Mark Turner : How China’s lunar relay satellite arrived in its final orbit | The Planetary Society

October 15, 2018 01:14 AM


This is a pretty fascinating explanation of China’s lunar relay mission, Queqiao, becoming the first relay satellite to serve the far side of the moon.

After a 24-day journey, Queqiao, the relay satellite for China’s Chang’e 4 lunar mission, successfully entered its Earth-Moon L2 halo orbit. A normal mission to lunar orbit usually takes four or five days, but Queqiao took much longer due to its special orbit. Here’s a guide to the spacecraft’s long and complicated journey.

Source: How China’s lunar relay satellite arrived in its final orbit | The Planetary Society

Mark Turner : After Soyuz Failure, Space Is Now Weirdly Inaccessible to Astronauts

October 14, 2018 04:42 PM

All crewed launches have been suspended by Russia’s space agency following yesterday’s Soyuz rocket failure. That’s a problem, because much of the world relies on Russian rockets to get both cargo and people into space. Consequently, we’re now facing the very real possibility of having an uncrewed International Space Station—something that hasn’t happened in nearly two decades.

Source: After Soyuz Failure, Space Is Now Weirdly Inaccessible to Astronauts

Mark Turner : Gotcha! US Air Force’s Secretive X-37B Space Plane Spotted by Satellite Tracker

October 11, 2018 03:10 PM


I am seriously considering making space object tracking a new hobby.

The U.S. Air Force’s X-37B space plane may be secretive, but it’s not invisible.

Netherlands-based satellite tracker Marco Langbroek snapped long-exposure photos of the robotic mini-shuttle zooming over the city of Leiden yesterday (Aug. 20), capturing the spacecraft’s rapid trek across the night sky as a thin streak of light.The Air Force discloses little about X-37B missions, keeping details about the plane’s orbit and most of its payloads close to the vest. But Langbroek said he’s confident that the light trail he photographed came from the space plane, which is also known as the Orbital Test Vehicle (OTV).

“The object in question is not in the public catalogue of satellite orbits maintained by JSpOC (the U.S. military tracking network), which shows for an object this bright that it must be a ‘classified’ object,” Langbroek told Space.com via email. “We nevertheless know where ‘classified’ objects like this are, because they are routinely tracked by a small network of amateur trackers, in which I takepart.”

Source: Gotcha! US Air Force’s Secretive X-37B Space Plane Spotted by Satellite Tracker

Mark Turner : Apple caught ripping off customer at Genius Bar

October 11, 2018 03:07 PM

CBC sent a hidden camera to an Apple Genius Bar for a typical Macbook problem of a broken screen. The Apple staffmember recommended $1200 of repairs or a new MacBook, but when the reporter took the same laptop to a NYC repair shop, he got it fixed for free. This is a good look at Apple’s attitude regarding non-Apple repairs and a consumer’s right-to-repair anything she or he owns.

Mark Turner : Russian Whistleblower Assassinated After Uncovering $200 Billion Dirty-Money Scandal

October 11, 2018 03:03 PM

LONDON—A crusading Russian official traveled to Estonia in the summer of 2006 to warn the authorities that an unprecedented money-laundering scheme had been established in the tiny Baltic financial sector. The scam he had uncovered would go on to become the biggest dirty-money operation in history: the $200 billion Danske Bank scandal.

Three months after Andrei Kozlov, the first deputy chairman of the Russian Central Bank, tried to raise the alarm, he was dead.

Source: Russian Whistleblower Assassinated After Uncovering $200 Billion Dirty-Money Scandal

Mark Turner : Saudis are said to have lain in wait for Jamal Khashoggi – The Washington Post

October 11, 2018 03:02 PM

ISTANBUL — As Jamal Khashoggi prepared to enter the Saudi consulate in Istanbul on Oct. 2, a squad of men from Saudi Arabia who investigators suspect played a role in his disappearance was ready and in place. They had arrived from Riyadh, the Saudi capital, early that morning and checked in at two inter­national hotels in Istanbul before driving to the consulate in the leafy Levent neighborhood, said two people with knowledge of the investigation. One of them, the Mövenpick Hotel Istanbul, is a few minutes from the consulate by car.By the end of the day, a 15-member Saudi team had conducted its business and left the country, departing on planes bound for Cairo and Dubai, according to flight records and the people familiar with the investigation.

Source: Saudis are said to have lain in wait for Jamal Khashoggi – The Washington Post

Mark Turner : Turkey concludes Saudi journalist Jamal Khashoggi killed by ‘murder’ team, sources say – The Washington Post

October 09, 2018 03:29 PM

Well, this is disturbing.

ISTANBUL — Turkey has concluded that Jamal Khashoggi, a prominent journalist from Saudi Arabia, was killed in the Saudi Consulate in Istanbul last week by a Saudi team sent “specifically for the murder,” two people with knowledge of the probe said Saturday.Turkish investigators believe a 15-member team “came from Saudi Arabia. It was a preplanned murder,” said one of the people. Both spoke on the condition of anonymity to discuss the ongoing investigation.

Source: Turkey concludes Saudi journalist Jamal Khashoggi killed by ‘murder’ team, sources say – The Washington Post

Tarus Balog : UKNOF41

October 08, 2018 02:51 PM

I love tech conferences, especially when I get to be a speaker. Nothing makes me happier than to be given a platform to run my mouth.

For the last year or so I’ve been attending various Network Operators Group (NOG) meetings, and I recently got the opportunity to speak at the UK version, which they refer to as a Network Operators Forum (UKNOF). It was a lot of fun, so I thought I’d share what I learned.

UKNOF41 was held in Edinburgh, Scotland. I’d never been to Scotland before and I was looking forward to the visit, but Hurricane Florence required me to return home early. I ended up spending more time in planes and airports than I did in that city, and totally missed out on both haggis and whisky (although I did drink an Irn-Bru). I arrived Monday afternoon and met up with Dr. Craig Gallen, the OpenNMS Project representative in the UK. We had a nice dinner and then got ready for the meeting on Tuesday.

Like most NOG/NOF events, the day consisted of one track and a series of presentations of interest to network operators. I really like this format. The presentations tend to be relatively short and focused, and this exposes you to concepts you might have missed if there were multiple tracks.

UKNOF is extremely well organized, particularly from a speaker’s point of view. There was a ton of information on what to expect and how to present your slides, and everything was run from a single laptop. While this did mean your slides were due early (instead of, say, being written on the plane or train to the conference) it did make the day flow smoothly. The sessions were recorded, and I’ll include links to the presentations and the videos in the descriptions below.

UKNOF41 - Keith Mitchell

The 41st UKNOF was held at the Edinburgh International Conference Centre, located in a newer section of the city and was a pretty comfortable facility in which to hold a conference. Keith Mitchell kicked off the the day with the usual overview of the schedule and events (slides), and then we got right into the talks.

UKNOF41 - Kurtis Lindqvist

The first talk was from Kurtis Lindqvist who works for a service provider called LINX (video|slides). LINX deployed a fairly new technology called EVPN (Ethernet VPN). EVPN is “a multi-tenant BGP-based control plane for layer-2 (bridging) and layer-3 (routing) VPNs. It’s the unifying L2+L3 equivalent of the traditional L3-only MPLS/VPN control plane.” I can’t say that I understood 100% of this talk, but the gist is that EVPN allows for better use of available network resources which allowed LINX to lower its prices, considerably.

UKNOF41 - Neil McRae

The next talk was from Neil McRae from BT (video|slides). While this was my first UKNOF I quickly identified Mr. McRae as someone who is probably very involved with the organization as people seemed to know him. I’m not sure if this was in a good way or a bad way (grin), probably a mixture of both, because being a representative from such a large incumbent as BT is bound to attract attention and commentary.

I found this talk pretty interesting. It was about securing future networks using quantum key distribution. Current encryption, such as TLS, is based on public-key cryptography. The security of public-key cryptography is predicated on the idea that it is difficult to factor large numbers. However, quantum computing promises several orders of magnitude more performance than traditional binary systems, and the fear is that at some point in the future the mathematically complex operations that make things like TLS work will become trivial. This presentation talked about some of the experiments that BT has been undertaking with quantum cryptography. While I don’t think this is going to be an issue in the next year or even the next decade, assuming I stay healthy I expect it to be an issue in my lifetime. It is good to know that people are working on solving it.

At this point in time I would like to offer one minor criticism. Both of the presenters thus far were obviously using a slide deck created for a purpose other than UKNOF. I don’t have a huge problem with that, but it did bother me a little. As a speaker I always consider the opportunity to speak to be a privilege. While I joke about writing the slides on the way to the conference, I do put a lot of time into my presentations, and even if I am using some material from other decks I make sure to customize it for that particular conference. Ultimately what is important is the content and not the deck itself and perhaps UKNOF is a little more casual than other such meetings, but it still struck me as, well, rude, to skim through a whole bunch of slides to fit the time slot and the audience.

UKNOF41 - Julian Palmer

After a break the next presentation was from Julian Palmer of Corero (video|slides). Corero is a DDOS protection and mitigation company, which I assume means they compete with companies such as Cloudflare. I am always fascinated by the actions of those trying to break into networks and those trying to defend them, so I really enjoyed this presentation. It was interesting to see how much larger the DDOS attacks have grown over time and even more surprising to see how network providers can deal with them.

UKNOF41 - Stuart Clark

This was followed by Stuart Clark from Cisco Devnet giving a talk on using “DevOps” technologies with respect to network configurations (video|slides). This is a theme I’ve seen at a number of NOG conferences: let’s leverage configuration management tools designed for servers and apply them to networking gear. It makes sense, and it is interesting to note that the underlying technologies between both have become so similar that using these tools actually works. I can remember a time when accessing network gear required proprietary software running on Solaris or HP-UX. Now with Linux (and Linux-like) operating systems underpinning almost everything, it has become easier to migrate, say, Ansible to work on routers as well as servers.

It was my turn after Mr. Clark spoke. My presentation covered some of the new stuff we have released in OpenNMS, specifically things like the Minion and Drift, as well as a few of the newer things on which we are actively working (video|slides). I’m not sure how well it was received, but number of people came up to me afterward and say they enjoyed it. During the question and answer session Mr. McRae did state something that bothered me. He said, basically, that the goal of network monitoring should be to get rid of people. I keep hearing that, especially from large companies, but I have to disagree. Technology is moving too fast to ever get rid of people. In just half a day I was introduced to technologies such as EVPN and quantum key distribution, not to mention dealing with the ever-morphing realm of DDOS attacks, and there is just no way monitoring software will ever evolve fast enough to cover everything new just to get rid of people.

Instead, we should be focusing on enabling those people in monitoring to be able to do a great job. Eliminate the drudgery and give them the tools they need to deal with the constant changes in the networking space. I think it is a reasonable goal to use tools to reduce the need to hire more and more people for monitoring, but getting rid of them altogether does not seems likely, nor should we focus on it.

I was the last presentation before lunch (so I finished on time, ‘natch).

UKNOF41 - Chris Russell

The second half of the conference began with a presentation by Chris Russell (video|slides). The title was “Deploying an Atlas Probe (the Hard Way)”, which is kind of funny. RIPE NCC is the Internet Registry for Europe, and they have a program for deploying hardware probes to measure network performance. What’s funny is that you just plug them in. Done. While this presentation did include discussion of deploying an Atlas probe, it was more about splitting out a network and converting it to IPv6. IPv6 is the future (it is supported by OpenNMS) but in my experience organizations are very slowly migrating from IPv4 (the word “glacier” comes to mind). Sometimes it takes a strong use case to justify the trouble and this presentation was an excellent case study for why to do it and the pitfalls.

UKNOF41 - Andrew Ingram

Speaking of splitting out networks, the next presentation dealt with a similar situation. Presented by Andrew Ingram from High Tide Consulting, his session dealt with a company that acquired another company, then almost immediately spun it back out (video|slides). He was brought in to deal with the challenges of dealing with a partially combined network that needed to be separated in a very short amount of time with minimal downtime.

I sat next to Mr. Ingram for most of the conference and learned this was his first time presenting. I thought he did a great job. He sent me a note after the conference that he has “managed to get OpenNMS up and running in Azure with an NSG (Network Security Gateway) running in front for security and a Minion running on site. It all seams to be working very nicely”

Cool.

