Mark Turner : Electronics testing at the airport

November 15, 2019 01:48 AM

I haven’t posted a TSA story in a while because I’m lucky enough not to travel as often as I did. When I have traveled, I have come to appreciate how professional the team at my home airport, Raleigh-Durham, is. I’ve never had a bad experience with them and this – I want to stress – is not a bad one, either. Just unusual.

For years I have enjoyed the benefit of TSA-Pre, allowing me to speed through security lines. Naturally, I headed into the TSA-Pre line when I flew out of Raleigh on Wednesday morning. Expecting all to be well, I was intrigued when I apparently set off the metal detector.

“Wait right here, sir,” the screener said, calmly. “We’re going to screen your electronics.”

I waited on the mat next to the metal detector while another agent got through checking another traveler’s electronics. He invited me over and I carried my bags to the testing station.

“Got any thing that is sharp, going to stick me, contraband, etc?” he asked. When I answered no, he politely asked if I had a laptop in the bag. I showed him the pocket it was in and he laid it out on the counter.

He then swabbed my laptop with a chemical pad, popped the swab into the sensor for analysis, and stepped away. To my surprise, the sensor began beeping. My newish work laptop had only been on my office desk and my home desk – not to the coca fields of South America or anything. I began to think over kind of substance could have possibly set off this false alarm.

Another agent walked up, checked the code on the machine, then looked at a placard that was on the top. “You’re looking for a block or a powder,” he told the original screener as the first screener returned to the machine.

The agent then checked through all the big pockets of my bag, looking for said “block or powder.” The agent, still calm and professional, told me he would pass my laptop back through the X-ray machine. It came back fine, of course, and the agent reassembled everything and cordially sent me on my way.

I was mystified why a machine would flag my laptop – one so new that its practically spotless. The whole episode was done with no sense of urgency or passion at all – it seemed everyone was in on the drill but me.

Only later when I arrived at my destination did I realize that even though I had somehow set off the metal detector, no one had ever searched me. No pat down, nothing. My jacket stayed on the whole time and had I had the mind to, I could have smuggled anything I had wanted to onto my flight. I watched a TSA agent in Boston kick the metal detector to make it falsely alarm, though, so just because it buzzes doesn’t mean it’s a legitimate alarm. So I assume it was just a drill.

Fortunately for me, I had budgeted enough time to play the game.

Mark Turner : A Destroyer – By John Steinbeck

October 12, 2019 01:54 PM

USS Elliot (DD-967) in North Arabian Gulf, circa 1998

John Steinbeck spent a few weeks aboard a destroyer in World War II, the USS Knight (DD-663), and wrote this ode to destroyers called “A Destroyer” in 1943. It appeared in a collection of his dispatches published in 1958 in a book called Once There Was a War.

I think it sums up life on a destroyer quite well.

A destroyer is a lovely ship, probably the nicest fighting ship of all. Battleships are a little like steel cities or great factories of destruction. Aircraft carriers are floating flying fields. Even cruisers are big pieces of machinery, but a destroyer is all boat. In the beautiful clean lines of her, in her speed and roughness, in her curious gallantry, she is completely a ship, in the old sense.

For one thing, a destroyer is small enough so that her captain knows his whole crew personally, knows all about each one as a person, his first name and his children and the trouble he has been in and is capable of getting into. There is an ease on a destroyer that is good and a good relationship among the men. Then if she has a good captain you have something really worth serving on.

The battleships are held back for a killing blow, and such a blow sometimes happens only once in a war. The cruisers go in second, but the destroyers work all the time. They are probably the busiest ships of a fleet. In a major engagement, they do the scouting and make the first contact. They convoy, they run to every fight. Wherever there is a mess, the destroyers run first. They are not lordly like the battleships and the men who work them are seamen. In rough weather they are rough, honestly and violently rough.

A destroyerman is never bored in wartime, for a destroyer is a seaman’s ship. She can get under way at the drop of a hat. The water under fantail boils like a Niagara. She will go rippling along at thirty-five knots with the spray sheeting over her and she will turn and fight and run, drop depth charges, bombard, and ram. She is expendable and dangerous. And because she is all these things, a destroyer’s crew is passionately possessive. Every man knows his ship, every inch of it, not just his own station.

The destroyer X is just such a ship. She has done many thousands of miles since the war started. She has been bombed and torpedoes have gone under her bow. She has convoyed and fought. Her captain is a young, dark-haired man and his executive officer looks like a blond undergraduate. The ship is immaculate. The engines are polished and painted and shined.

She is a fairly new ship, the X, commissioned fifteen months ago. She bombarded at Casablanca and GeIa and Salerno and she has captured islands. Her officers naturally would like to go to larger ships because there is more rank to be had on them, but no destroyerman would rather sail on anything else.

The destroyer X is a personal ship and a personality. She is worked quietly. No one ever raises his voice. The captain is soft-spoken and so is everyone else. Orders are given in the same low tone as requests for salt in the wardroom. The discipline is exact and punctilious but it seems to be almost mutually enforced, not from above. The captain will say, “So many men have shore leave. The first man who comes back drunk removes shore liberty for everyone.” It is very simple. The crew would discipline anyone who jeopardized the liberty of the whole ship. So they come back in good shape and on time. The X has very few brig cases.

When the X is in a combat area she never relaxes. The men sleep in their clothes. The irritating blatting sound which means “action stations” is designed to break through sleep. It sounds like the braying of some metallic mule, and the reaction to it is instant. There is a scurrying of feet in the passageways and the clatter of feet on the ladders and in a few seconds the X is bristling with manned and waiting guns, AAs that peer at the sky and the five-inch guns which can fire at the sky too.

The crouched and helmeted men can get to their stations in less than a minute. There is no hurry or fuss. They have done it hundreds of times. And then a soft-spoken word from the bridge into a telephone will turn the X into a fire-breathing dragon. She can throw tons of steel in a very short time.

One of the strangest things is to see her big guns when they go on automatic control. They are aimed and fired from the bridge. The turret and the guns have been heavy dead metal and suddenly they become alive. The turret whips around but it is the guns themselves that seem to live. They balance and quiver almost as though they were sniffing the air. They tremble like the antennae of an insect, listening or smelling the target. Suddenly they set and instantly there is a belch of sound and the shells float away. The tracers seem to float interminably before they hit. And before the shells have struck, the guns are trembling and reaching again. They are like rattlesnakes poising to strike, and they really do seem to be alive. It is a frightening thing to see.

“A Destroyer,” from Once There Was a War by John Steinbeck, copyright 1943, 1958 by John Steinbeck. Renewed (c) 1971 by Elaine Steinbeck, John Steinbeck IV, and Thomas Steinbeck. Used by permission of Viking Penguin, a division of Penguin Group (USA) Inc.

Tarus Balog : A Low Bandwidth Camera Solution

September 30, 2019 06:00 PM

My neighbor recently asked me for advice on security cameras. Lately when anyone asks me for tech recommendations, I just send them to The Wirecutter. However, in this case their suggestions won’t work because every option they recommend requires decent Internet access.

I live on a 21 acre farm 10 miles from the nearest gas station. I love where I live but it does suffer from a lack of Internet access options. Basically, there is satellite, which is slow, expensive and with high latency, or Centurylink DSL. I have the latter and get to bask in 10 Mbps down and about 750 Kbps up.

Envy me.

Unfortunately, with limited upstream all of The Wirecutter’s options are out. I found a bandwidth calculator that estimates a 1 megapixel camera encoding video using H.264 at 24 fps in low quality would still require nearly 2 Mbps and over 5 Mbps for high quality. Just not gonna happen with a 750 Kbps circuit. In addition, I have issues sending video to some third party server. Sure, it is easy but I’m not comfortable with it.

I get around this by using an application called Surveillance Station that is included on my Synology DS415+. Surveillance Station supports a huge number of camera manufacturers and all of the information is stored locally, so no need to send information to “the cloud”. There is also an available mobile application called DS-cam that can allow you to access your live cameras and recordings remotely. Due the the aforementioned bandwidth limitations, it isn’t a great experience on DSL but it can be useful. I use it, for example, to see if a package I’m expecting has been delivered.

DS-Cam Camera App

[DS-Cam showing the current view of my driveway. Note the recording underneath the main window where you can see the red truck of the HVAC repair people leaving]

Surveillance Station is not free software, and you only get two cameras included with the application. If you want more there is a pretty hefty license fee. Still, it was useful enough to me that I paid it in order to have two more cameras on my system (for a total of four).

I have the cameras set to record on motion, and it will store up to 10GB of video, per camera, on the Synology. For cameras that stay inside I’m partial to D-Link devices, but for outdoor cameras I use Wansview mainly due to price. Since these types of devices have been known to be easily hackable, they are only accessible on my LAN (the “LAN of things”) and as an added measure I set up firewall rules to block them from accessing the Internet unless I expressly allow it (mainly for software updates).

To access Surveillance Station remotely, you can map the port on the Synology to an external port on your router and the communication can be encrypted using SSL. No matter how many cameras you have you only need to open the one port.

The main thing that prevented me from recommending my solution to my neighbor is that the DS415+ loaded with four drives was not inexpensive. But then it dawned on me that Synology has a number of smaller products that still support Surveillance View. He could get one of those plus a camera like the Wansview for a little more than one of the cameras recommended by The Wirecutter.

The bargain basement choice would be the Synology DS118. It cost less than $200 and would still require a hard drive. I use WD RED drives which run around $50 for 1TB and $100 for 4TB. Throw in a $50 camera and you are looking at about $300 for a one camera solution.

However, if you are going to get a Synology I would strongly recommend at least a 2-bay device, like the DS218. It’s about $70 more than the DS118 and you also would need to get another hard drive, but now you will have a Network Attached Storage (NAS) solution in addition to security cameras. I’ve been extremely happy with my DS415+ and I use it to centralize all of my music, video and other data across all my devices. With two drives you can suffer the loss of one of them and still protect your data.

I won’t go in to all of the features the Synology offers, but I’m happy with my purchase and only use just a few of them.

It’s a shame that there isn’t an easy camera option that doesn’t involve sending your data off to a third party. Not only does that solution not work for a large number of people, you can never be certain what the camera vendor is going to do with your video. This solution, while not cheap, does add the usefulness of a NAS with the value of security cameras, and is worth considering if you need such things.

Jesse Morgan : Unfinished Drafts: Proposal for New Server Implementation

September 28, 2019 01:18 AM

This was originally written in at some point in 2013. It was never finished, and other than some light editing, I’ve left it in the original state.
Current Situation

My current employer has a problem with managing scale. Bad habits and lack of consistency have led to an environment of never-ending one-offs that result in extended downtime, employee burnout, and loss of productivity. To fully grasp the scope of the current situation, We must look at the issues we currently suffer from, and the cost incurred by them.

Two issues: Builds and …Everything Else

Builds have been a sore point for our for our team for some time. Common complaints involve:

  • Reliance on a proprietary tool (HP RDP), which is windows based and owned by another team
  • Reliance on DNS entries for the build process, which may take days to go through
  • Lack of Tribal knowledge of the build process (only 2 team members are fully educated in it)
  • Lack of visibility and documentation of the process and details
  • Lack of centralized account management ownership
  • Slow to resolve issues with build (no default jdk install, ulimit)
  • Newly built servers are not up to date (patched)
  • Aged distributions (SLES 9, SLES 10) require hardware-specific drivers on newer hardware.

Beyond our build problems, we have further issues:

  • Lack of centralized, Tiered, or Channeled patching.
  • Unreliable naming conventions.
  • Heavy ramp-up time

While we have done our best to address some of these non-build issues, only a full revamp of the build process will address the underlying problems.

Resulting Costs: Time and Money

The repercussions of our build issues have both obvious and indirect costs.

Things that Cost Time

  • Builds require DNS Changes: RDP requires DNS entries, which require Change Request windows. This can roadblock a project for up to two days.
  • Inconsistency: Tracking down simple production issues require intimate domain knowledge due to the sheer number of one offs.
  • Lack of Visibility: Without domain knowledge, the steps to tracking down an issue requires extensive sleuthing to fight the right servers, pools, projects, irules, etc.
  • Lack of Auditing: With no mechanism within the team to “circle back” and clean up after ourselves, unresolved issues sit for months, resulting in confusion later.
  • Lack of up-to-date Documentation: Much of our documentation is woefully out of date, leading to poor decisions based on bad intel.
  • Lack of Instrumentation: Applications consist of multiple layers, but due to firewall, code, authentication and DNS constraints, Applications cannot easily be tested at all layers.
  • High Ramp-up time for New Employees: Time is wasted for both the new employee and trainer to learn all of the nuances.
  • Context Thrashing: Humans aren’t nearly as good at multitasking as they think. The constant thrash of interruptions reduce efficiency.

Things that Cost Money

  • Licensing: Only a small minority of our servers have valid SLES licenses, making update costs somewhat dubious. Updates via OpenSuse/CentOS are a viable option, but places us in a hybrid environment.
    • Suse quoted around $260k to fully license and support
    • Red Hat quoted significantly more to fully license and support
  • Support: Hardware support, software support, offshore support are not cheap.

