But SCIENCE!

by Lisa

June 12, 2018

Trump’s press conference in Singapore where he tells us about the scientific fifteen year time period it takes to denuclearize — WTF? I’ve got all the respect in the world for PoliSci studies, but it’s not *scientifically* required that “you have to wait certain periods of time, and a lot of things happen”. Unless we’re talking about complete decay of the fissionable material – in which case fifteen years is WAAAAAY short. The half-life of U-235 is like 700 million years.

Blending it down to reactor-grade, though – NNSA contracts have down-blended well over a tonne of HEU a year. The problem is 1 tonne of HEU becomes 16 tonnes of LEU. And how many reactors, submarines, and space vehicles do we need to fuel? Doubtful NK’s got facilities for down-blending weapon-grade material, but “de-enrich my stuff at your facility for free and I won’t have nukes” would be a really strong negotiating position — and as much as Trump may decry billions Clinton spent to denuclearize NK … it would be billions well spent if there were no enriched material in the country. And NK has maybe half a tonne of HEU – the logistics of shipping the shit would take longer than down-blending it.

But we’ve got a president looking at what may be a reasonable political estimate of how long it would take the country to denuclearize and calling it a scientific requirement. Which is ironic given the number of *actual* scientific things the administration feels free to ignore.

Fake Wars!

by Lisa

June 6, 2018

Last week in fake history: just days before the Bowling Green Massacre, Canada invaded Washington DC and razed our federal buildings.

Historical ignorance (and sure it’s scary that Trump is both so ignorant of history AND unwilling to accept counsel), aside — so what if Canada *did* burn down the White House in 1814. Say Canada *were* a country aligned with England, and they participated in the war of 1812 by invading the US and burning DC. How does that make Canada a national security threat TODAY?

Controlling Printer Outlet

by Lisa

June 5, 2018

We normally keep our printer turned off. Residential printer standby can have a decent draw. It’s something you have to research specific to your printer — some have low single-digit standby draw and waste ink when powered on and off. Others, like ours, has a non-trivial standby draw that isn’t offset by ink savings. The problem is that you’ve got to turn the printer on, print your stuff, and then remember to turn it off. The tiny person remote power controller (i.e. Anya) works for this, but it’s not an elegant automated solution.

Scott set up a smart outlet for the printer – you can tell the Echo to turn the printer outlet on and off now. But you still have to remember to turn it off 🙂

So I set up a print queue on the server & all print jobs are submitted to the server-based queue. A scheduled task on the server checks the print queue for jobs and turns the printer on when jobs are found. When the printer is on but no jobs are in the queue, it waits ten minutes and checks again (otherwise you could turn the printer on & have the batch immediately turn it off. Or worse the job could be out of the queue but still printing!), then turns the printer off if there are still no jobs in the queue. Voila, now the printer turns itself on when you want to print something and it remembers to turn itself off later.

The tricky bit was figuring out how to post ‘ON’ and ‘OFF’ to the OpenHAB2 REST API. -Body with just the command:

Invoke-WebRequest -URI ‘http://openhabserver.domain.gTLD:8080/rest/items/Outlet1’ -ContentType “text/plain” -Method POST -Body ‘OFF’

The script is available at https://github.com/ljr55555/miscPowershell/blob/master/printQueueMonitor.ps1

Bigoted Bakers

by Lisa

June 4, 2018

The Supreme Court decision in the Masterpiece Cakeshop case clarifies exactly nothing — maybe the ruling would have stood if the review had not disparaged the baker’s religious beliefs. I’m not sure I’d want a baker who hates me (or something I do) to bake me a cake — too many ways to accidentially ruin a cake. Same with the photographer — why risk accidental overexposure or data loss destroying your wedding photos?

But I can see being offended when someone refuses you service based on your sexual orientation (or religion, or ethnicity, or …). I had a whole host of medical problems — eventually learned that my body does not process sugars/carbohydrates well and simply limiting sugars and simple carbohydrates eliminated most of these problems. But a decade before that discovery, the only thing that sorted amenorrhea and fibromyalgia-like symptoms was hormonal birth control pills. My insurance copay was the same amount regardless of where I purchased medication, so I used a small, privately owned pharmacy in a boutique part of town. Until my state passed a law that permitted pharmacists to refuse to distribute anything that contravened their religious beliefs. Shortly thereafter, I got lectured about my sinful promiscuity instead of picking up my prescription. I’m sure there was some way to get the pills from that pharmacy, but frankly I was insulted and more than a little embarrassed. Not that it was the least bit of their business, but I was absolutely celibate. Just didn’t enjoy being chronically exhausted and in pain. Wasn’t worth arguing about, I transferred my prescription to a chain that wasn’t staffed by people who want to pass judgement on my medical prescriptions.