UKNOF41 - Sara Dickinson

The following presentation would have to be my favorite of the day. Given by Sara Dickinson of Sinodun IT, it talked about ways to secure DNS traffic (video|slides).

The Internet wouldn’t work without DNS. It translates domain names into addresses, yet in most cases that traffic is sent in the clear. It’s metadata that can be an issue with respect to privacy. Do you think Google runs two of the most popular DNS servers out of the goodness of their heart? Nope, they can use that data to track what people are doing on the network. What’s worse is that every network provider on the path between you and your DNS server can see what you are doing. It is also an attack vector as well as a tool for censorship. DNS traffic can be “spoofed” to send users to the wrong server, and it can be blocked to prevent users from accessing specific sites.

To solve this, one answer is to encrypt that traffic, and Ms. Dickinson talked about a couple of options: DoT (DNS over TLS) and DoH (DNS over HTTPS).

The first one seems like such a no-brainer that I’m surprised it took me so long to deploy it. DoT encrypts the traffic between you and your DNS server. Now, you still have to trust your DNS provider, but this prevents passive surveillance of DNS traffic. I use a pfSense router at home and decided to set up DoT to the Quad9 servers. It was pretty simple. Of all of the major free DNS providers, Quad9 seems to have the strongest privacy policy.

The second protocol, DoH, is DNS straight from the browser. Instead of using a specific port, it can use an existing HTTPS connection. You can’t block it because if you do you’ll block all HTTPS traffic, and you can’t see the traffic separately from normal browsing. You still have to deal with privacy issues since that domain name has to be resolved somewhere and they will get header information, such as User-Agent, from the query, so there are tradeoffs.

While I learned a lot at UKNOF this has been the only thing I’ve actually implemented.

After a break we entered into the all too common “regulatory” section of the conference. Governments are adding more and more restrictions and requirements for network operators and these NOG meetings are often a good forum for talking about them.

UKNOF41 - Jonathan Langley

Jonathan Langley from the Information Commissioner’s Office (ICO) gave a talk on the Network and Information Systems Directive (NIS) (video|slides). NIS includes a number of requirements including things such as incident reporting. I thought it was interesting that NIS is an EU directive and the UK is leaving the EU, although it was stressed that NIS will apply post-Brexit. While there were a lot of regulations and procedures, it wasn’t as onerous as, say, TICSA in New Zealand.

UKNOF41 - Huw Saunders

This was followed by another regulatory presentation by Huw Saunders from The Office of Communications (Ofcom) (video|slides). This was fairly short and dealt primarily with Ofcom’s role in NIS.

UKNOF41 - Askar Sheibani

Askar Sheibani presented an introduction to the UK Fibre Connectivity Forum (video|slides). This is a trade organization that wants to deploy fiber connectivity to every commercial and residential building in the country. My understanding is that it will help facilitate such deployments among the various stakeholders.

UKNOF41 - David Johnston

The next to the last presentation struck a cord with me. Given by David Johnston, it talked about the progress the community of Balquhidder in rural Scotland is making in deploying its own Internet infrastructure (video|slides). I live in rural North Carolina, USA, and even though the golf course community one mile from my house has 300 Mbps service from Spectrum, I’m stuck with an unreliable DSL connection from CenturyLink, which, when it works, is a little over 10 Mbps. Laws in North Carolina currently make it illegal for a municipality to provide broadband service to its citizens, but should that law get overturned I’ve thought about trying to spearhead some sort of grassroots service here. It was interesting to learn how they are doing it in rural Scotland.

UKNOF41 - Charlie Boisseau

The final presentation was funny. Given by Charlie Boisseau, it was about “Layer 0” or “The Dirty Layer” (video|slides). It covered how cable and fiber are deployed in the UK. The access chambers for conduit have covers that state the names of the organizations that own them, and with mergers, acquisitions and bankruptcies those change (but the covers do not). While I was completely lost, the rest of the crowd had fun guessing the progression of one company to another. Anyone in the UK can deploy their own network infrastructure, but it isn’t exactly cheap, and the requirements were covered in the talk.

After the conference they served beer and snacks, and then I headed back to the hotel to get ready for my early morning flight home.

I had a lot of fun at UKNOF and look forward to returning some day. If you are a network provider in the UK it is worth it to attend. They hold two meetings a year, with one always being in London, so there is a good chance one will come near you at some point in time.

Mark Turner : China Snuck Chips Into CIA, U.S. Military, Commercial Servers Leaving Them Open To Hacks: Report – The Drive

October 08, 2018 01:02 PM

China seems willing to gamble its huge manufacturing industry in service to its spying. Why should foreign companies trust their manufacturing to China anymore? Regardless of the economic price China will pay for this, it can never be fully trusted again.

A new report is alleging the Chinese government directly interceded to insert small microchips into motherboards from a company called Supermicro, that are in use in servers everywhere from the adult film industry to U.S. military and U.S. Intelligence Community data centers, which make them vulnerable open them up to remote hacks. If the claims turn out to be true, it would be an intelligence operation of historic proportions that would have far-reaching and long-lasting ramifications.

On Oct. 4, 2018, Bloomberg Businessweek published its story, which is the culmination of years of investigative work and cites nearly 20 anonymous sources from both the U.S. government and private companies reportedly involved in the affair. The piece says that American authorities first became aware of the existence of the chips in 2015, that the classified probe is still ongoing, and that U.S. officials have identified an unspecified unit of the People’s Liberation Army (PLA) as being responsible for sneaking the malicious hardware into the servers.

Source: China Snuck Chips Into CIA, U.S. Military, Commercial Servers Leaving Them Open To Hacks: Report – The Drive

Mark Turner : Hong Kong denies visa to Financial Times journalist Victor Mallet — Quartz

October 08, 2018 12:59 PM

I was sorry to learn that Hong Kong’s freedom-of-speech protections are under attack by mainland China.

Mainland China frequently denies visas to foreign journalists and scholars—a preferred way to force out those whose reporting or research officials object to. But Hong Kong has long offered a welcoming visa regime that made it a safe hub for journalists in the region.

That may be changing. The Hong Kong Free Press on Friday (Oct. 5) reported that the Hong Kong Immigration Department denied a work visa renewal to highly-regarded Financial Times journalist Victor Mallet, the paper’s Asia news editor. The Financial Times said in a statement, “This is the first time we have encountered this situation in Hong Kong. We have not been given a reason for the rejection.”

Source: Hong Kong denies visa to Financial Times journalist Victor Mallet — Quartz

Mark Turner : Trump Weaponizes Victimhood – Trevor Noah

October 08, 2018 12:57 PM

Daily Show host Trevor Noah spoke last week about the Kavanaugh hearings and pointed out something I’d never grasped until now. Trump’s whole shtick is that he plays to his base’s sense of victimhood. Many on the right feel persecuted – like the majority is coming to get them – and Trump has become expert at feeding these fears.

Of course, those of us who aren’t under his spell clearly see that this victimhood perception is nonsense but for those caught in its grasp it can be a powerful illusion. I’d been enraged by the antics of Trump and his supporters but never saw what he was doing until Noah pointed it out.

Now I know what we’re dealing with. Now I know how the right will perceive the left’s actions, and more importantly how it will be portrayed by right-wing media. The left needs to adjust accordingly so that we do not inadvertently feed this narrative. We need to diffuse this perception. Some ways to do this is to reach out to these folks, find the common ground, and build trust. If we can prove that we’re not out to get them – that we have the same struggles they do – we might find ways to work together as a community instead of as opposing teams.

Now wouldn’t that be great?

Mark Turner : Mitch McConnell, the man who broke America – The Washington Post

October 08, 2018 12:47 PM

By rights, McConnell’s tombstone should say that he presided over the end of the Senate. And I’d add a second line: “He broke America.” No man has done more in recent years to undermine the functioning of U.S. government. His has been the epitome of unprincipled leadership, the triumph of tactics in service of short-term power.

Source: Mitch McConnell, the man who broke America – The Washington Post

Mark Turner : FACT CHECK: Could a Case Currently Before the Supreme Court Result in a Stronger Presidential Pardon?

October 08, 2018 02:13 AM

Kavanaugh may overturn a longstanding legal precedent in order to offer Trump pardon power. The case us Gamble v. United States and it may turn into the ultimate power grab by any president.

Kavanaugh mayWhy Would President Trump Be Interested in the Outcome of This Case?

The reason Gamble v. United States is generating buzz from people other than constitutional law scholars is that the separate sovereigns exception also prevents President Trump from pardoning people for state crimes. Under current Supreme Court precedent, a presidential pardon of an individual does not prevent that individual from being prosecuted for the same or similar crimes under state law. “Under the dual sovereignty doctrine,” Adam J. Adler wrote in the Yale Law Review, “as long as two offenses are defined by different jurisdictions, they cannot constitute the ‘same offense.’”The Congressional Research Service issued an August 2018 report on the potential ramifications of the case, and this report included a discussion of its possible effect on the presidential pardon power: The Gamble case may nevertheless have significant collateral legal effects … A win for Gamble could also indirectly strengthen the President’s pardon power, by precluding a state from prosecuting an already-pardoned defendant who has gone to trial on an overlapping offense.

Source: FACT CHECK: Could a Case Currently Before the Supreme Court Result in a Stronger Presidential Pardon?

Mark Turner : USS Elliot shipmate meetup

October 08, 2018 02:07 AM

L-R: Orlando Brown, Mark Turner, Robert Nordman

I got the urge last week to set up a meeting with my former USS Elliot shipmate, Orlando Brown. Orlando, or “OC” as we call him, lives near Creedmoor and so picked out a beer joint in that neck of the woods. It took me the better part of the hour to navigate my way there last night, with my T-Mobile cellphone losing its network signal in the thick woods.

When I walked in, 15 minutes late, there was OC along with another shipmate I hadn’t seen for over thirty years: Robert Nordman. I had been hoping that OC had thought to invite him, which was easy to do because he and OC live so close to each other.

We spent three hours catching up, telling sea stories, and being thankful that we’re still here to tell the tales. Rob was in very good spirits in spite of having been diagnosed with cancer earlier this year. He has always worked his ass off at whatever he does and OC and I kept him out later than he would’ve liked as he was running out of steam.

I was also struck by Rob’s mention that many of our shipmates are dealing with illnesses, many of which sound like Gulf War Illness. Some of these guys can’t even walk anymore and they’re no older than 50. I’ll have more to say on this in a future post but last night served as a kick in the pants to pursue my own Gulf War Illness issues, get what I have diagnosed, and potentially get my VA disability claim filed. Life is too short, y’all.

Anyway, I love these guys like brothers.

Tanner Lovelace : Peanut butter in my chocolate and chocolate in my peanut butter

September 28, 2018 08:51 PM

Just like that old add for Reeses Peanut Butter Cups, two things I absolutely love have gotten together. My racing team, Big Sexy Racing, has recently gotten together with Infinit Nutrition, which I’ve been using since my first Ironman in 2015. You can see the press release about it here.  Infinit has helped me through 2 full ironman races and a dozen half iron races including the Augusta 70.3 this past weekend where my custom formula with 600mg sodium/hour helped me finish the race without being completely wiped out at the finish. 

If you would like to try out Infinit yourself, feel free to go to their website and use the code BSRFRIEND for 15% off your order.  You can either order one of their premade formulas or consult with one of their nutritionists and put together a custom formula just for you.  I think you’ll find it worth your while. 

Mark Turner : Not every awkward interaction is sexist

September 28, 2018 10:56 AM

Maybe I’m a bad liberal, but this caught my eye. A friend re-posted this Facebook post from a woman who describes an encounter she had with a male at the airport. It was shared publicly on Facebook so I am including it here:

Hilary Jerome Scarsella
22 September at 18:51

Story time. I’m at the airport, working on my laptop, sitting near a guy I just met at a conference this weekend. He and I were both invited speakers, and he was waiting for his flight home too. Another guy comes and sits across from us. He starts talking. He is talking a lot. He finds out we were speakers at a conference about trauma, theology, sexual abuse, and the church. He thinks this is really interesting. He’s into theology and trauma. He asks what my degrees are in. He launches into explaining his belief that everything happens for a reason, that the universe is filled with forces that even out all wrongdoing, that everyone is where they are supposed to be at all times, that something good comes from each thing that is bad, and so on. I listen and ask him questions and let him know kindly that I disagree. Did slavery happen for a reason? Has the Native American genocide been evened out? Was that woman really supposed to be in the room where she was raped? We argue. He works hard to show me that he is right. I look at my laptop. My work is not getting done. I say “I understand your perspective and I disagree.” He reiterates his points and then says, “It was great talking to you, I’m gonna go catch my flight!”