Suggested Solution

The suggested solution to this predicament is a ground up redesign of our environment, starting with our baseline installation and building on our recently introduced conventions. Simplification and refactoring are the targets, since they will allow for better management at scale. Whenever a design decision is made, the ops team should be involved to discuss it.

Baseline Build: Commercial/Community Hybrid model

Two things prevent us from going with a completely community-supported build- Business Insecurity and third-party support.

  • Business Insecurity is an internal requirement to “call someone if something breaks,” which may or may not be used (or even helpful). Finding a solution is often quicker and easier through community support via online chat, google searches and social networking.
  • Third-party support is an external requirement where a company like Oracle will only support their product on a blessed distribution, despite the difference being in name only. As long as you are running on a licensed distribution, you are usually supported, regardless of the individual packages installed, meaning a RHEL-licensed server could pull packages from a CentOS source.

The primary differences between SLES/OpenSuse and RHEL/CentOS is the source of the packages and the trademarks. Regardless of distribution, maintaining our packages via an internal centralized source is possible, with licensing only used when “Vendor support” is required by a third party application.

RHEL/CentOS is suggested for baseline build for a number of reasons:

  • Market Penetration: RHEL has a 60-70% market share, meaning third party support will be better and sysadmin skills will be more commonplace (hence cheaper).
  • Larger Community Support: based on Support channels and various other sources, RHEL has the larger community.
  • Owns JBoss: RHEL could provide support and training at discounted rates.
  • Clean Slate:  Switching distributions forces a clean-slate re-evaluation of our practices.

Base Package Set and Base Configuration Overlay

Server installation

Conventions over Configuration

Plainly Labeled

Consolidation

Upgrade path

How This Reduces Costs and Man-Hours

Concerns

Implementation Examples to resolve outstanding issues

Jesse Morgan : Unfinished Drafts: Battle system

September 28, 2019 01:07 AM

This article is from sometime in 2008. I was kicking around the algorithms for combat. While it didn’t go anywhere, it’s interesting to see where my mind was.

 

Battle mechanics are always fun… but how to calculate battle and/or damage…

Base characters

stats Fighter Snapper Snake Worg Fighter (lvel 2) Fighter (level 20)
Lvl 1 1 11 19 2 20
atk 12 5 15 28 16 28
def 10 12 5 18 10 18
str 12 12 5 18 16 28
eva 9 5 15 28 9 16
maj 4 2 2 4 4 7
res 6 10 10 18 6 10
con 10 8 5 18 11 18
hp 50 40 25 90 55 90
total 63 54 57 63

Levelling

lvl 1: main stats(str,atk) +2, +5 points 27
lvl 2: main and std stats(str,atk,def,con) +1, +5 points 38
lvl 3: main A,std A, secondary A(str,def,eva) +1, +5 points 49
lvl 4: main B,std B, secondary B(atk,con,res) +1, +5 points 50
lvl 5: maj,eva +1, +5 points 61

Weaknesses

stab/slash/crush/mag

Base Equations

Chance to Hit = (atk + str*.1)/(def + eva*.1)*.5
chance for crit = atk/eva*.1
damage = rand(weapon-dmg) * str/def * ifcrit(1+str/def)

lvl 1 Fighter Vs. Snapper

Snapper attack:

(5 + 12*.1)/(10 + 9*.1)*.5 = 28% Chance to hit
5/9*.1= 5% Chance for crit
Jaws
(3 to 4) * 12/10 = 3.6 min
(3 to 4) * 12/10 = 4.8 avg
(3 to 4) * 12/10 = 4.8 max
(3 to 4) * 12/10 * (1+12/10) = 7.92 min crit
(3 to 4) * 12/10 * (1+12/10) = 10.56 avg crit
(3 to 4) * 12/10 * (1+12/10) = 10.56 max crit

Fighter attack:

(12 + 12*.1)/(12 + 9*.1)*.5 = 51% Chance to hit
12/5*.1= 24% Chance for crit
Fist
(1 to 3) * 12/12 = 1 min
(1 to 3) * 12/12 = 2 avg
(1 to 3) * 12/12 = 3 max
(1 to 3) * 12/12 * (1+12/12) = 2 min crit
(1 to 3) * 12/12 * (1+12/12) = 4 avg crit
(1 to 3) * 12/12 * (1+12/12) = 6 max crit
short sword
(2 to 6) * 12/12 = 2 min
(2 to 6) * 12/12 = 4 avg
(2 to 6) * 12/12 = 6 max
(2 to 6) * 12/12 * (1+12/12) = 4 min crit
(2 to 6) * 12/12 * (1+12/12) = 8 avg crit
(2 to 6) * 12/12 * (1+12/12) = 12 max crit
Long sword
(4 to 8 ) * 12/12 = 4 min
(4 to 8 ) * 12/12 = 6 avg
(4 to 8 ) * 12/12 = 8 max
(4 to 8 ) * 12/12 * (1+12/12) = 8 min crit
(4 to 8 ) * 12/12 * (1+12/12) = 10 avg crit
(4 to 8 ) * 12/12 * (1+12/12) = 16 max crit

Jesse Morgan : Unfinished Drafts: The Importance of Documentation

September 28, 2019 12:56 AM

This article was originally written on July 19th, 2010, but never published.

Documentation is another topic where there appears to be disagreement in the sysadmin world. When to document, what to document, who do document for, and where to store that documentation always seem to be subjects of contention. Everyone likes documentation, but no one has the time to document, and the rules for documentation often feel arbitrary. I’d like to open this up for discussion and figure out some baselines.

Should I Document?

If you have to ask then probably; but it’s much more complex than that. Documentation is time-consuming and rarely of value at first, so few want to invest the effort into it unless it’s needed. There are several questions here that need to be answered:

  • Why should I Document? What is the purpose of the documentation? Are you documenting a one-off process that you’ll have to do 10 months from now? Are you providing instructions for non-technical users? Perhaps you’re defining procedures for your team to follow. Whatever the reason, focus on it, and state it up front. There are few things worse than reading pages of documentation only to find out that it’s useless. Documentation for the sake of documentation is a waste of time.
  • What should I Document? It’s very easy to ramble when writing documentation (as many of my articles prove). Step back and review what you’ve written, then remove any unneeded content. Find your focus and document only what needs to be explained, leave the rest for footnotes and hyper links.
  • When should I Document? As soon as possible. Ideally you’d document as you worked, creating a perfect step-by-step record. Realistically, pressure to move quickly causes procrastination, but the truth of the matter is that the longer you wait, the less detail you’ll remember. Write down copious notes as you go, and massage it into a coherent plan after the fact.
  • Who should I Document for? Write for your audience- a non-technical customer requires a much lighter touch compared to a seasoned techie. The boss may need things simplified that a coworker would instinctively understand. Pick your target audience and stick to it. Anything that falls outside of the audience interests should be flagged as “[Group B] should take note that…” Also remember that the person who requests the documentation may not be the target audience.
  • Where should I Document? Where you keep documentation is often more important than the quality of your document. You can write the most compelling documentation in the company, but if it’s stored in a powerpoint slide on a shared drive, it’s of no use to someone searching a corporate wiki. Whatever your documentation repository may be, be it Alfresco, Sharepoint, Confluence or even Mediawiki, everyone has to be in agreement on a definitive source. The format should be searchable, track revisions, prevent unwanted access, and be inter-linkable.

Now that we’ve set some boundaries, let’s delve a little bit deeper into the types of documentation.

Types of Documentation

Documentation can take many forms. Over the course of any given day, you’ll see proposals, overviews, tutorials, standards, even in-depth topical arguments.

. Each type of documentation has its own rules and conventions- what’s required for one set may not be needed for another. That said, here are a few general rules to follow.

  • Be Concise
    • NO: thoughtfully contemplate the reduction of flowery adjectives and adverbs for clarification;
    • YES: remove unneeded words. Over-explaining will confuse the reader.
  • Be Clear – Make sure your subject is obvious in each sentence. Ambiguity will destroy reader comprehension.
  • Be Accurate – Incorrect documentation is worse that no documentation.
  • Keep it Bite-sized – Large chunks of data are hard to process, so keep the content in small, digestible chunks that can be processed one at a time.
  • Stay Focused – Keep a TODO list. Whenever you think of an improvement, make a note of it and move on.
  • Refactor – The original structure may not make sense after a few revisions, so don’t be afraid to reorganize.
  • Edit for Content -Make sure your topics are factually correct and the content flows properly.
  • Edit for Grammar – Make sure your punctuation is correct and your structure is technically sound.
  • Edit for Language – Make sure the text is actually interesting to read.
  • Link to Further Information – If someone else has explained it well, link to it rather than rewrite it.
  • Get Feedback – Feedback finds mistakes and adds value. The more trusted sources, the better off you are.

Proposal/RFCs

Proposals can be immensely rewarding (or mind-numbingly frustrating), depending on if they’re accepted or not. That’s not to say you shouldn’t write them; even a failed proposal has value. The point of a proposal is to communicate an idea, a way to tell your team or supervisor “this is what I think we should do.” If you’re successful, the idea will be implemented. If you’re unsuccessful, you may find out a better way to do it. The overall goal should be to improve team performance. Here’s what a proposal should include:

  • The Problem – What problem are you trying to solve? Why is it a problem?
  • The Solution – A simple overview of the solution
  • The Benefits – what benefits it will provide?
  • The Implementation – How to implement it.
  • The Results – Explain the intended results
  • The Flaws – What issues are expected, and if there is currently a solution
  • The Timeframe – When should this project be started and completed? How long and how much effort will it take?

Lets presume you write a knockout proposal. Everything is perfect, and with 2 days of effort you’ll reduce a 2 hour daily task to a 15 minute weekly task. Regardless of the benefits, the response will be one of these:

  • Complete Apathy – the worst response, because it shows how little you are valued. No response, approval, or denial. If this happens, run your idea past an uninvested third party. Perhaps a critical set of eyes may reveal the problem.
  • Denied – perhaps the benefit isn’t worth the cost, the risk is to high, there’s not enough resources, or some other issues not addressed. Try to get specific reasoning as to why it won’t work, and rework your proposal taking that into account.
  • Feigned Interest, no Support – Be it plausible deniability or lack of interest, the response is weak. Push for a yes or no answer, ask what the concerns are with it.
  • Delay – It’s a good idea, but not right now. There might be hesitance due to a minor issue. Find a way to calm their fears, then push for an implementation date, create a checklist of conditions that need to be met.
  • Conditional Agreement – It is a good idea, but conditions must be met first. Create a checklist and verify that it’s complete.
  • Full Agreement – This should be your end goal. Full agreement means support from the boss and the team on implementation. Without support, your efforts may be wasted.

You can’t account for everything in your proposal, so make sure not to paint yourself into a corner. A method for dealing with problems is more valuable than individual solutions. It doesn’t need to be perfect, but does need to be flexible.

The most important thing a proposal needs is buy-in. If your team and management aren’t behind an idea, implementation will be a struggle. The final thing to keep in mind is that not all proposals are good. If there is universal apathy for your idea, it might just be bad and you’re oblivious to it.

Introductions and Overviews

Introductions are the first exposure someone may have to whatever you’ve been working on, be it a JBoss implementation, Apache configuration, or new software package. A clear understanding of what “it” is can help with acceptance. A bad introduction can taint the experience and prevent adaptation. So, how can you ensure a good introduction to a technology?

  • Explain the Purpose – Why is the user reading this introduction? A new Authentication system? Messaging system? Explain why the reader should care.
  • Define your Terms – Include a glossary of any new terms that the user needs to understand. Remember, this may be their first exposure to the topic. Don’t overwhelm them, but at the same time don’t leave them in the dark.
  • Don’t Drown in Detail – An introduction should not cover everything in perfect detail, but it should give you references to follow up on.

The tone should be conversational- you need to draw the reader in, befriend them, and convince them that this new thing is not scary. This can be a tough task if the subject is replacing something that the reader if

Document a Process (Installation, Upgrade, Tutorials, How-to, Walk Through)

Documenting a process serves three purposes- it trains new employees in proper technique, ensures consistency, and covers your rear should something go wrong. That last point may sound a bit cynical, but you never know when you’ll need it.  The process itself should be clear enough that any qualified user can follow it. Process documentation should have the following traits:

  • Steps – Well defined tasks that need to be performed.
  • Subtasks – any moderately complex task should be divided up.
  • Document Common Problems – Surprises can derail a new user. Acknowledgement and fixes for issues can help ease new users into the process.

Dry runs are essential in documenting a process- test the process yourself and have others test it as well. Continual runs will expose flaws and allow you to address deficiencies. Keep testing and refining the process until a sample user can follow it without issue.

Topical guide (Feature-based)

Topical guides are both the most useful and yet the hardest documentation to write. They need to be thorough, both fully covering the material but not burying the user in frivolous details. So what should you cover in a topical guide?

  • Be specific on the topic – Document a feature and all related material. If it’s not related, don’t include it.
  • Cover Relevant Tangents –
  • Be comprehensive – Cover everything a user needs to know, but remember it’s not intended to be a reference book.