Thinking back to that embarrassment, I hope these anti-discrimination laws get tested by a case where the local officials don’t editorialize — just state the action violates the law and be done with it.

OUD Returning Some DirectoryString Syntax Values As UTF-8 Encoded Bytes

by Lisa

June 1, 2018

We are still in the process of moving the last few applications from DSEE to OUD 11g so the DSEE 6.3 directory can be decommissioned. Just two to go! But the application, when pointed to the OUD servers, gets “Unable to cast object of type ‘System.Byte[]’ to type ‘System.String'” when retrieving values for a few of our DirectoryString syntax custom schema.

This code snippet works fine with DSEE 6.3.

string strUserGivenName = (String)searchResult.Properties["givenName"][0]; 
string strUserSurame = (String)searchResult.Properties["sn"][0]; 
string strSupervisorFirstName = (String)searchResult.Properties["positionmanagernamefirst"][0]; 
string strSupervisorLastName = (String)searchResult.Properties["positionmanagernamelast"][0];

Direct the connection to the OUD 11g servers, and an error is returned.

The attributes use the same syntax – DirectoryString, OID 1.3.6.1.4.1.1466.115.121.1.15.

00-core.ldif:attributeTypes: ( 2.5.4.41 NAME ‘name’ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} X-ORIGIN ‘RFC 4519’ )
00-core.ldif:attributeTypes: ( 2.5.4.4 NAME ( ‘sn’ ‘surname’ ) SUP name X-ORIGIN ‘RFC 4519’ )
00-core.ldif:attributeTypes: ( 2.5.4.42 NAME ‘givenName’ SUP name X-ORIGIN ‘RFC 4519’ )

99-user.ldif:attributeTypes: ( positionManagerNameMI-oid NAME ‘positionmanagernamemi’ DESC ‘User Defined Attribute’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ‘user defined’ )
99-user.ldif:attributeTypes: ( positionManagerNameFirst-oid NAME ‘positionmanagernamefirst’ DESC ‘User Defined Attribute’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ‘user defined’ )
99-user.ldif:attributeTypes: ( positionManagerNameLast-oid NAME ‘positionmanagernamelast’ DESC ‘User Defined Attribute’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ‘user defined’ )

I’ve put together a quick check to see if the returned value is an array, and if it is then get a string from the decoded byte array.

string strUserGivenName = (String)searchResult.Properties["givenName"][0]; 
string strUserSurame = (String)searchResult.Properties["sn"][0]; 

string strSupervisorFirstName = "";
string strSupervisorLastName = "";
if (searchResult.Properties["positionmanagernamefirst"][0].GetType().IsArray){
    strSupervisorFirstName = System.Text.Encoding.UTF8.GetString((byte[])searchResult.Properties["positionmanagernamefirst"][0]);
}
else{
    strSupervisorFirstName = searchResult.Properties["positionmanagernamefirst"][0].ToString();
}

if (searchResult.Properties["positionmanagernamelast"][0].GetType().IsArray){
    strSupervisorLastName = System.Text.Encoding.UTF8.GetString((byte[])searchResult.Properties["positionmanagernamelast"][0]);
}
else{
    strSupervisorLastName = searchResult.Properties["positionmanagernamelast"][0].ToString();
}

Voila

The outstanding question is if we need to wrap *all* DirectoryString syntax attributes in this check to be safe or if there’s a reason core schema attributes like givenName and sn are being returned as strings whilst our add-on schema attributes have been encoded.

Isolated Guest Network On Merlin 380.69_2 (Asus RT-AC68R)

by Lisa

May 31, 2018

We finally got rid of Time Warner Cable / Spectrum / whatever they want to call themselves this week’s overpriced Internet that includes five free outages between 1100 and 1500 each day. But the firmware on the new ISP’s router doesn’t have a facility to back up the config. And if we’re going to have static IPs for all of our speakers, printers, servers … we don’t want to have to re-enter all of that data if the router config gets reset. Same with configuring the WiFi networks. And, and and. So instead of using the snazzy new router, we are using our old router on .2, the new router on .1 … and everything actually connects to the old router, uses the DHCP server on the old router. And only uses the new router as its default gateway. Worked fine until we tried to turn on the guest network.

I found someone in Internet-land who has the exact same configuration and wants to permit guests to use the LAN printer. His post included some ebtables rules to allow guest network clients access to his printer IP. Swapped his printer IP for our router IP and … nada.