Then this brilliant thing happened. My new friend leaned forward as airport guy was about to walk away, and he said, “Dude, you missed an opportunity. You had an expert in theology and trauma sitting in front of you. You say you’re interested in these things but you didn’t ask her a single question. You didn’t try to learn anything at all from her. You know she has advanced degrees and is published but you just tried to show her that you know more about her work than she does. You missed out. Big fail, man.”

I’m sure I didn’t remember that verbatim, but I think the quote is pretty close.

The guy got uncomfortable and tried to defend himself, but my new friend and I smiled and shook our heads. Nope, we weren’t having it. Then, the guy sat back down and asked me to “teach him” for 5 minutes before he went to board his plane. He was trying to make it right. I smiled and said no thank you, I didn’t want to be put on the spot or responsible for him missing his flight (which had been boarding for 15 minutes). My new friend added, “No, man, you gotta live with the consequences of your mistake. Time’s up.”

We each said a pleasant goodbye, waved, and the guy went off to his gate.

This was (for me, in this particular situation) an awesome experience of a man (my new friend) using his male privilege to call bs on another man’s (airport guy) entitlement and sexism in a way that redirected power and dignity, and honestly, needed emotional energy back to me. When he spoke up, my body relaxed. My new friend wasn’t the least bit concerned about hurting airport guy’s feelings or making him uncomfortable. He was concerned about interrupting men’s patterns of lowkey dominating women. I found his priorities startling and refreshing. They made the physical space I was in change. It went from hostile space to safe(er) space in the time it took to speak a sentence. The ease with which my new friend expressed his priorities signaled a long term, practiced commitment to not only holding them in his mind but to embodying them as well. I wish I encountered this more often. My new friend shouldn’t get accolades. I’m not writing this to praise him or put him in some kind of weird male savior position. His priorities should be normal and interrupting sexism should be mundane. But they’re not, so. Here we are.

Menfolk, will you please make this happen more often? I could get by on half the energy it currently takes me to exist in the world if y’all would each take on one or two airport guys a month.

In earnest, though. I hope this might be a helpful example for those looking to build habits of supporting women and challenging sexism. This isn’t the only way to do it but it’s one way that worked today.

So a mutual friend weighed in on this post and made the point that this is presented as a case of “mansplaining” and yet it’s not really clear that this was sexist behavior. My friend was roundly rebuked by women for expressing his doubt. Foolishly, perhaps, for my own peace I supported my friend.

And I still do.

I don’t deny that some men are sexist and unjustifiably challenge women, so let’s just get this straight right off the bat. In this case, these two were arguing over a question of philosophy. Both points of view can be valid! If the man was arguing over questions of hard science or provable facts then I might accept the possibility he was being condescending. Didn’t happen here.

Secondly, we don’t really know how this woman’s fellow speaker was treated because aside from his last comment to the airport guy, she doesn’t mention him at all. We have no proof that airport guy treated the male speaker any differently than the female one.

Finally, this was an innocent, small talk airport conversation! This wasn’t a fellow colleague questioning another’s skills or aptitude! Did he interrupt her? No. Did he talk over her? No. It was a discussion designed to kill time. I see NOTHING here that show he was being sexist.

I don’t doubt that some women get incensed when a man appears to dismiss a woman’s expertise simply because she’s a woman. They have a right to be incensed. Even so, it’s easy to fall into the trap of seeing everything as a slight when it might not be.

Tarus Balog : Meridian 2018

September 24, 2018 06:01 PM

It is hard to believe that our first release of OpenNMS Meridian was over three years ago.

Meridian Logo

We were struggling with trying to balance the needs of a support organization with the open source desire to “release early, release often”. How do you deal with wanting to be as cutting edge as possible but to support customers who really need a stable platform? We did have a “development” release, but no one really used it.

Our answer was to model OpenNMS on Red Hat, the most successful open source company in existence. While Red Hat has hundreds of products, their main offering is Red Hat Enterprise Linux (RHEL). This is derived, in large part, from the Fedora Linux distribution. New things hit Fedora first and, once vetted, make their way into RHEL.

We decided to do the same thing with OpenNMS. OpenNMS was split into two main branches: Horizon and Meridian. Horizon was the Fedora equivalent, while Meridian was modeled on RHEL.

This has been very successful. While we were averaging a new major OpenNMS release every 18 months, now we do three or four Horizon releases per year. Tons of new features are hitting Horizon, from the ability to deal with telemetry data, new correlation features to condense alarms into “situations” based on unsupervised machine learning, to the first steps toward a microservices architecture.

We do our best to release code as production-ready as possible. Our users are very creative and use OpenNMS in unique ways. By offering up rapid Horizon releases it allows us to find and fix issues quickly and work out how to best implement new functionality.

But what about our users who are more interested in stability than the “new shiny”? They needed a system that was rock solid and easy to maintain. That’s why we created Meridian. Meridian lags Horizon on features but by the time a feature hits Meridian, it has been tested thoroughly and can immediately be deployed into production.

There is one major Meridian release a year, with usually three or four point updates. Anyone who has ever upgraded OpenNMS understands that dealing with configuration file changes can be problematic. With Meridian, moving from one point release to another rarely changes configuration, so upgrades can happen in minutes and users can rest assured that their systems are up to date and secure. Each Meridian release is supported for three years.

There is a cost associated with using Meridian. Similar to RHEL, it is offered as a subscription. While still 100% open source, you pay a fee to access the update servers, and the idea is that you are paying for the effort it takes to refine Horizon into Meridian and get the most stable version of OpenNMS possible. We are so convinced that Meridian is worth it, it is available without having to buy a support contract. Meridian users get access to OpenNMS Connect, which is a forum for asking questions about using Meridian.

It seems like it was just yesterday that we did this but it has now been over three years. That means support will sunset on Meridian 2015 at the end of the year. Never fear, the latest releases are just as stable and even more feature rich.

The main feature in Meridian 2018 is support for the OpenNMS Minion. The Minion is a stateless application that allows for remote distribution of OpenNMS functionality. For example, I used to run an OpenNMS instance at my house to monitor my devices. Now I just have a Minion. Even though my network is not reachable from our production OpenNMS instance, the Minion allows me to test service availability, and well as collect data and traps, and then forward them on to the main application. The Minion itself is stateless – it connects to a messaging broker on the OpenNMS server in order to get its list of tasks.

A Minion is defined by its “Location”. You can have multiple Minions for a given location and they will access the broker via a “competitive consumer queue”. This way if a particular Minion goes down, there can be another to do the work. By default OpenNMS ships with ActiveMQ as the broker, but it is also possible to use an external Kafka instance as well. Kafka can be clustered for both load balancing and reliability, and the combination of a Kafka cluster and multiple Minions can make the amount of devices OpenNMS monitors virtually limitless (we are working on a proof of concept for one user with over 8 million discrete devices).

There are a number of other features in Meridian 2018, so check out the release notes for more details. It is an exciting addition to the OpenNMS product line.

David Cafaro : Taking a BIG leap with two speaking engagements.

September 18, 2018 03:05 AM

I have two speaking engagements lined up over the next two months that I’m very excited about (with a drop of stage fright).  Both are on topics I am passionate about and feel need a lot more thought in the information security world: Human Interaction with Technology, and Psychological and Sociological aspects of Information Security.

The first talk I’m giving Sept. 28th is at a new technology conference in Harrisonburg, VA called Valley TechCon.  My talk is titled “Driving Security Through Technology”, but as a small hint, I focus a lot on the human element of technology.

The second talk I’m giving is Oct 26th at BSidesDC Security Conference in Washington, DC.  This is a great local security con focused on providing information security knowledge to all that want to learn.  It’s also one of the largest of the BSides Security conferences in the world.  My talk is titled “Blue Teams next tool: Social Engineering (Psychology and Sociology at Work).  Again, it’s a talk that focus a lot on the human interaction side of information security.

I’ve always had a great interest in how we, as individuals and societies, interact with technology.  Now I’m hoping to fan the flames of others interest in looking beyond just the technological answers to cyber security.

Mark Turner : Isaac Hunter’s Tavern story runs

September 09, 2018 01:18 AM


A few months back I showed my friend Heather Leah around the ruins of Isaac Hunter’s Tavern for a story she was writing for the WAKE Living magazine. The story just ran in the Fall 2018 issue and included a few quotes from me. Not only that, it announces that plans are afoot to better memorialize the tavern that helped put Raleigh on the map! Heather also added some photos of some artifacts associated with the tavern which really brought the story to life.

It was a great story and tells of an even greater future for Isaac Hunter’s Tavern!

Mark Turner : RIP Burt Reynolds

September 07, 2018 05:47 PM

Yesterday, legendary actor Burt Reynolds died. The star of Smokey and the Bandit, Deliverance, and other films was 82.

I got the chance to briefly meet Burt when he gave a pre-game speech to Florida State alumni on November 10, 2001 when N.C. State was the visiting team. He was of course mobbed by FSU well-wishers that day but kindly took a moment for me to take a photo of him with my starstruck mother. Meeting him meant a lot to my mom but what always struck me about the photograph is that Burt truly looks like it meant a lot to him, too. It wasn’t a faked smile, or a pained look like he had somewhere else to be. He truly seems like he enjoyed the moment, like he had known my mom forever.

You often hear of celebrities who seem nice in public but turn out to be jerks when the cameras aren’t around. Burt Reynolds was exactly who he seemed to be: just a funny, kind, down-to-earth guy.

Rest in peace, sir.

Tarus Balog : The Technology Choice Struggles of a Freetard

August 29, 2018 08:33 PM

TL;DR: With the demise of CopperheadOS, I’ve had to struggle to find a new mobile operating system. With the choices coming down to Google or Apple, I decided to return to Apple and I bought an iPhone. Learning quickly that it is very hard to manage the iPhone under Linux, I also decided to switch to a Macbook Pro. A month later and after a business trip with the laptop, I am returning to Linux as my primary operating system.

This is a rather long post that I doubt will interest even one of my three readers, but as I expect a small subset of the population agonizes over technology choices as much as I do, perhaps someone will find it useful.

Back in 2011 I decided to stop using Apple gear and switch to running as much free software as possible. It was difficult, but I managed to switch almost all of my technology to open, if not always free, options. The hardest part was mobile.

For years people have been trumpeting each new year as “The Year of the Linux Desktop“. The problem is that more and more people are doing without a desktop entirely, and instead interact via mobile devices, so it is becoming more like “The Year of the Free Buggy Whip”. The broader free and open source community totally missed the boat when it came to mobile.

Seriously, where is the “Linux” of mobile? We don’t have it. Our choices are pretty much limited to Apple and Google.

Apple is pretty straightforward. They control the whole experience so you buy devices from them and you are allowed to run the software they let you. The freetard in me chafes at these limitations.

So that leaves Android. The problem with Android is that it is pretty much Google. Almost all of the Android Open Source Project (AOSP) derivatives rely on Google for both security updates and device drivers (which are rarely open). They start from a platform over which they have little control, unlike Linux.

Google is becoming more and more intrusive when it comes to surveillance. When you first sign in you are asked “Do you want to improve your Android experience?” Well, who doesn’t, but what I failed to realize is that if you turn that on (it is on by default) you end up sending pretty much every thing you do to Google: every app you open and how long you use it, every phone call you take, every text you send in addition to every link you visit. Turn it off and then your experience is greatly limited. For example, Google Maps won’t store your recent searches unless that feature is turned on. Recently I was in a private Google Hangout when the other person pasted a link. Although the link showed up normally in the chat window, the URL itself first went through Google when you clicked in it. Seriously? Google needs to track your activity down to the level of a link in a private Hangout?