Document a Standard (How Something Should be Done)

Inconsistency is the bane of system administration, and consistency can only be had when everyone is in agreement on how things should be done. There must be agreement not only on theory, but also in practice. As such, standards should be documented. What should a standard entail?

  • Dynamic – Not the first word when you think of standards, but something you have to face; your standard will become out of date quickly. Document it and give it a revision number. Soon enough you’ll realize
  • Audit – It’s not enough to document a standard, you also need to enforce it. Periodic verification can spot issues before they become problems. If configuration files are identical, md5sums can be used to find inconsistencies.

Annotation (Config Commenting)

One of the most common types of documentation is never published, yet often the most crucial in day-to-day operations. Comments within configuration files can explain what steps were taken and why.

  • Explain Why – When you make changes, explain why you made the change.
  • Keep it Simple – Comments should not overshadow the configuration. Leave over-documentation to sample configs.
  • Consider Versioning – The best configuration documentation is a history of changes. Configurations that are both critical and fluid (for example, Bind zone files) are perfect candidates for versioning.
  • Sign and Date Changes – When you make a change, leave your name and a datestamp. While versioning comments may be more permanent, inline comments provide instant context This is important when the change is revisited and no one remembers making it.

Mark Turner : AD/LDAP authentication on Linux hosts

September 27, 2019 06:35 PM

I’ve been working with the Lightweight Directory Access Protocol (LDAP) for 18 years now. Then Microsoft embraced and extended LDAP with Active Directory. Nowadays most companies base all of their authentication and authorization on Active Directory and for good reason. In a Windows-only world it works great. For a mixed-platform environment, it’s a bit more difficult to make work.

I recently worked out how to make Linux systems authenticate against Active Directory using only the LDAP protocol and wanted to share it here for any fellow DevOps/sysaedmins who might want to try it themselves. The goals were to do it with minimum fuss and using the native tools – no third-party apps. I also want to do it solely with LDAP and not have to worry about pointlessly “joining” a Linux host to a domain.

The modern way that Red Hat likes to connect Linux hosts to AD like to do this is to use the SSSD suite of packages, join the host to the Active Directory tree, and talk to AD directly. This seems like a lot of bloat to me when all you need is authentication. Fortunately, you can use the “legacy” means and do it all with LDAP libraries.

Bridging Active Directory and Linux hosts

One way to integrate Linux/UNIX hosts into AD is to add Microsoft Windows Services for UNIX (SFU) schema extensions. This means every AD entry would be defined with common Unix attributes like uid (user id) and gid (group id). These could sometimes get out of sync with the AD attributes and at any rate would require constant updating of the AD records.

Ideally, we won’t depend on Services for UNIX additions in AD and the complexity it brings. Instead, we’ll identify standard AD attributes and map them to Linux/UNIX equivalents. The nss-pam-ldapd package allows us to do this in the /etc/nslcd.conf file, which we’ll see in a minute.

Differences between CentOS 6/AWS and CentOS 7 hosts

One stumbling block has been that Amazon Linux (amzn) uses old, old libraries, based on CentOS 6 packages. The nss-pam-ldapd package which ships with this version of Amazon Linux is version 0.7.5; a version too old to include the mapping functionality we need to avoid using Services for UNIX.

Fortunately, we can remove the amzn version and add an updated one. I have tested one I have found at this link which updates any amzn hosts to the 0.9.8 version of nss-pam-ldapd.

The version of nss-pam-ldapd that ships with CentOS 7 is 0.8.3 and works fine with attribute mapping.

Obtaining the domain’s ObjectSID

The goal of using a directory is consistency. If a user appears in AD, that user will be available to Linux hosts. Also, that user will be treated the same on every directory-equipped server as that user will ideally have the same uid/gid. Without adding Services for UNIX, we need some way to ensure a uid on one host is consistent with the uid on another host. This is done by nss-pam-ldapd by mapping Linux uid/gids to their equivalents in AD, called ObjectSIDs. You need to obtain your AD server’s domain ObjectSID.

The domain ObjectSID can be derived from the user entries in AD. This could be done from Linux using a shell script which converts the binary ObjectSID into the decimal string we need, but it’s a lot of needless work. It is easier to run this query on an AD-equipped server (such as the domain server itself):

dsquery * -filter (samaccountname=mturner) -attr ObjectSID

The sAMAccountname could be any existing user in the AD tree. It doesn’t matter whom.

This will return the following string:

mturner S-1-5-21-4483729093-3277648929-7759834922-11562

The ObjectSID needed for the uid/gid mapping is highlighted above. The user-specific part of the ObjectSID is at the end of the domain SID and will be used for the uid<-> objectSID mapping.

Installing packages

From a root or sudo terminal session, install nss-pam-ldapd:

yum install nss-pam-ldapd -y

Yum will also pull in nscd as a dependency. nscd is the name service caching daemon, designed to cache responses from the LDAP server and greatly speed up directory services.

Setting Authconfig to use legacy mode

Authconfig assumes you’re using the Red Hat bloatware of SSSD. Instead, you can force only LDAP by editing the /etc/sysconfig/authconfig file and setting this from no to yes:

FORCELEGACY=yes

Add self-signed LDAPS certificate

If you are using a self-signed SSL certificate with your LDAP server to secure your connection, you should save this to your filesystem somewhere. Here I save it as /etc/openldap/cacerts/self-signed.pem:

—–BEGIN CERTIFICATE—–
MIIDX[…]
—–END CERTIFICATE—–

Editing /etc/nslcd.conf

These are default so no need to change:

uid nslcd
gid ldap

Upstream AD server:
uri ldaps://ldap.example.com/

Now we tell nslcd where to search for entries. This is done with the base statement:

base CN=Users,dc=example,dc=com

You can’t talk to AD anonymously so we use a least-privileged AD user specifically for this, the “LDAP Bind” user:


binddn cn=LDAP Bind,CN=Users,DC=example,DC=com
bindpw password

This tells nslcd where to find the users and groups lists that Linux expects to have:

base group OU=Groups,dc=example,dc=com
base passwd CN=Users,dc=example,dc=com

If you’re using a self-signed certificate, specify it:

tls_reqcert never
tls_cacertfile /etc/openldap/cacerts/selfsigned.pem

Now we get to the options specific to Active Directory. Some basic AD settings:

pagesize 1000
referrals off
idle_timelimit 1000

The passwd filter is used to specify who counts as a user vs. who is just another AD object. In the case below, we are looking for both a) someone who is a user, and b) someone who is not a computer:

filter passwd (&(Objectclass=user)(!(objectClass=computer)))

We could also restrict users to a particular group (or more). This is done by specifying the AD code for this and the group name we want to use. Any users who are not in this group are effectively invisible to the system. See the Microsoft documentation for more info on the memberOf attribute.

The below example restricts users to those in the AD group Development (all one line):

filter passwd (&(Objectclass=user)(!(objectClass=computer))(memberOf:1.2.840.113556.1.4.1941:=cn=Development,OU=Groups,dc=example,dc=com))

Here, we map AD attributes to Linux ones. Note the domain ObjectSID again. We map uid/gid to the sAMAccountName entry.

map passwd uid sAMAccountName
map passwd uidNumber objectSid:S-1-5-21-4483729093-3277648929-7759834922
map passwd gidNumber objectSid:S-1-5-21-4483729093-3277648929-7759834922
map passwd homeDirectory “/home/$sAMAccountName”
map passwd gecos displayName
map passwd loginShell “/bin/bash”

This ensures the display of the uid/gid attributes in an ‘ls -l’ listing properly show the group names. It’s more for convenience and not using it won’t break anything:

filter group (&(|(objectClass=group)(Objectclass=user))(!(objectClass=computer)))
map group gidNumber objectSid:S-1-5-21-4483729093-3277648929-7759834922
map group cn sAMAccountName

Adding the LDAP users/groups into the system’s nameservices

Edit the /etc/nsswitch.conf file and include ldap as a directory source. These sources are consulted in order, so local entries in the /etc/passwd and /etc/shadow files take precedence over ldap entries with the same username:

passwd files ldap

group files ldap

shadow files ldap

Testing it out

You can run the nslcd daemon in debug mode and verify all the pieces are in place:

nslcd -d

Now you can run queries on users using the id command from a prompt:

id mturner

If all is working you should see result similar to the following:

uid=11562(mturner) gid=11562(mturner) groups=11562(mturner),1337(Development)

If you aren’t seeing this AD-added information, check the output of nslcd to see if you are successfully accessing the LDAP server.

You can also query the passwd and group LDAP entries directly:

getent passwd mturner

getent group mturner

Your results will be the AD entries that nslcd has mapped into Linux users and groups.

Setting Linux up to use LDAP for authentication

Now that we’re talking to LDAP and mapping the important attributes, it’s time to turn this on for authentication. This is done using the Linux command, authconfig:

authconfig —enableldapauth —enablemkhomedir —updateall

This will automatically edit the files in /etc/pam.d to add entries for pam_ldap.so. Hopefully you remembered to set FORCELEGACY=yes in /etc/sysconfig/authconfig as noted above, so that you’re only adding LDAP entries and not SSSD entries, too.

The –enablemkhomedir entry uses the pam_mkhomedir.so module to automatically create the users home directory upon first login. Thus, any LDAP user authorized to log into the server (remember the filter passwd line in /etc/nslcd.conf, right?) will have a home directory created upon their first login. There are other options that can be used with pam_mkhomedir so read the man page to see how you can customize this.

Enable SSH to use password authentication

Amazon Linux disables SSH’s password authentication by default. You will be unable to log in using your domain credentials unless you fix this. The default is to allow password authentication, so you simply need to comment out any line in /etc/ssh/sshd_config where “PasswordAuthentication no” is specified:

#PasswwordAuthentication no

Restart sshd and you should be able to now log in.

Stop the debug nslcd in favor of the real one

Once you’re done testing, kill the nslcd that may still be running in debug mode:

killall nslcd

Starting services and setting them to start automatically

Set the nslcd and nscd daemons to start and run automatically:
CentOS 6 or Amazon Linux:

service nslcd start

service nscd start

chkconfig –level 345 nslcd on

chkconfig –level 345 nscd on

CentOS 7:

systemctl start nslcd nscd

systemctl enable nslcd nscd

Using AD/LDAP groups for sudo authorization

You can also use AD/LDAP groups to control permissions granted by sudo. For instance, this line grants administrator access to members of the Operations AD group:
#Allows people in group wheel to run all commands

%Operations ALL=(ALL) ALL

That’s pretty much it! Thanks a ton to this page which was very helpful in figuring this out.

Jesse Morgan : Unfinished Drafts: Useful Utility: tar

September 27, 2019 04:08 AM

This is another article that sat in the drafts folder for far too long- Last edited Feb 21st, 2006.

 

I fear writing about tar, and that is why I’m determined to finish it in this sitting, so it won’t fester and scare me off of this series. Why am I scared of writing about tar? Well, this is their flags list verbatim from the man page:

       [  --atime-preserve  ] [ -b, --blocking-factor N ] [ -B, --read-full-records ] [ --backup BACKUP-TYPE ] [ --block-com-
       press ] [ -C, --directory DIR ] [ --check-links ] [ --checkpoint ] [ -f, --file [HOSTNAME:]F ] [ -F,  --info-script  F
       --new-volume-script F ] [ --force-local   ] [ --format FORMAT ] [ -g, --listed-incremental F ] [ -G, --incremental ] [
       --group GROUP ] [ -h, --dereference ] [ --help ] [ -i, --ignore-zeros ] [ --ignore-case ] [ --ignore-failed-read  ]  [
       --index-file  FILE  ]  [ -j, --bzip2 ] [ -k, --keep-old-files ] [ -K, --starting-file F ] [ --keep-newer-files ] [ -l,
       --one-file-system ] [ -L, --tape-length N ] [ -m, --touch, --modification-time ] [ -M, --multi-volume ] [ --mode  PER-
       MISSIONS  ]  [  -N,  --after-date DATE, --newer DATE ] [ --newer-mtime DATE ] [ --no-anchored ] [ --no-ignore-case ] [
       --no-recursion ] [ --no-same-permissions ] [  --no-wildcards  ]  [  --no-wildcards-match-slash  ]  [  --null      ]  [
       --numeric-owner  ]  [  -o,  --old-archive, --portability, --no-same-owner ] [ -O, --to-stdout ] [ --occurrence NUM ] [
       --overwrite ] [ --overwrite-dir ] [ --owner USER ] [ -p, --same-permissions, --preserve-permissions ]  [  -P,  --abso-
       lute-names  ] [ --pax-option KEYWORD-LIST ] [ --posix ] [ --preserve ] [ -R, --block-number ] [ --record-size SIZE ] [
       --recursion ] [ --recursive-unlink ] [ --remove-files ] [ --rmt-command CMD ] [ --rsh-command  CMD  ]  [  -s,  --same-
       order, --preserve-order ] [ -S, --sparse ] [ --same-owner ] [ --show-defaults ] [ --show-omitted-dirs ] [ --strip-com-
       ponents NUMBER, --strip-path NUMBER (1) ] [ --suffix SUFFIX ] [ -T, --files-from F ] [ --totals   ]  [  -U,  --unlink-
       first ] [ --use-compress-program PROG ] [ --utc ] [ -v, --verbose ] [ -V, --label NAME ] [ --version  ] [ --volno-file
       F ] [ -w, --interactive, --confirmation ] [ -W, --verify ] [ --wildcards ] [  --wildcards-match-slash  ]  [  --exclude
       PATTERN  ]  [  -X,  --exclude-from  FILE  ]  [  -Z,  --compress,  --uncompress  ] [ -z, --gzip, --gunzip, --ungzip ] [
       -[0-7][lmh] ]

So it’s a bit overwhelming. The good news is there are two common uses for tar- creating tarballs and opening tarballs. This will be a majority of your interaction with it. You get all sorts of fun options with tar, such as using different compression libraries, but it’s still pretty straight forward.