And then I realized that the router is not the packet destination IP when the guest client attempts to communicate outside our network. The router is the destination MAC address. So you cannot add an ebtables rule to the router’s IP address and expect traffic to flow.

The first thing you need to do is figure out the upstream router’s MAC address. From the Asus, you can query the arp table. If the command says “No match found in # entries”, ping the router and try again.

root@ASUS-RT-AC68R:/tmp/home/root# arp -a 10.5.5.1
? (10.5.5.1) at a3:5e:c4:17:a3:c0 [ether] on br0

The six pairs of hex numbers separated by colons – that’s the MAC address. You have to allow bidirectional communication from the guest network interface (wl0.2 for us) with the upstream router’s MAC address. You also have to allow broadcast traffic so guest devices are able to ARP for the router’s MAC address.

To have a persistent config, enable jffs and add the config lines to something like services-start:

root@ASUS-RT-AC68R:/tmp/home/root# cat /jffs/scripts/services-start
#!/bin/sh
logger "SERVICES-START: script start"
# Prevent Echo dots from sending multicast traffic to speaker network
ebtables -I FORWARD -o wl0.1 --protocol IPv4 --ip-source 10.0.0.36 --ip-destination 239.255.255.250 -j DROP
# Guest network - allow broadcast traffic so devices can ARP for router MAC
ebtables -I FORWARD -d Broadcast -j ACCEPT
# Guest network - allow communication to and from router MAC
ebtables -I FORWARD -s a3:5e:c4:17:a3:c0 -j ACCEPT
ebtables -I FORWARD -d a3:5e:c4:17:a3:c0 -j ACCEPT
# This should be automatically added for guest network, but it goes missing sometimes so I am adding it again
ebtables -A FORWARD -o wl0.2 -j DROP
ebtables -A FORWARD -i wl0.2 -j DROP

Use -L to view your ebtables rules:

root@ASUS-RT-AC68R:/tmp/home/root# ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 16, policy: ACCEPT
-d a3:5e:c4:17:a3:c0 -j ACCEPT
-s a3:5e:c4:17:a3:c0 -j ACCEPT
-d Broadcast -j ACCEPT
-p IPv4 -o wl0.1 --ip-src 10.0.0.36 --ip-dst 239.255.255.250 -j DROP
-o wl0.2 -j DROP
-i wl0.2 -j DROP

Voila, guests who can access the Internet & DNS on the .1 router, but cannot access anything on the internal network. Of course you can add some specific IPs as allowed destinations too – like the printers in the example that started me down this path.

Playground Time

by Lisa

May 27, 2018

One of my proudest parenting moments this past year wasn’t even something I taught Anya. She was in pre-school, and there was always a group of people that would hang out after pick-up and play on the little playground. The kids … parallel play” is the technical term for it — little kids don’t really *play together*. They do their own thing in close physical proximity to another kid. A few bigger/older/more outgoing kids would run around the yard, while the younger/smaller/shyer kids would more or less hide. Anya was younger/smaller/shyer — which made after-school play time not a lot of fun. So I’d play with all of the kids — coordinate an activity so all of the kids were on the same task. Be the ‘finder’ in a game of hide and seek, have two dozen little kids chase me around. Sometimes I’d even have a little physics lesson — there are lots of cool real-life physics things in a playground — kinetic v/s static friction trying to walk up a slide, levers at the seesaw, momentum on a swing. Or math — the kids would pick the number I would count to in hide-and-seek, and sometimes someone would get goofy with it. Count to a million — OK, 100k, 200k, 300k, etc. Count to zero! OK, -10, -9, -8, etc. Once they got started, and after the kids got worn out some, they’d usually start playing together in smaller groups; and I had some time to chat with the other parents.

One day, I had to work during pickup time. My husband ran over to the school, picked up our daughter, and took her into the playground to hang out with her friends. In my absence, one of the other moms took my role and kicked off a game of hide and seek. Other people valued having their kids play together — a couple people told me that they’d started leading group playtime at other parks when they’re out.

I hope a few of these playtime hours are great memories for Anya when she’s older.

Show Respect

by Lisa

May 23, 2018

All NFL Players ‘Shall Stand And Show Respect’ For Flag And Anthem – Wow! I wish I was an avid football viewer so *not* watching football would be a state change. Hopefully being permitted to stay in the locker room enables players to make their point. If two guys on a team of, what, fifty people aren’t on the sideline you’d never notice. Half only emerge once the anthem is over? That makes a statement too. And someone’s camera would end up in the locker room to cover the protest. Any takers on how long it is before players aren’t permitted to stay off the field after that protest makes news?