But, Android is open source, unlike iOS, so for years I focused my mobile platform on Android but using alternative versions, often called “custom ROMs”.

Running custom ROMs is not for the faint of heart. Probably the most famous was CyanogenMod, but unfortunately that organization imploded spectacularly (but lives on in LineageOS). While I originally ran CyanogenMod, I found a really nice solution and community in OmniROM. In addition to the O/S, you need to install Google applications (GApps) separately, and projects like Open GApps let you control exactly what you install. I really liked that, and it worked well for awhile.

But there are two main issues with custom ROMs. The first is that almost all of them are volunteer organizations, thus the attention level of any one maintainer can vary greatly. They don’t have huge test organizations and the number of handsets supported can be limited. Find a good ROM with an active maintainer for your handset and you’re golden, but you can be up for a world of disappointment if not.

The second is that Google is getting more and more aggressive about having their applications run on these operating systems. Certain apps won’t run well (or run at all) if the underlying operating system isn’t “Google Approved”.

Thus I started running into problems. All of my older handsets are no longer being maintained (farewell Nexus 6) and OmniROM doesn’t support the Pixel (sailfish) or Pixel XL (marlin) which were released two years ago, so that option is out for me. I also like to play games like Pokémon Go, but it started behaving badly (or not running) on devices that weren’t vanilla Google.

I thought I had found a solution in CopperheadOS. This is (was) an organization out of Canada that made an extremely hardened version of Android. Unlike most custom ROMs where you replace the recovery partition or enable root access, Copperhead took the opposite approach and provided a very locked down, security conscious operating system. You would think this would be in opposition to free software, but it turns out their default software repository was F-Droid, which only features open source software, and in fact it was impossible to run the Google Play Store on the device (you allow Google the right to install any software they want without explicit permission when you use GApps and this went against the Copperhead philosophy).

This appealed to me, so I decided to try it out. I found I could do over 90% of what I needed to do without Google, and for things like Pokémon Go, I just got a second phone running stock Google (with a lot of the surveillance features turned off). So, my personal information lived on my Copperhead phone, and my “toy” phone let me do things like use Google Maps and call a Lyft.

Carrying two handsets wasn’t optimal, but I got used to it, and I found myself using the “Google” phone less and less. I loved the fact that security updates often hit my Copperhead phone a day or two before my Google phone, and I slept soundly knowing that my personal data was about as secure as I could make it (and still actually use a mobile device).

Then came June and the apparent demise of Copperhead (thanks Bryan Lunduke, for telling me about this and ruining my life, again). I needed to find another mobile solution.

About this time, privacy had come to the forefront with the impending implementation of the GDPR in Europe. The amount and level of surveillance being done by Google became even more transparent. There was a high profile study done in Norway that showed not only were companies like Google impacting your privacy, they were being pretty sneaky about it. The study also called out Facebook and Microsoft.

Surprisingly absent from that article was Apple. In fact, the news out of Apple-land was pretty positive. Due to the GDPR Apple made it possible for European users to download all of the tracking data Apple had on a given user and it was rather minuscule. Since Apple makes money on hardware, its business model makes it much more privacy friendly, even if it isn’t exactly a freetard’s best friend.

So I bought an iPhone.

A lot had changed in seven years. The iPhone is much more powerful but it is also a lot less intuitive. Even now I prefer the Android interface to iOS, but I didn’t find the transition too difficult.

No, the difficult part was trying to use the iPhone with Linux. While I found ways to mount the iPhone to my Linux desktop, you can’t manage music without iTunes, and iTunes doesn’t run natively on Linux.

(sigh)

Well, in for a penny, in for a pound. We had a spare 2017 13-inch Macbook Pro at the office, so I conscripted it to be my new laptop/desktop. Remember that the last Apple O/S I used regularly was Snow Leopard, so there was a second learning curve to climb.

Part of it was real easy. Free software on OSX has come a long way, so I simply installed Thunderbird, moved my profile over, and I was in business for e-mail. Similarly, Firefox was up and running with an install and a sync. The wonderful Homebrew project brought most of the rest of the stuff I needed to OSX land.

But I wasn’t super happy with the interface. I’ve tried a large number of desktop environments, and for my needs Cinnamon on Linux Mint works best. Little things about the OSX desktop just seemed to get in the way.

For example, I use a little tool called “onmsblink” that takes a ThingM blink1 USB dongle and changes its color based on the highest current alarm in my OpenNMS system. I launch it from the command line, but because it is Java it shows up in the dock and I can’t make it go away. Also, I’m used to clicking on an icon, say the Finder, and having a new window pop up. In OSX, it brings all open windows to the front, even if it is in another workspace. Is this “wrong” behavior? I don’t think so, but it is different for me and it interrupts my workflow.

Speaking of different, I’m also stuck with using a number of apps where I used to use one. I use the tool gscan2pdf constantly to scan in paper so I can shred and dispose of it. I have two scanners, a Brother ADS-3000N with the document feeder (works amazingly well under Linux) and a Canon LiDE 210 flatbed scanner. On OSX I ended up loading in two separate vendor-supplied applications to use them, and both of them feel really cluttered.

Plus, you would think an ecosystem like iOS would have a real mail client. One of the best mobile apps ever is K9 Mail, and I really miss it. I finally settled on Altamail, which has a yearly subscription but it was the only app that would easily handle nested folders. For example, I have a Customer folder with over 3000 subfolders. I can’t be scrolling through that on a mobile device. I don’t like it all that much, but it is the only option I could find.

Then there’s iTunes. Man, I used to think iTunes was a pig and now it is much, much worse. It took me longer than I would expect to get back to the interface I wanted (specifically, Songs with Browser View enabled). And, since I was playing around with a number of iTunes libraries, I ended up having to wipe the music off of my iPhone a couple of times since Apple won’t let you sync one devices to more than one library.

There are some good things about iTunes, I specifically like the way you can sync playlists, but I’ve been happier with my free music managers.

One app I really do like on OSX is iMessage. I am not a good typist on mobile devices, and being able to send and respond to a text from the desktop is awesome. And nobody comes close to making a trackpad that works as well as those on Apple laptops.

And thus I became an Apple laptop guy. Before I used two desktops, pretty much identical, with one at home and one at the office, with my laptop reserved for trips. Now I had to make sure I brought my laptop between both places (no laptop “drive of shame” so far). It was nice to have all of my information in one place, but the downside is that I did have all of my information in one place and it made the possible loss of my laptop that much worse.

I had resigned myself to being an Apple guy from here on out, but then I went on a business trip to Seattle where I used the laptop for several days and it was then I decided that I just couldn’t continue to use it.

The main issue that soured me was the keyboard. This was a 2017 model with one of those fancy “touch bar” thingies. Now everyone thinks that Apple is a great innovator, and in many cases they are, but the touch bar is something other companies have tried and discarded. I returned a Lenovo X1 Carbon laptop back in early 2014 that had one and they removed the feature from future editions. I use that top row of keys. I like having an escape key I can feel, and having real function keys is useful for things like games. Plus it is a lot easier to change the volume with an “up” or “down” key versus having to click on the volume icon and then use a slider.

But that wasn’t a deal breaker. When the “2” key started sticking, sometimes printing a character, sometimes printing many characters with one key press, and finally often not printing anything at all, I got discourage, nay depressed.

The issues with this generation of Apple keyboards are well known, but as I rarely use the keyboard on the laptop itself (I’m almost always connected to an external monitor and keyboard) I couldn’t believe it would get dirty enough to exhibit the issue that fast. Plus, the keyboard even when working just isn’t that good. I really miss the keyboard I had on my Powerbook.

This weekend when I got back home I decided to go back to Linux. I dragged my desktop out of the closet, booted it up, and decided to bring it up to date. During my hiatus a new version of Mint had been released, Mint 19, so I upgraded.

Man, that is one beautiful desktop. Seriously, I can’t remember using a nicer looking desktop environment on any platform. The tweaks the Mint team has made to Cinnamon have moved it from great to outstanding.

Please note that this is from my perspective. If you aren’t using Mint that doesn’t mean you suck or that your choices are wrong. The one thing I love most about the Linux desktop is that there exists a flavor for almost every taste and need.

It was as easy to move back to Mint from OSX as it was to move from it in the first place, so it has only cost me a few hours of time mainly waiting for the upgrade to download on my slow connection at home. I also installed a fresh copy on my fifth generation Dell XPS 13 and was pleasantly surprised at how much better the new trackpad driver, libinput works. That was the main complaint I had about my Linux laptop, and I’m eager to try it out when I am next on the road.

Moving back to Linux made me question my mobile O/S choice one more time. Searching around it looks like it is currently possible to run Pokémon Go on a custom ROM as long as it is not rooted, so I downloaded TWRP and LineageOS for my Pixel XL, as well as the “pico” version of Open GApps. I was thinking I could get back to, basically, my Copperhead environment with a minimal amount of Google and be happy.

Lineage Install Error

Bam, right out the door my phone started screaming about the phone driver not working. The memory of issues I experienced running alternative ROMs came flooding back, and I simply restored the Pixel to factory and decided to stay with my iPhone.

I feel much happier that I’ve gone back to Linux, at least part of the way. It should make it easier to go free on mobile as soon as the technology catches up. I’m very eagerly following the work of the /e/ foundation but as of yet they haven’t released any code. Plus it looks like they are going for an all-out Google replacement. I’m pretty happy running my own mail server and Nextcloud instances, so I’m more interested in a secure mobile device that can run apps from F-Droid versus a whole ecosystem replacement. Purism is also coming out with a phone. I really like the philosophy behind that company, but I’ve been stung by enough Kickstarters that I’m taking a wait and see attitude.

The problem with free and open source mobile will be the apps. As I mentioned, I was able to do 90% of what I needed using F-Droid, which bodes well for the /e/ solution but not so much for the Purism one, and both will faces challenges with adoption.

Until then, feel free to Facetime me and check out my growing collection of chins.

Mark Turner : Brain scans in the name of science

August 29, 2018 11:25 AM

Yes, I do have a brain.


I took the day off yesterday to travel to Boston University to participate in a Gulf War Illness research study. The study is looking to identify biomarkers that might indicate Gulf War Illness. It cost me a day off of work and paying for my travel expenses but I was able to add my information to the pool of data so that it might help other Gulf War veterans.

Part of yesterday’s tests included a structural MRI, after which I was sent home with a copy of my imaging data. Being a data nerd, this thrilled me and I couldn’t wait to check out what was on my CD. While the typical image tools available for Linux like GIMP were able to view the images, it wasn’t until I installed the MRIcron application that I was able to view my imagery in three dimensions. MRIcon converts the DICOM files that the MRI generated into an open format that can then be manipulated by MRIcron.

Pretty cool, although a bit disconcerting to realize I’m looking at tiny slices of my own head. There’s a strong part of me that keeps thinking “man, you’re not dead yet! You should not be seeing your brain!” Coupled with my image data, MRIcon is a really captivating tool for exploring the structure my brain (and my head as well).

Looking closely at the third image you can clearly see that my eyeballs are shaped completely differently. This probably accounts for my unusual combination of nearsightedness and farsightedness. Good times.

Mark Turner : Jailbirds: Scooters and Sidewalks

August 21, 2018 08:11 PM

Bird Scooter


As most residents are now aware, a few weeks ago the city of Raleigh become one of the few lucky (?) municipalities to get rentable electric scooters. These scooters (mostly of the Bird brand at this point) have been zipping merry residents from one end of town to the other for a small fee. While many are pleased that this new mobility choice has possibly decreased the number of car trips, others have pointed to the dockless nature of the scooters and how this inevitably leads to the scooters blocking sidewalks.

The City Council has not yet weighed in on the legality of scooters making their home on the sidewalks without having first been given official permission. Thus, they are operating in kind of a gray area. I decided to look into the Raleigh Municipal Code to see what laws we have on the books regarding sidewalks and motor vehicles.

It didn’t take long to find the relevant section in the Raleigh Municipal Code (and conveniently linked to from the links page of my EastRaleigh.Org website – I am awesome). Emphasis is mine:

Sec. 11-2171. – PARKING PROHIBITED IN CERTAIN PLACES.

(a) Obstructing traffic.