Simple Archive

Tar produces tarballs, which in its simplest form is a bunch of data files run together into a larger file. in the following instance, -c means create, and -f means “create the following as a file called foo.tar”

tar -cf foo.tar bar/

This takes the bar directory and throws it all into a single file called foo.tar. Apart from some binary mojo to mark the separators between files, it’s almost as it all of the files were pasted end-to-end inside another file. if foo.tar is copied to another machine or place, you could untar the file with the following command:

tar -xf foo.tar

Again you see the -f flag, but the -c flag has been replaced by the extract flag, -x. This will create a directory called bar/ which will contain the contents identical to the original.

Compressing Archives

You also have the option of compressing tarballs in the process of creating them. There are three types of compression built into the version of tar I’m using: -Z, which uses the compress utility (ancient?); -z which uses gzip (old standard); and -j, which uses b2zip, which is good for compressing binaries (appears to be the new standard).

When creating a tarball that is compressed, it’s generally expected that you label it as such by appending the type to the filename, for example:

tar -cZf foo1.tar.Z bar1/
tar -czf foo2.tar.gz bar2/
tar -cjf foo3.tar.bz2 bar3/

Unless you have a specific reason, you’ll probably want to use bz2. You’ll probably never deal with a tar.Z file, but if you do, you’ll know how to deal with it. To uncompress these puppies, switch out the -c flag for the -x flag like we did in the previous example.

tar -xZf foo1.tar.Z
tar -xzf foo2.tar.gz
tar -xjf foo3.tar.bz2

One last option you may want to look at is -v. It will show you files as they’re being processed, and can be good for troubleshooting.

Jesse Morgan : Unused drafts: The Moose

September 27, 2019 03:00 AM

As I prepare to switch to Hugo, I’ve decided to go back through my drafts and publish unfinished works that have some value.  This article was last edited Jan 22nd, 2013.

The Moose is a special prize within the programming and IT communities. It is claimed, not awarded. The way it works is that you will catch yourself doing something stupid (by your standards), and you will then “claim The Moose.” When you do so you must announce that you are in custody of The Moose, so the next person that takes it knows where to go to find it. The Moose should be displayed in an area of high visibility on or near your workstation.

Notice that the Moose is claimed, it is not awarded. If you catch something that is so stupid as to be spectacular, and it affects the whole team (for example, somebody breaks the build AND then commits the broken code into the repository) then the person is AWARDED a different prize: The Albatross. The moose hunts you. You try and try to evade it but the moose stalks you like fog in the night.

“Listen, and understand. That Moose is out there. It can’t be bargained with. It can’t be reasoned with. It doesn’t feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are exposed.”

Jesse Morgan : Unfinished Drafts: Useful Utility: cat

September 27, 2019 02:00 AM

This article was originally written back on Feb 21st, 2006. While never completed, I thought it was worth sharing.

Cat is a very simple utility- so simple I debated added it to this list. There are however three really useful flags. I’ll try to write as much as I can about it so you don’t feel ripped off by this article. hrm… did that last sentence sound like filler? I swear it wasn’t meant to- that’s completely on accident.

So what is cat? Cat is a utility for printing the contents of a file or files to the screen. for example:

morgajel@FCOH1W-8TJRW31 ~/docs $ cat path.txt
paths


database admin

system admin

network admin management
morgajel@FCOH1W-8TJRW31 ~/docs $ 

You can also specify several files as well if you want to train them all together and pipe them to another utility.

morgajel@FCOH1W-8TJRW31 ~/docs $ cat foo.log bar.log baz.log |grep "Invalid user"> invalid_users.txt

Cat Flags

So there are three useful flags for cat. the first one is -n, which adds a linenumber to the output, like so:

morgajel@FCOH1W-8TJRW31 ~/docs $ cat path.txt -n
     1  paths
     2
     3
     4  database admin
     5
     6  system admin
     7
     8  network admin management
morgajel@FCOH1W-8TJRW31 ~/docs $

This can be useful when debugging source files. The next option is somewhat related; the -b option adds a line number, but only to non-blank lines. if you’re wanting to figure out for some reason what the 5th item is, not including blank lines, this is the way to go. Here’s an example of what it would look like:

morgajel@FCOH1W-8TJRW31 ~/docs $ cat path.txt -b
     1  paths


     2  database admin

     3  system admin

     4  network admin management
morgajel@FCOH1W-8TJRW31 ~/docs $

Notice how it only counted to 4? There were only 4 text lines. The final option that may or may not be of use is the -s flag, which smushes (that’s a technical term) blank lines together- it leaves single blank lines alone, but if there’s more than one blank line next to each other, it removes all except one. using our file above, watch what happens between “paths” and “database admin” in our example:

morgajel@FCOH1W-8TJRW31 ~/docs $ cat path.txt -s
paths

database admin

system admin

network admin management
morgajel@FCOH1W-8TJRW31 ~/docs $

Notice how there is only one blank line? That’s what -s does. if you’ve ever had a file where you’ve systematically removed text but not newlines and end up with a 500 line file with 20 lines of text, this can be useful for making it readable on a single page.

Well, that’s all I can really say about cat. If you have anything else to add, do so in the comments.

Mark Turner : My sledding souvenir

September 21, 2019 03:09 PM

The start of the fateful sledding run

I spent this past week at the Veterans Administration’s War-Related Illnesses and Injuries Center (WRIISC), getting examined to figure out the strange health issues I’ve had since leaving the Navy (more on that later).

One issue I discussed with them has bothered me for the past few years.I’ve had a numbness that has developed along my right quadricep. It’s icy-cold sensation can wake me from a deep sleep and is quite aggravating. They asked me if I could recall any injury I may have had to my lower back.

At the time I could think of none. but when pondering it this morning the answer came to me and it is decidedly not war-related. Instead, it’s the long-delayed consequences from an injury I received from snow sledding with the family.

In late January of 2014, Raleigh was blanketed in a snow that proved perfect for sledding. After breakfast, the family bundled up and headed to our favorite sledding spot in Lions Park. Gleefully, we raced down the back hill towards the tennis courts parking lot. On one run, however, I raced Hallie down the hill while I was sitting on our green plastic dish sled. At the bottom of the hill, I plowed into a landscape timber at full speed, sending me airborne momentarily.

This is not a happy face.


Fuck, it hurt. Worst pain I ever had. I could do nothing but lie there, too hurt to move, and cursing a blue streak. It took me several minutes to be able to pick myself up.

My sledding was over for the day. I soon hobbled home down icy streets and rested.

Eventually the pain went away. I seemed to suffer no lasting effects until a few years ago when the numbness began spreading along my leg. Recent MRIs showed the damage to my spine but until this morning I had never made the connection to my sledding accident.

Once the pediatrician who saw our kids mentioned to Kelly and me that pediatricians don’t get concerned with the scrapes that kids acquire – they get more concerned with the kids who aren’t getting scrapes.

While that may seem counter-intuitive, it really says that we are here on Earth to use our bodies. Scrapes, scars, and bruises are badges of honor – proof that we are using our bodies and truly living!

While I would prefer not to be dealing with nerve issues today, at least I know now that I earned this particular injury on a day that was otherwise full of very happy moments spent with my family.

Mark Turner : The Book of Prince | The New Yorker

September 03, 2019 12:55 AM

On January 29, 2016, Prince summoned me to his home, Paisley Park, to tell me about a book he wanted to write. He was looking for a collaborator. Paisley Park is in Chanhassen, Minnesota, about forty minutes southwest of Minneapolis. Prince treasured the privacy it afforded him. He once said, in an interview with Oprah Winfrey, that Minnesota is “so cold it keeps the bad people out.” Sure enough, when I landed, there was an entrenched layer of snow on the ground, and hardly anyone in sight.

Prince’s driver, Kim Pratt, picked me up at the airport in a black Cadillac Escalade. She was wearing a plastic diamond the size of a Ring Pop on her finger. “Sometimes you gotta femme it up,” she said. She dropped me off at the Country Inn & Suites, an unremarkable chain hotel in Chanhassen that served as a de-facto substation for Paisley. I was “on call” until further notice. A member of Prince’s team later told me that, over the years, Prince had paid for enough rooms there to have bought the place four times over.

My agent had put me up for the job but hadn’t refrained from telling me the obvious: at twenty-nine, I was extremely unlikely to get it. In my hotel room, I turned the television on. I turned the television off. I had a mint tea. I felt that I was joining a long and august line of people who’d been made to wait by Prince, people who had sat in rooms in this same hotel, maybe in this very room, quietly freaking out just as I was quietly freaking out.

Source: The Book of Prince | The New Yorker

Tarus Balog : The OpenNMS Group Turns 15

September 01, 2019 05:10 PM

Fifteen years ago today, on September 1, 2004, David Hustace, Matt Brozowski and I formed The OpenNMS Group, Inc.

This was the fourth business entity to steward the OpenNMS Project, and would turn out to be the one with staying power.

The original OpenNMS Group office was in a single 10 foot by 15 foot room with just enough space for three desks. The landlord provided Internet access. By adopting the business plan of “spend less money than you earn” we managed to survive and grow. Now the company has its main office in Apex, NC, USA as well as one in Ottawa, Ontario, CA, with a satellite office in Germany.

The OpenNMS platform is being used to monitor some of the largest networks in existence, many with millions of devices. With the introduction of ALEC the team is bringing artificial intelligence and machine learning technologies to network monitoring to provide the highest level of visibility to the most complex environments.

OpenNMS has always been lucky to have a wonderful community of users, contributors and customers. With their support the next fifteen years should be as great if not better than the first. I am humbled to have played a small part in its history.

Tarus Balog : Crash

August 29, 2019 05:47 PM

It’s been even longer than usual since I’ve updated this site. I’m missing a ton of stuff, including the last day of Dev-Jam as well as my trip to this year’s OSCON conference in Portland. I wouldn’t be surprised if I lose one if not all of my three readers.

But I do have an excuse. This happened.

Crashed F150 Pickup Truck

On Friday, July 26th, I left my farm in Chatham County, North Carolina, to head to town. I needed to get the oil changed in the F150 and I was planning on meeting some friends for lunch.

About three miles from my house, another driver crossed the centerline on Hwy 87 and hit my truck nearly head-on. I suffered a broken rib, a fractured C2 vertebrae, and a fractured right big toe, but the major damage was that my left ankle was shattered.

I’ve spent the last 33 days at the UNC Medical Center in Chapel Hill, where I underwent two surgeries and was taken care of by some amazing staff.

I’m home now and plan to return to work (remotely) next week. I still have many months to go before I can approach normality, but a journey of ten thousand miles begins with a single step.

Thanks for your kind thoughts. One good thing that has come out of this is that I’ve spent the last 17 years trying to build OpenNMS into something that can thrive even without me, and the team has been amazing in my absence. I can’t wait to be at full strength again.

Mark Turner : Our car’s keyfob was hacked – the question is how?

August 14, 2019 03:22 PM

We were out of town over the weekend and at 5:30 AM Saturday I awakened to the sound of one beep of our car’s “alarm” horn. Thinking it was the neighbor’s car and knowing our car was locked, I went back to bed. When we walked to the car later that morning, the hatch was standing wide open. Nothing appeared to be touched or taken.

I was immediately concerned that somehow our keyfob had been hacked. Kelly thought something probably bumped up against one of our keyfobs and that caused it to open. We’ve had the car for years, though, and an “accident” like this has never happened. If something pressed a keyfob button, why would it sound just one beep of the horn alarm? Why not trigger it to sound repeatedly, as would happen if it were a single press of the button? Seems unlikely an accidental press of a button would cause one clean beep and then cause the hatchback to open.

So, naturally I am fascinated with whatever technology was used for this! There are a couple of approaches.

One is a hack called SARA, for Signal Amplification Relay Attack. This involves two crooks working together to extend the victim’s keyfob range using an antenna and amplifier. One crook holds the antenna to the windows of the nearby home or business, hoping to bet within range of the legitimate keyfob. An accomplice holds a smaller device to the door of the vehicle, tricking the car into thinking the keyfob has been presented even though it is still inside the building. Crooks can even start the vehicle using this method.

