Month: May 2017

Reality TV Presidency

LeBron James left the Cleveland Caveliers in 2010. Players change teams all the time. Even star players change teams occasionally – salary caps, better chance at a championship, whatever. Sucks, but it happens. Making the announcement on a live ESPN broadcast – no matter how much money he managed to generate for a charity – was a terrible way to handle the announcement. From a reality-TV perspective, sure it’s great. Guaranteed viewers, suspense, drama, heartbreak. But as a person it lacks tact, lacks compassion … and as a highly paid athlete who is revered by many, it’s an offensive way to treat fans who bought your merchandise and watched you play. The guy was a kid at the time, and his move back to Cleveland seemed to be handled in a more mature fashion.

I cannot help but think of being in Cleveland during the James announcement (complete with LebronFire events burning jerseys) when the White House declares Trump will be announcing his decision on the Paris Climate Agreement on Thursday. Oh, the drama. The suspense. The heartbreak – because, really, does anyone think he’s going to remain in the agreement? Even if he allows the country to remain in the agreement (an agreement, remember, that was limited greatly by a desire to achieve something that might be acceptable to US Republicans) … does he have any intention of enforcing the agreement? Honestly, the world is better off with America out – re-write the agreement with stricter goals. US companies will need to continue increasing energy efficiency and decreasing emissions or they’ll be unable to sell products outside of the country. Hell, US cities will create their own clean air and water regulations. One impetus behind the clean air act was the cloud of toxic chemicals around Pittsburgh that literally killed people. Practically needed a respirator to walk around LA. London – not a US city, but I remember getting back from a day walking around London to spend an hour blowing black snot out of my nose (and how much of that crud remained in my lungs??). I cannot imagine NYC was any better. And if customers refuse to buy the products — what use is your coal plant if no one will purchase your electricity? Some foreign company’s super-efficient SUV is more attractive even if it costs more up front — pay 100$ a week to fill the tank v/s 100$ a month and you’re looking at a fuel savings of 18k over five years.

Trump campaigned on abandoning the treaty. Look at who he appointed to lead the EPA. Seriously, the only suspense was if we’d officially withdraw or if we’d just neglect enforcement. By indicating that there’s an announcement … I already know we’re withdrawing. But why try to recreate LeBron’s The Decision spectacular?

Redistricting By Algorithm

American government representation is, in many cases, proportional to population. This means that each Rep from Ohio in the House has a district with the same number of people as the other guys from Ohio. A Rep from Cleveland doesn’t represent more people than a Rep from Marion. There may be multiple districts across Cleveland whereas the district for Marion may include other nearby towns as well. It’s a reasonable idea – otherwise Ohio has 44,825 square miles and 16 HR members so every 2800 or so square miles would be a Rep. This means someone represents a whole lot of and and a couple people whereas someone else represents a LOT of people densely packed into a little land. Cuyahoga County covers 457 square miles and has 1.2 million people. Marion *County* covers 404 square miles and has about 66,000 people. Even if Cuyahoga had 2 reps to Marion’s 1 … the population of Cuyahoga is 18x larger.

This means political boundaries are drawn around population numbers. A process which can be perfectly fair and reasonable, but a process which can be manipulated to a particular party’s advantage. The manipulation is called gerrymandering. And it is how Democrats can win 51% of the popular vote in Pennsylvania HR races but only hold 5 of the 18 seats. Statistically they should have had 9 (or even 10 since they had a slight popular vote advantage and you cannot have a fraction of a representative).

What does this look like on a map? See Pennsylvania’s District 7 — let’s take this group of left-leaning people from SE Philly, make a little isthmus, and now how many right-leaning people do we need from West Chester to make it a Republican district? The only district boundaries that have any business not being a straight line are state borders!

When I was in University in the mid-90’s, we were working on a process to analyze the gravitational disturbances caused by binary black hole collisions. Now it’s not reasonable to calculate anything across the entire universe. No one has that kind of time or computing power (oh, and there may be a basic tenet of computing and physics that precludes doing so) … but we want to know what the disturbances would look like across the entire universe. There will be areas of greater impact and areas of lesser impact. The method we used for the analysis is called adaptive mesh refinement. It’s essentially taking a broad overview of the entire universe but using a more detailed (‘refined’) view of sections where something “interesting” is happening.

I propose we use a similar system for algorithmic drawing of Congressional districts. What would that look like? Imagine a state with six million people that has been allocated six districts. Calculate the statistical people per rep — one million in this case — this is going to be our target population within a district. When we get within a percentage of that number, we’ll hold the district as it is.

Chop it in half and see what the population is like in the two ‘districts’ – and check the populations again. We’ve got one within the defined delta of the one million target (since this is a nice example, we have one at our target).

Take the oversized district and chop it in half again. Get population counts and hold any district within the delta of target.

Keep chopping …

Eventually you’ll arrive at districts that are all within the predefined delta of the target. Since a real-world scenario wouldn’t involve nice round numbers and equally spaced populations, we’ll need to have the algorithm shift the district boundaries E<=>W and N<=>S until the proper number of people are contained within each district. Algorithms are quite good at this sort of thing.