It shall be unlawful for any person to stop, stand or park any motor vehicle upon a street , or alley, in such manner or under such conditions as to obstruct the free movement of vehicular traffic, except that a driver may stop temporarily during the actual unloading of passengers or when necessary to obey traffic regulations or signs or signals, or signals of a police officer .

(b) Designated places.

No person shall stop, stand or park a motor vehicle (attended or unattended) except when necessary to avoid conflict with other traffic or in compliance with the directions of a police officer or traffic-control device in any of the following places:

(1) On a sidewalk, in the area between the roadway and the sidewalk, in the area between the right-of-way line and the roadway or in the median area of a divided roadway

So, city ordinances prohibit parking motor vehicles on the sidewalk. That seems pretty clear. But what is a motor vehicle? Part 11, Chapter 2, Sec 11-2001 provides transportation definitions:

Sec. 11-2001. – DEFINITIONS.

Whenever in this chapter the words hereinafter defined in this section are used they shall , unless the context requires otherwise, be deemed to have the following meanings:



Motor vehicle.
A motor vehicle is a vehicle which is self-propelled and designed to run upon the highways, and every vehicle which is pulled by a self propelled vehicle.

An electric scooter certainly is self-propelled but is it “designed to run upon the highways?” Let’s go back to the definition list to see what the city considers a highway:

Street or highway. A street or highway is the entire width between property or right-of-way lines of every way or place of whatever nature, when any part thereof is open to the use of the public as a matter of right for the purpose of vehicular traffic.

Boom, there you go. Electric scooters are designed to be used on either the street or the sidewalk, both of which are located between property or right of way lines. Therefore, it would seem electric scooters meet the motor vehicle definition of the city ordinances and therefore cannot be legally parked on the sidewalk.

So, does this mean that Raleigh Police will soon be arresting scooter scofflaws? Not likely! Scooters provide an interesting new mobility choice which could serve the city in the long run. A better response for the city would be to provide some sort of legal framework for electric scooter use on public sidewalks. Ideally, this would treat commercial scooters and personally-owned scooters equally. Even better, the city would provide designated spaces for scooter parking, either at existing bike racks or in new “parklets” carved out of auto parking spaces, so that parking on the sidewalk is not needed.

Interestingly, if the city chose the stick approach over the carrot approach, it could impound scooters left on the sidewalk, thanks to Sec. 12-7002:

Sec. 12-7002. – DEFINITIONS.

For purposes of this chapter, certain words and terms are defined as follows:

(a) Abandoned vehicle.

An abandoned motor vehicle is one that is:

(1) Left upon a public street or highway in violation of a law or ordinance prohibiting parking; or

(2) Left on a public street or highway for longer than seven (7) days; or

(3) Left on property owned or operated by the City for longer than twenty-four (24) hours; or

(4) Left on private property without the consent of the owner, occupant or lessee thereof, for longer than two (2) hours.

… because if a scooter isn’t allowed to park on a sidewalk it would thus be in violation of the ordinance prohibiting parking.

This is not a parking space.


While electric scooters left on sidewalks are annoying and could become a trip hazard for pedestrians, what I find more annoying is the automotive vehicles that routinely park on the sidewalk as if blocking the sidewalk is somehow less of a problem than blocking the street. Many, many construction trucks do this (and, for that matter, news media vehicles). A scooter may block a small portion of the sidewalk but these trucks routinely block all of the sidewalk. Before the city wastes too much time chasing Birds, I’d like to see it do a better job of keeping the larger vehicles off the sidewalks.

Update: The Raleigh City Council discussed electric scooters at today’s council meeting and are considering regulations that may permit them. I think this is the best way forward. I’ll provide more details on the session this evening.

Mark Turner : Down the memory lane rabbit hole with BBSes

August 20, 2018 12:55 PM

I’ve been reading through Adam Fisher’s Valley of Genius book and got to the chapter about The Well, one of San Francisco’s first online communities. It reminded me that I, too, was online as early as 1982, dialing up BBSes from my family’s 300-baud modem. I think the first BBS I called was run by a guy at the University of South Carolina.

Of course, a few years later in 1986 I had set up my own BBS in Great Falls, VA called the Basement BBS. At its peak it had 350 members, two high-speed (19.2 Kbps!) modems, and an early consumer hard-drive (10 whole megabytes!). Good times.

Valley also reminded me of my occasional hobby project of figuring out how to get the Basement back online here in the age of the Internet. This has proven to be more challenging than I expected, because:

1. DOS is a strange world, indeed, with lots of obscure drivers, configuration files, and confusing syntax.
2. I have forgotten 90% of the DOS secrets I once knew.
3. Modern virtualization systems were not designed with DOS virtual hosts in mind.
4. Virtualized DOS systems run far faster and with far more memory than their 80s era computers ever had, which causes problems.

Building a virtualized DOS environment is akin to assembling a ship in a bottle. You’re building a replica of an ancient artifact using very limited tools. All this, and I haven’t even gotten to the magic of modem emulation that will connect my BBS to the larger Internet.

This is the perfect geek project, though: a completely useless exercise in technology exploration. I hope, though, that at the end of it I have something to show for my trouble. But if I don’t that’s okay because I will have learned something anyway.

Mark Turner : If I’m quiet, I must be busy!

August 15, 2018 01:37 AM

As usual, I’ve had a ton of irons in the fire, squeezing as much out of the waning summertime days as I can. That hasn’t left much time nor inspiration for blogging but I’m hoping to get back on track with this.

Major stuff I’ve been doing around in my free time includes replacing the falling-apart wooden steps on my back deck with composite decking. This project took two sweltering Saturdays to complete but I’m very pleased with how the steps came out. Next up is the deck surface itself which, frankly, will be easier than the steps since there’s far less cutting needed. After that I’ll have to dream up a good plan for replacing the wooden railing but I’ve got a little time to figure that out.

I hope the whole project will be done by fall. Then I’ll combine the scrap wood from my deck with the scrap fencing from my fence job and haul it all away for a clean yard again. Yay!

One step at a time

Kelly and I have also been working on plans to finish our attic space. This has turned out to be some work, simply deciding what we want, how much we are willing to spend on it, and who we want to do the work. We hope we’re close to kicking this off but there are several more decisions to make.

Earlier this summer I took home my in-laws’ video camera to digitize their videos (which are mostly of our kids). After working through their tapes, I dusted off my own – several of which are in the old Hi8 analog format. Sadly, there is only one way to digitize tapes and that’s in real-time. Thus, I’ve been going by my laptop and changing tapes whenever I can. I’ve filled up one 2 TB drive with my video and I have dozens more tapes to go. It’s been a blast seeing all these old happy scenes, though, and it inspired me to go and purchase a digital camcorder. Yeah, I know you’re wondering who actually would buy a digital camcorder these days but I’m a stickler for good lenses and smartphones just ain’t there yet.

Back in February I decided I needed to put Debian Linux on my Seagate Business NAS. That was a several-hour effort but well worth it to give new life to this great piece of hardware. I learned about embedded systems and how to tap into the UART of hardware to get it to do my bidding. All very useful stuff.

I’ve also tried to catch up on reading, some of the in-depth analysis of current affairs (such as they are) and some non-fiction. After reading the biography of Ulysses S. Grant earlier this year I’ve been a popular user of Wake County Library’s Interlibrary Loan, so much so that I’m practically on a first-name basis with them.

My interests have been the goings on of the espionage world, with Russian election hacking and the like. I read a great account of the post-Cold-War race to secure the Soviet Union’s weapons of mass destruction after that country collapsed. Called “The Dead Hand,” and written by David E. Hoffman, it uncovers the extraordinary lengths American intelligence (sometimes in cooperation with Russian intelligence) went to to keep all kinds of nasty weapons out of the hands of terrorists. Particularly eye-opening was the Soviet’s massive chemical weapons effort, churning out illegal pathogens for an attack that never came. Some of these deadly substances have recently resurfaced in the suspicious attacks on ex-Soviet agents that have recently occurred in Great Britain.

I checked out an e-book version of a Vladimir Putin biography and have been working through that when I saw mention of another book about the history of Soviet spying. Called “The Haunted Wood” by Allen Weinstein and Alexander Vassiliev, it is an in-depth look at how the KGB and GRU has done business throughout their existence. Weinstein and Vassiliev gained access to the files of these organizations during that brief time in the early 1990s when it actually looked like the U.S. and Russia might learn to get along. It’s fascinating stuff.

Both the Putin biography and the Russian spying books have taken a back seat to a book hot off the presses – “Valley of Genius” by Adam Fisher. VoG is a detailed history of Silicon Valley straight from the techies who built it. It’s got lots of juicy gossip in it but more than that, it helps fill in a picture I’ve had of the Valley but never fully appreciated. If you have a career in tech, you owe it to yourself to read Fisher’s book and familiarize yourself with the amazing people who built our modern world.

Lastly, I’ve been working to tune my home network to its fastest possible speed. I continue to adore my Ubiquiti EdgeRouter Lite 3 (ERL-3), and have recently solved a configuration problem that vexed me for over a year.

Life is moving quickly but it’s all good. Well, most of it is good, but I’m making the most of whatever has come my way. That’s all anyone can hope for, isn’t it?

Tarus Balog : Dealing with Docker Interfaces

August 01, 2018 08:39 PM

We run a lot of instances of OpenNMS (‘natch) and lately we’ve seen issues with disk space being used up faster than expected.

We tracked the issue down to Docker. If Docker is running on a machine, SNMP will discover a Docker interface, usually labelled “docker0”. When that instance is stopped and restarted, or another Docker instance is created, another interface will be created. This will create a lot of RRD files of limited usefulness, so here is how to address it.

First, we want to tell OpenNMS not to discover those interfaces in the first place. This is done using a “policy” in the foreign source definition for the devices in question. Here is what it looks like in the webUI:

Skip Docker Interfaces Policy

The “SNMP Interface Policy” will match on various fields in the snmpinterface table in the database, which includes ifDescr. The regular expression will match any ifDescr that starts with the string “docker” and it will not persist (add) it to the database. This policy has only one parameter, so either “Match All Parameters” or “Match Any Parameter” will work.

If you want to use the command line, or have a lot of custom foreign source definitions, you can paste this into the proper file:

   <policies>
      <policy name="Ignore Docker interfaces" class="org.opennms.netmgt.provision.persist.policies.MatchingSnmpInterfacePolicy">
         <parameter key="action" value="DO_NOT_PERSIST"/>
         <parameter key="ifDescr" value="~^docker.*$"/>
         <parameter key="matchBehavior" value="ALL_PARAMETERS"/>
      </policy>
   </policies>

This will not deal with any existing interfaces, however. For that there are two steps: delete the interfaces from the database and delete them from the file system.

For the database, with OpenNMS stopped access PostgreSQL (usually with psql -U opennms opennms) and run:

delete from ipinterface where snmpinterfaceid in (select id from snmpinterface where snmpifdescr like 'docker%');

and restart OpenNMS.

For the filesystem, navigate to where your RRDs are stored (usually /opt/opennms/share/rrd/snmp) and run:

find . -type d -name "docker*" -exec rm -r {} \;

That should get rid of existing Docker interfaces, free up disk space and prevent new Docker interfaces from being discovered.

Ben Reed : Using AT&T GigaPower PACE 5268AC With Your Own Gateway

July 27, 2018 04:05 PM

Here is my experience setting up our UniFi Security Gateway to work in bridge mode with the PACE 5268AC for use with AT&T’s GigaPower fiber service.

What, No Bridge Mode?

The first thing to know is that there is no such thing as bridge mode with these routers. The problem with a true bridge is that even if you put a gateway behind the PACE, you still need the ability to plug DVRs (or the wireless bridges used by wireless DVRs) into the modem and communicate with AT&T’s network to retrieve video, guide data, etc. They can’t just pass all traffic through to another device.

In a traditional setup where you just use AT&T’s router as the gateway for everything, it creates a simple NAT network (on 192.168.1.x) that your wired devices and DVRs share. But if you want to manage your own network behind the router — or in my case, disable the crappy PACE WiFi and use my own access points — their solution is to provide a pseudo-bridge mode called “DMZplus” which gives you something reasonably close, while still allowing the other ports on your router to continue to NAT out to the internet like normal. It works by leaving all of the existing stuff in place (the 192.168.1.x network, the NAT, etc.), but instead of firewalling unknown incoming connections, it passes any traffic that is not already associated with an existing session straight to the DMZplus host. This includes letting DHCP through, giving the public IP directly to the DMZplus host rather than forcing you to double-NAT.