While SARA is pretty ingenious as far as criminal activity is concerned, I don’t think this was what was used in our situation. Our car’s alarm horn sounded first. If I were a crook who had successfully relayed a keyfob, the alarm button would be the last one I would want to press. This makes me think our attack was some kind of brute-force hack, rolling through signals until it found what it was looking for.

The SARA hack got the press last year but a brute-force method came out years ago but quietly slipped under the radar, possibly because it wasn’t given a sexy exploit name. A story Car and Driver ran in 2015 gives some details:

Modern transponder-equipped car keys are supposed to be ultrasafe: The chip-keys and key fobs communicate with readers inside the car, allowing the car to start only once a secret digital password has been transmitted. But a team of security researchers says they’ve figured out a way to circumvent the system used by some of the world’s largest automakers—and that Volkswagen Group used a lawsuit to keep their findings from going public for more than two years.

Car and Driver quotes London’s Daily Mail, which tells us the crux of the issue:

Tim Watson, Director of Cyber Security at the University of Warwick told Bloomberg: ‘This is a serious flaw and it’s not very easy to quickly correct.’

‘It isn’t a theoretical weakness, it’s an actual one and it doesn’t cost theoretical dollars to fix, it costs actual dollars.’

Researchers broke the transponder’s 96-bit cryptographic system, by listening in twice to the radio communication between the key and the transponder.

This reduced the pool of potential secret key matches, and opened up the ‘brute force’ option, which involved running through 196,607 options of secret keys until they found the one that could start the car.

This took less than half an hour.

Bottom line? The maker of the encryption device, Megamos Crypto, appears to have rolled its own cryptography. This is a gigantic no-no, one of the stupidest things one can do. Encryption protocols should be openly published an exhaustively peer-reviewed to ensure there are no flaws in the math. If the implementation is secure, the protocol can be deemed safe for use. Trying to recreate this enormously-challenging wheel on your own – without having several world-class cryptographers on your staff – is an exercise in futility. Once you commit this once-secret algorithm to silicon your secret is now public and your flaws exposed to the world. Then it is only a matter of time before exploits are developed.

The USENIX paper titled “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer” and authored by Roel Verdult (Radboud University Nijmegen, Netherlands), Flavio D.Garcia (University of Birmingham, UK), and Bar?s ?Ege (Radboud University Nijmegen, Netherlands) lays out how simple it is to attack this crypto. The researchers were aware of this flaw as far back as 2012 but Volkswagon sued them to keep their research under wraps. A UK court sided with VW and barred publication until 2015 with slight changes made in the publication, which savvy engineers can still decode. The karmic irony is that it was 2015 that Volkswagon was caught cheating at emissions tests, costing the company billions.

I probably have the hardware tools needed for this attack. If I can find the rainbow tables and code I could probably replicate it. Yet it seems someone may have already pre-packaged this attack (if indeed it is the same one). I look forward to researching this more.

Mark Turner : Deed to the Christmas property

August 07, 2019 12:07 PM

I spent a little time earlier this year traipsing through the Wake County Register of Deeds records, trying to find out more about the history of my community. I traced the ownership of my property back to the mid-1800s, including this deed for 109 acres for what became known as the Christmas property, filed in January 1899. Bridges was the owner of the Oak City Dairy Farm, if I recall correctly.

The property was sold for $2,616. According to one inflation calculator, $2,616 in 1899 dollars is equivalent to $80,731. An acre of land here appraises today for $43,200. You could say we’ve seen some growth. 🙂

Below is the deed as transcribed by me. Here’s a scanned PDF of the original handwritten version at the Wake County Register of Deeds.

North Carolina
Wake County

This deed made by Mary M. Christmas Executrix of the late Thomas B. Bridges to Lewis J. Christmas of Charleston, West Virginia. Witnesseth:

That whereas by his last will and testament the said Thomas B. Bridges directed that all his real estate be sold for cash after giving thirty days notice and appointed Mary. M. Christmas his Executrix, which will was duly admitted to probate in the Superior Court of Wake County before the clerk and said Mary M. Christmas duly qualified as executrix and letters testamentary were duly issued to her as such and whereas it being necessary to sell the lands hereinafter conveyed in order to pay the debts of said T. B. Bridges the said Mary M. Christmas as Executrix as aforesaid after advertisement for thirty days in the Times Visitor a newspaper published in Raleigh, N.C. and the court house door in Raleigh, N.C. did on the 27th day of December 1898 expose the lands hereinafter conveyed to public sale to the highest bidder at the court house door in Raleigh, N.C. for cash and at said sale said lands were purchased by said Lewis T. Christmas be being the last and highest bidder for said lands and whereas said Lewis T. Christmas has paid the purchase money for said lands in cash to wit the sum of $2616.00 for the tract of 109 acres known as the Home Place and the sum of $150 for the tract of about 58 acres known as the Brown tract:

Now therefore in consideration of the promises and the payment to her by said Lewis T. Christmas of said aggregate sum of Twenty Seven hundred and sixty six Dollars the receipt whereof is hereby acknowledged and by virtue of deed in execution of the powers conferred upon her by said last will and testament of said T. B. Bridges the said Mary M. Christmas executrix of said T. B. Bridges has bargained and sold and does hereby bargain sell said T. B. Bridges Home Place lying about one half mile North east of Raleigh, and adjoining the lands of William Taylor and others and bounded and described as follows:

Beginning at a stone on the east side of a small branch in Taylor’s line; running thence N. 82 W 19.20 1267′ chains to a stone in a lane leading from The Tarboro road by and Through the property of St. Augustine School; thence N. 8″ E 29.85 1972′ chains to a stone thence N 59 1/2 ” E 11.92 787′ chains to a stone Taylor’s corner: thence S. 80 1/2 ” E. 2.1 1782′ chains to Taylor’s branch thence up said branch 49.95 3295′ chains to the beginning, _____

Second a tract of land containing about 58 acres lying about five miles North Eastward of Raleigh adjoining the lands of R. G. [Dunn] [Porter] & others and bounded as follows: Beginning at a stake in Porters line and running thence S. 86 1/2 ” E 15.85 chains to a [pine] tree, thence N. 3″ E 13.15 chains to a stake on the South side of path, thence S. 88″ E with the South line of the path 7.75 chains to a stone thence N 3 1/2″ E fifty links to a stone thence N 87 1/2 ” E 7.05 chains to a stake on the south side of the path thence S 23″ W 36.90 chains to a stake in R G. [Dennard] line thence N 79″ W 18.25 chains to a stake thence N 3 1/2 ” E 18.60 chains to the beginning.

Being the 45 acres allotted to T. B. Bridges and the 13 acres allotted to Nancy Ferguson or Nancy [Kinston] in the division of the land of S___ Brown: said 45 and 13 acres bring fully described in the report of the commissioners and judgment of the court in the special proceedings entitiled Smith v. Bridges recorded in the Book 7 Records of [Partition] A. at Page 421 [A Sey] of the office of the clerk Superior Court of Wake County see also Book No 89 at pages 186-187 and 277 for said Bridges letter to said land.

To have and hold all and singular the aforesaid described lands and premises with all privileges and appurtenances thereto in anywise appertaining or belonging unto him the said Lewis J. Christmas his heirs and assigns in fee simple forever in as full and ample a manner as said Mary M. Christmas Executrix as aforesaid is empowered to convey the same.

State of West Virginia
Kanawha County

I Grant P. Hall Clerk of the circuit court in and for the state and county abovewritten, do hereby certify that Mary M. Christmas Executrix of T. B. Bridges personally appeared before me this day and acknowledged the due execution of the foregoing deed of conveyance.

Witness my hand and official seal this 2nd day of January 1899.

(seal) Grant P. Hall Clerk circuit court
Kanawha Co West Va.

State of North Carolina
Wake County

The foregoing certificate of Grant P. Hall Clerk circuit court Kanawha Co. W. Va. is adjudged to be [earnest.] Let this instrument with the certificate by registered. Witness my hand this 4th day of January 1899.
W. M. Russ Clerk Superior Court

Filed for registration 5 1/2 o’clock P.M. January 4th 1899 and registered in the office of Register of Deeds for Wake County in Book No, 151 Page 679 Jan 6th 1899.
W. H. [Havel] Register of Deeds

Mark Turner : Go Tell It On the Mountain — THE BITTER SOUTHERNER

August 06, 2019 10:44 PM

Great writing here.

I had a dream.

The Georgia General Assembly funded a memorial for Martin Luther King Jr. and his top aides to be carved on Stone Mountain.

The lawmakers commissioned a bas-relief of MLK and John Lewis and Andy Young, this to be beveled into gray granite beside Jefferson Davis and Robert E. Lee and Stonewall Jackson. (A half-century ago, the Georgia General Assembly maneuvered to have that holy trinity of notable Confederates, along with their horses, carved onto Stone Mountain.)

At dream speed, hundreds of stonemasons dangled by rope down the side of the most famous … and infamous … pluton in the South. They lit the fuses on sticks of dynamite. They pounded chisels. They swung picks and fired up thermojet torches.

In no time, they sculpted a brand new Stone Mountain monument.When the artisans stood back to admire their work, they beheld the great black generals of the Civil Rights Movement. They stood side-by-side with the great white generals of the Civil War.

Here stood a New Stone Mountain.

Source: Go Tell It On the Mountain — THE BITTER SOUTHERNER

Mark Turner : Rep. Joe John statement on Abe Zeiger’s arrest

August 06, 2019 01:53 PM

NC House District 40 Representative Joe John was the person Abraham Zeiger was due to meet on Friday before Zeiger was arrested for carrying a pistol and two fully-loaded magazines into the North Carolina General Assembly building. Rep. John read the following statement on the House floor Monday night:

This gentleman actually had an appointment to see me. I made the following statement on the House floor Monday night:

Members, last week I had an 11:30 AM Wednesday constituent appointment with a resident of House District 40, whom I had not met previously, to discuss some fairly non-controversial issue. 11:30 came and went without the appointment being met, not all that unusual as many of you have experienced. When I went to lunch at 12:30, he was still a no-show.

We learned later that day the reason my appointment never arrived. He had been detained at our legislative building security check-in while attempting to enter this building with a loaded handgun and two full clips concealed in his bag, and had consequently been arrested and charged accordingly. He reportedly gave no explanation for his actions and was actually remarkably silent.

I want to thank publicly the members of the NC General Assembly Police Department who were on duty last Wednesday and acted expeditiously and appropriately. I would also like to thank the Legislative Services Officer and the Rules Chair for their follow-up and the many of you who expressed your concern.

That being said, in light of very recent events, I would ask each of you, for a moment, to imagine that the gentleman’s appointment was with you, in your office, rather than with me in mine. This incident after all took place, not hundreds of miles away in the distant states of Ohio and Texas, but right here, not only in our North Carolina capital city, but in this very building where we work and govern and spend so many hours. And as you reflect, I would ask you to consider whether it is now not time to throw partisanship and ideology into the trashcan, and to sit down for a full, frank and open-minded conversation about reaching a North Carolina common sense consensus with regards to role of firearms in our state.

I considered this often over the past weekend which Evelyn and I were able to spend at the coast with two adult children and three young granddaughters. I, for one, greatly enjoyed being “Pa” at the beach, I look forward to many more such weekends, and I am more than ready to have the conversation of which I spoke. If any of you feel the same, please let me know.

Mark Turner : AP: Man with gun stopped by security at N Carolina legislature

August 05, 2019 05:19 PM

Here’s an uncredited AP story on the arrest of Zeiger. It includes a quote from his attorney:

“It is unfortunate that any malice be attributed to such an upstanding citizen who merely made an oversight,” Gibson wrote.

Nice spin there, counselor! At the checkpoint, Zeiger was specifically asked whether he had any weapons in his bag. That should’ve been enough to trigger (so to speak) Zeiger’s memory that perhaps he did, in fact, have a weapon in his bag and that he should take it back to his vehicle. Oversight, my ass.

I look forward to Zeiger’s day in court.

August 2, 2019

RALEIGH, N.C. (AP) — A man faces charges of carrying a concealed handgun into North Carolina’s legislative building, which this year implemented airport-style security measures for people seeking to interact with lawmakers.

Abraham James Zeiger, 36, of Raleigh was charged with trying to carry the gun into the building on Wednesday, police records show. He sought to enter the building to speak to his legislator and didn’t realize he was carrying the gun, attorney Emily Gibson said in an email Friday.

“It is unfortunate that any malice be attributed to such an upstanding citizen who merely made an oversight,” Gibson wrote.

The General Assembly’s police chief and its chief management officer didn’t return a call Friday seeking more details about the arrest.

Zeiger was stopped by officers who spotted a suspicious item as his bag passed through an X-ray scanner, The News & Observer of Raleigh reported . Officers found a 9 mm handgun and two magazines, each loaded with 15 bullets, General Assembly Police Chief Martin Brock told the newspaper.

The arrest marked the first instance of a gun being found during the screening process at the entrance to the state’s legislative building, which hosts staff and legislative offices, hearing rooms and the chambers where the 50-member Senate and 120-member House meet.