But this doesn’t take into account geographical obstacles — what if there’s a river that bisects the district and the nearest bridge is thirty miles up stream? Well, these are not polling centers – put a polling center on each side of the river.

The point of this approach is that a computer algorithm that doesn’t know a thing about the individuals in each area can easily define districts irrespective of political parties. Statistically, an individual voter may end up in a district that differs vastly from their personal beliefs. But there’s no intentional marginalizing of voters based on political parties. And when the next census numbers come in, load a new data set and re-run the program.

What would adaptive mesh districting look like? Essentially this – big squares and rectangles in sparsely populated areas, smaller and smaller squares and rectangles in population centers.

The Peril Of Hosting Your Own Services

I love hosting my own services — home automation, file shares, backups, e-mail, web servers, DNS … bit of paranoia, a bit of control freak, and a bit of pride. But every now and again, hosting my own services causes problems because, well, vendors don’t develop processes around someone with servers in their house.

We got a new cable modem. Scott went to a web page (happened to be Google) and got redirected to the TWC activation page. Went through whatever, ended up calling into support, and finally our account was sorted. Woohoo! Everything works … umm, except I cannot search Google.

Turns out TWC manages their activation redirection by serving up bogus DNS info — their server IP instead of the real one. Which then got cached on our DNS server. No idea what TTL TWC set on their bogus data, but it was more than a minute or two. Had to clear the DNS server cache before we were able to hit Google sites again.

Alternative Facts: NATO

Alternative Fact: NATO countries owe money for defence expenditures the US has made.

Real Fact: The target was for member nations to devote 2% of GDP to defence spending. A target is not a guarantee. Not meeting a target may be disappointing, but it doesn’t mean you owe someone money. If your target is to donate 5% of your net income to charity … but at the end of the year have only managed 3%, it does not mean you owe charities 2% of your net income! It means you didn’t meet your goal. Consistently missing goals can also be a clue that the goal is not realistic. Take, for instance, someone whose goal is to donate 80% of their net income to charity. But they also pay their rent/mortgage, buy some food, turn the lights on occasionally. And don’t have 80% of their net income available after covering essentials. The person can commit to the goal and evaluate their other spending (move into a smaller residence, buy cheaper food, conserve on utilities) or they can change their goal to meet the 10% of their net income that is actually discretionary.

Another real fact? NATO countries, by and large, fund their own military. One might make the argument that the US would have been able to scale back the military budget if only other partners increased their expenditures. *But* that’s disingenuous from someone seeking an enormous increase in the military budget whilst questioning the nation’s continued commitment to NATO. But even if the ‘target’ was actually a contractual obligation … it would be to NATO and not the US.

OK, Google

Chrome 58 was released last month – and since then, I’ve gotten a LOT of certificate errors. Especially internally (Windows CA signed certs @ home and @ work). It’s really annoying – yeah, we don’t have SAN dnsHost attributes defined. And I know the RFC says falling back to CN is deprecated (seriously, search for subjectAltName) but the same text was in there in 1999 … so not exactly a new innovation in SSL policy. Fortunately there’s a registry key that will override this for now.

The problem I have with SAN certificates is exemplified in Google’s cert on the web server that hosts the chromium changes site:

Seriously – this certificate ensures that the web site is any of these hundred wild-carded hostnames … and the more places you use a certificate, the greater the possibility of it being compromised. I get why people like wildcards — UALR was able to buy one cert & use it across the entire organisation. Cost effective and easy. The second through nth guy who wanted an SSL cert didn’t need to go about establishing his credentials within the organisation. He didn’t have to figure out how to make a cert request or how to pay for it. Just ask the first guy for a copy of his public/private key pair. Or run everything through your load balancer on the wildcard certificate & trust whatever backend cert happens to be in place.

But the point of security design is not trusting large groups of people do act properly. To secure their data appropriately. To patch their systems, configure their system to avoid attacks, to replace the certificate EVERYWHERE every TIME someone leaves the organisation, and otherwise prevent a certificate installed on dozens of servers from being accessed by a malicious party. My personal security preference would be seeing a browser flag every time a cert has a wildcard or more than one SAN.

New Soaps

We’ve made a bunch of new soaps this past week — mostly using the same 20% super-fat all coconut oil recipe, although I made a 0% super-fat coconut oil soap to use as laundry detergent. We just have to visit some store that actually stocks washing soda (WalMart – not somewhere I frequent, but according to their web site … it’s stocked at every local store here).

We made a rainbow swirl soap with orange essential oil — important thing about making rainbow swirl soap? Don’t try to smooth out the top! The whole top is a consistent lavender colour … cool, though, because the rainbow bits appear as you use the soap. Totally not what I was going for, though.

Another swirled soap using activated charcoal and green zeolite clay with tea tree essential oil. Again the swirl didn’t turn out the way I wanted … I think you’ve got to have really fluid soap batter to get these swirl techniques to succeed. This batch was less thick than the rainbow above … but it still got gloppy as I poured it. Also – there’s a reason the ‘column pour’ technique has a square in the middle. If you use a round object (say, a glass that you happen to have and know won’t be harmed by soap) , you get concentric circles. Not a design with scallops to it.

