Fun fact: The city hit that target in 2015, five years early.

The video above, by Clarence Eckerson Jr. of Streetfilms, tells the story of how it happened. As Brent Toderian, a former Vancouver chief planner (who I interviewed at length in June), explains in the film, the city’s success traces all the way back to the 1960s and ’70s, when the extraordinarily prescient citizens of Vancouver rejected a plan to build a network of urban freeways through the city.

Source: In Vancouver, 50% of trips are by foot, bike, or transit. This video shows how they did it. – Vox

Mark Turner : How journalists can avoid a James O’Keefe-style sting – Columbia Journalism Review

November 29, 2017 01:23 AM

Undercover videographer and conservative political activist James O’Keefe made a vow on the eve of President Trump’s inauguration: “I’m going after the media next,” he said. “We have your name. We have your number. We are embedded in your institutions. We are inside the newsrooms, and that is our next target.” O’Keefe later claimed he already has “hundred of hours” of media-related video.

This threat comes as O’Keefe’s prominence in politics has spiked. He’s known for stings that feature secretly obtained footage edited for maximum impact (he’s most famous for an undercover operation that led to the downfall of the now-defunct community organizing group ACORN). O’Keefe, whose work on voter fraud President Trump endorsed just weeks before Election Day, recently told The Washington Post that his latest sting video led the FBI to arrest a man suspected of planning a violent inauguration protest. “It legitimizes what we’re doing,” O’Keefe told the Post. “It’s a new era for us.”

Source: How journalists can avoid a James O’Keefe-style sting – Columbia Journalism Review

Tarus Balog : Dougie Stevenson – The Elvis of Network Management

November 28, 2017 10:43 PM

David messaged me yesterday that Dougie Stevenson had died.

I hadn’t seen Dougie in person in a long time, but I’d kept up with him through the very networks he, in part, helped manage. While I had heard he wasn’t in the best of health, the news of his passing hit me harder than I expected.

I can’t remember the first time I met Dougie. I do remember it was always Dougie, rarely Doug and never Douglas. While most adults might drop such a nickname, it is a reflection on his almost childlike friendliness and good nature that he kept it. I do know that I was working at a company called Strategic Technologies at the time, so this would be the mid-1990s. I was working with tools like HP OpenView, and I’d often run into Dougie at OpenView Forum events. When he decided to take a job at Predictive Systems I followed him, even though it meant commuting to DC four to five days a week.

It was at Predictive that I got to see his genius at work. With his unassuming nature and down-to-earth mannerisms it was easy to miss the mind behind them, but when it came to seriously thinking about the problems of managing networks there were few who could match his penchant for great ideas. I used to refer to him as the “Elvis” of network management.

We were both commuters then. While he had lived in many places, he called Texas home as much as I do North Carolina. We were working on a large project for Qwest near the Ballston metro stop, and after work we’d often visit the nearby Pizzeria Uno. The wait staff loved to see Dougie, and would always laugh when he referred to the cheese quesadillas appetizer as “queasy-dillies”. This was back during the first Internet bubble, around 1999, and while many of us were working hard to make our fortune, Dougie never really cared that much for money. He used to joke it would all go to his ex-wives anyway. I know he had been married but we didn’t talk too much about that aspect of his life. He’d much rather talk about the hotrod pickup truck he was always working on when he had the time. I do remember he once walked away from a small fortune over principles – that was just the kind of person he was.

I can’t remember the last time I saw Dougie, but it could have been in Austin back in 2008. I have this really bad picture I took then:

Dougie and Me

Notice he has on his OpenNMS shirt. He never failed to promote our efforts to create a truly free and open source network management platform whenever he could.

As I’ve gotten older, I wish more for time than money. Between the business and the farm I’m kept so busy that I rarely get to spend as much time with the amazing people I know, and it would have been nice to see Dougie at least once more. In any case, a small part of him lives on in the hearts and minds of those who did know him.

Though it saddens me to say it, Elvis has left the building.

Mark Turner : Fence work progressing

November 28, 2017 01:55 PM

It’s looking more like a fence

One of the things we’ve been meaning to get done is to move our backyard fence to the outer limits of our property lines. For some reason when the fence was first built, the fence was put 8-20 feet inside of our property, leaving the rest our of property essentially abandoned. Miss Ruth had adopted our property on her side of our fence and we never had the heart to “take it back” while she lived here, so when we got new neighbors it seemed time to make the change.

Only I’d never built a fence before.

Enter YouTube. You can learn anything on YouTube.

I found videos showing what needed to be done. Sometimes I borrowed techniques from multiple videos. In August I bought fenceposts, concrete, and gravel and planted new fenceposts along the property line. It was about then that I realized the City of Raleigh now requires permits for fences. Not only that, the permit application requires a fresh survey! D’oh!

Several weeks later, I ordered a survey and purchased a permit. These alone became about 25% of my expenses, which I’m not happy about but hey, it’s legal now.

Now I’ve almost completed the rails that will hold the pickets. I’ve purchased a pneumatic nailer and nails. I have 290 pickets in the driveway, waiting to be nailed up. Overall, it’s starting to look really good. My perception is that the new neighbors aren’t happy about all the walking around I’m doing in their backyard to get the fence built but I do think they’ll be happy with the result.

If I have the whole weekend to work on it, I expect I can get it done by Sunday night. That’s not usually how my weekends work, though, so I’ll do what I can and save the rest for another day if needed.

At the end of the project I’ll have a beautiful fence, I’ll have some new tools and skills, I’ll have saved a ton of money, and I’ll have some pride in doing something for myself. It’s hard to go wrong with this combination.