Setting It Up

1. Change the PACE Network Range

To avoid conflicts or weird things leaking through, I went ahead and changed the network on the PACE router, since both it and the USG use the 192.168.1.x network by default. Your mileage may vary, but if nothing else it makes it easier to diagnose issues when the networks aren’t similarly numbered.

Navigate to Settings -> LAN -> DHCP on the PACE router and change the radio button from “192.168.1.0 / 255.255.255.0” to “172.16.0.0 / 255.255.0.0“.

If the PACE router doesn’t restart itself after changing this setting, you may want to restart the PACE router just to make sure it will hand out the new range when you hook things up.

2. Connect Your Gateway

Next, connect the WAN port on your gateway to an open port the PACE router. This will cause it to get an IP address over DHCP and show up on the PACE side.

Once you do so, it should be visible in Settings -> LAN -> Status in the “Devices” section:

Settings -> LAN -> Status

(The name will probably match whatever your router advertises itself as in its DHCP request.)

3. Make Your Gateway The DMZplus Host

Now, navigate to Settings -> Firewall -> Applications, Pinholes and DMZ. Look for your gateway in the “Select a computer” section and click on it. Once you do, it should say “You have chosen <gateway name>

Select a computer

Now that your gateway is selected, scroll down to the “Edit firewall settings for this computer” section and click the “Allow all applications (DMZplus mode)” radio button. Then click the “Save” button at the bottom.

4. A Warning About Advanced Configuration

Originally I had unchecked everything under Settings -> Firewall -> Advanced Configuration assuming I would leave it up to the PACE router to handle security.

Because of this, I spent a number of days attempting to diagnose a weird bug where certain hosts would have massive amounts of packet loss and the internet was nearly unusable. It turns out that if you uncheck “Miscellaneous” under “Attack Detection“, then any device that attempts to map a port using UPnP would cause the PACE router to create a faulty mapping that would pass un-NATted traffic directly through. This will cause havoc with some IoT devices, consoles, etc. that still use UPnP for port mapping.

In hindsight, it’s probably good to leave most of this stuff on anyways as an extra layer of protection, if you have any other devices like DVRs or wireless DVR bridges plugged directly into the router.

5. Configure Your Gateway

I’ve been going through my settings on my USG to see if there’s anything in particular I have to configure to make it work well with the PACE router, but I’m not finding anything beyond my own personal preferences as far as firewall, network, etc.

At one point I know I had configured it to always allow DHCP ports 67 and 68 through because I was seeing an issue with holding onto the DHCP lease, but it appears that’s not actually enabled and I’m not seeing any ill effects. ¯\_(ツ)_/¯

That’s It!

There really isn’t too much to it, just a few pitfalls. Seriously, though, don’t un-click “Miscellaneous.” Don’t do it!

Share on Facebook

Mark Turner : Sponsored content takes over local media website

July 27, 2018 01:43 AM

Full of fake news! Click to see the reassembled full page, scaled down for your bandwidth’s pleasure.

Got an email yesterday from Google, saying it was time to renew my Google Adsense account. I took Google ads off my page so long ago that I forgot all about them. Fortunately, my blog is a labor of love and expenses run around $20/month. It’s not exactly a high-volume website like the websites of the local media.

I looked up a story today on the website of WRAL, a local television station. It was a story on a robbery and was a bit short on facts. Looking for more information, I began scrolling the page.

And scrolling … and scrolling … and scrolling.

The page went on and on, but it wasn’t more news stories; it was that dreaded garbage known as “sponsored content.” These are paid advertisements that masquerade as news stories, often using lurid, click-baiting headlines. Intermixed with these tabloid-esque stories were occasional links to WRAL’s content.

I got so outraged at the dreck WRAL was serving up to me that I spent over an hour just capturing screenshots of the page and reassembling these shots into the original page. I had to do this because the page was far too lengthy to fit onto one browser screen, crazy as it might sound. So that’s what you see above.

80% of this page is sponsored content!

Once I had reassembled the page I decided to calculate the percentage of real news on the page compared to sponsored content.

Result? Pixel for pixel, there is five times as much sponsored content on the page as legitimate news! It’s overwhelmingly paid advertising!

Now, I don’t have anything against advertising in general. Everybody’s got to pay the bills, after all. Heck, my blog once had ads on it for a while. What I do have a problem with is that these ads are virtually indistinguishable from the real content on the site, something that tiptoes right up to a line the Federal Trade Commission has drawn to protect the public, if not crosses it.

Is this what media sites have to do nowadays to make a living? Has it really come down to racy headlines, tarted up to fool readers into thinking it’s news? At least with television advertising it’s pretty easy to distinguish the station programming from its advertising. On websites it’s pretty much impossible.

I don’t mean to single out WRAL for this. At least they label this content as sponsored. The local newspaper, the News and Observer, uses “suggested for you” content that might technically not be sponsored content but is just as lurid and click-baiting.

I’d like to see a little more balance with content versus ads. Five times as much advertising might work for a newspaper but it is outrageous on a webpage. And should a media site feel the need to load up a page with advertising, at least make it ads from local businesses with legitimate products or services. No more fake news, please!

Tarus Balog : Open Source is Still Dead

July 25, 2018 06:09 PM

Last week I attended the 20th O’Reilly Open Source Conference (OSCON), held this year in Portland, Oregon.

OSCON 20th Anniversary Sign

This is the premiere open source conference in the US, if not the world, and it is rather well run. It is equal to if not better than a lot of proprietary technology conferences I’ve attended, perhaps because it is pretty much a proprietary software conference in itself. I found it a little ironic that the Wednesday morning keynotes started off with a short, grainy video clip where an open source geek shouts out “We’re starting a revolution!”.

I tried to find the source of that quote, and I thought it came from the documentary “Revolution OS“. That movie chronicles the early days of open source software in which the stated goal was to take back software from large companies like Microsoft. There is a famous quote by Eric S. Raymond where he replies to a person from Microsoft with the words “I’m your worst nightmare.” Microsoft is now a major sponsor of OSCON.

When I attended OSCON in 2014 I asked the question “Is Open Source Dead?” Obviously the open source development model has never been more alive, but I was thinking back to my early involvement with open source where the idea was to move control of software out of the hands of big companies like IBM and Microsoft and into the hands of the users. Back then the terms “open source” and “free software” were synonymous. It was obvious that open source operating systems, mainly Linux, would rule the world of servers, so the focus was on the desktop. No one in open source predicted the impact of mobile, and by extension, the “cloud”. Open source today is no more than a development model used mostly to help create proprietary software, usually provided as a subscription or a service over the network. I mean, it makes sense. Companies like Google, Facebook and Amazon wouldn’t exist today if it wasn’t for Linux. If they had to pay a license to Microsoft or Sun (now Oracle) for every server they deployed their business models simply wouldn’t work, and the use of open source for building the infrastructure for applications simply makes sense.

Please note that I am not trying to make any sort of value judgement. I am still a big proponent of free software, and there are companies like Red Hat, OpenNMS and Nextcloud that try to honor the original intention of open source. All of us, open and proprietary, benefit from the large amount of quality open source software being created these days. But I do mourn the end of open source as I knew it. It used to be that open source software was published with “restrictive” licenses like the GPL, whereas now the trend is to move to “permissive” licenses like the MIT or Apache licenses. This allows for the commercialization of open source software, which in turn creates an incentive for large software companies to get involved.

This trend was seen throughout OSCON. The “diamond” sponsors were companies like IBM, Microsoft, Amazon and Google. The main buzzword was “Kubernetes” (or “K8s” if you’re one of the cool kids) which is an open source orchestration layer for managing containers. Almost all of the expo companies were cloud companies that either used open source software to provide a platform for their applications or to create open source agents that would feed back to their proprietary cloud back-end.

I attended my first OSCON in 2009 as a speaker, and I was a speaker for several years after that. My talks were always well-attended, but then for several years none of my paper submissions were accepted. I thought I had pissed off one or more of the organizers (it happens) but perhaps my thoughts on open source software had just become outdated.

I still like going to the conference, even though I no longer attempt to submit a talk. When I used to speak I found I spent most of my time on the Expo floor so now I just try to schedule other business during the week of OSCON and I get a free “Expo only” pass. You also get access to the keynotes, so I was sure to be in attendance as the conference officially started.

OSCON Badge

My favorite keynote was the first one, by Suz Hinton from Microsoft. She is known for doing live coding on the streaming platform Twitch, and she did a live demonstration for her keynote. She used an Arduino to control a light sensor and a servo. When she covered the sensor, the servo would move and “wave” at the OSCON audience. It was a little hard to fight the cognitive dissonance of a Microsoft employee using a Mac to program an open hardware device, but it was definitely entertaining.

OSCON Suz Hinton

My second favorite talk was by Camille Eddy. As interactions between computers and humans become more automated, a number of biases are starting to appear. Google image search had a problem where it would label pictures of black people as “gorillas”. An African-American researcher at MIT named Joy Buolamwini found that a robot recognized her better if she wore a white mask. Microsoft had an infamous experiment where it created a Twitter bot named “Tay” that within 24 hours was making racist posts. While not directly related to open source, a focus on an issue that affects the user community is very much in the vein of classic open source philosophy.

OSCON Camille Eddy

The other keynotes were from Huawei, IBM and Amazon (when you are a diamond sponsor you get a keynote) and they focused more on how those large software companies were using the open source development model to, well, offset the cost of development.

OSCON Tim O'Reilly

The Wednesday keynotes closed with Tim O’Reilly who talked about “Open Source and Open Standards in the Age of Cloud AI”. It kind of cemented the theme for me that open source had changed, and the idea is now much more about tools development and open APIs than in creating user-owned software.

OSCON Expo Floor

The rest of my time was spent wandering the Expo floor. OSCON offers space to traditional open source projects which I usually refer to as the “Geek Ghetto”. This year it was split to be on either side of the main area, and I got to spend some time chatting with people from the Software Freedom Conservancy and the Document Foundation, among others.

OSCON Geek Ghetto

I enjoyed the conference, even if it was a little bittersweet. Portland is a cool town and the people around OSCON are cool as well. If I can combine the trip with other business, expect to find me there next year, wandering the Expo floor.

Mark Turner : Alleged Russian agent Maria Butina ordered to remain in custody after prosecutors argue she has ties to Russian intelligence – The Washington Post

July 19, 2018 06:31 PM

The Russian woman arrested this week on charges of being a foreign agent has ties to Russian intelligence operatives and was in contact with them while in the United States, federal prosecutors said Wednesday.

Maria Butina, 29, also cultivated a “personal relationship” with an American Republican consultant as part of her cover and offered sex to at least one other person “in exchange for a position within a special interest organization,” according to a court filing.

After a hearing on Wednesday afternoon, U.S. Magistrate Judge Deborah A. Robinson denied Butina’s request to be released on bail, finding that no combination of conditions would ensure her return to court.

Prosecutors with the U.S. attorney’s office in Washington had argued strongly against her release, noting “her history of deceptive conduct.” They said Butina could slip into a Russian Embassy or a Russian diplomatic vehicle and get out of the country, and had connections with wealthy business executives linked to the Putin administration.

Source: Alleged Russian agent Maria Butina ordered to remain in custody after prosecutors argue she has ties to Russian intelligence – The Washington Post

Mark Turner : American government will keep on fighting to state the truth on Russia | TheHill

July 19, 2018 06:30 PM

In the middle of Tuesday’s presidential walkback about Russian election interference, I couldn’t (or maybe I could, I’m not sure) help but think of a scene from the 1997 comedy “Excess Baggage.” In the scene, would-be car thief but inadvertently-turned-kidnapper Benicio del Toro asks his unexpected victim Alicia Silverstone, who had been hiding in the trunk of her dad’s expensive car, “How stupid do you think I am?” To which Silverstone replies, “How stupid is there?” To my mind, that just about sums it up when it comes to the president’s view of the American people.