‘Show respect’ is a ill defined term too. I assume this is so you don’t have guys standing backwards, but how is hanging back in the locker room playing candy crush *more* respectful than kneeling during the anthem? And for the guys on the field, some dude who was kneeling last season is a little slouchy in his stance, the team still gets fined to avoid a presidential tantrum?

The whole idea of being forced to stand for the anthem seems anathema to the ideals of our country, even if the long history of private employment shows we can be forced into just about anything if we want to continue receiving a pay cheque. The same could be said for being forced to stand and pledge allegiance to the country 180 days a year for thirteen years. Or more – I was rather dismayed to learn that my daughter’s preschool class was taught the pledge of allegiance so they could recite it at their graduation ceremony. Now I’ve got a bit of an Anabaptist philosophy – I don’t much see the point in having someone repeat words or go through a ceremony without *understanding* what they are doing. I avoided children’s clothing with words on it – overkill, yeah, but a six month old baby doesn’t *mean* to say “I just did 9 months on the inside”, “Grandma’s Drinking Buddy”, or make a boob joke, no matter how many people find the messages cute or silly. Until she knew and understood what the shirt said, she got shirts with pictures. Or patterns. Or plain colours. So I asked my kid if the teacher explained what allegiance *is*, or even explained any of the historic principals of the United States. Of course not; they were just given words to recite. Now we’ve had some discussion of the country’s principals and failings – she votes with me two times a year (primaries and general, this is not some admission of voter fraud), we’ve discussed how to affect local, state, and federal laws (and the diminishing influence an individual has as you move from local to state to federal government). But the principals of the Republic for which the flag stands is pretty abstract to convey to a preschooler. And pledging allegiance to a flag? The essence of a nation is not bound up in its cloth banner.

Forced recitations of pledges and vows do nothing to impart knowledge, develop skills, or promote good citizenship. As an intimidation technique, forced declaration of faith and loyalty are not new, although they are generally the hallmark of an insecure society. People do not become more patriotic through such declarations, but being subject to coercion can have the opposite effect.

On Proceedure

by Lisa

May 20, 2018

A little more than a year ago, Trump somehow thought that associates being the subject of a judicially approved wiretap somehow exonerated him. This week, the fact the FBI had sufficient evidence that his campaign received and possibly sought the aid of foreign governments to place an informant in the campaign organization is meant to show how the whole investigation is FAKE NEWS. And, hell, for all we know someone who worked for the campaign heard about these meetings and reached out to the FBI to report it.

And he compares an FBI informant in his campaign to Watergate — where burglars broke into the DNC HQ office, installed listening devices in the phones, and then broke in again. Difference is *burglars* broke into the office and planted devices to intercept conversations (and broke in again to ‘repair’ their initial work). When the FBI uses informants, on the other hand, “special care is taken to carefully evaluate and closely supervise their use so the rights of individuals under investigation are not infringed. The FBI can only use informants consistent with specific guidelines issued by the attorney general that control the use of informants”. Which makes Trump’s claim another bit of ‘deep state’ paranoia.

It’s not unreasonable to conclude that evidence of the campaign’s interaction with foreign powers was discovered and prompted the investigation. Have the DoJ look into it and verify the FBI followed their internal policy, although that’s a bit of a stretch. Given the number of meetings with representatives of foreign governments the campaign took looking for campaign assistance, Trump’s assertion is a bit like a meth cook saying the whole system is corrupt as evidenced by the search warrant for his lab being signed off on by a judge.

The strangest bit of the whole assertion is that a deep state conspiracy to undermine Trump’s campaign would have been far more effective if it were announced prior to the election. After the fact, it’s pretty ineffective. Best case for an after-the-fact investigation is they manage to impede the process of governing until the next election cycle. The day before the last debate, publicize (or leak) news of this investigation? A day or two before the election?

It’ll convince the 30% who are out to prove Trump right on one matter — he could shoot someone on 5th Ave and still have their support.

The Horrors!

by Lisa

May 16, 2018

The TL;DR summary of the Trump Tower meeting, by way of the Senate Committee testimony, seems to be “we wanted dirt on our opponent to help win the election, and were right eager to accept said help from Russia but this meeting failed to provide what we wanted to procure”. Which, as far as defenses go … not a great one.

While one is not meant to consider the ramification of a legal decision, Trump Jr’s testimony brings to mind prostitution sting operations. I would love to see the defendant claiming that they had not in fact engaged in an illegal activity. Sure they wanted to exchange money for sex. The sex was never provided; ipso facto the law was not broken. Case dismissed! Sorry to inconvenience you, upstanding citizen.