Legislative activities were minimal this week as lawmakers try to overcome Gov. Roy Cooper’s veto of the two-year state budget. On Wednesday, House members discussed a commission to oversee the purchase and sale of milk and approved legislation to expand the requirement for adults to report claims of child sex abuse to the authorities.

Mark Turner : Letter to the editor on assault weapons

August 05, 2019 05:04 PM

I sent this letter to the editor to the N&O today. I hope it gets printed.

I served four years in the U.S. Navy never having heard an AK-47. Then a week ago, hotheads brought their gun battle to my neighborhood. It became crystal clear hearing that cannon-like booming that these assault rifles are nothing less than weapons of war.

There is no justification for anyone outside of the military or law enforcement to posses assault weapons. Can we get to the well-regulated part of our “well-regulated militia” now?

Mark Turner : Man who brought gun to NCGA expressed far-right views

August 03, 2019 06:19 PM

Update 2019-08-14: I have been pondering Friday’s arrest of Abe Zeiger for bringing a gun into the North Carolina General Assembly and it’s possible that I was wrong about his intentions. Yes, I certainly did find a number of gun-themed and seemingly anti-government posts on his Facebook page but to be fair, these were all forwarded and not authored by Zeiger himself. Other photos portray Zeiger as a family man and I found no evidence that things weren’t going well with his life. I am sorry if I misinterpreted the digital breadcrumbs I was able to piece together.

On the other hand, I hope he sees how someone could draw this conclusion. The Bundy item was especially disturbing – celebrating the pointing weapons at law enforcement officers is no joke – and what’s more it wasn’t even remotely truthful. To repost this on Facebook a week before showing up at the state legislature with a pistol and 30 rounds is enough to put a community on edge.

Any why was the gun in his bag when he didn’t have a concealed carry permit (CCP)? Why didn’t he declare the gun when asked by officers at

While his intentions could have been completely innocent when he showed up with a gun, the truth is that no one could know that for certain. It only takes seconds for a mass shooting to occur and officers don’t have the luxury of trust.

Zeiger could very well be a stand-up guy, just trying to do the right thing. If so, I applaud his intentions though I’d rather he left the “good guy with the gun” role to law enforcement. At the same time, he made a big mistake by not removing his weapon before entering a secured building, and for carrying a weapon around in his bag without possessing a CCP. While I am not as concerned as I once was that he may be a threat to society, there is no getting around the fact that he was not being responsible with his gun.

Abe Zeiger

On Friday afternoon, a man was arrested at the North Carolina General Assembly for trying to sneak in a 9mm pistol and two magazines of 15 rounds apiece. The man, Abraham James Zeiger, age 36, was charged with unlawfully carrying a concealed weapon and violating legislative building rules. The story by Lauren Horsch in the N&O quoted the N.C. State Capitol Police as expressing surprise at their catching Zeiger as he was not on their radar, so to speak. The General Assembly implemented stricter security measures at the General Assembly in April of last year.

“I can’t be more pleased with the (screening) process,” General Assembly Police Chief Martin Brock said of the security measures that caught the gun. “It could have easily been missed.”

Since this story took place on a Friday afternoon – a time when news stories tend to get lost in the lull of the weekend – there didn’t seem to be many in the media who were asking just who is Zeiger? Also since I happen to know several people who work in the General Assembly, I wanted to know what might have motivated Zeiger and what he may have been planning to do with that gun. It didn’t take me long to find the answers.

First up was a search through voter records. An Abraham James Zeiger is registered in 2017 as Unaffiliated and has no voter history. Not much luck here:

A search on Twitter turned up no accounts.

A search on Spokeo brings us this:

A few Google searches show a LinkedIn page for an Abraham J. Zeiger who appears to be the man in the mugshot. According to the LinkedIn profile, Zeiger works as VP of Operations for Branz Technologies, a company in Durham, NC which once had a location in Sterling, VA (along with Zeiger). Documents filed with the North Carolina Secretary of State list Zeigler as an executive with the company.

More searching shows Zeiger commonly goes by the name Abe Zeiger. A Google search for Abe Zeiger leads us to his Facebook page.

It is on Zeiger’s Facebook page where we find the goods. Zeiger posted a number of anti-government, anti-abortion, pro-Second Amendment items to his Facebook page.

Just one week ago, Zeiger reposted an item praising the gun-toting mob who unlawfully threatened federal officials who were enforcing the law against Cliven Bundy in 2014:

Zeiger reposted this item expressing anti-government views

From November 2016:

December 2018:

Another search turns up Zeiger’s name and business in a Town of Cary bidding document. I can never reconcile the irony of people who express anti-government views while at the same time making a living (at least indirectly) from government contracts.

Then there are several Second Amendment posts. From February:

Also from February:

March:

March again:

Zeiger’s court date is August 28th in room 101 of the Wake County Courthouse.

Mark Turner : Newly Discovered Cellular Pathway May Mean New Approach For How We Treat Alzheimer’s and Cancer

July 24, 2019 04:48 PM

They started out studying the immune response to brain tumors in children. But what they found may not only stop tumors from growing, but halt Alzheimer’s disease as well. Scientists at St. Jude Children’s Research Hospital—the only National Cancer Institute-designated Comprehensive Cancer Center devoted solely to children—have discovered a pathway that prevents the buildup of a toxic protein associated with Alzheimer’s disease. The findings offer a possible new approach to treatment of Alzheimer’s and cancer.

Researchers of the study—published this month in the journal Cell—named the pathway LC3-associated endocytosis or LANDO. They hope to now find compounds that will allow them to restore functioning of the pathway to treat Alzheimer’s disease or block it to treat malignant tumors.

Source: Newly Discovered Cellular Pathway May Mean New Approach For How We Treat Alzheimer’s and Cancer

Mark Turner : We Should Never Have Called It Earth – The On Being Project

July 24, 2019 01:42 PM

We should never have called it Earth. Three quarters of the planet’s surface is saltwater, and most of it does not lap at tranquil beaches for our amusement. The ocean is deep; things are lost at sea. Sometimes we throw them there: messages in bottles, the bodies of mutinous sailors, plastic bags of plastic debris. Our sewage.

Sometimes the things we lose slip unnoticed down the sides of passing ships. We expect never to see lost objects again, but every so often they are carried by shifting currents and swirling eddies to wash ashore on distant beaches. We are reminded that things, once submerged, have a habit of returning.

I am not afraid of the ocean, although I should be. On hot summer weekends I take my son to the beach. He toddles toward the water, laughs at the lazy waves splashing his fat baby legs. I follow behind, turn him back when the water reaches his naked belly. He is too young to know the sea gets deeper, that eventually it rises above your head and you must swim so as not to drown. I am prepared for nightmares as he grows and learns about the vastness of the ocean and the monsters real and imagined that swim there. He will soon know that evil things lurk in the deep.

Source: We Should Never Have Called It Earth – The On Being Project

Mark Turner : The Navy’s journey from racial segregation to equality

July 24, 2019 01:17 PM

In the spring of 1945, at age 17, I volunteered for the U.S. Navy.

Nazi Germany had surrendered, but World War II was still raging in the Pacific as the Americans closed in on Japan’s home islands. Kamikaze planes were diving into ships, killing sailors by the dozens.

Most of my thoughts and feelings were with those embattled men 5,000 miles away. When I enlisted, I had no idea I was about to participate in a historic experience that in some ways would prove more momentous than the final struggle against the Axis powers.

Orders from the Navy directed me to report to New York’s Pennsylvania Station, where I boarded a train with other new recruits that took us upstate to boot camp at the Sampson Naval Training Station. Soon after we arrived, we were divided into companies and marched to our barracks, as Seneca Lake gleamed in the distance.

A chief boatswain’s mate led me and some 150 other would-be swabbies to our barracks and checked off our names as we hefted seabags and settled into the spartan interior — where everyone got a shock. We were an integrated company — a third black, two-thirds white.

Without announcing it, the Navy was launching a program to upend the prevailing race-relations formula in the United States — separate but (supposedly) equal.

Source: The Navy’s journey from racial segregation to equality

Mark Turner : Jeffrey Epstein’s travel patterns revealed by public flight data – INSIDER

July 24, 2019 12:36 AM

This kind of article includes so many of my interests: tracking bad guys by combing through crowdsourced, open data.

I maintain an ADS-B receiver, too, and track planes in the Triangle area on a real-time basis but I need to start stuffing this information into a database so I can keep it long-term.

As reporters and federal prosecutors turned the screws on Jeffrey Epstein over the past two years, the notorious money manager and sex felon appears to have enjoyed a globetrotting lifestyle that involved weekly flights between his properties in New York, New Mexico, Florida, the US Virgin Islands, and Paris, as well as occasional excursions to the United Kingdom, Slovakia, and Morocco.

This account of Epstein’s travels is based on two years of flight data associated with two of his Gulfstream airliners. Without detailed passenger manifests, it’s impossible to know whether Epstein was present on each individual flight. In the aggregate, however, the flight records illustrate an improbably lavish life, and raise further questions about how he earned and spent his fortune.

Source: Jeffrey Epstein’s travel patterns revealed by public flight data – INSIDER

Mark Turner : Watch as the Ridgecrest earthquake shatters desert floor in stunning before-and-after images – Los Angeles Times

July 23, 2019 05:53 PM

It’s pretty amazing to see an earthquake’s effects captured in one GIF.

Millions felt the shaking from the Ridgecrest earthquake.
But new satellite images offer a dramatic and instructive view of the immense power of the magnitude 7.1 quake, showing how California’s biggest earthquake in nearly two decades caused the ground to break.

Animated slides show how the quake permanently jolted a huge block of earth northwest while the other side of the fault moved southeast.

Some of the clearest images show long scars on the surface of the Mojave Desert, indicating precisely the 30 miles of earthquake fault — oriented in a northwest-southeast direction — that moved within moments on July 5.

“I’ve never seen this before,” said Brian Olson, engineering geologist with the California Geological Survey. “It’s really dramatic and a super-good illustrator, even for the advanced scientists, all the way down to the grade-school kids.”

Source: Watch as the Ridgecrest earthquake shatters desert floor in stunning before-and-after images – Los Angeles Times

Mark Turner : Navy Answers How a 57-Year-Old Maverick Could Still Feel the Need for Speed – USNI News

July 23, 2019 05:50 PM

Maverick flying 33 years later? File this under “unlikely.”

Late last week, as the official motion picture trailer for “Top Gun: Maverick” raced around social media, among the questions without easy answer was how was Pete “Maverick” Mitchell still feeling the need for speed as a 57-year-old captain with 30-plus years of service?

Paramount Pictures hasn’t released much about the plot of what will presumably be a summer 2020 blockbuster, and all fans have to go on are film industry site IMDB and what’s in the trailer released last week. However, the trailer addresses how odd it would be to have a captain in his late 50s when his peer group would have either made flag officer or hit the statutory retirement of 30 years of service.

In the trailer, Ed Harris’ character, an unidentified rear admiral, gives a brief overview of Maverick’s career.

“Thirty-plus years of service. Combat medals, citations, the only man to shoot down three enemy planes in the last 40 years. Yet you can’t get a promotion, you won’t retire, and despite your best efforts you refuse to die,” he said.

“You should be at least a two-star admiral by now. Yet here you are. Captain. Why is that?”

Could a real-world Capt. Mitchell still fly missions 33 years after audiences first saw the iconic naval aviator buzz control towers in the 1986 blockbuster “Top Gun”?

Source: Navy Answers How a 57-Year-Old Maverick Could Still Feel the Need for Speed – USNI News

Mark Turner : How did Kim Jong Un get his Mercedes-Benzes? – CNN Style

July 16, 2019 06:40 PM

On June 14, 2018, two armored Mercedes-Maybach S600 Guard vehicles were shipped from the Dutch Port of Rotterdam, heading out on a journey that would take months and see the cars transported thousands of miles through six countries, according to a new report from the Washington-based Center for Advanced Defense Studies (C4ADS).

After stops in China, Japan, South Korea and Russia, the two cars — each worth about $500,000 — are believed to have been flown to their final destination, Pyongyang. And in the North Korean capital, there’s only one customer who likely requires this type of ride.

The origin and journey of the two Mercedes luxury vehicles were exposed in the C4ADS report. CNN has not independently verified C4ADS’ reporting.

Source: How did Kim Jong Un get his Mercedes-Benzes? – CNN Style

Mark Turner : How a Flock of Birds Can Fly and Move Together | Audubon

July 16, 2019 06:36 PM

Many birds flock, of course. But only a relative handful really fly together, creating what University of Rhode Island biologist Frank Heppner, in the 1970s, proposed calling “flight flocks”: namely, highly organized lines or clusters. Pelicans, geese, and other waterfowl form lines and Vs, presumably to take advantage of aerodynamic factors that save energy. But the most impressive flockers are arguably those that form large, irregularly shaped masses, such as starlings, shorebirds, and blackbirds. They often fly at speeds of 40 miles or more per hour, and in a dense group the space between them may be only a bit more than their body length. Yet they can make astonishingly sharp turns that appear, to the unaided eye, to be conducted entirely in unison. Imagine doing unrehearsed evasive maneuvers in concert with all the other fast-moving drivers around you on an expressway, and you get an idea of the difficulty involved.