To review the events this week, for the benefit of anyone who until recently has been hiding in the trunk of their own car, President Trump was attempting by the addition of a contraction to rectify what CNN’s Anderson Cooper rightly described as “one the most disgraceful performances” ever given by an American president at a summit.

Source: American government will keep on fighting to state the truth on Russia | TheHill

Mark Turner : Trump’s behaving like a ‘Russian asset’, intel and natsec experts warn – Business Insider

July 19, 2018 05:49 PM

In Helsinki on Monday, US President Donald Trump touted the “direct, open, deeply productive dialogue” he had with Russian President Vladimir Putin.

And experts warn Putin played Trump like a fiddle.

That was the broad consensus of national-security and intelligence veterans following a bizarre press conference during which Trump stood next to Putin and spent more time denigrating his political opponents and intelligence agencies than he did a hostile foreign power.

Asked by Reuters’ Jeff Mason on Monday whether he held Russia accountable for anything, Trump stunned observers when he said he held “both countries responsible” for the deterioration in US-Russia relations.Trump failed to mention Russia’s aggression toward Ukraine, its annexation of Crimea, its involvement in Syria, and its aggressive cyber operations around the globe, as well as allegations that it has poisoned former Russian spies abroad, that it played a role in the downing of a Malaysian airliner in 2014, and, above all, that it interfered in the 2016 US election.

Source: Trump’s behaving like a ‘Russian asset’, intel and natsec experts warn – Business Insider

Mark Turner : Putin’s Attack on the U.S. Is Our Pearl Harbor – POLITICO Magazine

July 19, 2018 05:19 PM

In 2016, our country was targeted by an attack that had different operational objectives and a different overarching strategy, but its aim was every bit as much to devastate the American homeland as Pearl Harbor or 9/11. The destruction may not send pillars of smoke into the sky or come with an 11-digit price tag, and there’s no body count or casualty statistics—but the damage done has ravaged our institutions and shaken our belief in our immovability. But two years on, we still haven’t put any boats or men in the proverbial water. We still have not yet acted—just today, President Donald Trump, a beneficiary of this attack, exonerated the man who ordered it: Russian strongman Vladimir Putin.

Source: Putin’s Attack on the U.S. Is Our Pearl Harbor – POLITICO Magazine

Mark Turner : Jimmy Carter for Higher Office | GQ

July 10, 2018 09:04 PM

A great look at a President who was infinitely more moral than the current jackass who’s in office.

About 40 Sundays a year, Mr. Jimmy materializes from thin air, flickering before us at Maranatha to lead Bible study, to say, No, the world’s not going to end. Not just yet. Though he’s elfin with age, you’d still instantly recognize him as our 39th president: with those same hooded ice-blue eyes, the same rectangular head, the same famous 1,000-watt smile. But when he teaches like this, he transforms from whatever your vision of Jimmy Carter is into someone different, some kind of 93-year-old Yoda-like knower, who in his tenth decade on earth still possesses that rarest of airy commodities: hope.

Source: Jimmy Carter for Higher Office | GQ

Mark Turner : Firefox downloads mysterious dbsync file

July 06, 2018 05:26 PM

Yesterday I pulled up some websites using Firefox on my Android phone and I was surprised to find two notifications on my phone that a file called “dbsync” had been downloaded. I do not download files without having some idea of what they are, so needless to say I was surprised. The files were zero-bytes, however, so I didn’t think they would pose much of a threat.

I later did some Googling which led me to this reddit page discussing the issue. Several others have had this happen to them. Some linked to dubious “virus scanner” software which would remove it, though this cure looks more dangerous than the disease.

I chalked it up to some fluke until I was reading the website of local TV station WRAL.Com from my Ubuntu desktop. After a while I had a Firefox prompt asking me to download dbsync:

dbsync


This time there was more information! Apparently dbsync is being served up from a LinkedIn ad server, https://px.ads.linkedin.com. Also, FF for Ubuntu thought the file was 20 bytes long but when I saved it the file was actually empty. I’m not sure why there is a discrepancy here.

Ah, those pesky ad servers! While most of the time ad servers are benign, these servers are prime targets for hackers bent on distributing malware. I don’t think this server is compromised but leaving rogue files on visitors’ computers isn’t exactly polite behavior, either. In all probability, px.ads.linkedin.com is likely a run-of-the-mill, pixel-serving analytics server, tracking web visits by making the browser make a request to it.

I decided to send some random requests to this server to see how it would respond. First I tried requesting dbsync to see what would happen:

markt@server:/tmp$ curl -v https://px.ads.linkedin.com/dbsync
* Trying 108.174.10.14...
* Connected to px.ads.linkedin.com (108.174.10.14) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 604 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: px.ads.linkedin.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=California,L=Mountain View,O=LinkedIn Corporation,CN=px.ads.linkedin.com
* start date: Tue, 06 Jun 2017 00:00:00 GMT
* expire date: Tue, 11 Jun 2019 12:00:00 GMT
* issuer: C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /dbsync HTTP/1.1
> Host: px.ads.linkedin.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK < Server: Play < Set-Cookie: lang=v=2&lang=en-us; Path=/; Domain=ads.linkedin.com < Date: Fri, 06 Jul 2018 17:06:00 GMT < Content-Length: 0 < X-Li-Fabric: prod-lva1 < Connection: keep-alive < X-Li-Pop: prod-edc2 < X-LI-Proto: http/1.1 < X-LI-UUID: QFKXCX7WPhWQpobwjCsAAA== < Set-Cookie: lidc="b=VGST01:g=927:u=1:i=1530896760:t=1530983160:s=AQEAZXxcH9VtiYHPDeB-WxJJ-DxQNbgx"; Expires=Sat, 07 Jul 2018 17:06:00 GMT; domain=.linkedin.com; Path=/ < * Connection #0 to host px.ads.linkedin.com left intact

Then for fun I decided to munge the URL to see what happens:

markt@server:/tmp$ curl -v https://px.ads.linkedin.com/dbsyncdf
* Trying 108.174.10.14...
* Connected to px.ads.linkedin.com (108.174.10.14) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 604 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: px.ads.linkedin.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=California,L=Mountain View,O=LinkedIn Corporation,CN=px.ads.linkedin.com
* start date: Tue, 06 Jun 2017 00:00:00 GMT
* expire date: Tue, 11 Jun 2019 12:00:00 GMT
* issuer: C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /dbsyncdf HTTP/1.1
> Host: px.ads.linkedin.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK < Server: Play < Set-Cookie: lang=v=2&lang=en-us; Path=/; Domain=ads.linkedin.com < Content-Type: image/gif < Date: Fri, 06 Jul 2018 17:07:25 GMT < Content-Length: 43 < X-Li-Fabric: prod-lva1 < Connection: keep-alive < X-Li-Pop: prod-edc2 < X-LI-Proto: http/1.1 < X-LI-UUID: 7Y9/4pHWPhVAvgLqjCsAAA== < Set-Cookie: lidc="b=VGST01:g=927:u=1:i=1530896845:t=1530983245:s=AQEyVaQKzLlPvdBSshsYbMbyGC3qpCry"; Expires=Sat, 07 Jul 2018 17:07:25 GMT; domain=.linkedin.com; Path=/ < * Connection #0 to host px.ads.linkedin.com left intact GIF89a��????!?���,����D�;

So, a cookie gets set but this time a 40-byte GIF file is returned as well. This is what convinced me this is an analytics server.

I can understand if LinkedIn was measuring my use of its own website, but when this file got requested I wasn't on LinkedIn's homepage. Nor, was I logged into LinkedIn at the time. Thus, it's possible that WRAL (which uses Google's AdChoices ad network) uses third-party cookies that prompted my Firefox browser to make a request to the LinkedIn server. As a result, I will activate Firefox's dumping of third-party cookies upon exit feature and get Ghostery and other tools back up and running. Hopefully this will block crazy requests.

Mark Turner : Alcohol Independence Day

July 05, 2018 02:02 PM

I had my first drink in six weeks yesterday, in honor of achieving a goal I had set before Memorial Day to give up drinking until the Fourth of July. My dry spell wasn’t brought on by anything in particular. My VA doctor had before suggested that I cut back on alcohol, though I averaged less than a single drink a day so my drinking wasn’t excessive. Mostly the challenge was just to see how easily I could do it and if it benefited my health in any way.

My results? It was far easier than I anticipated and, well, I do think my health is somewhat improved but the results aren’t all that dramatic (probably because I didn’t drink much to begin with).

During this time, my temptations included a family vacation to Maine, a neighborhood party, a work lunch and work party where my boss picked up the tabs, and the opportunity to drink a cold one with my dad before he had surgery. I easily maintained my will during each one. During the parties I easily engaged in conversation in the way that perhaps being buzzed may have previously facilitated but I didn’t need the alcohol to get me talking. I suppose the sky kid in me has finally learned how to value opening up.

Healthwise, I think I am sleeping a bit better though it’s – again – not by a huge margin. I haven’t lost much weight, if any. I don’t get my vitals checked by my doctors for the forseeable future so I don’t know if any of my numbers have changed.

Going forward, I may choose to continue to abstain. I certainly don’t feel compelled to drink, like when I’m bored or feeling like I need to relax. There are other ways to do that. Mostly, though, I value my ability to think clearly and to perform at a high level. I want to improve on this.

It’s was a simple goal but it has proven effective at reminding myself of my own willpower. Willpower is a useful thing.

Update: This is my second experiment with being on the wagon. Much easier this time, I think.

Mark Turner : Opinion | Local Girl Makes Good – The New York Times

July 01, 2018 06:42 PM

Alexandria Ocasio-Cortez knows the importance of connecting with working voters.

WASHINGTON — At dawn on the day after the election that rocked her world and her party, working on three hours of sleep, Alexandria Ocasio-Cortez walked out of her Bronx apartment building.

“A sanitation truck pulled up,” said the 28-year-old with the contagious smile and an energy that impressed even the dragon-energy president. “The driver reached out his arm to give me a high-five. What that moment tells me is what we did was right. We are touching the hearts of working people. Democrats should be getting high-fives from sanitation truck drivers — that is what should be happening in America.”

Source: Opinion | Local Girl Makes Good – The New York Times

Mark Turner : This Political Theorist Predicted the Rise of Trumpism. His Name Was Hunter S. Thompson. | The Nation

July 01, 2018 06:35 PM

Great take, apropos to my working class voter observation.

Fifty years after Thompson published his book, a lot of Americans have come to feel like motorcycle guys. At a time when so many of us are trying to understand what happened in the election, there are few better resources than Hell’s Angels. That’s not because Thompson was the only American writer to warn coastal, left-liberal elites about their disconnection from poor and working-class white voters. Plenty of people issued such warnings: journalists like Thomas Edsall, who for decades has been documenting the rise of “red America,” and scholars like Christopher Lasch, who saw as early as the 1980s that the elite embrace of technological advancement and individual liberation looked like a “revolt” to the mass of Americans, most of whom have been on the losing end of enough “innovations” to be skeptical about the dogmas of progress.

But though Thompson’s depiction of an alienated, white, masculine working-class culture—one that is fundamentally misunderstood by intellectuals—is not the only one out there, it was the first. And in some ways, it is still the best psychological study of those Americans often dismissed as “white trash” or “deplorables.”

Source: This Political Theorist Predicted the Rise of Trumpism. His Name Was Hunter S. Thompson. | The Nation

Mark Turner : The peddlers of fear and outrage

June 28, 2018 04:16 PM

Trash your TV

Two things took place during my hospital visits with my Dad this week. One was becoming captivated with an unlikely Trump voter. The other was gaining some insight into how he got that way.

I visited my Dad when the nightly news was on. Our local ABC affiliate, WTVD, was ticking through its top stories from around the country. Dad soon changed the channel and offhandedly stated his reasoning.

It was all about crime. Robberies, murders, carjackings, shootings. For some reason, our local affiliate thought it important to alarm us with news of misfortunes that took place hundreds, or in some cases, thousands of miles away, far from any possibility of them affecting us.

Why was the news doing this? Was it just laziness, being that chasing a cop or an ambulance is an easy way to a story? If there was airtime to fill, why weren’t there more local stories to fill it? Why fill viewers’ heads with stories that have no practical value?