Tarus Balog : Expensify and Why I Hate the Cloud

November 27, 2017 10:09 PM

Over the weekend I found out that Expensify, a service I use for my company, outsources a feature to Amazon’s Mechanical Turk service. Expensify handles the management of business expenses, which for a company like ours can be problematic as we do a lot of travel when deploying services. The issue is that the feature, the “smart scanning” of receipts, could potentially expose confidential data to third parties. As a user of Expensify, this bothers me.

Expensify touts “SmartScan” as:

As background, SmartScan is the patented, award-winning technology that underpins our “fire and forget” design for expense management. When you get a receipt, rather than stuffing it into your pocket to dread for later, just:

1. Take your phone out of your pocket
2. SmartScan the receipt
3. Put your phone back in your pocket

What they never told us is that if their “patented, award-winning technology” can’t read your receipt, they send it to the Mechanical Turk, which in turn presents it to a human being who will interpret the receipt manually. The thing is, we have no control over who will see that information, which could be confidential. For example, when I post a receipt for an airline ticket, it may include my record locater, ticket number and itinerary, all of which are sensitive.

This apparently never occurred to the folks at Expensify. Take this Quora answer from Ryan Schaffer, listed as Expensify Director of Marketing & Strategy:

Also, its worth mentioning, they don’t see anything that can personally identify you. They see a date, merchant, and amount. Receipts, by their very nature, are intended be thrown away and are explicitly non-sensitive. Anyone looking at a receipt isunable to tell if that receipt is from me, you, your neighbor, or someone on the other side of the world.

Wrong, wrong, wrong. It seems that Mr. Schaffer may limit his business expenses to the occasional coffee at Starbucks, but for the rest of us it is rarely that limited. For someone whose job is to perfect dealing with receipts, his view is pretty myopic.

For examples of what Expensify exposes, take a look at this tweet by Gary Pendergast.

Information Exposed by Expensify Tweet

It is also worth noting that it appears Expensify does its business on the Mechanical Turk as “Fluffy Cloud” instead of Expensify, which strikes me as a little disingenuous.

In a blog post this morning the company addressed this:

As you might imagine, doing this is easier said than done. Given the enormous scale and 24/7 nature of this task, we have agents positioned around the world to hand off this volume from timezone to timezone. Most of the US team is located in Ironwood, MI or Portland, OR (where we have offices and can train in person). Most of the international team is in Nepal or Honduras (where we work with a third-party provider to manage the on-site logistics). But regardless of the location, every single agent is bound by a confidentiality agreement, and subject to severe repercussions if that agreement is broken.

But if this were true, why are random people on Twitter announcing that they can see this data? Are they relying on the Amazon agreement with the people working as part of the Mechanical Turk? That doesn’t instill much confidence in me. But then in the same blog post they double down, and suggest that if you want extra security, you can just set up your own staff as part of the Mechanical Turk:

1. You hire a 24/7 team of human transcription agents.
         o For the fastest processing we suggest staffing three separate shifts — or daytime shifts in three different offices around the world. Otherwise your receipts might lag for many hours before getting processed.

2. They apply to Amazon Mechanical Turk for an account. Be aware that this is a surprisingly involved process, including:
         o The agent must sign up using their actual personal Amazon account. If your account doesn’t have an adequate history of purchases (each of which implies a successful credit card billing transaction and package delivery) or other activity, you will be rejected.
         o The agent must provide their full name, address, and bank account information for reimbursement. Amazon verifies this with a variety of techniques (eg, confirm that your IP is in the country you say you are, verify the bank account is owned by the name and address provided, full criminal background check), and if anything doesn’t add up, you will be rejected.
         o Rejection is final. It requires such an abundance of verifiable documentation (most notably being an active Amazon account with a long history) that you can’t just create a new account and try again.
         o There is no apparent appeals process. Accordingly, I would recommend confirming before hiring that the candidate can pass Amazon Mechanical Turk’s many strict controls because we have no ability to override their judgement.

3. You notify us of the “workerID” of each of your authorized agents.
         o Though you are not obligated to share your staff’s identity with us directly, your staff will still be obligated to follow the Expensify terms of services. Failure to comply with our terms will result in an appropriate response, starting with immediate banning by our automated systems, ranging up to our legal team subpoenaing you (or failing that, Amazon) for the identity of the agent to press charges directly.

4. We will create a “Qualification” for your “Human Intelligence Tasks” (HITs) that ensures only your agents will see your receipts.

5. Your staff will use the Amazon Mechanical Turk interface to discover and process your employee’s receipts.

That’s the solution? This is what passes for security at Expensify? Hire three shifts of employees all using verified personal Amazon accounts and then you can be sure your confidential data is kept confidential?

Wouldn’t it just be easier to create a small webapp that would present receipts to people in a company directly without going through the Mechanical Turk? Heck, why not just bounce it back out to you – it isn’t that great of a chore.

Plus, basically, if you don’t do this Expensify is saying they can’t keep your information secure.

This is what frustrates me the most about “the Cloud”. Everyone is in such a rush to deploy solutions that they just don’t think about security. Hey, it’s only receipts, right? Look what I was able to find out with just a discarded boarding pass – receipts can have much more information. And this is from a company that is supposed to be focused on dealing with expenses.

I demand two things from companies I trust with our information in the cloud: security and transparency. It looks like Expensify has neither.

I will be moving us away from Expensify. If you know of any decent solutions, let me know. Xpenditure looks pretty good, and since they are based in the EU perhaps they understand privacy a little better than they do in San Francisco.