Mark Turner : A Requiem for Raleigh’s Citizens Advisory Councils – Letter to the Editor

February 12, 2020 06:18 PM

After some back and forth with the N&O editorial staff, I have trimmed my CAC op-ed into more of a long letter. Hopefully it will run in Friday’s edition.

A Requiem for Raleigh’s Citizens Advisory Councils

Amid concerns that rapid growth was distancing city leaders from the community, Raleigh launched its Citizens Advisory Councils (CACs). For 46 years, CACs were a forum where citizens and government officials could exchange information and concerns until Raleigh City Council abruptly ended this decades-long partnership in a vote that demonstrated a shocking lack of transparency and good governance.

Much has been made of the (merely advisory) role played by CACs in rezoning cases but CACs were so much more. CACs stepped in when neighbors needed help, organized school supplies drives, and provided a forum where wary neighbors met with Raleigh Police officers to build connections, and the list goes on. It didn’t matter who you were, if you were a resident your voice counted.

All other city advisory boards get their direction from the top; work must first be approved by the City Council. In this model, how do we ensure citizen concerns are adequately addressed? Who’s doing the listening and who’s doing the talking? Absent the independence of CACs, community engagement quickly devolves into a one-way conversation. The partnership is no more.

CACs had their challenges but they also represented one of the most basic forms of democracy: neighbors coming together to work things out. We will be hard-pressed to do better.

Mark Turner : Do not lose heart. We were made for these times. | Clarissa Pinkola Estés, Ph.D.

February 11, 2020 12:48 AM

The reason is this: In my uttermost bones I know something, as do you. It is that there can be no despair when you remember why you came to Earth, who you serve, and who sent you here. The good words we say and the good deeds we do are not ours: They are the words and deeds of the One who brought us here.

In that spirit, I hope you will write this on your wall: When a great ship is in harbor and moored, it is safe, there can be no doubt. But … that is not what great ships are built for.

This comes with much love and prayer that you remember Who you came from, and why you came to this beautiful, needful Earth.

Source: Do not lose heart. We were made for these times. | Clarissa Pinkola Estés, Ph.D.

Mark Turner : Writing has become harder

February 10, 2020 03:03 AM

Writing tonight’s CAC op-ed was the first several-hundred-word piece I’ve written in a while. Looking through my blog shows that I used to do this on a regular basis. Used to do it with ease.

It’s difficult to pin down what has changed. Certainly I’m older and It’s harder than it used to be to string words together. My suspected Gulf War Illness could be another factor. Still, it’s also true that the nature of online communications has changed.

Many people started their Internet experience using America Online (AOL). Nothing wrong with that, of course, but my beef with AOL was the beautiful walled garden that it provided: people would log on and think there was no world beyond AOL.

Today the same could be said about Facebook. Facebook has captured much of the attention that used to be on blogs like mine, only now it’s also walled off and shot through with conniving advertisements. It’s all built to encourage short attention spans, while blogging can be as robust as I feel like making it.

Facebook (and to a lesser extent Twitter) has worked hard to try to turn me from a producer back into a consumer again. It is an easy trap to fall into – “there are so many voices out there, what can I add with mine?”

And yet, people still visit my site. I still have many gems I’ve written here and I can tell the story of my life exactly the way I want to tell it. This is more valuable than ever.

Maybe I still have it, maybe I don’t, but there’s no doubt of the value of my words here. Let me know if you want to see more.

Mark Turner : A Requiem for Raleigh’s Citizens Advisory Councils

February 10, 2020 02:52 AM

Update 12 Feb: After some back-and-forth with the N&O editorial staff, I have trimmed my op-ed into a long letter.

I wrote and submitted this 500-word Op-Ed to the News and Observer tonight. I hope they run it. I will be forever passionate about citizen engagement (real citizen engagement) and oppose any efforts to water it down.

A Requiem for Raleigh’s Citizens Advisory Councils

In 1974, amid concerns that Raleigh’s rapid growth was distancing city leaders from the community they served, Mayor Clarence Lightner launched Raleigh’s Citizens Advisory Councils (CACs). CACs offered a forum where citizens and government officials could share information and concerns. For over 46 years, the city’s 18 CACs and their parent organization, the Raleigh Citizens Advisory Council (RCAC) was the only advisory board not appointed by City Council, a unique status that granted neighbors the freedom to discuss what was important to them and a means to provide unfiltered insight to City Council. Sadly, in a vote that demonstrated a shocking lack of transparency and good government, Raleigh’s mayor and City Council abruptly ended this decades-long partnership with nothing ready to take its place.

Much has been made of the (merely advisory) role CACs played in rezoning cases but CACs were so much more. When a neighbor lost her home and husband in a tragic fire, CAC neighbors pulled together to collect clothes and furniture. After the April 2011 tornadoes ripped through Raleigh, CAC volunteers were in the streets clearing debris and distributing water. In response to crime concerns, CACs worked with landlords to implement after-school activities for their teen residents and worked with the Raleigh Police Department to open neighborhood offices. CACs provided a neutral forum where police could meet with wary neighbors and build new connections and trust. CACs organized community events that promoted health and distributed school supplies to neighborhood kids. With CACs it didn’t matter what race you were, how wealthy you were, what your age was, or whether you rented or owned your home: if you were a resident your voice counted. You had a seat at the table.

Like any organization, CACs had their challenges. The unvarnished feedback CACs gave was not always welcome (especially to some developers, though almost all projects won CAC favor). CACs faced a continual fight for shrinking city resources and support. And, yes, CACs were known to butt heads at times but it is precisely this independence that gave CACs their strength: chairs were answerable only to their neighbors.

It is this independence that Raleigh will miss the most. Every other city advisory board is driven from the top down; its work must first be approved by the City Council. How can we ensure citizen concerns will be adequately addressed when city council alone controls the conversation? Who will be doing the listening and who will be doing the talking? Without the crucial independence enjoyed by CACs, community engagement quickly devolves into a one-way conversation. Partnership has been fatally wounded.

Raleigh’s CACs represented one of the most beautiful forms of democracy: neighbors coming together to work things out. Our city will be hard-pressed to improve on it.

Mark Turner : The Oral History of Prince’s Super Bowl XLI Halftime Show – The Ringer

February 02, 2020 02:15 PM

This is a fantastic oral history of the greatest Super Bowl Halftime show ever, the 2007 show performed by Prince, of course.

Coplin: I would be watching the monitors and trying to factor my own opinion about the show, but no matter what you see in the television truck, you have no sort of sense of what people at home are experiencing. And I remember just my phone started blowing up. Like, “OMG, this is the greatest thing I’ve ever seen.” I just had all these people, friends, colleagues, people in the business, just really losing their minds on my texts. And that’s when I knew that this thing was really maybe even better than we thought it was gonna be.

Nathan Vasher (Bears cornerback): The last two or three minutes, I peeked out of the tunnel. I didn’t want to go all the way out there, but for two or three minutes I got to witness greatness. I haven’t experienced that greatness again.

Source: The Oral History of Prince’s Super Bowl XLI Halftime Show – The Ringer

Mark Turner : Excuse me, but Oculan did a great job explaining its usefulness

January 26, 2020 05:33 PM

I was wandering through my MT.Net archives and noticed I had linked to a Triangle Business Journal story on the revival of Oculan. The story included this quote, which for some reason I just noticed was a slap in the face to me (hey it’s only been 18 years, right?):

Where Oculan stumbled, said independent analyst Richard Ptak, of Ptak, Noel & Associates in Amherst, N.H., was in the marketing.

“They had a very nice solution and a good strategy, but were never able to communicate why it was a good product,” Ptak said. “A lot of tech entrepreneurs think all they need is a better mousetrap, but nobody buys technology for the sake of technology anymore. They buy it because it’ll solve a problem.”

Well, Mr. Ptak, Oculan did a fantastic job communicating why it was a good product. Not only did it have an outstanding team of sales engineers out pitching it, the damn product sold itself. Your quote about a better mousetrap shows your ignorance.

So there.

Tarus Balog : Once Again Into the Breach – Back with Apple

January 23, 2020 05:43 PM

After almost a decade since my divorce from Apple, I find myself back with the brand, and it is all due to the stupid watch.

TL;DR: As a proponent of free software, I grouse at the “walled garden” approach Apple takes with its products, but after a long time of not using their products I find myself back in, mainly because free software missed the boat on mobile.

Back in 2011, I stopped using Apple products. This was for a variety of reasons, and for the most part I found that I could do quite well with open source alternatives.

My operating system of choice became Linux Mint. The desktop environment, Cinnamon, allowed me to get things done without getting in the way, and the Ubuntu base allowed me to easily interact with all my hardware. I got rid of my iMac and bought a workstation from System 76, and for a time things were good.

I sold my iPhone and bought an Android phone which was easier to interact with using Linux. While I didn’t have quite all of the functionality I had before, I had more than enough to do the things I needed to do.

But then I started to have issues with the privacy of my Android phone. I came across a page which displayed all of the data Google was collecting on me, which included every call, every text and every application I opened and how long I used it. Plus the stock Google phones started to ship with all of the Google Apps, many of which I didn’t use and they just took up space. While the base operating system of Android, the Android Open Source Project (AOSP), is open source, much of the software on a stock Android phone is very proprietary, with questionable motives behind gathering all of that data.

Then I started playing with different Android operating systems known as “Custom ROMs”. Since I was frequently installing the operating system on my phone I finally figured out that when Google asks “Would you like to improve your Android experience?”, and you say “yes”, that is when they start the heavy data collection. Opt-out and the phone still works, but even basic functionality such as storing your recent location searches in Google Maps goes away. Want to be able to go to a previous destination with one click? Give them all yer infos.

The Custom ROM world is a little odd. While there is nothing wrong with using software projects run by hobbyists, the level of support can be spotty at best. ROMs that at one time were heavily supported can quickly go quiet as maintainers get other interests or other handsets. For a long time I used OmniROM with a minimal install of Google Apps (with the “do not improve my Android experience” option) and it even worked with my Android Wear smartwatch from LG.

I really liked my smartwatch. It reminded me of when we started using two monitors with our desktops. Having things like notifications show up on my wrist was a lot easier to deal with than having to pull out and unlock my phone.

But all good things must come to an end. When Android Wear 2.0 came out they nerfed a lot of the functionality, requiring Android Assistant for even the most basic tasks (which of course requires the “improved” Android experience). I contacted LG and it wasn’t possible to downgrade, so I stopped wearing the watch.

Things got a little better when I discovered the CopperheadOS project. This was an effort out of Canada to create a highly secure handset based on AOSP. It was not possible (or at least very difficult) to install Google Apps on the device, so I ended up using free software from the F-Droid repository. For those times when I really needed a proprietary app I carried a second phone running stock Android. Clunky, I know, but I made it work.

Then CopperheadOS somewhat imploded. The technical lead on the project grew unhappy with the direction it was going and left in a dramatic fashion. I tried to explore other ROMs after that, but grew frustrated in that they didn’t “just work” like Copperhead did.

So I bought an iPhone X.

Apple had started to position themselves as a privacy focused company. While they still don’t encrypt information in iCloud, I use iCloud minimally so it isn’t that important to me. It didn’t take me too long to get used to iOS again, and I got an Apple Watch 3 to replace my no longer used Android Wear watch.

This was about the time the GDPR was passed in the EU, and in order to meet the disclosure requirements Apple set up a website where you could request all of the personal data they collected on you. Now I have been a modern Apple user since February of 2003 when I ordered a 12-inch Powerbook, so I expected it to be quite large.

It was 5MB, compressed.

The majority of that was a big JSON file with my health data collected from the watch. While I’m not happy that this data could be made available to third parties as it isn’t encrypted, it is a compromise I’m willing to make in order to have some health data. Now that Fitbit is owned by Google I feel way more secure with Apple holding on to it (plus I have no current plans to commit a murder).

The Apple Watch also supports contactless payments through Apple Pay. I was surprised at how addicted I became to the ease of paying for things with the watch. I was buying some medication for my dog when I noticed their unit took Apple Pay, and the vet came by and asked “Did you just Star Trek my cash register?”.

Heh.

For many months I pretty much got by with using my iPhone and Apple Watch while still using open source for everything else. Then in July of last year I was involved in a bad car accident.

In kind of an ironic twist, at the time of the accident I was back to carrying two phones. The GrapheneOS project was created by one of the founders of Copperhead and I was once again thinking of ditching my iPhone.

I spent 33 nights in the hospital, and during that time I grew very attached to my iPhone and Watch. Since I was in a C-collar it made using a laptop difficult, so I ended up interacting with the outside world via my phone. Since I slept off and on most of the day, it was nice to get alerts on my watch that I could examine with a glance and either deal with or ignore and go back to sleep.

This level of integration made me wonder how things worked now on OSX, so I started playing with a Macbook we had in the office. I liked it so much I bought an iMac, and now I’m pretty much neck deep back in the Apple ecosystem.

The first thing I discovered is that there is a ton of open source software available on OSX, and I mainly access it through the Homebrew project. For example, I recently needed the Linux “watch” command and it wasn’t available on OSX. I simply typed “brew install watch” and had it within seconds.

The next major thing that changed for me was how integrated all my devices became. I was used to my Linux desktop not interacting with my phone, or my Kodi media server being separate from my smartwatch. I didn’t realize how convenient a higher level of integration could be.

For example, for Christmas I got an Apple TV. Last night we were watching Netflix through that device and when I picked up my iPhone I noticed that I could control the playback and see information such as time elapsed and time remaining for the program. This happened automatically without the need for me to configure anything. Also, if I have to enter in text, etc. on the Apple TV, I can use the iPhone as a keyboard.

I’ve even started to get into a little bit of home automation. I bought a “smart” outlet controller that works with Homekit. Now I don’t have the “Internet of Things”, instead I have the “LAN of Things” as I block Internet access for most of my IoT-type things such as cameras. Since the Apple TV acts as a hub I can still remotely control my devices even though I can’t reach them via the Internet. All of the interaction occurs through my iCloud account, so I don’t even have to poke a hole in my firewall. I can control this device from any of my computers, my iPhone or even my watch.

It’s pretty cool.

It really sucks that the free and open source community missed the boat on mobile. The flagship mobile open source project is AOSP, and that it heavily controlled by Google. While some brave projects are producing Linux-based phones, they have a long way to go to catch up with the two main consumer options: Apple and Google. For my piece of mind I’m going with Apple.

There are a couple of things Tim Cook could do to ease my conscience about my use of Apple products. The first would be to allow us the option of having greater control of the software we install on iOS. I would like to be able to install software outside of the App Store without having to jailbreak my device. The second would be to enable encryption on all the data stored in iCloud so that it can’t be accessed by any other party than the account holder. If they are truly serious about privacy it is the logical next step. I would assume the pressure from the government will be great to prevent that, but no other company is in a better position to defy them and do it anyway.

Mark Turner : The Misfit Awesomeness of Neil Peart and Rush | The New Yorker

January 12, 2020 10:36 PM

Neil Peart, legendary Rush drummer, died on Friday from brain cancer at the age of 67. I’ve seen Rush in concert a few times and enjoyed most of their music. I especially enjoyed their “Rush: Behind the Lighted Stage” documentary.