Unless the point is to … stoke fear?

I’d been thinking lately that many Trump voters seem to be under some sort of spell. That’s one way I can account for the cognitive dissonance. Why do these folks seem so fearful all the time, thinking the boogeyman is at their door?

The answer was staring me in the face. It’s the television coverage.

If you’re a rural citizen and the only exposure you have to the outside world is through what media like WTVD or Fox News show you, it looks like a pretty fucking scary world out there. That world is going to hell in a handbasket, it seems.

But that’s a lie, all of it. Statistics prove that crime rates are at falling across America. As James Alan Fox, the interim director of the School of Criminology and Criminal Justice at Northeastern University, says:

“There are some spikes in homicide and shootings in certain cities, yet other cities continue to experience low rates. As a nation, we are far better off than anytime for the past several decades. Crime rates are low, and there is no consistent and reliable indication that things are getting worse.”

However, if all you hear is a steady stream of violent crime news, you might think otherwise. Or you might stop thinking altogether, and give in to panic and fear.

Panic and fear are the friends of authoritative regimes. When you’re fearful, you are looking for someone who will protect you, regardless of whether or not you are really threatened.

I pulled the plug on my cable subscription years ago. I don’t watch TV news. Therefore, my world is anything but one big crime scene. It’s up to people like me to gently wake my panic-stricken neighbors and break the spell that non-stop crime news has cast upon them.

Turn off your television. Go outside and meet the people around you. It’s almost guaranteed that you’ll wind up not as a crime victim but someone who made some new friends.

Wikimedia Commons photo by Tony Webster

Mark Turner : Bernie bashers, let it go

June 28, 2018 12:24 PM

With yesterday’s announcement of the retirement of Supreme Court justice Anthony Kennedy, some Hillary Clinton supporters are trotting out the tired old blame game, saying this is the fault of voters who thought Hillary wasn’t progressive enough. Bernie Sanders supporters, in other words.

These people blaming Bernie can kindly fuck right off.

Clinton was a hugely flawed candidate. She managed to lose the biggest shoo-in election in history. Aside than that, she’s a big girl who is fully capable of accepting responsibility for her own loss. Indeed, accountability is one of the key parts of the job of being President. To point fingers anywhere else is shirking responsibility. As the great Democrat Harry S. Truman said, as President the buck stops here.

As this week’s encounter with a Trump supporter showed me, the Democratic Party has a lot of work to do to bridge the gap between it and working voters. Trump offers us a silver-platter opportunity but we will absolutely fuck this up if we continue to highlight differences in our own party rather than those in the opposition’s party.

Don’t be a fool like Trump. Let go of the last election. The only one that ever matters is the next one.

Mark Turner : The working-class votes that got away

June 26, 2018 01:22 AM

I was in the hospital today for my dad’s lung surgery where I rode the elevator with a guy wearing a Trump hat. He was elderly and skinny as a rail, probably weighing not much more than a hundred pounds, and wore coveralls that swallowed him up. In his hand was a beat-up canvas bag holding the oxygen tank that fed the tube on his face. The guy looked like he didn’t have two nickels to rub together, like he’d had a hard life working hard somewhere – maybe as a farmer.

After he stepped off the elevator I couldn’t help but wonder what would make a guy like this, seemingly a proud working man, think that he had more in common with a thieving con artist like Trump than with anyone the Democratic Party had offered up.

If ever there was a sign of just how broken the Democratic Party is, this was it.

Mark Turner : Oh noes! The webcams saw my pee-pee!

June 21, 2018 01:55 PM

Another lame scam email

From: “Cailyn_Demott” order@tonyromo.com
Organization: rdoewnwl
To: [redacted] markturner.net
Subject: [redacted] Read_this_carefully
Details: LEU-755-[redated]
Email: [redacted] markturner.net
Camera ready,Notification: 21.06.2018 01:00:33
Status: Waiting for Reply 96xuKaOy1A8htbnNmUkD4kn4qDy96Iu3_Priority: Normal

–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*
Good day.

If you were more careful while caress yourself, I wouldn\’t write dis message. I don\’t think that playing with yourself is very terrible, but when all colleagues, relatives and friends receive video of it- it is terrible news.

I seized malisious soft on a porn web-site which was visited by you. When the object tap on a play button, device starts recording the screen and all cameras on ur device begins working.

Moreover, soft makes a dedicated desktop supplied with key logger function from ur system , so I was able to save all contacts from ur e-mail, messengers and other social networks. I\’m writing on this e-mail because It\’s your working address, so you should check it.

I think that 490 usd is pretty enough for this little false. I made a split screen vid(records from screen (interesting category ) and camera ooooooh… its awful AF)

So its your choice, if u want me to destroy ur disgrace use my bit?oin w?llet ?ddr?ss: 17Q… [redacted]
You have one day after opening my message, I put the special tracking pixel in it, so when you will open it I will see.If ya want me to show u the proofs, reply on this message and I will send my creation to five contacts that I\’ve got from ur contacts.

P.S.. U are able to complain to cops, but I don\’t think that they can help, the investigation will last for several months- I\’m from Ukraine – so I dgf lmao

Mark Turner : Accelerating the throw-away society

June 19, 2018 02:10 AM

Massive insulated bag for a bag of candy

Watched as a UPS driver wrestled with a heavy “meal delivery” box last week. Then today this bag of candy got delivered to the office. I was aghast. In both cases, 99% is wasteful packaging, ice packs and insulation blankets that go in the trash so here’s what I suggest:

1. Want a fancy meal? Cook it or eat out.
2. Want candy? Buy it at your local store.

Convenience is killing us, y’all.

Mark Turner : Was Josh Schulte compromised by the Russians?

June 19, 2018 01:28 AM

Remember when I wondered why CIA leaker Josh Schulte was found with kiddie porn on his computers? A tweet by the US district attorney’s office in New York spawned a comment that makes it all make sense:

Of course this is what happened. Even so, I’m surprised Schulte’s dirty little secret didn’t derail his intel career much sooner than it did.

Mark Turner : Skier’s disappearance, return may stay a mystery – Times Union

June 01, 2018 10:45 AM

More than 100 days after Constantinos “Danny” Filippidis went missing from Whiteface Mountain, State Police and Filippidis’ family are no closer to understanding what led the skier to end up in a rental car section of the Sacramento Airport.

State Police said Thursday they considered the case still open but had no new information on Filippidis’ disappearance.

Filippidis was on a ski trip with some fellow Toronto firefighters. At around 2 p.m. Feb. 7, he decided to go on one last ski run while his friends returned to the lodge. When he still hadn’t returned by 4 p.m., they began to look for him.

Searchers eventually found his identification in his car but no sign of him. The disappearance sparked a massive search effort, involving more than 130 members.

Six days later, Filippidis’ wife received a call from a number she didn’t know. On the other line was Filippidis. He called her by a nickname he used for her but sounded lost and confused. After calling him back, she was able to convince him to call 911.

Source: Skier’s disappearance, return may stay a mystery – Times Union

Mark Turner : Pompeo says China incident is ‘entirely consistent’ with Cuba ‘sonic attacks’ – CNN

May 23, 2018 08:20 PM

Sonic attacks on American diplomats continue, this time in China.

US Secretary of State Mike Pompeo said Wednesday that an incident involving a US government employee stationed in China who reported “abnormal sensations of sound and pressure” suggesting a mild brain injury has medical indications that are “very similar” and “entirely consistent” to those experienced by American diplomats posted in Havana.

US officials have issued a health alert in China following the incident. Additionally, the US State Department is looking into whether the incident is similar to what happened in Cuba in 2016 and 2017, a US diplomatic official told CNN, which the US government characterized as a “sonic attack.” That incident led to a reduction in staffing at the US Embassy in Havana.

Source: Pompeo says China incident is ‘entirely consistent’ with Cuba ‘sonic attacks’ – CNN

Mark Turner : The Oak City Dairy Farm

May 23, 2018 12:39 AM

Oak City Dairy Farm auction notice in the Raleigh’s Evening Visitor newspaper

Today I learned my home sits on what was once the Oak City Dairy Farm, owned by Thomas B. Bridgers. The dairy cows and equipment were sold at auction in July 1883 following Mr. Bridgers death. The farm sold in 1899 to Lewis T. Christmas, a pastor from Charleston, West Virginia.

The ad in the old Raleigh newspaper, the Evening Visitor, has the auction information as follows:

Sale of Personal Property.

I will, on Tuesday, the 26th of July, 1883, at the Oak City Dairy Farm just north of the city of Raleigh and St. Augustine Normal School, offer for sale to the highest bidder, the personal property belonging to the late Thomas B. Bridgers, deceased, consisting of two brood mares, one colt, six mules, two bales cotton, nineteen cords of pine wood, three cords of oak wood, twelve seasoned cedar posts, farm tools and implements, buggy, wagons, etc., including the entire outfit of Oak City Dairy, consisting of sixteen head of Jersey and Ayeshire in bred milch [sic] cow, in excellent order, with capacity of from three to five gallons per say, and all necessary cars, jars, pans, buckets, horses, wagon, etc., for a first class dairy business. Also one Ayeshire bull, two Jersey bulls and eleven head fine heifers and calves. An itemized inventory of this property or any information can be seen and had by applying to the office of George H. Snow, Esq., attorney.

Sale will commence at 11 o’clock a.m., promptly. Terms of sale cash.

MARY M. CHRISTMAS
Executrix of T.B. Bridgers, dec’d.
june28-tds

Mark Turner : It’s Time For A New Maritime Strategy – U.S. Naval Institute Blog

May 22, 2018 03:08 PM

In the current environment, the U.S. military is stretched too thin and lacks the strategic purpose and resources to effectively employ this strategy. There is no guiding principle for the employment of naval force and yet the Navy continues to be used as an active tool of diplomacy in an era without strategic priorities. As globalization continues to take hold but the U.S. begins to focus inward, the role of the Navy must be better defined. In April of 1991, as the U.S. faced a period of unchallenged superiority with the demise of the Soviet Union, then CNO Admiral Frank Kelso made the following statement in Proceedings:

We must shift the objective of our “National Security Strategy” from containing the Soviet Union to maintaining global stability. Our evolving strategy must focus on regional contingencies in trouble spots wherever our national interests are involved.

Source: U.S. Naval Institute Blog

Mark Turner : The Last Deployment Hat Toss

May 22, 2018 12:30 AM

The Coronado Bay Bridge, 30 March 2018.

When the family and I toured San Diego this spring we took a harbor cruise around Coronado Bay. Here the Coronado Bay Bridge acts as a prominent landmark for the surface fleet of Naval Base San Diego, tucked just inside the bridge. On your first trip out as a fresh-out-of-bootcamp sailor you’ll inevitably be told to crank down the ship’s mast to avoid hitting the bridge.

On your last pass under the bridge, however, there is a different ceremony. It is a local San Diego navy tradition that on your last trip under the Coronado Bay Bridge you toss your cover (or “Dixie Cup,” as the white enlisted canvas hats are known) into the water. So many times I passed under the bridge that I really, really looked forward adding my cover to the submerged pile beneath the bridge. That day came for me on Monday, 20 January 1992 when I rode the USS Elliot (DD-967) back from my last WestPac deployment. It was the day before my 23rd birthday.

Here are some photos of the occasion:

This spring’s harbor cruise was the first time that I had passed under the bridge since I sent my cover flying over the side so long ago. It was wonderful to relive the moment.

Mark Turner : Jolly Roger Telephone Company, saving the world from bad telemarketing | How Does it Work?

May 21, 2018 03:04 PM

This is brilliant. It’s a service that screens your phone calls and answers with an annoying, delaying robot if the caller is a telemarketer or scammer.

How does it work?
1) You buy a subscription, telling us your phone numbers and your email address.

2) Pick a robot you like from our “Pick a Robot” page. Mark down the robot’s phone number and keep it handy.

3) When you receive a telemarketing call, you transfer it to the robot (see “Use a Robot” page for instructions).

4) After our robot is done talking to the telemarketer, it will send a copy to your email so you can have a laugh.

Source: Jolly Roger Telephone Company, saving the world from bad telemarketing | How Does it Work?