No wonder observers have been left groping for an explanation. When Heppner, now semi-retired, began studying pigeon flocks more than 30 years ago, he suggested that they communicate through some sort of neurologically based “biological radio.”

Source: How a Flock of Birds Can Fly and Move Together | Audubon

Mark Turner : New Solar + Battery Price Crushes Fossil Fuels, Buries Nuclear

July 04, 2019 01:28 AM

Los Angeles Power and Water officials have struck a deal on the largest and cheapest solar + battery-storage project in the world, at prices that leave fossil fuels in the dust and may relegate nuclear power to the dustbin.Later this month the LA Board of Water and Power Commissioners is expected to approve a 25-year contract that will serve 7 percent of the city’s electricity demand at 1.997¢/kwh for solar energy and 1.3¢ for power from batteries.

“This is the lowest solar-photovoltaic price in the United States,” said James Barner, the agency’s manager for strategic initiatives, “and it is the largest and lowest-cost solar and high-capacity battery-storage project in the U.S. and we believe in the world today. So this is, I believe, truly revolutionary in the industry.”

Source: New Solar + Battery Price Crushes Fossil Fuels, Buries Nuclear

Mark Turner : Renewable electricity beat out coal for the first time in April | Ars Technica

July 04, 2019 01:23 AM

A remarkable thing happened in the US in April. For the first time ever, renewable electricity generation beat out coal-fired electricity generation on a national level, according to the Energy Information Agency (EIA). While renewable energy—including hydro, wind, solar, geothermal, and biomass—constituted 23 percent of the nation’s power supply, coal-fired electricity only contributed 20 percent of our power supply.

Source: Renewable electricity beat out coal for the first time in April | Ars Technica

Mark Turner : The Navy Says UFOs Are Real. UFO Hunters Are Thrilled – VICE

July 04, 2019 01:21 AM

With the Navy’s recent revelation that its pilots have been regularly spotting unidentified flying objects, some of those in the UFO community who were once thought crazy now have some concrete evidence to point to. And the regular spate of mainstream news stories about UFO sightings has inspired a new generation of UFO hunters and researchers.

I’m regularly asked why I, a 32-year-old man with a good job and a young family spent six years researching the UFO subculture. Simply put, I find the culture and the people fascinating.

Ufology has always been a counter-cultural movement. Faced with decades of ridicule, the UFO community has always been the underdog. I like underdogs. But unidentified flying objects have made a cultural comeback, and the last two years have seen a huge growth in popular media coverage of this curious phenomenon and the people who explore it. It seems that UFOs have become all the rage, and this popular resurgence is inspiring a young new breed of UFO researchers and hunters.

Source: The Navy Says UFOs Are Real. UFO Hunters Are Thrilled – VICE

Mark Turner : June was hottest ever recorded on Earth, European satellite agency announces | The Independent

July 04, 2019 01:01 AM

Last month was the hottest June ever recorded, the EU‘s satellite agency has announced.Data provided by the Copernicus Climate Change Service (C3S), implemented by the European Centre for Medium-Range Weather Forecasts on behalf of the EU, showed that the global average temperature for June 2019 was the highest on record for the month.

Source: June was hottest ever recorded on Earth, European satellite agency announces | The Independent

Mark Turner : Florida sewage pipes feed fish and pollute beaches.

July 04, 2019 12:45 AM

Ten feet before us, a sewer pipe made out of limestone spews yellow-brownish insults into the reef ecosystem. The pipe’s mouth is barely visible through the cluster of baitfish and foragers, a silver mass of twitch and glide binging on nutrients long processed and evacuated by Broward County taxpayers. A goliath grouper bullies its way through and enters the pipe to feed. I’m told to watch out for fishing lines—an entanglement hazard for the sub’s thrusters. The Hollywood outfall pipe serves as a popular fishing spot, toilet to table.

Source: Florida sewage pipes feed fish and pollute beaches.

Tarus Balog : 2019 Dev-Jam – Day 4

June 29, 2019 02:24 PM

The next to the last day of Dev-Jam was pretty much like the one before it, except now it was quite clear that Dev-Jam was coming to a close (sniff).

I actually managed to get some of the work done that I wanted to do this week, namely to start working on the next version of my OpenNMS 101 video series. A lot changed in Horizon 24 and now the videos are a little off (especially when it comes to alarms) and I want to fix that soon.

2019 Dev-Jam: Group of People Hacking Away

I did make one bad decision when I purchased take-away sushi from the Union, but I was lucky that I got over it quickly (grin)

2019 Dev-Jam: Jesse Talking About ALEC

It’s so nice to be able to break out into little groups and share what is going on in OpenNMS. Jesse gave an in-depth talk on ALEC (and I’ll be presenting it at this year’s All Things Open conference).

It wasn’t all work, though.

2019 Dev-Jam: Table with Snacks and Ulf

A group of people had gone to the Mall of America on Sunday, and Markus bought a Rick and Morty card game that seemed pretty popular. Parasites!

For dinner I ordered some delicious pizza from Punch as many people wanted to stay in and finish up their projects in time for tomorrow’s “Show and Tell”.

It’s hard to believe Dev-Jam is almost over.

Tarus Balog : 2019 Dev-Jam – Day 3

June 27, 2019 04:52 PM

Not much to add on Day 3 of Dev-Jam. By now the group has settled into a routine and there’s lots of hacking on OpenNMS.

As part of my role as “cruise director” Mike and I ran out for more snacks.

2019 Dev-Jam: Table with Snacks and Ulf

On the way we stopped by the Science Museum of Minnesota to pick up a hoodie for Dustin. As fans of Stranger Things we thought we should get our Dustin the same hoodie worn by Dustin in the show. The one in the show was apparently an actual hoodie sold by the museum in the 1980s, but it was so popular they brought it back.

2019 Dev-Jam: Dustin and Dustin in Brontosaurus Hoodie

While not exactly the “Upside Down” in the evening the gang descended on Up-Down, a barcade located a few miles away. Jessica organized the trip and folks seemed to have a great time.

2019 Dev-Jam: Selfie of Folks at Up-Down.

The combination bar and arcade features vintage video games

2019 Dev-Jam: People Playing Video Games at Up-Down.

as well as pinball machines

2019 Dev-Jam: Selfie of Folks at Up-Down.

Of course, there was also a bar

2019 Dev-Jam: People at the Bar at Up-Down.

Good times.

Tarus Balog : 2019 Dev-Jam – Day 2

June 26, 2019 01:54 PM

While the OpenNMS team does a pretty good job working remotely, it is so nice to be able to work together on occasion. Here is an example.

I wanted to explore the current status of the OpenNMS Selenium monitor. My conclusion was that while this monitor can probably be made to work, it needs to be deprecated and probably shouldn’t be used.

I started off on the wiki page, and when I didn’t really understand it I just looked at the page’s history. I saw that it was last updated in 2017 by Marcel, and Marcel happened to be just across the room from me. After talking to him for awhile, I understood things much better and then made the decision to deprecate it.

The idea was that one could take the Selenium IDE, record a session and then export that to a JUnit test. Then that output would be minimally modified and added to OpenNMS so that it could periodically run the test.

The main issue is that the raw Selenium test *requires* Firefox, and Firefox requires an entire graphics stack, i.e. Xorg. Most servers don’t have that for a number of good reasons, and if you are trying to run Selenium tests on a large number of sites the memory resources could become prohibitive.

An attempt to address this was made using PhantomJS, another Javascript library that did not require a graphical interface. Unfortunately, it is no longer being maintained since March of 2018.

We’ve made a note of this with an internal OpenNMS issue. Moving forward the option looks like to use “headless Chrome” but neither OpenNMS nor Selenium support that at the moment.

We still have the Page Sequence Monitor. This is very efficient but can be difficult to set up.

Playing with that took up most of my morning. It was hard staying inside because it was a beautiful day in Minneapolis.

2019 Dev-Jam: Picture of Downtown Minneapolis from UMN

Most of my afternoon was spent working with OpenNMS customers (work doesn’t stop just because it is Dev-Jam) but I did wander around to see what other folks were doing.

2019 Dev-Jam: Jesse White with VR headset

Jesse was playing with a VR headset. The OpenNMS AI/Machine Learning module ALEC can create a visualization of the network, and he wrote a tool that lets you move through it in virtual reality (along with other people using other VR headsets). Not sure how useful it would be on a day to day basis, but it is pretty cool.

That evening most of us walked down the street to a pretty amazing Chinese restaurant. I always like bonding over food and we had discovered this place last year and were eager to return. I think the “bonding” continued after the meal at a bar across the street, but I ended up calling it a day.

2019 Dev-Jam: People at a table at a Chinese restaurant

2019 Dev-Jam: People at a table at a Chinese restaurant

Tarus Balog : 2019 Dev-Jam – Day 1

June 25, 2019 03:08 PM

Dev-Jam officially got started Monday morning at 10:00.

I usually kick off the week with a welcome and some housekeeping information, and then I turn it over to Jesse White, our project CTO. We do a roundtable introduction and then folks break off into groups and start working on the projects they find interesting.

This year we did something a little different. The development team scheduled a series of talks about the various things that have been added since the last Dev-Jam, and I spent most of the day listening to them and learning a lot of details about the amazing platform that is OpenNMS. While we had some technical difficulties, most of these presentations were recorded and I’ll add links to the videos once they are available.

2019 Dev-Jam: Graph of Main Projects Over the Last Year

Jesse started with an overview of the main development projects over the last year. Sentinel is a project to use the Kafka messaging bus to distribute OpenNMS functionality over multiple instances. While only implemented for telemetry data at the moment (flows and metrics) the goal is to enable the ability to distribute all of the functionality, such as service assurance polling and data collection, across multiple machines for virtually unlimited scalability.

After the Sentinel work, focus was on both the OpenNMS Integration API (OIA) and the Architecture for Learning Enabled Correlation (ALEC).

The OIA is a Java API to make it easier to add functionality to OpenNMS. While it is used internally, the goal is to make it easier for third parties to integrate with the platform. ALEC is a framework for adding AI and machine learning functions to OpenNMS. It currently supports two methods for the correlation of alarms into situations: DBScan and TensorFlow, but is designed to allow for others to be added.

The current development focus is on the next version of Drift. Drift is the feature that does flow collection, and there are a number of improvements being worked on for “version 2”.

2019 Dev-Jam: Title Slide for the Contributing to OpenNMS talk

Markus von Rüden gave the next talk on contributing to OpenNMS. He covered a number of topics including dealing with our git repository, pull requests, test driven development and our continuous integration systems.

2019 Dev-Jam: Title Slide for the Karaf/OSGi talk

Matt Brooks presented an overview on how to leverage Karaf to add functionality to OpenNMS. Karaf is the OSGi container used by OpenNMS to manage features, and Matt used a simple example to show the process for adding functionality to the platform.

2019 Dev-Jam: Title Slide for the OIA talk

Extending on this was a talk by Chandra Gorantla about using the OIA with an example of creating a trouble ticketing integration. OpenNMS has had a ticketing API for some time but this talk leveraged the improvements added by the new API to make the process easier.

2019 Dev-Jam: Title Slide for the ALEC talk

Following this was a talk by David Smith on ALEC. He demonstrated how to add a simple time-based correlation to OpenNMS which covered a lot of the different pieces implemented by the architecture, including things like feedback.

That ended the development overview part of the presentation but there were two more talks on Docker and Kubernetes.

2019 Dev-Jam: Slide showing Useful Docker Commands for OpenNMS

Ronny Trommer gave a short overview of running OpenNMS in Docker, covering a lot of information about how to deal with the non-immutable (mutable?) aspects of the platform such as configuration.

2019 Dev-Jam: Kubernetes Diagram

This was followed by an in-depth talk by Alejandro Galue on Kubernetes, running OpenNMS using Kubernetes and how OpenNMS can be used to monitor services running in Kubernetes. While Prometheus is the main application people implement for monitoring Kubernetes, it is very temporal and OpenNMS can augment a lot of that information, especially at the services level.

These presentations took up most of the day. Since it is hard to find places where 30 people can eat together, we have a tradition of getting catering from Brasa, and we did that for Monday night’s meal.

2019 Dev-Jam: Table Filled with Food from Brasa

Jessica Hustace, who did the majority of the planning for Dev-Jam, handed out this year’s main swag gift: OpenNMS jackets.

2019 Dev-Jam: OpenNMS logo jacket

Yup, I make this look good.

Tarus Balog : 2019 Dev-Jam – Day 0

June 24, 2019 02:13 PM

For the fourteenth time in fifteen years, a group of core community members and power users are getting together for our annual OpenNMS Developers Conference: Dev-Jam.

This is one of my favorite times of the year, probably second only to Thanksgiving. While we do a good job of working as a distributed team, there is nothing like getting together face-to-face once in awhile.

We’ve tried a number of venues including my house, Georgia Tech and Concordia University in Montréal, but we keep coming back to Yudof Hall on the University of Minnesota campus in Minneapolis. It just works out really well for us and after coming here so many times the whole process is pretty comfortable.