And I’ve found a few new recipes that I’d like to try — one is using pureed cucumber in place of water in the soap. And one that’s got to wait for next year — using daffodils as the colourant!

Exchange Online

We’re moving users to the magic in-the-cloud Exchange. Is this a cost effective solution? Well – that depends on how you look at the cost. The on prem cost includes a lot of money to external groups that are still inside the company. If the SAN team employs ten people … well, that’s a sunk cost if they’re administering our disk space or not. If we were laying people off because services moved out to magic cloud hosted locations … then there’s a cost savings. But that’s not reality. Point being, there’s no good comparison because the internal “costs” are inflated. Microsoft’s pricing to promote cloud adoption means EOL is essentially free with purchase too. I’m sure the MS cost will go up in the future — I remember them floating “leased” software back in the late 90’s (prelude to SaaS) and thinking that was a total racket. You move all your licensing to this convenient “pay for what you use” model. And once a plurality of customers have adopted the licensing scheme, start bumping up rates. It’s a significant undertaking to migrate over – but if I’m saving hundreds of thousands of dollars a year … worth it. Rates go up, and the extra fifty grand a year isn’t worth the cost and time for migrating back to on prem. And next year that fifty grand more isn’t worth it either. Economies of scale say MS (or Amazon, or whomever) can purchase ten thousand servers and petabytes of disk space for less money than I can get two thousand servers and a hundred terabytes … but they want to make a profit too. There might be a small cost savings in the long term, but nothing like the hundreds of thousands we’re being sold up front.

Regardless – business accounting isn’t my thing. A lot of it seems counter-productive if not outright nonsensical. There are actually features in Exchange Online that do not exist in the on prem solution. The one I discovered today is subaddressing. At home, we use the virtusertable in sendmail to map entire subdomains to a single mailbox. This means I can provide a functional e-mail address, on the fly, to a new company and have mail delivered into my mailbox. Works fine for a small number of people, but it is not a scalable solution. Some e-mail providers started using a delimiter after which any string was ignored. This means I could have a GMail account of but get mail as or … great for identifying who is losing your e-mail address out in Internet-land. Also somewhat trivial to write a rule that takes +SomeCompromisedAddress and move it to trash. EOL lets us do that.

Another interesting feature that is available on prem but not convenient is free busy federation (now termed an “organisational relationship”). In previous iterations, both parties needed to establish firewall rules (and preferably a B2B connection) to transfer the free busy data. But two companies with MS tenants should be able to link up without having to enact firewall changes. We still connect to the tenant. The other party still connects to the tenant. It’s our two tenants that communicate via MS’s network. Something I’m interested in playing around with … might try to see if we can link our sandbox tenant up to the production one just to see what exactly is involved.

Irony, Thy Name Is Trump

Yesterday, Trump bemoaned how terribly he is treated as President. From a man who has never encountered a superlative he didn’t incorporate into everyday speech … not surprising. But I keep thinking about how Trump is treated in comparison to Obama. Fundamentally different stories, and one narrative has yet to be proven true or false. But even if Trump’s campaign literally had nothing to do with Russian influence in the election – simply had overly-trusting people trying to do the “right thing” and ended up speaking with the wrong people (I had eight calls from the dude, the last one ten minutes long because I was telling them to STOP CALLING ME). Even if we ignore abuses of power relating to the investigation into the nothing that really happened (you get charged with a crime you didn’t commit, try intimidating witnesses because the charges scare you or the bad publicity scares you … the intimidation itself IS a crime). The basic premise behind how Republicans treated Obama is that policies he advocates are so terrible that we’d rather literally accomplish nothing in the next four years. And any cycle you spend hosting a beer summit after making a completely fair assessment of public bias and police actions (seriously, would some old white professor have the cops called if he got locked out of his fancy brownstone?) or discussing birth certificates (hey, Trump, that would be yours) is a cycle not spent advancing odious positions. Agree or disagree with the positions, it’s a decent strategy that the Republicans cultivated there. Positions switch, and beyond play acting … are you really surprised to see the opposition using the same strategy?

Difference is that Obama had a halfway decent approach to dissent — Trump makes a dramatic reality show with a cliffhanger each week (and a bit like “how did you not expect to be red herring’d out of effectiveness” … voters, how did you not expect the reality show star to create, well, THIS!?).

Alternative Fact: Those Who Do Not Know History Are Doomed To Sound Foolish

Alternative Fact: Trump, speaking at the US Coast Guard Academy commencement, claimed “No politician in history — and I say this with great surety — has been treated worse or more unfairly“. Had he gone with ‘and’ instead of ‘or’, the assertion would be subjective. But NO politician in HISTORY has been treated WORSE?!?

Real Fact: Real assassination — literally killing a person — is worse than character assassination. Robespierre – both large numbers of politicians during his reign of terror and his eventual demise – worse. Defenestration of Prague (both 1 and 2) – worse. But let us be generous: place in scope only politicians during Trump’s adult lifetime. Anwar Sadat – worse. No one is a better friend to Israel than Trump (and with friends like this …), so how can he forget Rabin – worse. John F Kennedy – worse.