In spite of their misfit nature ad limited radio airplay, Rush sold a ton of albums.

Here’s a great piece by the New Yorker about Neil and Rush. Rest in peace, Neil.

Neil Peart, the lyricist and virtuosic drummer of the Canadian progressive-rock band Rush, died on Tuesday, in Santa Monica, California. He was sixty-seven, and had been fighting brain cancer for several years. Rush formed in Toronto, in 1968 (Peart joined in 1974), and released nineteen studio albums, ten of which have sold more than a million copies in the U.S. According to Billboard, Rush presently ranks third, behind the Beatles and the Rolling Stones, for the most consecutive gold or platinum albums by a rock band.

Peart was wildly literate, and his earnest love of science fiction informed Rush’s singular aesthetic. Along with the singer Geddy Lee and the guitarist Alex Lifeson, he helped pioneer an audacious strain of brainy, intricate hard rock that perhaps borrowed more voraciously from Ayn Rand than the blues. Though the band’s influence was vast, something about its music seemed to speak deeply and directly to marginalized young men. Both Lee and Lifeson were the children of immigrants who had left Europe following the Second World War (Lee’s parents were Holocaust survivors; Lifeson’s fled Yugoslavia after the war), and a person gets the sense that the members of Rush had internalized a certain degree of cultural exclusion. Rather than retreating, they embraced ideas that eschewed convention.Rush was struggling commercially when, in 1976, it made “2112,” an intense, ambitious, and unrelenting record about a dystopian future. The band had spent the previous year playing small, grimy venues. (In the 2010 documentary “Rush: Beyond the Lighted Stage,” the band jokingly referred to this stretch of shows as the “Down the Tubes” tour.) No one seemed particularly energized about the next album. Rush’s manager, Ray Danniels, had to cajole Mercury Records into not dropping the band entirely.

“2112” was a Hail Mary, but rather than dutifully capitulating to the marketplace—making something more aligned, spiritually and compositionally, with, say, Steely Dan’s “The Royal Scam” or the Rolling Stones’s “Black and Blue,” two of the most beloved commercial rock records of 1976—Rush instead assumed a kind of fuck-it abandon. The band had not assembled an audience via extensive radio play or critical adulation or corporate positioning but by people tapping each other on the shoulder and saying, “Dude, check this out.” For “2112,” the band leaned further into its idiosyncrasies rather than trying to curb them.

Source: The Misfit Awesomeness of Neil Peart and Rush | The New Yorker

Mark Turner : Iran believed to have deliberately missed U.S. forces in Iraq strikes, Western sources say – Iran – Haaretz.com

January 10, 2020 03:05 AM

Called this yesterday, too. Iran was fully capable of killing many Americans here but chose not to. They may be saner than Trump.

Iran is believed to have deliberately sought to avoid U.S. military casualties in missile strikes on bases housing American troops in Iraq launched in retaliation for the U.S. killing of an Iranian general, according to U.S. and European government sources familiar with intelligence assessments.

The sources, speaking on condition of anonymity, said on Wednesday the Iranians were thought to have targeted the attacks to miss U.S. forces to prevent the crisis from escalating out of control while still sending a message of Iranian resolve. A source in Washington said overnight that early indications were of no U.S. casualties, while other U.S. officials declined comment.

Source: Iran believed to have deliberately missed U.S. forces in Iraq strikes, Western sources say – Iran – Haaretz.com

Mark Turner : Iranian Missile Accidentally Brought Down Ukrainian Jet, Officials Say – The New York Times

January 10, 2020 03:03 AM

Called this yesterday. Loss of a single engine won’t down a plane and Iranian officials declared it a mechanical problem before the fires were even out. Condolences to the victims.

WASHINGTON — An Iranian missile accidentally brought down a Ukrainian jetliner over Iran this week, killing everyone aboard, American and allied officials said on Thursday, adding a tragic coda to the escalated military conflict between Washington and Tehran.

Prime Minister Justin Trudeau of Canada said his country had intelligence that an Iranian surface-to-air missile brought down the jetliner, which was carrying 63 Canadians among its some 176 passengers and crew. Mr. Trudeau said his conclusion was based on a preliminary review of the evidence but called for a full investigation “to be convinced beyond all doubt.”

Source: Iranian Missile Accidentally Brought Down Ukrainian Jet, Officials Say – The New York Times

Mark Turner : Who are Pat and Alex and why are they texting people about their homes?

January 10, 2020 02:51 AM

Earlier this week, two separate neighbors received a curious text. A person calling themselves Pat expressed interest in buying their homes.

One from 919-373-6758 read:

“Hey there, so sorry if I have the wrong number. I am Pat and would love to contact [homeowner]. Regarding a property in [homeowner address], in order to determine if there is interest in selling. Do I have the right number?”

the other from 919-769-6879, read:

“Hey there, This is Pat, I am trying to reach out [homeowner – sic]. Regarding a property in [homeowner address], to see if selling it would be an option. You wouldn’t know the owner or would you?”

Both were sent at the same time of day, 9:33 AM, but on two separate days. They were from two different phone numbers as well. Another neighbor received a similar text on Nov 20th, I’m told. (Coincidentally, I’ve been getting and ignoring scammy calls at home from 919-769-68xx numbers for several weeks now).

Being the curious sort, I did a few Google searches for this text and came across a number of similar texts, only from different alleged people. A search of the venerable 800notes.com shows only one other similar text, this one from “Alex” from the number 832-934-9960:

“Hello, apologies if this is not a good number. This is Alex, I am looking for [homeowner]. Regarding a property in [homeowner address], in order to see if selling it would be an option. You don’t know the owner or do you?”

Obviously these are connected. How many people are getting them? How come there isn’t more information about them online? How is it that both my friends got the texts on separate days but at 9:33 AM on those days? And what’s the ultimate goal here? Is this just some bot that is out there, doing data cleanup to match phone numbers with names and addresses?

I’ll keep you posted as I learn more about this supposed scam.

Update 10 Jan:

I found another Internet hit, this thread on the City-Data website. This one’s from someone in Minnesota and dates from November 2018:

Over the past several months, I have been getting texts asking if I want to sell my house in Maricopa County. Each one has a different phone #. each message has a different message. My wife has gotten a couple as well (again, a different phone # and message each time).

Today, I got this one which is pretty typical:
Exact words:
“Hi (and my actual 1st name)! My name is Alex, I’m a local home buyer reaching out to see if you’re interested in an offer for your home on (my actual address)? Thx

I refuse to text back. But a couple of times, I called with my Google Phone # (same phone but with a hidden #) and got a vmail message asking to leave my name and address. I left out the address but gave my google, non-traceable #) and said that I wanted to sell my property”. No response….

I googled the number that came in on the text just today which is 480-531-6397. Another time from 623-295-0692 (he was “looking to buy a house in our neighborhood”). There are other phone #’s. I’m not alone with the 623 extension https://800notes.com/Phone.aspx/1-623-295-0692

Does anybody know what their scam might be? People who have called or texted back haven’t gotten a call back. Something smells fishy.

The most recent entry (again, November 2018) on that 800notes page adds a new name to the mystery, a “Tim.”

Got a text message. Says his name is Tim with Home Buyers. Wanted to see if I wanted to sell my house.
Scam?

The user “superstition480” on the City-Data thread says the outfit is “1 800 Fair Offer”:

The main company doing this, is called “1 800 Fair Offer”. They illegally robocall consumers trying to buy their houses FAR below market value. The company is owned by an arrogant guy named Sean Terry. This goof actually has videos posted on YouTube to teach his followers how to illegally robocall for more leads. I am in the process of filing a complaint with the Arizona State Attorney General’s office, and am also considering a class action suit against this company for their illegal robocalling.

I’m going to see what I can find out about “1 800 Fair Offer” and if there have been any complaints against them for illegal robocalling/texting.

Mark Turner : Facebook bans ads from The Epoch Times after huge pro-Trump buy

January 10, 2020 02:06 AM

Facebook kicked these guys off their ad platform in August 2019. Apparently that didn’t last long as I got two ads for The Epoch Times in my Facebook feed today:

Back by popular demand?


I guess Zuckerberg loves money more than morals.

Facebook has banned The Epoch Times, a conservative news outlet that spent more money on pro-Trump Facebook advertisements than any group other than the Trump campaign, from any future advertising on the platform.

The decision follows an NBC News report that The Epoch Times had shifted its spending on Facebook in the last month, seemingly in an effort to obfuscate its connection to some $2 million worth of ads that promoted the president and conspiracy theories about his political enemies.

“Over the past year we removed accounts associated with the Epoch Times for violating our ad policies, including trying to get around our review systems,” a Facebook spokesperson said. “We acted on additional accounts today and they are no longer able to advertise with us.”Facebook’s decision came as a result of a review prompted by questions from NBC News. The spokesperson explained that ads must include disclaimers that accurately represent the name of the ad’s sponsors.

Source: Facebook bans ads from The Epoch Times after huge pro-Trump buy

Mark Turner : Teen Vogue story on Facebook prompts sponsored content fears, vanishes – Business Insider

January 10, 2020 01:58 AM

This is some sneaky shit on Facebook’s part.

After pondering it for a day, I think its audience wasn’t Teen Vogue but actually Congress. Not that anyone in Congress reads Teen Vogue, but Facebook COO Sheryl Sanberg was all too happy to crow about this puff piece. I think Facebook was trying desperately to show Congress its serious about policing itself when in actuality it only cares about money.

I feel bad for Teen Vogue as the teen magazine has been running really good stories explaining cybersecurity. Of course, they also run stories telling teens about the joys of anal sex, so it’s a wash I guess. At any rate,any credibility Teen Vogue may have had is gone now. Hope the money was worth it.

Here’s the original story, captured by The Internet Archive’s magnificent Wayback Machine.

(Also, that’s the least clickbait-y headline EVER. Obviously it wasn’t meant for teens.)

An uncritical story in Teen Vogue about Facebook’s efforts to secure its social network ahead of the 2020 election caused bewilderment over contradictory messages about whether it was paid for by Facebook — before it just disappeared completely.

On Wednesday, Teen Vogue published “How Facebook Is Helping Ensure the Integrity of the 2020 Election.” It’s a 2,000-plus-word story comprising a series of interviews with various senior Facebook employees about how the Silicon Valley tech giant is working to avoid nefarious political activity in the US’s coming presidential election.

The positive tone of the piece, and lack of byline indicating who wrote it, led some on Twitter to speculate that it was a piece of sponsored content — that is, an article paid for and overseen by Facebook to promote itself.

This suspicion was seemingly confirmed when, some time after publishing, Teen Vogue appended a note to the top of the story, reading: “Editor’s note: This is sponsored editorial content.”

The note raised questions about editorial ethics — why wasn’t this disclosed from the start? — but the saga didn’t end there. Facebook instead denied that it was sponsored content, saying it was just a regular article, and the note disappeared from the top of the story again.

Source: Teen Vogue story on Facebook prompts sponsored content fears, vanishes – Business Insider

Mark Turner : bellingcat – Guide To Using Reverse Image Search For Investigations – bellingcat

January 08, 2020 11:22 AM

Reverse image search is one of the most well-known and easiest digital investigative techniques, with two-click functionality of choosing “Search Google for image” in many web browsers. This method has also seen widespread use in popular culture, perhaps most notably in the MTV show Catfish, which exposes people in online relationships who use stolen photographs on their social media.

However, if you only use Google for reverse image searching, you will be disappointed more often than not. Limiting your search process to uploading a photograph in its original form to just images.google.com may give you useful results for the most obviously stolen or popular images, but for most any sophisticated research project, you need additional sites at your disposal — along with a lot of creativity.

This guide will walk through detailed strategies to use reverse image search in digital investigations, with an eye towards identifying people and locations, along with determining an image’s progeny. After detailing the core differences between the search engines, Yandex, Bing, and Google are tested on five test images showing different objects and from various regions of the world.

Source: bellingcat – Guide To Using Reverse Image Search For Investigations – bellingcat

Mark Turner : How Lindsey Graham Lost His Way – Rolling Stone

January 08, 2020 12:22 AM

Lindsey Graham and Donald Trump were born nine years and one month apart. Trump came first, but when they appear side by side, as they often do these days, the men look about the same age. On November 6th, in the East Room of the White House, the president held an event to mark the record number of federal judges his administration has appointed, and Graham was there, having played a critical role in the achievement as chairman of the Senate Judiciary Committee. Trump’s staff had scheduled the event in part to shift focus from the House impeachment investigation, to remind any wobbly Republicans of the reason they’d held their noses and voted for the guy in the first place.

Over the course of his three terms representing South Carolina in the Senate, Graham had become predominantly known for two things: extreme hawkishness on foreign policy, following the lead of his close friend and mentor, the late Arizona Sen. John McCain, and a bipartisan streak that resulted in high-profile attempts to cut big deals on issues like immigration reform and climate change. A former senior staffer for a Democratic senator who has worked alongside Graham on bipartisan legislation tells me, “Like John McCain, he was a conservative Republican, but it was always worth asking where he was going to be on a particular issue, because he wasn’t completely beholden to party orthodoxy. He’d often be way out ahead of his staff, negotiating on the Senate floor unbeknownst to them, and they would be playing catch-up.

Will Folks, a conservative political blogger in South Carolina, says, “The joke here is Graham has a ‘count to six’ approach to governing: He spends the first four years of his term doing whatever he wants, veering off toward the left, and then the last two years, when the electorate is paying more attention, he comes right.

”Graham is “never flustered, and just a natural at dealing with people who don’t like him,” says David Woodard, a political-science professor at Clemson University who ran Graham’s first two campaigns for the House of Representatives and recalls the first-term congressman as quickly becoming the unofficial social director for his freshman class, though he added, “You’re going to find Lindsey knows a lot of people, but he’s not close to anybody.”

Source: How Lindsey Graham Lost His Way – Rolling Stone

Mark Turner : ‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age

January 07, 2020 11:14 PM

When hackers began slipping into computer systems at the Office of Personnel Management in the spring of 2014, no one inside that federal agency could have predicted the potential scale and magnitude of the damage. Over the next six months, those hackers — later identified as working for the Chinese government — stole data on nearly 22 million former and current American civil servants, including intelligence officials.

The data breach, which included fingerprints, personnel records and security clearance background information, shook the intelligence community to its core. Among the hacked information’s other uses, Beijing had acquired a potential way to identify large numbers of undercover spies working for the U.S. government. The fallout from the hack was intense, with the CIA reportedly pulling its officers out of China. (The director of national intelligence later denied this withdrawal.)Personal data was being weaponized like never before. In one previously unreported incident, around the time of the OPM hack, senior intelligence officials realized that the Kremlin was quickly able to identify new CIA officers in the U.S. Embassy in Moscow — likely based on the differences in pay between diplomats, details on past service in “hardship” posts, speedy promotions and other digital clues, say four former intelligence officials. Those clues, they surmised, could have come from access to the OPM data, possibly shared by the Chinese, or some other way, say former officials.