My role in Dev-Jam is pretty much just the “cruise director”. As is normal, other people do all the heavy lifting. I did go on a food and drink run which included getting “Hello Kitty” seaweed snacks.

2019 Dev-Jam: Hello Kitty Seaweed Snacks

Yudof Hall is a dorm. The rooms are pretty nice for dorm rooms and include a small refrigerator, two burner stove, furniture and a sink. You share a bathroom with one other person from the conference. On the ground floor there is a large room called the Club Room. On one side is a kitchen with tables and chairs. On the other side is a large TV/monitor and couches, and in the middle we set up tables. There is a large brick patio that overlooks the Mississippi River.

2019 Dev-Jam: Yudof Hall Club Room

The network access tends to be stellar, and with the Student Union just across the street people can easily take a break to get food.

We tend to eat dinner as a group, and traditionally the kickoff meal is held at Town Hall Brewery across the river.

2019 Dev-Jam: UMN Bridge Over the River

It was a pretty rainy day but it stopped enough for most of us to walk over the bridge to the restaurant. You could feel the excitement for the week start to build as old friends reunited and new friends were made.

2019 Dev-Jam: Town Hall Brewery

When we were setting up the Club Room tables, we found a whiteboard which is sure to be useful. I liked the fact that someone had written “Welcome Home” on it. Although I don’t live here, getting together with these people sure feels coming home.

2019 Dev-Jam: Welcome Home on Whiteboard

Mark Turner : Recordings by Elton John, Nirvana and Thousands More Lost in Fire – The New York Times

June 13, 2019 09:58 PM

This is astonishing. As an IT guy, I have been responsible for backups. How Universal could be so careless with priceless audio tapes just boggles my mind.

Eleven years ago this month, a fire ripped through a part of Universal Studios Hollywood.

At the time, the company said that the blaze had destroyed the theme park’s “King Kong” attraction and a video vault that contained only copies of old works.

But, according to an article published on Tuesday by The New York Times Magazine, the fire also tore through an archive housing treasured audio recordings, amounting to what the piece described as “the biggest disaster in the history of the music business.”

Source: Recordings by Elton John, Nirvana and Thousands More Lost in Fire – The New York Times

Mark Turner : Don’t Panic about Rare Earth Elements – Scientific American

June 13, 2019 09:55 PM

As trade tensions rise between the U.S. and China, rare earth minerals are once again in the political spotlight. Today Chinese mines and processing facilities provide most of the world’s supply, and Chinese leader Xi Jinping has hinted about using this as political leverage in trade negotiations with U.S. President Donald Trump’s administration. But in the long run, many experts say the global market involving these materials would likely survive even if China completely stopped exporting them.

Source: Don’t Panic about Rare Earth Elements – Scientific American

Mark Turner : Cheap Thoughts: flash magnetism

May 21, 2019 02:42 PM

Wouldn’t it be cool if you could “flash magnetize” ferrous metal? Put a current or magnetic field into something, magnetize it, remove power/field and STILL have it be magnetic? And more importantly, demagnetize it instantly. Passive electromagnetism. I know you can impart magnetism into certain things but how strongly can this be done?

This may all be simple stuff to others, I don’t know. It’s been a while since I’ve played with magnets and motors so I’ve forgotten a lot. Seems useful to have an electromagnet which only uses electricity to change its state.

Update: This is exactly what I need: an Electropermanent magnet. Interesting!

Mark Turner : New teeth – invisible aligners

May 20, 2019 02:56 PM

For the past few years I’ve been getting a chip in my front tooth patched by my dentist. This patch will last anywhere between 8 months to as short as one hour before it pops off and I have to get it done again. I’m not a fan of the look of this chipped tooth but I can’t keep getting it patched, either. My dentist, recommended I get orthodontics to help keep my teeth from smacking together and dislodging the patch.

The orthodontist recommended by my dentist put a hefty price tag on moving my teeth and I just couldn’t justify the cost. I put that on hold before I checked out Smile Direct Club (SDC). SDC would use the same invisible aligners (InvisAlign) that the orthodontist would use but the cost would be less than two-thirds the price. The downside is I wouldn’t receive personal care from an orthodontist. I decided to go for it, since I have had three years of orthodontics experience as a teenager and know what to expect.

So far, it’s been so good. I put in my first aligners a week ago Saturday and began my second one this past Saturday. My teeth ached a bit for most of the first week but by that Wednesday I felt comfortable enough wearing them that I didn’t mind them anymore. There’s no question that my teeth have shifted in the 9 days I’ve worn the aligners, so I have no doubt that they’re working. And I’ve become a bit obsessed with wearing them.

The only downsides are that sometimes the edges of my aligners feel a bit sharp to my tongue. I have to make sure I keep my tongue as still as possible to keep from rubbing it raw. There’s also the mild ache I feel from my shifting teeth. I cannot eat anything or drink anything but water while I’m wearing them. Finally, I have to brush my teeth each time I remove the aligners. Overall, not too difficult to manage.

I had wondered at the start of this if I’d have the discipline to deal with aligners. It turns out I do. I think I’ll be looking back on this in October and feel like it was worth the cost and effort.

I’ll keep y’all posted on how it goes.

Mark Turner : Cat-tastrophe averted

May 14, 2019 09:28 PM

Jupiter came wandering back up to the house around 4 PM today like nothing had happened. I suppose he went on a bender last night and was sleeping it off somewhere. Glad to have our kitty back!

Mark Turner : I fear for my cat

May 14, 2019 05:21 PM

Update 5:28 PM: Jupiter has wandered back home. Yay!

Early this morning I was awakened from a deep sleep by a repetitive noise outside the house. A moment’s reflection in my foggy mind identified the noise as a screaming raccoon. I put on my clothes, grabbed a flashlight, and stepped onto the front porch as quietly as I could.

But I wasn’t quiet enough. The screaming stopped; I was noticed. I wasn’t able to pinpoint where the raccoon was or what was happening. What I do know is that there was no sign of my porch cat, Jupiter. What I also know is that Jupiter would’ve most certainly reacted to the sound of the front door opening, which may have possibly doomed him if he were facing off against a raccoon.

I walked down the street shining my flashlight carefully into backyards, trying not to light up my neighbors’ windows while looking in the bushes for the tell-tale glow of animal eyes. After a few minutes of seeing and hearing nothing, I crawled back into bed.

Just as I did, I heard the faint sound of a meow. Or did I imagine it?

This morning, I would’ve expected his furry face to be glued to the front window, demanding his breakfast. On occasional nights I’ve made a point of putting his food away to keep from attracting raccoons. Last night was one of those nights. The kitter should’ve been famished and yet he was nowhere to be found.

There are other signs from the universe that he may no longer be around, such as Elton John’s “Circle Of Life” popping up unexpectedly on yesterday’s playlist. And my pondering yesterday of the freedom that I’ve always given him: he has always been free to come and go as he pleases. I can’t let him be free to come without also letting him be free to go or it isn’t really freedom.

I hope to see his striped tail hanging off his food table tonight but I am not optimistic. It’s going to be a tense next few days.

Mark Turner : New York Times story focused on Raleigh gentrification | Raleigh News & Observer

May 09, 2019 02:43 PM

Ned Barnett’s opinion piece last week, downplaying the damaging effects of gentrification, was incredibly tone-deaf.

Indeed the Times story called attention to the implication that there is something wrong with downtown neighborhoods gaining new homes and more value as white flight reverses.

Well, yes, yes there is. There is something wrong with it, Ned. Surging property values are great for owners, unless those owners are unable to pay the soaring property taxes. Surging property values aren’t too fun for the renters who get pushed out by skyrocketing rents or by the flipping of homes.

We can improve neighborhoods without pushing out the long-time residents – the people who actually contribute to the character of any neighborhood. The question we should be asking is: how can everyone benefit from prosperity?

Raleigh is now almost blase about being cited in the national media as a city on the rise, but a New York Times report last week cast that growth in a less flattering light. It used Raleigh as exhibit No. 1 of how well-off whites are moving into traditionally black neighborhoods near urban centers and converting longtime nonwhite areas into white enclaves.

The story stressed that Raleigh’s pattern is part of a national trend, but its focus in photos, videos and quotes was on North Carolina’s capital. The theme was that poorer blacks are being pushed out and those who remain feel their neighborhood is being usurped.

The coverage put a spotlight on an issue Raleigh’s leaders know about but have not directly addressed: How much should growth be allowed to displace residents and transform neighborhoods?

Source: New York Times story focused on Raleigh gentrification | Raleigh News & Observer

Mark Turner : Something in the blood – ME/CFS Research Review

May 01, 2019 12:13 AM

Fluge and Mella used an expensive bit of kit called the Seahorse analyser, which measures glycolysis through the lactate production and mitochondrial activity through changes in oxygen levels.

They tested normal healthy muscle cells that had been grown in the lab. But they added to those cells serum taken from either ME/CFS patients or healthy controls. Serum is the fluid left over after blood has clotted and it contains small molecules and other soluble substances.

They have data for 12 people with ME/CFS and 12 healthy controls, a relatively small sample.What they found was, surprisingly, that the muscle cells produced more lactate and burned more oxygen when they were incubated with ME/CFS serum than when incubated in serum from healthy controls. And the effect was particularly strong when the cells were made to work hard.

Source: Something in the blood – ME/CFS Research Review

Mark Turner : The Neighborhood Is Mostly Black. The Home Buyers Are Mostly White. – The New York Times

April 28, 2019 02:24 PM

A sobering read on gentrification of downtown Raleigh from the New York Times.

RALEIGH, N.C. — In the African-American neighborhoods near downtown Raleigh, the playfully painted doors signal what’s coming. Colored in crimson, in coral, in seafoam, the doors accent newly renovated craftsman cottages and boxy modern homes that have replaced vacant lots.

To longtime residents, the doors mean higher home prices ahead, more investors knocking, more white neighbors.

Here, and in the center of cities across the United States, a kind of demographic change most often associated with gentrifying parts of New York and Washington has been accelerating. White residents are increasingly moving into nonwhite neighborhoods, largely African-American ones.

Source: The Neighborhood Is Mostly Black. The Home Buyers Are Mostly White. – The New York Times

Mark Turner : The Final Secret of the USS Scorpion | HistoryNet

April 23, 2019 12:43 PM

The article doesn’t say it but I will: fuck John Walker, Jr.

In 1968 one of the U.S. Navy’s nuclear submarines went missing in the Atlantic. Now, 50 years later, the full story of its disappearance can finally be told.RADIOMEN 2ND CLASS MIKE HANNON WALKED TO WORK WITH A PALPABLE SENSE OF UNEASE on the morning of May 23, 1968. As a communications specialist at Submarine Force Atlantic Headquarters, he was responsible for processing dozens of messages each day from submarines at sea, ranging from routine announcements to top-secret operational dispatches. But hours earlier, when his eight-hour shift had ended at midnight, Hannon feared that one of the submarines on his watch might be in trouble—or worse.

The Norfolk-based USS Scorpion, one of the Atlantic Fleet’s 19 nuclear attack submarines, had been scheduled to transmit a four-word “Check Report”—encrypted to prevent the Soviets from intercepting it—that meant, in essence, “Situation normal, proceeding as planned.” In this instance, the Skipjack-class submarine was returning to Norfolk after a three-month deployment to the Mediterranean Sea. Its standing orders called for a burst transmission every 24 hours that, when decrypted, read: “Check 24. Submarine Scorpion.” But the previous day no message had come clattering out of the secure teletypewriter that Hannon used. As he prepared to leave for the night, Hannon had briefed Radioman 2nd Class Ken Larbes, the petty officer coming on duty, about the overdue message. He then tapped on his supervisor’s office door and asked whether any late word had come in from the Scorpion. Warrant Officer John A. Walker Jr. silently shook his head no. Was this the first hint of an emergency, Hannon wondered, or merely a delayed transmission caused by mechanical problems or stormy weather conditions?

Source: The Final Secret of the USS Scorpion | HistoryNet

Mark Turner : Trump’s Orders Are Routinely Disregarded by His Staff – The Atlantic

April 22, 2019 01:22 AM

It’s been another dizzying few days in Washington, starting with yet another border controversy, as President Donald Trump threatened to bus unauthorized immigrants to sanctuary cities, and ending with the release of Special Counsel Robert Mueller’s report, which turned out to be far more damning than advertised by Trump’s attorney general.

These two very different stories have more in common than meets the eye. In each case, there’s a central tension between the president and aides who refuse to execute orders from him that they believe are illegal or foolish. Mueller’s report is packed with incidents in which White House staff not only didn’t do things Trump said, but never had any intention of doing them. In the case of the border, Immigration and Customs Enforcement staff rebuffed Trump’s plan to bus migrants on legal grounds; meanwhile, Homeland Security Secretary Kirstjen Nielsen and Customs and Border Protection Commissioner Kevin McAleenan refused to turn away migrants seeking asylum, concluding that it was illegal. (Nielsen was sacked soon after, while McAleenan is now her acting replacement.)

Source: Trump’s Orders Are Routinely Disregarded by His Staff – The Atlantic