The OPM hack was a watershed moment, ushering in an era when big data and other digital tools may render methods of traditional human intelligence gathering extinct, say former officials. It is part of an evolution that poses one of the most significant challenges to undercover intelligence work in at least a half century — and probably much longer.The familiar trope of Jason Bourne movies and John le Carré novels where spies open secret safes filled with false passports and interchangeable identities is already a relic, say former officials — swept away by technological changes so profound that they’re forcing the CIA to reconsider everything from how and where it recruits officers to where it trains potential agency personnel. Instead, the spread of new tools like facial recognition at border crossings and airports and widespread internet-connected surveillance cameras in major cities is wiping away in a matter of years carefully honed tradecraft that took intelligence experts decades to perfect.

Source: ‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age

Ben Reed : Remembering Haku

December 28, 2019 07:43 PM

On Monday we had to let Haku go.

I couldn’t bring myself to talk about it at the time, and with the holidays and family visiting it got busy enough to distract myself, but he was my buddy and he deserves a proper eulogy.

Haku had a rough start as a kitten. He had some kind of infection that was giving him a rash on his ears and appeared to be eating a portion of his nose. We treated it but honestly the vet was never quite sure what it was and we think it just cleared up eventually on its own.

He is named after the water spirit from Spirited Away. When we first got him, he and Saru were locked in the bathroom while we acclimated them. I had turned the sink on and he CLIMBED my leg to get up there and immediately jumped into the water.

Haku from Spirited Away

He loved to drink from the sink, but he was comically bad at it. He’d stick his head right under the stream, or let it just run over his face while he tilts his head.

Haku drinking from the sink

His favorite toy was a round scratcher that has a ball that runs around it. He had a weird little head flip he would do when he got super excited while he played and it never failed to crack me up.

He could not RESIST clothes on the bed, especially my pants. He would jump up and rub his face on my belt incessantly.

Haku on my pants Haku on my pants

He also, like most cats, could not resist a good box. But his favorite was the laundry basket.

Haku bathing in a laundry basket Haku in a box
The Haku stare, in a laundry basket

Even more than that, he loved bags. Didn’t matter if he was in it, or smashing it down and laying on it.

Haku stretched out on a crushed paper bag
Haku sitting comfortably in a paper bag Haku in a plastic bag

In the mornings when we were working at home, Haku would jump up on Cynthia’s desk and then walk over wanting to be in her lap. She would have to put a leg up across her other so he had a spot and then he'd hang out there for a while.

Haku in Cynthia's lap

Later in the day he’d cross her desk behind me and want to get on my legs, then I’d turn back to my desk and pet him on my lap. Usually he’d put his front paws up on my chest and settle while I rubbed his ears and chin.

Chin scritches at my desk Haku settles on my chest

If there was something new or confusing in the house, he did this hilarious head dip thing. He was especially weirded out by hats, even more so when I was wearing one.

He loved to stretch and roll. He’d often get himself stretched out and then roll himself violently back and forth, licking his paws in between. This was (of course) called “lick-rolling”. #NeverGonnaGiveYouUp

Haku stretched impossibly in the hallway helping us wrap presents
Haku stretched out by the screen door at our old house

As anyone who has followed me for a bit knows, he loved loved LOVED leg time. We’d sit downstairs at the TV, I’d stretch my legs out along the couch, and he’d jump up and lay on them, contorting himself into more and more ridiculous poses as he got more comfortable.

leg time more leg time
even more leg time even even *more* leg time

He had mastered the art of “puppy dog eyes”. While he was in the midst of all his emergency hospital visits, he’d have a different doctor each day. Every. single. one. talked about how beautiful he was and how striking his eyes were. He could trap you in them.

the Haku stare Haku glamor shot

He was the most graceful klutz I’d ever seen. One minute he’d slip while walking along a table. The next he’d jump right up to the fridge, up on top of the cabinets, and then across the chasm to the cabinets across the way.

We first discovered he was getting up on those cabinets when we found a paw print on the range hood. 🙀

It wasn’t all grace and beauty, though. Sometimes when he’d fall asleep, he’d close his inner lids but his eyes would stay mostly open, and his mouth would hang open, derpily. (Is derpily a word?) It always made me laugh.

Haku's inner eyelids derp

For some reason, when he was just hanging out in the hall or something, he’d pose in a standard-form cat rug-duck, but would put one arm straight out. I used to joke about it before it stopped being abstractly funny to me to make alt-right jokes. 😐


He had MASSIVE bunny feet. They were so damn cute.

I know I mentioned it on Twitter recently, but part of the bedtime routine was that after I brushed my teeth, I would head to bed and he would RUN to follow me and sniff at my minty breath and then go crazy rolling around. I recently managed to get a little bit of video of it.

There are probably tons of things I’m forgetting to add. He was an exceptionally photogenic cat, and I have about eleven billion photos of him, all either hilarious or cute, or both.

I hate that his body betrayed him even as his personality managed to hold on through changes in food, tons of pills, & way too many vet visits. But in the end there was no sign things would actually improve; it was likely some form of cancer in addition to other things.

It’s hard letting a pet go, but it’s even harder when the choice when to end it isn’t clear-cut. We had made the choice to do it a couple of times in the last few months, each one hit-wrenching. Each time, we had a new reason to hope and pulled back from the brink.

In the end, we did so much to try to get his insides settled, only to come right back to the same cycle of symptoms. After a few days dwelling on it, I still think it was the right time, but that doesn’t mean it was any easier to actually do.

All I know is, he was a wonderful kitty, and I’m going to miss him more than I can possibly say.

Goodbye, buddy.

😭

Share on Facebook

Mark Turner : A Letter From Gary Larson | TheFarSide.com | TheFarSide.com

December 18, 2019 02:22 AM

Gary Larson has finally arrived online and the promise of new The Far Side cartoons is in the air, yet I don’t know how I feel about this. I will always love The Far Side but I cringe at the thought of the new stuff not measuring up to old stuff. I also miss seeing the cartoon nestled in the comics pages of an actual newspaper. And, truth be told, Larson’s hero status fell in my eyes when he aggressively chased his cartoons off the Internet.

Twelve years after I wrote that I still feel the same way. Now that Larson wants to join the party is he still welcome? Does The Far Side belong on the Internet at all, even if it’s Larson’s own doing? Or should it ride off into the sunset along with the newspaper industry?

I kinda wish I hadn’t had to ponder this question.

Truthfully, I still have some ambivalence about officially entering the online world — I previously equated it to a rabbit hole, although “black hole” sometimes seems more apropos — but my change of heart on this has been due not only to some evolution in my own thinking, but also in two areas I’ve always cared about when it comes to this computer/Internet “stuff”: security and graphics.

Source: A Letter From Gary Larson | TheFarSide.com | TheFarSide.com

Mark Turner : Families Don’t Use Landlines Anymore – The Atlantic

December 18, 2019 01:10 AM

The early telephone’s bulky size and fixed location in the home made a phone call an occasion—often referred to in early advertisements as a “visit” by the person initiating the call. (One woman quoted in Once Upon a Telephone recalls the phone as having the “stature of a Shinto shrine” in her childhood home.) There was phone furniture—wooden vanities that housed phones in hallways of homes, and benches built for the speaker to sit on so they could give their full attention to the call. Even as people were defying time and space by speaking with someone miles away, they were firmly grounded in the space of the home, where the phone was attached to the wall.

Over the course of the 20th century, phones grew smaller, easier to use, and therefore less mystical and remarkable in their household presence. And with the spread of cordless phones in the 1980s, calls became more private. But even then, when making a call to another household’s landline, you never knew who would pick up. For those of us who grew up with a shared family phone, calling friends usually meant first speaking with their parents, and answering calls meant speaking with any number of our parents’ acquaintances on a regular basis. With practice, I was capable of addressing everyone from a telemarketer to my mother’s boss to my older brother’s friend—not to mention any relative who happened to call. Beyond developing conversational skills, the family phone asked its users to be patient and participate in one another’s lives.

Source: Families Don’t Use Landlines Anymore – The Atlantic

Mark Turner : Facebook audio snooping almost certainly prompted targeted ad

December 17, 2019 02:42 AM

A story in July’s Consumer Reports discussed the possibility of our social media apps secretly listening to us:

Well, it’s technically possible for phones and apps to secretly record what you say. And lots of people sure seem to think they do.

According to a nationally representative phone survey of 1,006 U.S. adults conducted by Consumer Reports in May 2019, 43 percent of Americans who own a smartphone believe their phone is recording conversations without their permission.

But, to date, researchers have failed to find any evidence of such snooping.

While there might not be any fire yet, there sure as hell is smoke.

I’ve written before about how Facebook seems to be surreptitiously spying on its mobile users through their phones’ microphones. It happened to my friend whose lunch conversation served up an unlikely ad on his iPhone for ignition coils. He was adamant he never typed anything about ignition coils, and I have to say it’s highly unlikely that anyone would type “ignition coils” unless they were in the quite unique position to need them.

Since that incident, and the one where I caught the Facebook app blatantly serving me ads based on photos I had NOT shared, I’d banned Facebook Mobile from my phone and my wife soon did the same.

Sprung into my Facebook feed.

Problem solved, right? Well, not quite. In September, in the presence of my wife’s iPhone, I had a conversation about a home remedy involving Irish Spring soap. An hour later, I get an ad in my Facebook feed for … Irish Spring! In this case, it’s possible that Google saw the page I requested, had an index of it to know that Irish Spring was mentioned on it, and assumed that I must be interested in Irish Spring, right? That’s certainly possible, but …

… there were many products listed on that page. Why was I only shown an ad for the product I had mentioned verbally? More smoke.

The coup de grace came last month at work. During one of my company’s internal meetings, it was announced that we had landed a new customer, whom I’ll call “Spirit Health.” I didn’t think anything of it, aside from the joy of gaining a new customer, until the next morning when I pull up Facebook.

It was a cheerful ad for Spirit Health.

“Spirit Health” Facebook ad that came out of nowhere

I want to stress here that:

  • I had never heard of Spirit Health before it was discussed in my company meeting.
  • I had never typed “Spirit Health” in anywhere. Ever.
  • I had never spoken the words “Spirit Health” before then.
  • I joined the company meeting by way of headphones, so my phone never heard the words “Spirit Health.”

This was absolutely mind-boggling. The odds of this company’s ad simply showing up randomly in my Facebook feed was staggeringly small. I had given my phone no input whatsoever to cue it. I know that for a fact. I’ve been leery of the Facebook/Google/DoubleClick complex long enough to have become hyper-aware of the information I give to them.

HOW DID FACEBOOK SERVE ME THAT AD ?!?

Well, it had to know somehow. It certainly wasn’t random. Nothing I had done could’ve summoned the ad. Someone else (or more specifically, someone else’s phone) must have been involved. Following my hunch, I jumped on Slack and quickly polled my colleagues to see what phones they have and what apps they have on their phone.

There were three people in the work conference room that day, tuned into the meeting:

  • Two have Android phones, one has an iPhone.
  • Of those, two have Facebook installed (one Android, one iPhone).

Based on my friend’s ignition coil experience, my working theory is the iPhone of my colleague, Jennifer, was the source of the “leak.” Not only does she have an iPhone, she also has Facebook installed on it. My hunch is this combination – Facebook on iPhone – is the one most likely to spy on verbal conversations. Also, Jennifer’s role in the company is one where she would not need to Google for information on Spirit Health – she would’ve already known about the company.

So, how did the ad appear in my Facebook feed then? Google (or Facebook. Or both) knows where I work. I helpfully told Google this when I labeled my office building in Google Maps. But even more specifically, the technology of geolocation (i.e. being on the same WiFi network) can determine when a group of mobile phone users are together. One phone, hearing a conversation in one room, can be used to target an ad to another person who was nearby. I strongly suspect Google (or Facebook. Or both) likes to show ads to people near a person at the time that person happened to search for something Google has keywords for.

Northeastern University computer science professor David Choffnes and fellow researchers tested 17,000 Android apps and found none of them were secretly recording audio. But this was Android. I would love to see him repeat his testing, this time on the Apple world.

On his way to billionaire-hood, a 19-year old Mark Zuckerberg laughed at his users, saying “they trust me. Dumb fucks.”

The more things change, the more they stay the same.

Mark Turner : Electronics testing at the airport

November 15, 2019 01:48 AM

I haven’t posted a TSA story in a while because I’m lucky enough not to travel as often as I did. When I have traveled, I have come to appreciate how professional the team at my home airport, Raleigh-Durham, is. I’ve never had a bad experience with them and this – I want to stress – is not a bad one, either. Just unusual.

For years I have enjoyed the benefit of TSA-Pre, allowing me to speed through security lines. Naturally, I headed into the TSA-Pre line when I flew out of Raleigh on Wednesday morning. Expecting all to be well, I was intrigued when I apparently set off the metal detector.

“Wait right here, sir,” the screener said, calmly. “We’re going to screen your electronics.”

I waited on the mat next to the metal detector while another agent got through checking another traveler’s electronics. He invited me over and I carried my bags to the testing station.

“Got any thing that is sharp, going to stick me, contraband, etc?” he asked. When I answered no, he politely asked if I had a laptop in the bag. I showed him the pocket it was in and he laid it out on the counter.

He then swabbed my laptop with a chemical pad, popped the swab into the sensor for analysis, and stepped away. To my surprise, the sensor began beeping. My newish work laptop had only been on my office desk and my home desk – not to the coca fields of South America or anything. I began to think over kind of substance could have possibly set off this false alarm.

Another agent walked up, checked the code on the machine, then looked at a placard that was on the top. “You’re looking for a block or a powder,” he told the original screener as the first screener returned to the machine.

The agent then checked through all the big pockets of my bag, looking for said “block or powder.” The agent, still calm and professional, told me he would pass my laptop back through the X-ray machine. It came back fine, of course, and the agent reassembled everything and cordially sent me on my way.

I was mystified why a machine would flag my laptop – one so new that its practically spotless. The whole episode was done with no sense of urgency or passion at all – it seemed everyone was in on the drill but me.

Only later when I arrived at my destination did I realize that even though I had somehow set off the metal detector, no one had ever searched me. No pat down, nothing. My jacket stayed on the whole time and had I had the mind to, I could have smuggled anything I had wanted to onto my flight. I watched a TSA agent in Boston kick the metal detector to make it falsely alarm, though, so just because it buzzes doesn’t mean it’s a legitimate alarm. So I assume it was just a drill.

Fortunately for me, I had budgeted enough time to play the game.

Mark Turner : A Destroyer – By John Steinbeck

October 12, 2019 01:54 PM

USS Elliot (DD-967) in North Arabian Gulf, circa 1998

John Steinbeck spent a few weeks aboard a destroyer in World War II, the USS Knight (DD-663), and wrote this ode to destroyers called “A Destroyer” in 1943. It appeared in a collection of his dispatches published in 1958 in a book called Once There Was a War.

I think it sums up life on a destroyer quite well.

A destroyer is a lovely ship, probably the nicest fighting ship of all. Battleships are a little like steel cities or great factories of destruction. Aircraft carriers are floating flying fields. Even cruisers are big pieces of machinery, but a destroyer is all boat. In the beautiful clean lines of her, in her speed and roughness, in her curious gallantry, she is completely a ship, in the old sense.

For one thing, a destroyer is small enough so that her captain knows his whole crew personally, knows all about each one as a person, his first name and his children and the trouble he has been in and is capable of getting into. There is an ease on a destroyer that is good and a good relationship among the men. Then if she has a good captain you have something really worth serving on.

The battleships are held back for a killing blow, and such a blow sometimes happens only once in a war. The cruisers go in second, but the destroyers work all the time. They are probably the busiest ships of a fleet. In a major engagement, they do the scouting and make the first contact. They convoy, they run to every fight. Wherever there is a mess, the destroyers run first. They are not lordly like the battleships and the men who work them are seamen. In rough weather they are rough, honestly and violently rough.

A destroyerman is never bored in wartime, for a destroyer is a seaman’s ship. She can get under way at the drop of a hat. The water under fantail boils like a Niagara. She will go rippling along at thirty-five knots with the spray sheeting over her and she will turn and fight and run, drop depth charges, bombard, and ram. She is expendable and dangerous. And because she is all these things, a destroyer’s crew is passionately possessive. Every man knows his ship, every inch of it, not just his own station.

The destroyer X is just such a ship. She has done many thousands of miles since the war started. She has been bombed and torpedoes have gone under her bow. She has convoyed and fought. Her captain is a young, dark-haired man and his executive officer looks like a blond undergraduate. The ship is immaculate. The engines are polished and painted and shined.

She is a fairly new ship, the X, commissioned fifteen months ago. She bombarded at Casablanca and GeIa and Salerno and she has captured islands. Her officers naturally would like to go to larger ships because there is more rank to be had on them, but no destroyerman would rather sail on anything else.

The destroyer X is a personal ship and a personality. She is worked quietly. No one ever raises his voice. The captain is soft-spoken and so is everyone else. Orders are given in the same low tone as requests for salt in the wardroom. The discipline is exact and punctilious but it seems to be almost mutually enforced, not from above. The captain will say, “So many men have shore leave. The first man who comes back drunk removes shore liberty for everyone.” It is very simple. The crew would discipline anyone who jeopardized the liberty of the whole ship. So they come back in good shape and on time. The X has very few brig cases.

When the X is in a combat area she never relaxes. The men sleep in their clothes. The irritating blatting sound which means “action stations” is designed to break through sleep. It sounds like the braying of some metallic mule, and the reaction to it is instant. There is a scurrying of feet in the passageways and the clatter of feet on the ladders and in a few seconds the X is bristling with manned and waiting guns, AAs that peer at the sky and the five-inch guns which can fire at the sky too.

The crouched and helmeted men can get to their stations in less than a minute. There is no hurry or fuss. They have done it hundreds of times. And then a soft-spoken word from the bridge into a telephone will turn the X into a fire-breathing dragon. She can throw tons of steel in a very short time.

One of the strangest things is to see her big guns when they go on automatic control. They are aimed and fired from the bridge. The turret and the guns have been heavy dead metal and suddenly they become alive. The turret whips around but it is the guns themselves that seem to live. They balance and quiver almost as though they were sniffing the air. They tremble like the antennae of an insect, listening or smelling the target. Suddenly they set and instantly there is a belch of sound and the shells float away. The tracers seem to float interminably before they hit. And before the shells have struck, the guns are trembling and reaching again. They are like rattlesnakes poising to strike, and they really do seem to be alive. It is a frightening thing to see.

“A Destroyer,” from Once There Was a War by John Steinbeck, copyright 1943, 1958 by John Steinbeck. Renewed (c) 1971 by Elaine Steinbeck, John Steinbeck IV, and Thomas Steinbeck. Used by permission of Viking Penguin, a division of Penguin Group (USA) Inc.

Tarus Balog : A Low Bandwidth Camera Solution

September 30, 2019 06:00 PM

My neighbor recently asked me for advice on security cameras. Lately when anyone asks me for tech recommendations, I just send them to The Wirecutter. However, in this case their suggestions won’t work because every option they recommend requires decent Internet access.

I live on a 21 acre farm 10 miles from the nearest gas station. I love where I live but it does suffer from a lack of Internet access options. Basically, there is satellite, which is slow, expensive and with high latency, or Centurylink DSL. I have the latter and get to bask in 10 Mbps down and about 750 Kbps up.

Envy me.

Unfortunately, with limited upstream all of The Wirecutter’s options are out. I found a bandwidth calculator that estimates a 1 megapixel camera encoding video using H.264 at 24 fps in low quality would still require nearly 2 Mbps and over 5 Mbps for high quality. Just not gonna happen with a 750 Kbps circuit. In addition, I have issues sending video to some third party server. Sure, it is easy but I’m not comfortable with it.

I get around this by using an application called Surveillance Station that is included on my Synology DS415+. Surveillance Station supports a huge number of camera manufacturers and all of the information is stored locally, so no need to send information to “the cloud”. There is also an available mobile application called DS-cam that can allow you to access your live cameras and recordings remotely. Due the the aforementioned bandwidth limitations, it isn’t a great experience on DSL but it can be useful. I use it, for example, to see if a package I’m expecting has been delivered.

DS-Cam Camera App

[DS-Cam showing the current view of my driveway. Note the recording underneath the main window where you can see the red truck of the HVAC repair people leaving]

Surveillance Station is not free software, and you only get two cameras included with the application. If you want more there is a pretty hefty license fee. Still, it was useful enough to me that I paid it in order to have two more cameras on my system (for a total of four).

I have the cameras set to record on motion, and it will store up to 10GB of video, per camera, on the Synology. For cameras that stay inside I’m partial to D-Link devices, but for outdoor cameras I use Wansview mainly due to price. Since these types of devices have been known to be easily hackable, they are only accessible on my LAN (the “LAN of things”) and as an added measure I set up firewall rules to block them from accessing the Internet unless I expressly allow it (mainly for software updates).

To access Surveillance Station remotely, you can map the port on the Synology to an external port on your router and the communication can be encrypted using SSL. No matter how many cameras you have you only need to open the one port.

The main thing that prevented me from recommending my solution to my neighbor is that the DS415+ loaded with four drives was not inexpensive. But then it dawned on me that Synology has a number of smaller products that still support Surveillance View. He could get one of those plus a camera like the Wansview for a little more than one of the cameras recommended by The Wirecutter.

The bargain basement choice would be the Synology DS118. It cost less than $200 and would still require a hard drive. I use WD RED drives which run around $50 for 1TB and $100 for 4TB. Throw in a $50 camera and you are looking at about $300 for a one camera solution.

However, if you are going to get a Synology I would strongly recommend at least a 2-bay device, like the DS218. It’s about $70 more than the DS118 and you also would need to get another hard drive, but now you will have a Network Attached Storage (NAS) solution in addition to security cameras. I’ve been extremely happy with my DS415+ and I use it to centralize all of my music, video and other data across all my devices. With two drives you can suffer the loss of one of them and still protect your data.

I won’t go in to all of the features the Synology offers, but I’m happy with my purchase and only use just a few of them.

It’s a shame that there isn’t an easy camera option that doesn’t involve sending your data off to a third party. Not only does that solution not work for a large number of people, you can never be certain what the camera vendor is going to do with your video. This solution, while not cheap, does add the usefulness of a NAS with the value of security cameras, and is worth considering if you need such things.

Jesse Morgan : Unfinished Drafts: Proposal for New Server Implementation

September 28, 2019 01:18 AM

This was originally written in at some point in 2013. It was never finished, and other than some light editing, I’ve left it in the original state.
Current Situation

My current employer has a problem with managing scale. Bad habits and lack of consistency have led to an environment of never-ending one-offs that result in extended downtime, employee burnout, and loss of productivity. To fully grasp the scope of the current situation, We must look at the issues we currently suffer from, and the cost incurred by them.

Two issues: Builds and …Everything Else

Builds have been a sore point for our for our team for some time. Common complaints involve:

  • Reliance on a proprietary tool (HP RDP), which is windows based and owned by another team
  • Reliance on DNS entries for the build process, which may take days to go through
  • Lack of Tribal knowledge of the build process (only 2 team members are fully educated in it)
  • Lack of visibility and documentation of the process and details
  • Lack of centralized account management ownership
  • Slow to resolve issues with build (no default jdk install, ulimit)
  • Newly built servers are not up to date (patched)
  • Aged distributions (SLES 9, SLES 10) require hardware-specific drivers on newer hardware.

Beyond our build problems, we have further issues:

  • Lack of centralized, Tiered, or Channeled patching.
  • Unreliable naming conventions.
  • Heavy ramp-up time

While we have done our best to address some of these non-build issues, only a full revamp of the build process will address the underlying problems.

Resulting Costs: Time and Money

The repercussions of our build issues have both obvious and indirect costs.

Things that Cost Time

  • Builds require DNS Changes: RDP requires DNS entries, which require Change Request windows. This can roadblock a project for up to two days.
  • Inconsistency: Tracking down simple production issues require intimate domain knowledge due to the sheer number of one offs.
  • Lack of Visibility: Without domain knowledge, the steps to tracking down an issue requires extensive sleuthing to fight the right servers, pools, projects, irules, etc.
  • Lack of Auditing: With no mechanism within the team to “circle back” and clean up after ourselves, unresolved issues sit for months, resulting in confusion later.
  • Lack of up-to-date Documentation: Much of our documentation is woefully out of date, leading to poor decisions based on bad intel.
  • Lack of Instrumentation: Applications consist of multiple layers, but due to firewall, code, authentication and DNS constraints, Applications cannot easily be tested at all layers.
  • High Ramp-up time for New Employees: Time is wasted for both the new employee and trainer to learn all of the nuances.
  • Context Thrashing: Humans aren’t nearly as good at multitasking as they think. The constant thrash of interruptions reduce efficiency.

Things that Cost Money

  • Licensing: Only a small minority of our servers have valid SLES licenses, making update costs somewhat dubious. Updates via OpenSuse/CentOS are a viable option, but places us in a hybrid environment.
    • Suse quoted around $260k to fully license and support
    • Red Hat quoted significantly more to fully license and support
  • Support: Hardware support, software support, offshore support are not cheap.

Suggested Solution

The suggested solution to this predicament is a ground up redesign of our environment, starting with our baseline installation and building on our recently introduced conventions. Simplification and refactoring are the targets, since they will allow for better management at scale. Whenever a design decision is made, the ops team should be involved to discuss it.

Baseline Build: Commercial/Community Hybrid model

Two things prevent us from going with a completely community-supported build- Business Insecurity and third-party support.

  • Business Insecurity is an internal requirement to “call someone if something breaks,” which may or may not be used (or even helpful). Finding a solution is often quicker and easier through community support via online chat, google searches and social networking.
  • Third-party support is an external requirement where a company like Oracle will only support their product on a blessed distribution, despite the difference being in name only. As long as you are running on a licensed distribution, you are usually supported, regardless of the individual packages installed, meaning a RHEL-licensed server could pull packages from a CentOS source.

The primary differences between SLES/OpenSuse and RHEL/CentOS is the source of the packages and the trademarks. Regardless of distribution, maintaining our packages via an internal centralized source is possible, with licensing only used when “Vendor support” is required by a third party application.

RHEL/CentOS is suggested for baseline build for a number of reasons:

  • Market Penetration: RHEL has a 60-70% market share, meaning third party support will be better and sysadmin skills will be more commonplace (hence cheaper).
  • Larger Community Support: based on Support channels and various other sources, RHEL has the larger community.
  • Owns JBoss: RHEL could provide support and training at discounted rates.
  • Clean Slate:  Switching distributions forces a clean-slate re-evaluation of our practices.

Base Package Set and Base Configuration Overlay

Server installation

Conventions over Configuration

Plainly Labeled

Consolidation

Upgrade path

How This Reduces Costs and Man-Hours

Concerns

Implementation Examples to resolve outstanding issues

Jesse Morgan : Unfinished Drafts: Battle system

September 28, 2019 01:07 AM

This article is from sometime in 2008. I was kicking around the algorithms for combat. While it didn’t go anywhere, it’s interesting to see where my mind was.

 

Battle mechanics are always fun… but how to calculate battle and/or damage…

Base characters

stats Fighter Snapper Snake Worg Fighter (lvel 2) Fighter (level 20)
Lvl 1 1 11 19 2 20
atk 12 5 15 28 16 28
def 10 12 5 18 10 18
str 12 12 5 18 16 28
eva 9 5 15 28 9 16
maj 4 2 2 4 4 7
res 6 10 10 18 6 10
con 10 8 5 18 11 18
hp 50 40 25 90 55 90
total 63 54 57 63

Levelling

lvl 1: main stats(str,atk) +2, +5 points 27
lvl 2: main and std stats(str,atk,def,con) +1, +5 points 38
lvl 3: main A,std A, secondary A(str,def,eva) +1, +5 points 49
lvl 4: main B,std B, secondary B(atk,con,res) +1, +5 points 50
lvl 5: maj,eva +1, +5 points 61

Weaknesses

stab/slash/crush/mag

Base Equations

Chance to Hit = (atk + str*.1)/(def + eva*.1)*.5
chance for crit = atk/eva*.1
damage = rand(weapon-dmg) * str/def * ifcrit(1+str/def)

lvl 1 Fighter Vs. Snapper

Snapper attack:

(5 + 12*.1)/(10 + 9*.1)*.5 = 28% Chance to hit
5/9*.1= 5% Chance for crit
Jaws
(3 to 4) * 12/10 = 3.6 min
(3 to 4) * 12/10 = 4.8 avg
(3 to 4) * 12/10 = 4.8 max
(3 to 4) * 12/10 * (1+12/10) = 7.92 min crit
(3 to 4) * 12/10 * (1+12/10) = 10.56 avg crit
(3 to 4) * 12/10 * (1+12/10) = 10.56 max crit

Fighter attack:

(12 + 12*.1)/(12 + 9*.1)*.5 = 51% Chance to hit
12/5*.1= 24% Chance for crit
Fist
(1 to 3) * 12/12 = 1 min
(1 to 3) * 12/12 = 2 avg
(1 to 3) * 12/12 = 3 max
(1 to 3) * 12/12 * (1+12/12) = 2 min crit
(1 to 3) * 12/12 * (1+12/12) = 4 avg crit
(1 to 3) * 12/12 * (1+12/12) = 6 max crit
short sword
(2 to 6) * 12/12 = 2 min
(2 to 6) * 12/12 = 4 avg
(2 to 6) * 12/12 = 6 max
(2 to 6) * 12/12 * (1+12/12) = 4 min crit
(2 to 6) * 12/12 * (1+12/12) = 8 avg crit
(2 to 6) * 12/12 * (1+12/12) = 12 max crit
Long sword
(4 to 8 ) * 12/12 = 4 min
(4 to 8 ) * 12/12 = 6 avg
(4 to 8 ) * 12/12 = 8 max
(4 to 8 ) * 12/12 * (1+12/12) = 8 min crit
(4 to 8 ) * 12/12 * (1+12/12) = 10 avg crit
(4 to 8 ) * 12/12 * (1+12/12) = 16 max crit

Jesse Morgan : Unfinished Drafts: The Importance of Documentation

September 28, 2019 12:56 AM

This article was originally written on July 19th, 2010, but never published.

Documentation is another topic where there appears to be disagreement in the sysadmin world. When to document, what to document, who do document for, and where to store that documentation always seem to be subjects of contention. Everyone likes documentation, but no one has the time to document, and the rules for documentation often feel arbitrary. I’d like to open this up for discussion and figure out some baselines.

Should I Document?

If you have to ask then probably; but it’s much more complex than that. Documentation is time-consuming and rarely of value at first, so few want to invest the effort into it unless it’s needed. There are several questions here that need to be answered:

  • Why should I Document? What is the purpose of the documentation? Are you documenting a one-off process that you’ll have to do 10 months from now? Are you providing instructions for non-technical users? Perhaps you’re defining procedures for your team to follow. Whatever the reason, focus on it, and state it up front. There are few things worse than reading pages of documentation only to find out that it’s useless. Documentation for the sake of documentation is a waste of time.
  • What should I Document? It’s very easy to ramble when writing documentation (as many of my articles prove). Step back and review what you’ve written, then remove any unneeded content. Find your focus and document only what needs to be explained, leave the rest for footnotes and hyper links.
  • When should I Document? As soon as possible. Ideally you’d document as you worked, creating a perfect step-by-step record. Realistically, pressure to move quickly causes procrastination, but the truth of the matter is that the longer you wait, the less detail you’ll remember. Write down copious notes as you go, and massage it into a coherent plan after the fact.
  • Who should I Document for? Write for your audience- a non-technical customer requires a much lighter touch compared to a seasoned techie. The boss may need things simplified that a coworker would instinctively understand. Pick your target audience and stick to it. Anything that falls outside of the audience interests should be flagged as “[Group B] should take note that…” Also remember that the person who requests the documentation may not be the target audience.
  • Where should I Document? Where you keep documentation is often more important than the quality of your document. You can write the most compelling documentation in the company, but if it’s stored in a powerpoint slide on a shared drive, it’s of no use to someone searching a corporate wiki. Whatever your documentation repository may be, be it Alfresco, Sharepoint, Confluence or even Mediawiki, everyone has to be in agreement on a definitive source. The format should be searchable, track revisions, prevent unwanted access, and be inter-linkable.

Now that we’ve set some boundaries, let’s delve a little bit deeper into the types of documentation.

Types of Documentation

Documentation can take many forms. Over the course of any given day, you’ll see proposals, overviews, tutorials, standards, even in-depth topical arguments.

. Each type of documentation has its own rules and conventions- what’s required for one set may not be needed for another. That said, here are a few general rules to follow.

  • Be Concise
    • NO: thoughtfully contemplate the reduction of flowery adjectives and adverbs for clarification;
    • YES: remove unneeded words. Over-explaining will confuse the reader.
  • Be Clear – Make sure your subject is obvious in each sentence. Ambiguity will destroy reader comprehension.
  • Be Accurate – Incorrect documentation is worse that no documentation.
  • Keep it Bite-sized – Large chunks of data are hard to process, so keep the content in small, digestible chunks that can be processed one at a time.
  • Stay Focused – Keep a TODO list. Whenever you think of an improvement, make a note of it and move on.
  • Refactor – The original structure may not make sense after a few revisions, so don’t be afraid to reorganize.
  • Edit for Content -Make sure your topics are factually correct and the content flows properly.
  • Edit for Grammar – Make sure your punctuation is correct and your structure is technically sound.
  • Edit for Language – Make sure the text is actually interesting to read.
  • Link to Further Information – If someone else has explained it well, link to it rather than rewrite it.
  • Get Feedback – Feedback finds mistakes and adds value. The more trusted sources, the better off you are.

Proposal/RFCs

Proposals can be immensely rewarding (or mind-numbingly frustrating), depending on if they’re accepted or not. That’s not to say you shouldn’t write them; even a failed proposal has value. The point of a proposal is to communicate an idea, a way to tell your team or supervisor “this is what I think we should do.” If you’re successful, the idea will be implemented. If you’re unsuccessful, you may find out a better way to do it. The overall goal should be to improve team performance. Here’s what a proposal should include:

  • The Problem – What problem are you trying to solve? Why is it a problem?
  • The Solution – A simple overview of the solution
  • The Benefits – what benefits it will provide?
  • The Implementation – How to implement it.
  • The Results – Explain the intended results
  • The Flaws – What issues are expected, and if there is currently a solution
  • The Timeframe – When should this project be started and completed? How long and how much effort will it take?

Lets presume you write a knockout proposal. Everything is perfect, and with 2 days of effort you’ll reduce a 2 hour daily task to a 15 minute weekly task. Regardless of the benefits, the response will be one of these:

  • Complete Apathy – the worst response, because it shows how little you are valued. No response, approval, or denial. If this happens, run your idea past an uninvested third party. Perhaps a critical set of eyes may reveal the problem.
  • Denied – perhaps the benefit isn’t worth the cost, the risk is to high, there’s not enough resources, or some other issues not addressed. Try to get specific reasoning as to why it won’t work, and rework your proposal taking that into account.
  • Feigned Interest, no Support – Be it plausible deniability or lack of interest, the response is weak. Push for a yes or no answer, ask what the concerns are with it.
  • Delay – It’s a good idea, but not right now. There might be hesitance due to a minor issue. Find a way to calm their fears, then push for an implementation date, create a checklist of conditions that need to be met.
  • Conditional Agreement – It is a good idea, but conditions must be met first. Create a checklist and verify that it’s complete.
  • Full Agreement – This should be your end goal. Full agreement means support from the boss and the team on implementation. Without support, your efforts may be wasted.

You can’t account for everything in your proposal, so make sure not to paint yourself into a corner. A method for dealing with problems is more valuable than individual solutions. It doesn’t need to be perfect, but does need to be flexible.

The most important thing a proposal needs is buy-in. If your team and management aren’t behind an idea, implementation will be a struggle. The final thing to keep in mind is that not all proposals are good. If there is universal apathy for your idea, it might just be bad and you’re oblivious to it.

Introductions and Overviews

Introductions are the first exposure someone may have to whatever you’ve been working on, be it a JBoss implementation, Apache configuration, or new software package. A clear understanding of what “it” is can help with acceptance. A bad introduction can taint the experience and prevent adaptation. So, how can you ensure a good introduction to a technology?

  • Explain the Purpose – Why is the user reading this introduction? A new Authentication system? Messaging system? Explain why the reader should care.
  • Define your Terms – Include a glossary of any new terms that the user needs to understand. Remember, this may be their first exposure to the topic. Don’t overwhelm them, but at the same time don’t leave them in the dark.
  • Don’t Drown in Detail – An introduction should not cover everything in perfect detail, but it should give you references to follow up on.

The tone should be conversational- you need to draw the reader in, befriend them, and convince them that this new thing is not scary. This can be a tough task if the subject is replacing something that the reader if

Document a Process (Installation, Upgrade, Tutorials, How-to, Walk Through)

Documenting a process serves three purposes- it trains new employees in proper technique, ensures consistency, and covers your rear should something go wrong. That last point may sound a bit cynical, but you never know when you’ll need it.  The process itself should be clear enough that any qualified user can follow it. Process documentation should have the following traits:

  • Steps – Well defined tasks that need to be performed.
  • Subtasks – any moderately complex task should be divided up.
  • Document Common Problems – Surprises can derail a new user. Acknowledgement and fixes for issues can help ease new users into the process.

Dry runs are essential in documenting a process- test the process yourself and have others test it as well. Continual runs will expose flaws and allow you to address deficiencies. Keep testing and refining the process until a sample user can follow it without issue.

Topical guide (Feature-based)

Topical guides are both the most useful and yet the hardest documentation to write. They need to be thorough, both fully covering the material but not burying the user in frivolous details. So what should you cover in a topical guide?

  • Be specific on the topic – Document a feature and all related material. If it’s not related, don’t include it.
  • Cover Relevant Tangents –
  • Be comprehensive – Cover everything a user needs to know, but remember it’s not intended to be a reference book.

Document a Standard (How Something Should be Done)

Inconsistency is the bane of system administration, and consistency can only be had when everyone is in agreement on how things should be done. There must be agreement not only on theory, but also in practice. As such, standards should be documented. What should a standard entail?

  • Dynamic – Not the first word when you think of standards, but something you have to face; your standard will become out of date quickly. Document it and give it a revision number. Soon enough you’ll realize
  • Audit – It’s not enough to document a standard, you also need to enforce it. Periodic verification can spot issues before they become problems. If configuration files are identical, md5sums can be used to find inconsistencies.

Annotation (Config Commenting)

One of the most common types of documentation is never published, yet often the most crucial in day-to-day operations. Comments within configuration files can explain what steps were taken and why.

  • Explain Why – When you make changes, explain why you made the change.
  • Keep it Simple – Comments should not overshadow the configuration. Leave over-documentation to sample configs.
  • Consider Versioning – The best configuration documentation is a history of changes. Configurations that are both critical and fluid (for example, Bind zone files) are perfect candidates for versioning.
  • Sign and Date Changes – When you make a change, leave your name and a datestamp. While versioning comments may be more permanent, inline comments provide instant context This is important when the change is revisited and no one remembers making it.

Mark Turner : AD/LDAP authentication on Linux hosts

September 27, 2019 06:35 PM

I’ve been working with the Lightweight Directory Access Protocol (LDAP) for 18 years now. Then Microsoft embraced and extended LDAP with Active Directory. Nowadays most companies base all of their authentication and authorization on Active Directory and for good reason. In a Windows-only world it works great. For a mixed-platform environment, it’s a bit more difficult to make work.

I recently worked out how to make Linux systems authenticate against Active Directory using only the LDAP protocol and wanted to share it here for any fellow DevOps/sysaedmins who might want to try it themselves. The goals were to do it with minimum fuss and using the native tools – no third-party apps. I also want to do it solely with LDAP and not have to worry about pointlessly “joining” a Linux host to a domain.

The modern way that Red Hat likes to connect Linux hosts to AD like to do this is to use the SSSD suite of packages, join the host to the Active Directory tree, and talk to AD directly. This seems like a lot of bloat to me when all you need is authentication. Fortunately, you can use the “legacy” means and do it all with LDAP libraries.

Bridging Active Directory and Linux hosts

One way to integrate Linux/UNIX hosts into AD is to add Microsoft Windows Services for UNIX (SFU) schema extensions. This means every AD entry would be defined with common Unix attributes like uid (user id) and gid (group id). These could sometimes get out of sync with the AD attributes and at any rate would require constant updating of the AD records.

Ideally, we won’t depend on Services for UNIX additions in AD and the complexity it brings. Instead, we’ll identify standard AD attributes and map them to Linux/UNIX equivalents. The nss-pam-ldapd package allows us to do this in the /etc/nslcd.conf file, which we’ll see in a minute.

Differences between CentOS 6/AWS and CentOS 7 hosts

One stumbling block has been that Amazon Linux (amzn) uses old, old libraries, based on CentOS 6 packages. The nss-pam-ldapd package which ships with this version of Amazon Linux is version 0.7.5; a version too old to include the mapping functionality we need to avoid using Services for UNIX.

Fortunately, we can remove the amzn version and add an updated one. I have tested one I have found at this link which updates any amzn hosts to the 0.9.8 version of nss-pam-ldapd.

The version of nss-pam-ldapd that ships with CentOS 7 is 0.8.3 and works fine with attribute mapping.

Obtaining the domain’s ObjectSID

The goal of using a directory is consistency. If a user appears in AD, that user will be available to Linux hosts. Also, that user will be treated the same on every directory-equipped server as that user will ideally have the same uid/gid. Without adding Services for UNIX, we need some way to ensure a uid on one host is consistent with the uid on another host. This is done by nss-pam-ldapd by mapping Linux uid/gids to their equivalents in AD, called ObjectSIDs. You need to obtain your AD server’s domain ObjectSID.

The domain ObjectSID can be derived from the user entries in AD. This could be done from Linux using a shell script which converts the binary ObjectSID into the decimal string we need, but it’s a lot of needless work. It is easier to run this query on an AD-equipped server (such as the domain server itself):

dsquery * -filter (samaccountname=mturner) -attr ObjectSID

The sAMAccountname could be any existing user in the AD tree. It doesn’t matter whom.

This will return the following string:

mturner S-1-5-21-4483729093-3277648929-7759834922-11562

The ObjectSID needed for the uid/gid mapping is highlighted above. The user-specific part of the ObjectSID is at the end of the domain SID and will be used for the uid<-> objectSID mapping.

Installing packages

From a root or sudo terminal session, install nss-pam-ldapd:

yum install nss-pam-ldapd -y

Yum will also pull in nscd as a dependency. nscd is the name service caching daemon, designed to cache responses from the LDAP server and greatly speed up directory services.

Setting Authconfig to use legacy mode

Authconfig assumes you’re using the Red Hat bloatware of SSSD. Instead, you can force only LDAP by editing the /etc/sysconfig/authconfig file and setting this from no to yes:

FORCELEGACY=yes

Add self-signed LDAPS certificate

If you are using a self-signed SSL certificate with your LDAP server to secure your connection, you should save this to your filesystem somewhere. Here I save it as /etc/openldap/cacerts/self-signed.pem:

—–BEGIN CERTIFICATE—–
MIIDX[…]
—–END CERTIFICATE—–

Editing /etc/nslcd.conf

These are default so no need to change:

uid nslcd
gid ldap

Upstream AD server:
uri ldaps://ldap.example.com/

Now we tell nslcd where to search for entries. This is done with the base statement:

base CN=Users,dc=example,dc=com

You can’t talk to AD anonymously so we use a least-privileged AD user specifically for this, the “LDAP Bind” user:


binddn cn=LDAP Bind,CN=Users,DC=example,DC=com
bindpw password

This tells nslcd where to find the users and groups lists that Linux expects to have:

base group OU=Groups,dc=example,dc=com
base passwd CN=Users,dc=example,dc=com

If you’re using a self-signed certificate, specify it:

tls_reqcert never
tls_cacertfile /etc/openldap/cacerts/selfsigned.pem

Now we get to the options specific to Active Directory. Some basic AD settings:

pagesize 1000
referrals off
idle_timelimit 1000

The passwd filter is used to specify who counts as a user vs. who is just another AD object. In the case below, we are looking for both a) someone who is a user, and b) someone who is not a computer:

filter passwd (&(Objectclass=user)(!(objectClass=computer)))

We could also restrict users to a particular group (or more). This is done by specifying the AD code for this and the group name we want to use. Any users who are not in this group are effectively invisible to the system. See the Microsoft documentation for more info on the memberOf attribute.

The below example restricts users to those in the AD group Development (all one line):

filter passwd (&(Objectclass=user)(!(objectClass=computer))(memberOf:1.2.840.113556.1.4.1941:=cn=Development,OU=Groups,dc=example,dc=com))

Here, we map AD attributes to Linux ones. Note the domain ObjectSID again. We map uid/gid to the sAMAccountName entry.

map passwd uid sAMAccountName
map passwd uidNumber objectSid:S-1-5-21-4483729093-3277648929-7759834922
map passwd gidNumber objectSid:S-1-5-21-4483729093-3277648929-7759834922
map passwd homeDirectory “/home/$sAMAccountName”
map passwd gecos displayName
map passwd loginShell “/bin/bash”

This ensures the display of the uid/gid attributes in an ‘ls -l’ listing properly show the group names. It’s more for convenience and not using it won’t break anything:

filter group (&(|(objectClass=group)(Objectclass=user))(!(objectClass=computer)))
map group gidNumber objectSid:S-1-5-21-4483729093-3277648929-7759834922
map group cn sAMAccountName

Adding the LDAP users/groups into the system’s nameservices

Edit the /etc/nsswitch.conf file and include ldap as a directory source. These sources are consulted in order, so local entries in the /etc/passwd and /etc/shadow files take precedence over ldap entries with the same username:

passwd files ldap

group files ldap

shadow files ldap

Testing it out

You can run the nslcd daemon in debug mode and verify all the pieces are in place:

nslcd -d

Now you can run queries on users using the id command from a prompt:

id mturner

If all is working you should see result similar to the following:

uid=11562(mturner) gid=11562(mturner) groups=11562(mturner),1337(Development)

If you aren’t seeing this AD-added information, check the output of nslcd to see if you are successfully accessing the LDAP server.

You can also query the passwd and group LDAP entries directly:

getent passwd mturner

getent group mturner

Your results will be the AD entries that nslcd has mapped into Linux users and groups.

Setting Linux up to use LDAP for authentication

Now that we’re talking to LDAP and mapping the important attributes, it’s time to turn this on for authentication. This is done using the Linux command, authconfig:

authconfig —enableldapauth —enablemkhomedir —updateall

This will automatically edit the files in /etc/pam.d to add entries for pam_ldap.so. Hopefully you remembered to set FORCELEGACY=yes in /etc/sysconfig/authconfig as noted above, so that you’re only adding LDAP entries and not SSSD entries, too.

The –enablemkhomedir entry uses the pam_mkhomedir.so module to automatically create the users home directory upon first login. Thus, any LDAP user authorized to log into the server (remember the filter passwd line in /etc/nslcd.conf, right?) will have a home directory created upon their first login. There are other options that can be used with pam_mkhomedir so read the man page to see how you can customize this.

Enable SSH to use password authentication

Amazon Linux disables SSH’s password authentication by default. You will be unable to log in using your domain credentials unless you fix this. The default is to allow password authentication, so you simply need to comment out any line in /etc/ssh/sshd_config where “PasswordAuthentication no” is specified:

#PasswwordAuthentication no

Restart sshd and you should be able to now log in.

Stop the debug nslcd in favor of the real one

Once you’re done testing, kill the nslcd that may still be running in debug mode:

killall nslcd

Starting services and setting them to start automatically

Set the nslcd and nscd daemons to start and run automatically:
CentOS 6 or Amazon Linux:

service nslcd start

service nscd start

chkconfig –level 345 nslcd on

chkconfig –level 345 nscd on

CentOS 7:

systemctl start nslcd nscd

systemctl enable nslcd nscd

Using AD/LDAP groups for sudo authorization

You can also use AD/LDAP groups to control permissions granted by sudo. For instance, this line grants administrator access to members of the Operations AD group:
#Allows people in group wheel to run all commands

%Operations ALL=(ALL) ALL

That’s pretty much it! Thanks a ton to this page which was very helpful in figuring this out.

Jesse Morgan : Unfinished Drafts: Useful Utility: tar

September 27, 2019 04:08 AM

This is another article that sat in the drafts folder for far too long- Last edited Feb 21st, 2006.

 

I fear writing about tar, and that is why I’m determined to finish it in this sitting, so it won’t fester and scare me off of this series. Why am I scared of writing about tar? Well, this is their flags list verbatim from the man page:

       [  --atime-preserve  ] [ -b, --blocking-factor N ] [ -B, --read-full-records ] [ --backup BACKUP-TYPE ] [ --block-com-
       press ] [ -C, --directory DIR ] [ --check-links ] [ --checkpoint ] [ -f, --file [HOSTNAME:]F ] [ -F,  --info-script  F
       --new-volume-script F ] [ --force-local   ] [ --format FORMAT ] [ -g, --listed-incremental F ] [ -G, --incremental ] [
       --group GROUP ] [ -h, --dereference ] [ --help ] [ -i, --ignore-zeros ] [ --ignore-case ] [ --ignore-failed-read  ]  [
       --index-file  FILE  ]  [ -j, --bzip2 ] [ -k, --keep-old-files ] [ -K, --starting-file F ] [ --keep-newer-files ] [ -l,
       --one-file-system ] [ -L, --tape-length N ] [ -m, --touch, --modification-time ] [ -M, --multi-volume ] [ --mode  PER-
       MISSIONS  ]  [  -N,  --after-date DATE, --newer DATE ] [ --newer-mtime DATE ] [ --no-anchored ] [ --no-ignore-case ] [
       --no-recursion ] [ --no-same-permissions ] [  --no-wildcards  ]  [  --no-wildcards-match-slash  ]  [  --null      ]  [
       --numeric-owner  ]  [  -o,  --old-archive, --portability, --no-same-owner ] [ -O, --to-stdout ] [ --occurrence NUM ] [
       --overwrite ] [ --overwrite-dir ] [ --owner USER ] [ -p, --same-permissions, --preserve-permissions ]  [  -P,  --abso-
       lute-names  ] [ --pax-option KEYWORD-LIST ] [ --posix ] [ --preserve ] [ -R, --block-number ] [ --record-size SIZE ] [
       --recursion ] [ --recursive-unlink ] [ --remove-files ] [ --rmt-command CMD ] [ --rsh-command  CMD  ]  [  -s,  --same-
       order, --preserve-order ] [ -S, --sparse ] [ --same-owner ] [ --show-defaults ] [ --show-omitted-dirs ] [ --strip-com-
       ponents NUMBER, --strip-path NUMBER (1) ] [ --suffix SUFFIX ] [ -T, --files-from F ] [ --totals   ]  [  -U,  --unlink-
       first ] [ --use-compress-program PROG ] [ --utc ] [ -v, --verbose ] [ -V, --label NAME ] [ --version  ] [ --volno-file
       F ] [ -w, --interactive, --confirmation ] [ -W, --verify ] [ --wildcards ] [  --wildcards-match-slash  ]  [  --exclude
       PATTERN  ]  [  -X,  --exclude-from  FILE  ]  [  -Z,  --compress,  --uncompress  ] [ -z, --gzip, --gunzip, --ungzip ] [
       -[0-7][lmh] ]

So it’s a bit overwhelming. The good news is there are two common uses for tar- creating tarballs and opening tarballs. This will be a majority of your interaction with it. You get all sorts of fun options with tar, such as using different compression libraries, but it’s still pretty straight forward.

Simple Archive

Tar produces tarballs, which in its simplest form is a bunch of data files run together into a larger file. in the following instance, -c means create, and -f means “create the following as a file called foo.tar”

tar -cf foo.tar bar/

This takes the bar directory and throws it all into a single file called foo.tar. Apart from some binary mojo to mark the separators between files, it’s almost as it all of the files were pasted end-to-end inside another file. if foo.tar is copied to another machine or place, you could untar the file with the following command:

tar -xf foo.tar

Again you see the -f flag, but the -c flag has been replaced by the extract flag, -x. This will create a directory called bar/ which will contain the contents identical to the original.

Compressing Archives

You also have the option of compressing tarballs in the process of creating them. There are three types of compression built into the version of tar I’m using: -Z, which uses the compress utility (ancient?); -z which uses gzip (old standard); and -j, which uses b2zip, which is good for compressing binaries (appears to be the new standard).

When creating a tarball that is compressed, it’s generally expected that you label it as such by appending the type to the filename, for example:

tar -cZf foo1.tar.Z bar1/
tar -czf foo2.tar.gz bar2/
tar -cjf foo3.tar.bz2 bar3/

Unless you have a specific reason, you’ll probably want to use bz2. You’ll probably never deal with a tar.Z file, but if you do, you’ll know how to deal with it. To uncompress these puppies, switch out the -c flag for the -x flag like we did in the previous example.

tar -xZf foo1.tar.Z
tar -xzf foo2.tar.gz
tar -xjf foo3.tar.bz2

One last option you may want to look at is -v. It will show you files as they’re being processed, and can be good for troubleshooting.

Jesse Morgan : Unused drafts: The Moose

September 27, 2019 03:00 AM

As I prepare to switch to Hugo, I’ve decided to go back through my drafts and publish unfinished works that have some value.  This article was last edited Jan 22nd, 2013.

The Moose is a special prize within the programming and IT communities. It is claimed, not awarded. The way it works is that you will catch yourself doing something stupid (by your standards), and you will then “claim The Moose.” When you do so you must announce that you are in custody of The Moose, so the next person that takes it knows where to go to find it. The Moose should be displayed in an area of high visibility on or near your workstation.

Notice that the Moose is claimed, it is not awarded. If you catch something that is so stupid as to be spectacular, and it affects the whole team (for example, somebody breaks the build AND then commits the broken code into the repository) then the person is AWARDED a different prize: The Albatross. The moose hunts you. You try and try to evade it but the moose stalks you like fog in the night.

“Listen, and understand. That Moose is out there. It can’t be bargained with. It can’t be reasoned with. It doesn’t feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are exposed.”

Jesse Morgan : Unfinished Drafts: Useful Utility: cat

September 27, 2019 02:00 AM

This article was originally written back on Feb 21st, 2006. While never completed, I thought it was worth sharing.

Cat is a very simple utility- so simple I debated added it to this list. There are however three really useful flags. I’ll try to write as much as I can about it so you don’t feel ripped off by this article. hrm… did that last sentence sound like filler? I swear it wasn’t meant to- that’s completely on accident.

So what is cat? Cat is a utility for printing the contents of a file or files to the screen. for example:

morgajel@FCOH1W-8TJRW31 ~/docs $ cat path.txt
paths


database admin

system admin

network admin management
morgajel@FCOH1W-8TJRW31 ~/docs $ 

You can also specify several files as well if you want to train them all together and pipe them to another utility.

morgajel@FCOH1W-8TJRW31 ~/docs $ cat foo.log bar.log baz.log |grep "Invalid user"> invalid_users.txt

Cat Flags

So there are three useful flags for cat. the first one is -n, which adds a linenumber to the output, like so:

morgajel@FCOH1W-8TJRW31 ~/docs $ cat path.txt -n
     1  paths
     2
     3
     4  database admin
     5
     6  system admin
     7
     8  network admin management
morgajel@FCOH1W-8TJRW31 ~/docs $

This can be useful when debugging source files. The next option is somewhat related; the -b option adds a line number, but only to non-blank lines. if you’re wanting to figure out for some reason what the 5th item is, not including blank lines, this is the way to go. Here’s an example of what it would look like:

morgajel@FCOH1W-8TJRW31 ~/docs $ cat path.txt -b
     1  paths


     2  database admin

     3  system admin

     4  network admin management
morgajel@FCOH1W-8TJRW31 ~/docs $

Notice how it only counted to 4? There were only 4 text lines. The final option that may or may not be of use is the -s flag, which smushes (that’s a technical term) blank lines together- it leaves single blank lines alone, but if there’s more than one blank line next to each other, it removes all except one. using our file above, watch what happens between “paths” and “database admin” in our example:

morgajel@FCOH1W-8TJRW31 ~/docs $ cat path.txt -s
paths

database admin

system admin

network admin management
morgajel@FCOH1W-8TJRW31 ~/docs $

Notice how there is only one blank line? That’s what -s does. if you’ve ever had a file where you’ve systematically removed text but not newlines and end up with a 500 line file with 20 lines of text, this can be useful for making it readable on a single page.

Well, that’s all I can really say about cat. If you have anything else to add, do so in the comments.

Mark Turner : My sledding souvenir

September 21, 2019 03:09 PM

The start of the fateful sledding run

I spent this past week at the Veterans Administration’s War-Related Illnesses and Injuries Center (WRIISC), getting examined to figure out the strange health issues I’ve had since leaving the Navy (more on that later).

One issue I discussed with them has bothered me for the past few years.I’ve had a numbness that has developed along my right quadricep. It’s icy-cold sensation can wake me from a deep sleep and is quite aggravating. They asked me if I could recall any injury I may have had to my lower back.

At the time I could think of none. but when pondering it this morning the answer came to me and it is decidedly not war-related. Instead, it’s the long-delayed consequences from an injury I received from snow sledding with the family.

In late January of 2014, Raleigh was blanketed in a snow that proved perfect for sledding. After breakfast, the family bundled up and headed to our favorite sledding spot in Lions Park. Gleefully, we raced down the back hill towards the tennis courts parking lot. On one run, however, I raced Hallie down the hill while I was sitting on our green plastic dish sled. At the bottom of the hill, I plowed into a landscape timber at full speed, sending me airborne momentarily.

This is not a happy face.


Fuck, it hurt. Worst pain I ever had. I could do nothing but lie there, too hurt to move, and cursing a blue streak. It took me several minutes to be able to pick myself up.

My sledding was over for the day. I soon hobbled home down icy streets and rested.

Eventually the pain went away. I seemed to suffer no lasting effects until a few years ago when the numbness began spreading along my leg. Recent MRIs showed the damage to my spine but until this morning I had never made the connection to my sledding accident.

Once the pediatrician who saw our kids mentioned to Kelly and me that pediatricians don’t get concerned with the scrapes that kids acquire – they get more concerned with the kids who aren’t getting scrapes.

While that may seem counter-intuitive, it really says that we are here on Earth to use our bodies. Scrapes, scars, and bruises are badges of honor – proof that we are using our bodies and truly living!

While I would prefer not to be dealing with nerve issues today, at least I know now that I earned this particular injury on a day that was otherwise full of very happy moments spent with my family.

Mark Turner : The Book of Prince | The New Yorker

September 03, 2019 12:55 AM

On January 29, 2016, Prince summoned me to his home, Paisley Park, to tell me about a book he wanted to write. He was looking for a collaborator. Paisley Park is in Chanhassen, Minnesota, about forty minutes southwest of Minneapolis. Prince treasured the privacy it afforded him. He once said, in an interview with Oprah Winfrey, that Minnesota is “so cold it keeps the bad people out.” Sure enough, when I landed, there was an entrenched layer of snow on the ground, and hardly anyone in sight.

Prince’s driver, Kim Pratt, picked me up at the airport in a black Cadillac Escalade. She was wearing a plastic diamond the size of a Ring Pop on her finger. “Sometimes you gotta femme it up,” she said. She dropped me off at the Country Inn & Suites, an unremarkable chain hotel in Chanhassen that served as a de-facto substation for Paisley. I was “on call” until further notice. A member of Prince’s team later told me that, over the years, Prince had paid for enough rooms there to have bought the place four times over.

My agent had put me up for the job but hadn’t refrained from telling me the obvious: at twenty-nine, I was extremely unlikely to get it. In my hotel room, I turned the television on. I turned the television off. I had a mint tea. I felt that I was joining a long and august line of people who’d been made to wait by Prince, people who had sat in rooms in this same hotel, maybe in this very room, quietly freaking out just as I was quietly freaking out.

Source: The Book of Prince | The New Yorker

Tarus Balog : The OpenNMS Group Turns 15

September 01, 2019 05:10 PM

Fifteen years ago today, on September 1, 2004, David Hustace, Matt Brozowski and I formed The OpenNMS Group, Inc.

This was the fourth business entity to steward the OpenNMS Project, and would turn out to be the one with staying power.

The original OpenNMS Group office was in a single 10 foot by 15 foot room with just enough space for three desks. The landlord provided Internet access. By adopting the business plan of “spend less money than you earn” we managed to survive and grow. Now the company has its main office in Apex, NC, USA as well as one in Ottawa, Ontario, CA, with a satellite office in Germany.

The OpenNMS platform is being used to monitor some of the largest networks in existence, many with millions of devices. With the introduction of ALEC the team is bringing artificial intelligence and machine learning technologies to network monitoring to provide the highest level of visibility to the most complex environments.

OpenNMS has always been lucky to have a wonderful community of users, contributors and customers. With their support the next fifteen years should be as great if not better than the first. I am humbled to have played a small part in its history.

Tarus Balog : Crash

August 29, 2019 05:47 PM

It’s been even longer than usual since I’ve updated this site. I’m missing a ton of stuff, including the last day of Dev-Jam as well as my trip to this year’s OSCON conference in Portland. I wouldn’t be surprised if I lose one if not all of my three readers.

But I do have an excuse. This happened.

Crashed F150 Pickup Truck

On Friday, July 26th, I left my farm in Chatham County, North Carolina, to head to town. I needed to get the oil changed in the F150 and I was planning on meeting some friends for lunch.

About three miles from my house, another driver crossed the centerline on Hwy 87 and hit my truck nearly head-on. I suffered a broken rib, a fractured C2 vertebrae, and a fractured right big toe, but the major damage was that my left ankle was shattered.

I’ve spent the last 33 days at the UNC Medical Center in Chapel Hill, where I underwent two surgeries and was taken care of by some amazing staff.

I’m home now and plan to return to work (remotely) next week. I still have many months to go before I can approach normality, but a journey of ten thousand miles begins with a single step.

Thanks for your kind thoughts. One good thing that has come out of this is that I’ve spent the last 17 years trying to build OpenNMS into something that can thrive even without me, and the team has been amazing in my absence. I can’t wait to be at full strength again.

Mark Turner : Our car’s keyfob was hacked – the question is how?

August 14, 2019 03:22 PM

We were out of town over the weekend and at 5:30 AM Saturday I awakened to the sound of one beep of our car’s “alarm” horn. Thinking it was the neighbor’s car and knowing our car was locked, I went back to bed. When we walked to the car later that morning, the hatch was standing wide open. Nothing appeared to be touched or taken.

I was immediately concerned that somehow our keyfob had been hacked. Kelly thought something probably bumped up against one of our keyfobs and that caused it to open. We’ve had the car for years, though, and an “accident” like this has never happened. If something pressed a keyfob button, why would it sound just one beep of the horn alarm? Why not trigger it to sound repeatedly, as would happen if it were a single press of the button? Seems unlikely an accidental press of a button would cause one clean beep and then cause the hatchback to open.

So, naturally I am fascinated with whatever technology was used for this! There are a couple of approaches.

One is a hack called SARA, for Signal Amplification Relay Attack. This involves two crooks working together to extend the victim’s keyfob range using an antenna and amplifier. One crook holds the antenna to the windows of the nearby home or business, hoping to bet within range of the legitimate keyfob. An accomplice holds a smaller device to the door of the vehicle, tricking the car into thinking the keyfob has been presented even though it is still inside the building. Crooks can even start the vehicle using this method.

While SARA is pretty ingenious as far as criminal activity is concerned, I don’t think this was what was used in our situation. Our car’s alarm horn sounded first. If I were a crook who had successfully relayed a keyfob, the alarm button would be the last one I would want to press. This makes me think our attack was some kind of brute-force hack, rolling through signals until it found what it was looking for.

The SARA hack got the press last year but a brute-force method came out years ago but quietly slipped under the radar, possibly because it wasn’t given a sexy exploit name. A story Car and Driver ran in 2015 gives some details:

Modern transponder-equipped car keys are supposed to be ultrasafe: The chip-keys and key fobs communicate with readers inside the car, allowing the car to start only once a secret digital password has been transmitted. But a team of security researchers says they’ve figured out a way to circumvent the system used by some of the world’s largest automakers—and that Volkswagen Group used a lawsuit to keep their findings from going public for more than two years.

Car and Driver quotes London’s Daily Mail, which tells us the crux of the issue:

Tim Watson, Director of Cyber Security at the University of Warwick told Bloomberg: ‘This is a serious flaw and it’s not very easy to quickly correct.’

‘It isn’t a theoretical weakness, it’s an actual one and it doesn’t cost theoretical dollars to fix, it costs actual dollars.’

Researchers broke the transponder’s 96-bit cryptographic system, by listening in twice to the radio communication between the key and the transponder.

This reduced the pool of potential secret key matches, and opened up the ‘brute force’ option, which involved running through 196,607 options of secret keys until they found the one that could start the car.

This took less than half an hour.

Bottom line? The maker of the encryption device, Megamos Crypto, appears to have rolled its own cryptography. This is a gigantic no-no, one of the stupidest things one can do. Encryption protocols should be openly published an exhaustively peer-reviewed to ensure there are no flaws in the math. If the implementation is secure, the protocol can be deemed safe for use. Trying to recreate this enormously-challenging wheel on your own – without having several world-class cryptographers on your staff – is an exercise in futility. Once you commit this once-secret algorithm to silicon your secret is now public and your flaws exposed to the world. Then it is only a matter of time before exploits are developed.

The USENIX paper titled “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer” and authored by Roel Verdult (Radboud University Nijmegen, Netherlands), Flavio D.Garcia (University of Birmingham, UK), and Bar?s ?Ege (Radboud University Nijmegen, Netherlands) lays out how simple it is to attack this crypto. The researchers were aware of this flaw as far back as 2012 but Volkswagon sued them to keep their research under wraps. A UK court sided with VW and barred publication until 2015 with slight changes made in the publication, which savvy engineers can still decode. The karmic irony is that it was 2015 that Volkswagon was caught cheating at emissions tests, costing the company billions.

I probably have the hardware tools needed for this attack. If I can find the rainbow tables and code I could probably replicate it. Yet it seems someone may have already pre-packaged this attack (if indeed it is the same one). I look forward to researching this more.

Mark Turner : Deed to the Christmas property

August 07, 2019 12:07 PM

I spent a little time earlier this year traipsing through the Wake County Register of Deeds records, trying to find out more about the history of my community. I traced the ownership of my property back to the mid-1800s, including this deed for 109 acres for what became known as the Christmas property, filed in January 1899. Bridges was the owner of the Oak City Dairy Farm, if I recall correctly.

The property was sold for $2,616. According to one inflation calculator, $2,616 in 1899 dollars is equivalent to $80,731. An acre of land here appraises today for $43,200. You could say we’ve seen some growth. 🙂

Below is the deed as transcribed by me. Here’s a scanned PDF of the original handwritten version at the Wake County Register of Deeds.

North Carolina
Wake County

This deed made by Mary M. Christmas Executrix of the late Thomas B. Bridges to Lewis J. Christmas of Charleston, West Virginia. Witnesseth:

That whereas by his last will and testament the said Thomas B. Bridges directed that all his real estate be sold for cash after giving thirty days notice and appointed Mary. M. Christmas his Executrix, which will was duly admitted to probate in the Superior Court of Wake County before the clerk and said Mary M. Christmas duly qualified as executrix and letters testamentary were duly issued to her as such and whereas it being necessary to sell the lands hereinafter conveyed in order to pay the debts of said T. B. Bridges the said Mary M. Christmas as Executrix as aforesaid after advertisement for thirty days in the Times Visitor a newspaper published in Raleigh, N.C. and the court house door in Raleigh, N.C. did on the 27th day of December 1898 expose the lands hereinafter conveyed to public sale to the highest bidder at the court house door in Raleigh, N.C. for cash and at said sale said lands were purchased by said Lewis T. Christmas be being the last and highest bidder for said lands and whereas said Lewis T. Christmas has paid the purchase money for said lands in cash to wit the sum of $2616.00 for the tract of 109 acres known as the Home Place and the sum of $150 for the tract of about 58 acres known as the Brown tract:

Now therefore in consideration of the promises and the payment to her by said Lewis T. Christmas of said aggregate sum of Twenty Seven hundred and sixty six Dollars the receipt whereof is hereby acknowledged and by virtue of deed in execution of the powers conferred upon her by said last will and testament of said T. B. Bridges the said Mary M. Christmas executrix of said T. B. Bridges has bargained and sold and does hereby bargain sell said T. B. Bridges Home Place lying about one half mile North east of Raleigh, and adjoining the lands of William Taylor and others and bounded and described as follows:

Beginning at a stone on the east side of a small branch in Taylor’s line; running thence N. 82 W 19.20 1267′ chains to a stone in a lane leading from The Tarboro road by and Through the property of St. Augustine School; thence N. 8″ E 29.85 1972′ chains to a stone thence N 59 1/2 ” E 11.92 787′ chains to a stone Taylor’s corner: thence S. 80 1/2 ” E. 2.1 1782′ chains to Taylor’s branch thence up said branch 49.95 3295′ chains to the beginning, _____

Second a tract of land containing about 58 acres lying about five miles North Eastward of Raleigh adjoining the lands of R. G. [Dunn] [Porter] & others and bounded as follows: Beginning at a stake in Porters line and running thence S. 86 1/2 ” E 15.85 chains to a [pine] tree, thence N. 3″ E 13.15 chains to a stake on the South side of path, thence S. 88″ E with the South line of the path 7.75 chains to a stone thence N 3 1/2″ E fifty links to a stone thence N 87 1/2 ” E 7.05 chains to a stake on the south side of the path thence S 23″ W 36.90 chains to a stake in R G. [Dennard] line thence N 79″ W 18.25 chains to a stake thence N 3 1/2 ” E 18.60 chains to the beginning.

Being the 45 acres allotted to T. B. Bridges and the 13 acres allotted to Nancy Ferguson or Nancy [Kinston] in the division of the land of S___ Brown: said 45 and 13 acres bring fully described in the report of the commissioners and judgment of the court in the special proceedings entitiled Smith v. Bridges recorded in the Book 7 Records of [Partition] A. at Page 421 [A Sey] of the office of the clerk Superior Court of Wake County see also Book No 89 at pages 186-187 and 277 for said Bridges letter to said land.

To have and hold all and singular the aforesaid described lands and premises with all privileges and appurtenances thereto in anywise appertaining or belonging unto him the said Lewis J. Christmas his heirs and assigns in fee simple forever in as full and ample a manner as said Mary M. Christmas Executrix as aforesaid is empowered to convey the same.

State of West Virginia
Kanawha County

I Grant P. Hall Clerk of the circuit court in and for the state and county abovewritten, do hereby certify that Mary M. Christmas Executrix of T. B. Bridges personally appeared before me this day and acknowledged the due execution of the foregoing deed of conveyance.

Witness my hand and official seal this 2nd day of January 1899.

(seal) Grant P. Hall Clerk circuit court
Kanawha Co West Va.

State of North Carolina
Wake County

The foregoing certificate of Grant P. Hall Clerk circuit court Kanawha Co. W. Va. is adjudged to be [earnest.] Let this instrument with the certificate by registered. Witness my hand this 4th day of January 1899.
W. M. Russ Clerk Superior Court

Filed for registration 5 1/2 o’clock P.M. January 4th 1899 and registered in the office of Register of Deeds for Wake County in Book No, 151 Page 679 Jan 6th 1899.
W. H. [Havel] Register of Deeds

Mark Turner : Go Tell It On the Mountain — THE BITTER SOUTHERNER

August 06, 2019 10:44 PM

Great writing here.

I had a dream.

The Georgia General Assembly funded a memorial for Martin Luther King Jr. and his top aides to be carved on Stone Mountain.

The lawmakers commissioned a bas-relief of MLK and John Lewis and Andy Young, this to be beveled into gray granite beside Jefferson Davis and Robert E. Lee and Stonewall Jackson. (A half-century ago, the Georgia General Assembly maneuvered to have that holy trinity of notable Confederates, along with their horses, carved onto Stone Mountain.)

At dream speed, hundreds of stonemasons dangled by rope down the side of the most famous … and infamous … pluton in the South. They lit the fuses on sticks of dynamite. They pounded chisels. They swung picks and fired up thermojet torches.

In no time, they sculpted a brand new Stone Mountain monument.When the artisans stood back to admire their work, they beheld the great black generals of the Civil Rights Movement. They stood side-by-side with the great white generals of the Civil War.

Here stood a New Stone Mountain.

Source: Go Tell It On the Mountain — THE BITTER SOUTHERNER

Mark Turner : Rep. Joe John statement on Abe Zeiger’s arrest

August 06, 2019 01:53 PM

NC House District 40 Representative Joe John was the person Abraham Zeiger was due to meet on Friday before Zeiger was arrested for carrying a pistol and two fully-loaded magazines into the North Carolina General Assembly building. Rep. John read the following statement on the House floor Monday night:

This gentleman actually had an appointment to see me. I made the following statement on the House floor Monday night:

Members, last week I had an 11:30 AM Wednesday constituent appointment with a resident of House District 40, whom I had not met previously, to discuss some fairly non-controversial issue. 11:30 came and went without the appointment being met, not all that unusual as many of you have experienced. When I went to lunch at 12:30, he was still a no-show.

We learned later that day the reason my appointment never arrived. He had been detained at our legislative building security check-in while attempting to enter this building with a loaded handgun and two full clips concealed in his bag, and had consequently been arrested and charged accordingly. He reportedly gave no explanation for his actions and was actually remarkably silent.

I want to thank publicly the members of the NC General Assembly Police Department who were on duty last Wednesday and acted expeditiously and appropriately. I would also like to thank the Legislative Services Officer and the Rules Chair for their follow-up and the many of you who expressed your concern.

That being said, in light of very recent events, I would ask each of you, for a moment, to imagine that the gentleman’s appointment was with you, in your office, rather than with me in mine. This incident after all took place, not hundreds of miles away in the distant states of Ohio and Texas, but right here, not only in our North Carolina capital city, but in this very building where we work and govern and spend so many hours. And as you reflect, I would ask you to consider whether it is now not time to throw partisanship and ideology into the trashcan, and to sit down for a full, frank and open-minded conversation about reaching a North Carolina common sense consensus with regards to role of firearms in our state.

I considered this often over the past weekend which Evelyn and I were able to spend at the coast with two adult children and three young granddaughters. I, for one, greatly enjoyed being “Pa” at the beach, I look forward to many more such weekends, and I am more than ready to have the conversation of which I spoke. If any of you feel the same, please let me know.

Mark Turner : AP: Man with gun stopped by security at N Carolina legislature

August 05, 2019 05:19 PM

Here’s an uncredited AP story on the arrest of Zeiger. It includes a quote from his attorney:

“It is unfortunate that any malice be attributed to such an upstanding citizen who merely made an oversight,” Gibson wrote.

Nice spin there, counselor! At the checkpoint, Zeiger was specifically asked whether he had any weapons in his bag. That should’ve been enough to trigger (so to speak) Zeiger’s memory that perhaps he did, in fact, have a weapon in his bag and that he should take it back to his vehicle. Oversight, my ass.

I look forward to Zeiger’s day in court.

August 2, 2019

RALEIGH, N.C. (AP) — A man faces charges of carrying a concealed handgun into North Carolina’s legislative building, which this year implemented airport-style security measures for people seeking to interact with lawmakers.

Abraham James Zeiger, 36, of Raleigh was charged with trying to carry the gun into the building on Wednesday, police records show. He sought to enter the building to speak to his legislator and didn’t realize he was carrying the gun, attorney Emily Gibson said in an email Friday.

“It is unfortunate that any malice be attributed to such an upstanding citizen who merely made an oversight,” Gibson wrote.

The General Assembly’s police chief and its chief management officer didn’t return a call Friday seeking more details about the arrest.

Zeiger was stopped by officers who spotted a suspicious item as his bag passed through an X-ray scanner, The News & Observer of Raleigh reported . Officers found a 9 mm handgun and two magazines, each loaded with 15 bullets, General Assembly Police Chief Martin Brock told the newspaper.

The arrest marked the first instance of a gun being found during the screening process at the entrance to the state’s legislative building, which hosts staff and legislative offices, hearing rooms and the chambers where the 50-member Senate and 120-member House meet.

Legislative activities were minimal this week as lawmakers try to overcome Gov. Roy Cooper’s veto of the two-year state budget. On Wednesday, House members discussed a commission to oversee the purchase and sale of milk and approved legislation to expand the requirement for adults to report claims of child sex abuse to the authorities.

Mark Turner : Letter to the editor on assault weapons

August 05, 2019 05:04 PM

I sent this letter to the editor to the N&O today. I hope it gets printed.

I served four years in the U.S. Navy never having heard an AK-47. Then a week ago, hotheads brought their gun battle to my neighborhood. It became crystal clear hearing that cannon-like booming that these assault rifles are nothing less than weapons of war.

There is no justification for anyone outside of the military or law enforcement to posses assault weapons. Can we get to the well-regulated part of our “well-regulated militia” now?

Mark Turner : Man who brought gun to NCGA expressed far-right views

August 03, 2019 06:19 PM

Update 2019-08-14: I have been pondering Friday’s arrest of Abe Zeiger for bringing a gun into the North Carolina General Assembly and it’s possible that I was wrong about his intentions. Yes, I certainly did find a number of gun-themed and seemingly anti-government posts on his Facebook page but to be fair, these were all forwarded and not authored by Zeiger himself. Other photos portray Zeiger as a family man and I found no evidence that things weren’t going well with his life. I am sorry if I misinterpreted the digital breadcrumbs I was able to piece together.

On the other hand, I hope he sees how someone could draw this conclusion. The Bundy item was especially disturbing – celebrating the pointing weapons at law enforcement officers is no joke – and what’s more it wasn’t even remotely truthful. To repost this on Facebook a week before showing up at the state legislature with a pistol and 30 rounds is enough to put a community on edge.

Any why was the gun in his bag when he didn’t have a concealed carry permit (CCP)? Why didn’t he declare the gun when asked by officers at

While his intentions could have been completely innocent when he showed up with a gun, the truth is that no one could know that for certain. It only takes seconds for a mass shooting to occur and officers don’t have the luxury of trust.

Zeiger could very well be a stand-up guy, just trying to do the right thing. If so, I applaud his intentions though I’d rather he left the “good guy with the gun” role to law enforcement. At the same time, he made a big mistake by not removing his weapon before entering a secured building, and for carrying a weapon around in his bag without possessing a CCP. While I am not as concerned as I once was that he may be a threat to society, there is no getting around the fact that he was not being responsible with his gun.

Abe Zeiger

On Friday afternoon, a man was arrested at the North Carolina General Assembly for trying to sneak in a 9mm pistol and two magazines of 15 rounds apiece. The man, Abraham James Zeiger, age 36, was charged with unlawfully carrying a concealed weapon and violating legislative building rules. The story by Lauren Horsch in the N&O quoted the N.C. State Capitol Police as expressing surprise at their catching Zeiger as he was not on their radar, so to speak. The General Assembly implemented stricter security measures at the General Assembly in April of last year.

“I can’t be more pleased with the (screening) process,” General Assembly Police Chief Martin Brock said of the security measures that caught the gun. “It could have easily been missed.”

Since this story took place on a Friday afternoon – a time when news stories tend to get lost in the lull of the weekend – there didn’t seem to be many in the media who were asking just who is Zeiger? Also since I happen to know several people who work in the General Assembly, I wanted to know what might have motivated Zeiger and what he may have been planning to do with that gun. It didn’t take me long to find the answers.

First up was a search through voter records. An Abraham James Zeiger is registered in 2017 as Unaffiliated and has no voter history. Not much luck here:

A search on Twitter turned up no accounts.

A search on Spokeo brings us this:

A few Google searches show a LinkedIn page for an Abraham J. Zeiger who appears to be the man in the mugshot. According to the LinkedIn profile, Zeiger works as VP of Operations for Branz Technologies, a company in Durham, NC which once had a location in Sterling, VA (along with Zeiger). Documents filed with the North Carolina Secretary of State list Zeigler as an executive with the company.

More searching shows Zeiger commonly goes by the name Abe Zeiger. A Google search for Abe Zeiger leads us to his Facebook page.

It is on Zeiger’s Facebook page where we find the goods. Zeiger posted a number of anti-government, anti-abortion, pro-Second Amendment items to his Facebook page.

Just one week ago, Zeiger reposted an item praising the gun-toting mob who unlawfully threatened federal officials who were enforcing the law against Cliven Bundy in 2014:

Zeiger reposted this item expressing anti-government views

From November 2016:

December 2018:

Another search turns up Zeiger’s name and business in a Town of Cary bidding document. I can never reconcile the irony of people who express anti-government views while at the same time making a living (at least indirectly) from government contracts.

Then there are several Second Amendment posts. From February:

Also from February:

March:

March again:

Zeiger’s court date is August 28th in room 101 of the Wake County Courthouse.

Mark Turner : Newly Discovered Cellular Pathway May Mean New Approach For How We Treat Alzheimer’s and Cancer

July 24, 2019 04:48 PM

They started out studying the immune response to brain tumors in children. But what they found may not only stop tumors from growing, but halt Alzheimer’s disease as well. Scientists at St. Jude Children’s Research Hospital—the only National Cancer Institute-designated Comprehensive Cancer Center devoted solely to children—have discovered a pathway that prevents the buildup of a toxic protein associated with Alzheimer’s disease. The findings offer a possible new approach to treatment of Alzheimer’s and cancer.

Researchers of the study—published this month in the journal Cell—named the pathway LC3-associated endocytosis or LANDO. They hope to now find compounds that will allow them to restore functioning of the pathway to treat Alzheimer’s disease or block it to treat malignant tumors.

Source: Newly Discovered Cellular Pathway May Mean New Approach For How We Treat Alzheimer’s and Cancer

Mark Turner : We Should Never Have Called It Earth – The On Being Project

July 24, 2019 01:42 PM

We should never have called it Earth. Three quarters of the planet’s surface is saltwater, and most of it does not lap at tranquil beaches for our amusement. The ocean is deep; things are lost at sea. Sometimes we throw them there: messages in bottles, the bodies of mutinous sailors, plastic bags of plastic debris. Our sewage.

Sometimes the things we lose slip unnoticed down the sides of passing ships. We expect never to see lost objects again, but every so often they are carried by shifting currents and swirling eddies to wash ashore on distant beaches. We are reminded that things, once submerged, have a habit of returning.

I am not afraid of the ocean, although I should be. On hot summer weekends I take my son to the beach. He toddles toward the water, laughs at the lazy waves splashing his fat baby legs. I follow behind, turn him back when the water reaches his naked belly. He is too young to know the sea gets deeper, that eventually it rises above your head and you must swim so as not to drown. I am prepared for nightmares as he grows and learns about the vastness of the ocean and the monsters real and imagined that swim there. He will soon know that evil things lurk in the deep.

Source: We Should Never Have Called It Earth – The On Being Project

Mark Turner : The Navy’s journey from racial segregation to equality

July 24, 2019 01:17 PM

In the spring of 1945, at age 17, I volunteered for the U.S. Navy.

Nazi Germany had surrendered, but World War II was still raging in the Pacific as the Americans closed in on Japan’s home islands. Kamikaze planes were diving into ships, killing sailors by the dozens.

Most of my thoughts and feelings were with those embattled men 5,000 miles away. When I enlisted, I had no idea I was about to participate in a historic experience that in some ways would prove more momentous than the final struggle against the Axis powers.

Orders from the Navy directed me to report to New York’s Pennsylvania Station, where I boarded a train with other new recruits that took us upstate to boot camp at the Sampson Naval Training Station. Soon after we arrived, we were divided into companies and marched to our barracks, as Seneca Lake gleamed in the distance.

A chief boatswain’s mate led me and some 150 other would-be swabbies to our barracks and checked off our names as we hefted seabags and settled into the spartan interior — where everyone got a shock. We were an integrated company — a third black, two-thirds white.

Without announcing it, the Navy was launching a program to upend the prevailing race-relations formula in the United States — separate but (supposedly) equal.

Source: The Navy’s journey from racial segregation to equality

Mark Turner : Jeffrey Epstein’s travel patterns revealed by public flight data – INSIDER

July 24, 2019 12:36 AM

This kind of article includes so many of my interests: tracking bad guys by combing through crowdsourced, open data.

I maintain an ADS-B receiver, too, and track planes in the Triangle area on a real-time basis but I need to start stuffing this information into a database so I can keep it long-term.

As reporters and federal prosecutors turned the screws on Jeffrey Epstein over the past two years, the notorious money manager and sex felon appears to have enjoyed a globetrotting lifestyle that involved weekly flights between his properties in New York, New Mexico, Florida, the US Virgin Islands, and Paris, as well as occasional excursions to the United Kingdom, Slovakia, and Morocco.

This account of Epstein’s travels is based on two years of flight data associated with two of his Gulfstream airliners. Without detailed passenger manifests, it’s impossible to know whether Epstein was present on each individual flight. In the aggregate, however, the flight records illustrate an improbably lavish life, and raise further questions about how he earned and spent his fortune.

Source: Jeffrey Epstein’s travel patterns revealed by public flight data – INSIDER

Mark Turner : Watch as the Ridgecrest earthquake shatters desert floor in stunning before-and-after images – Los Angeles Times

July 23, 2019 05:53 PM

It’s pretty amazing to see an earthquake’s effects captured in one GIF.

Millions felt the shaking from the Ridgecrest earthquake.
But new satellite images offer a dramatic and instructive view of the immense power of the magnitude 7.1 quake, showing how California’s biggest earthquake in nearly two decades caused the ground to break.

Animated slides show how the quake permanently jolted a huge block of earth northwest while the other side of the fault moved southeast.

Some of the clearest images show long scars on the surface of the Mojave Desert, indicating precisely the 30 miles of earthquake fault — oriented in a northwest-southeast direction — that moved within moments on July 5.

“I’ve never seen this before,” said Brian Olson, engineering geologist with the California Geological Survey. “It’s really dramatic and a super-good illustrator, even for the advanced scientists, all the way down to the grade-school kids.”

Source: Watch as the Ridgecrest earthquake shatters desert floor in stunning before-and-after images – Los Angeles Times

Mark Turner : Navy Answers How a 57-Year-Old Maverick Could Still Feel the Need for Speed – USNI News

July 23, 2019 05:50 PM

Maverick flying 33 years later? File this under “unlikely.”

Late last week, as the official motion picture trailer for “Top Gun: Maverick” raced around social media, among the questions without easy answer was how was Pete “Maverick” Mitchell still feeling the need for speed as a 57-year-old captain with 30-plus years of service?

Paramount Pictures hasn’t released much about the plot of what will presumably be a summer 2020 blockbuster, and all fans have to go on are film industry site IMDB and what’s in the trailer released last week. However, the trailer addresses how odd it would be to have a captain in his late 50s when his peer group would have either made flag officer or hit the statutory retirement of 30 years of service.

In the trailer, Ed Harris’ character, an unidentified rear admiral, gives a brief overview of Maverick’s career.

“Thirty-plus years of service. Combat medals, citations, the only man to shoot down three enemy planes in the last 40 years. Yet you can’t get a promotion, you won’t retire, and despite your best efforts you refuse to die,” he said.

“You should be at least a two-star admiral by now. Yet here you are. Captain. Why is that?”

Could a real-world Capt. Mitchell still fly missions 33 years after audiences first saw the iconic naval aviator buzz control towers in the 1986 blockbuster “Top Gun”?

Source: Navy Answers How a 57-Year-Old Maverick Could Still Feel the Need for Speed – USNI News

Mark Turner : How did Kim Jong Un get his Mercedes-Benzes? – CNN Style

July 16, 2019 06:40 PM

On June 14, 2018, two armored Mercedes-Maybach S600 Guard vehicles were shipped from the Dutch Port of Rotterdam, heading out on a journey that would take months and see the cars transported thousands of miles through six countries, according to a new report from the Washington-based Center for Advanced Defense Studies (C4ADS).

After stops in China, Japan, South Korea and Russia, the two cars — each worth about $500,000 — are believed to have been flown to their final destination, Pyongyang. And in the North Korean capital, there’s only one customer who likely requires this type of ride.

The origin and journey of the two Mercedes luxury vehicles were exposed in the C4ADS report. CNN has not independently verified C4ADS’ reporting.

Source: How did Kim Jong Un get his Mercedes-Benzes? – CNN Style

Mark Turner : How a Flock of Birds Can Fly and Move Together | Audubon

July 16, 2019 06:36 PM

Many birds flock, of course. But only a relative handful really fly together, creating what University of Rhode Island biologist Frank Heppner, in the 1970s, proposed calling “flight flocks”: namely, highly organized lines or clusters. Pelicans, geese, and other waterfowl form lines and Vs, presumably to take advantage of aerodynamic factors that save energy. But the most impressive flockers are arguably those that form large, irregularly shaped masses, such as starlings, shorebirds, and blackbirds. They often fly at speeds of 40 miles or more per hour, and in a dense group the space between them may be only a bit more than their body length. Yet they can make astonishingly sharp turns that appear, to the unaided eye, to be conducted entirely in unison. Imagine doing unrehearsed evasive maneuvers in concert with all the other fast-moving drivers around you on an expressway, and you get an idea of the difficulty involved.

No wonder observers have been left groping for an explanation. When Heppner, now semi-retired, began studying pigeon flocks more than 30 years ago, he suggested that they communicate through some sort of neurologically based “biological radio.”

Source: How a Flock of Birds Can Fly and Move Together | Audubon

Mark Turner : New Solar + Battery Price Crushes Fossil Fuels, Buries Nuclear

July 04, 2019 01:28 AM

Los Angeles Power and Water officials have struck a deal on the largest and cheapest solar + battery-storage project in the world, at prices that leave fossil fuels in the dust and may relegate nuclear power to the dustbin.Later this month the LA Board of Water and Power Commissioners is expected to approve a 25-year contract that will serve 7 percent of the city’s electricity demand at 1.997¢/kwh for solar energy and 1.3¢ for power from batteries.

“This is the lowest solar-photovoltaic price in the United States,” said James Barner, the agency’s manager for strategic initiatives, “and it is the largest and lowest-cost solar and high-capacity battery-storage project in the U.S. and we believe in the world today. So this is, I believe, truly revolutionary in the industry.”

Source: New Solar + Battery Price Crushes Fossil Fuels, Buries Nuclear