Rubenerd

I was standing by a set of traffic lights near our office this evening when I witnessed an ungainly SUV drive past. I appreciate ungainly is a superfluous descriptor for SUVs, but this one looked even more like a beached whale than normal. Except, whales are sleek. Anyway my eyes darted down and saw their ABBA vanity plates which made me grin. I could already imagine the occupants exiting the vehicle in white jumpsuits, perhaps like this:

Ah Fate/Grand Order, still the only mobile game I’ve taken seriously, though it would need many more hours for it to surpass SimCity 3000, Commander Keen, and Train/Flight Simulator. But I digress.

As I stole a second glance when crossing the street, I realised the plates didn’t say ABBA at all, they were spelled A88A. Even in Vim they appear the same in my periphery. This was of course the intended effect; licence plates were doing this for years before URL hacks brought us del.icio.us and bit.ly.

As I think about it, that’s not a good thing. The primary purpose of licence plates is to uniquely identify vehicles and therefore their owners, presumably to report their illegal or dangerous activities. Our memory centres and attention are already compromised for reading regular plates, let alone under duress.

Singapore did away with this. Cars over there don’t even have vowels for their middle letter to avoid inadvertent words being spelled, let alone a chosen one. The only time I saw vanity plates over there that weren’t just strings of numbers were cars driven over from Malaysia, such as the crown for the Johor royals. Singapore plates even have a friggen checksum, which is awesome.

I guess if there were any silver lining, it’s that for every confusing vanity plate, there must be a simple one that instantly recognisable. You wouldn’t rob a bank with a getaway car showing Q for plates. And while it seems to be changing in Australia, there are likely other easily-identifiable characteristics about a car who’s owner can afford to have such a plate.

I haven’t hidden my love and preference for Ansible here. Servers don’t exist if they’re not defined, provisioned, and maintained with Ansible playbooks, as far as I’m concerned. But it still manages to trip me up sometimes.

Ansible can handle creating new users, and upload SSH keys. The OrionVM platform API, CLI, and web interface can inject SSH keys direct into running FreeBSD and Linux VMs, and into NetBSD VMs with a restart, but by default it adds them in the root user by default instead.

So I wrote some standard user and authorized_key blocks in a new playbook, and did a dry run:

$ ansible-playbook freebsd-users.yml -test
==> TASK [Add key to user, like a gentleman] ***********************
==> fatal: [stuff.sasara.moe]: FAILED! => { "changed": false, 
==> "msg": "Unsupported parameters for (authorized_key) module: name 
==> Supported parameters include: comment, exclusive, follow, key, 
==> key_options, manage_dir, path, state, user, validate_certs" }

Whoops! I checked my pedestrian config, can you see the problem?

- name: Add new user
    user:
      name: "{{ target_user }}"
      shell: /bin/sh
      groups: wheel
                    
- name: Add SSH key to user
    authorized_key:
      key: "{{ item }}" 
      exclusive: yes
      manage_dir: yes
      name: "{{ target_user }}"
      state: present
    with_file:
    - public_keys/id_ed25519_shonen_jumpbox.pub

Yup, I’d used the name variable for both the user and authorized_key modules, but the latter uses user not name. So it should read as:

- name: Add SSH key to user
    authorized_key:
      key: "{{ item }}" 
      exclusive: yes
      manage_dir: yes
      user: "{{ target_user }}"
      state: present
    with_file:
    - public_keys/id_ed25519_shonen_jumpbox.pub

I can see the justification here. The variable name in the context of SSH keys could refer to the user who accepts the key, or the name of key itself. The module doesn’t contain a name variable at all, presumably to avoid this ambiguity.

Still, in practical terms this means the user module, and the authorized_key module which is only used on users, refer to users differently. There must be a German word for things that concurrently make sense and don’t.

Minimal Nodoka art from Negima by dingier on DeviantArt, based on original art by the one and only Ken Akamatsu himself. My terrible, decade-old Mai-HiME NetBSD mashup got audible gasps at my AsiaBSDCon talk, I’m bringing them back! Maybe… not all the time.

I completely missed this news:

High performance computing is a key component of HPE’s vision and growth strategy and the company currently offers world-class HPC solutions, including HPE Apollo and SGI, to customers worldwide. This portfolio will be further strengthened by leveraging Cray’s foundational technologies and adding complementary solutions. The combined company will also reach a broader set of end markets, offering enterprise, academic and government customers a broad range of solutions and deep expertise to solve their most complex problems. Together, HPE and Cray will have enhanced opportunities for growth and the integrated platform, scale and resources to lead the Exascale era of high performance computing.

I’m having similar feelings about when Compaq bought DEC/Digital, though with a few more years under my belt to really appreciate it. Cray was the company featured in all my computer books growing up. Seeing the care and attention that went into crafting these supercomputers was awe-inspiring, as was the performance they mustered. In a world of car analogies, Cray was McLaren: cool, unobtainable, and incredible.

To be clear, this isn’t strictly-speaking the Cray that Seymour originally founded, it’s been through divestitures and buyouts and name changes since. But it still feels like the end of an era. What broke my heart a little was seeing this hugely influential technology company being described like that at the end of the press release:

Cray Inc. (Nasdaq:CRAY) combines computation and creativity so visionaries can keep asking questions that challenge the limits of possibility.

Here’s a photo I took at the Computer History Museum in Santa Clara last year, with a lab coat I may or many not have wanted to steal. If I had more money, I’d buy a dead Cray machine to use as a padded bench.

The first time I read Straight Pride, I assumed they were referring to the supreme sense of satisfaction I had as a kid free-drawing a perfect square with lines that looked as though a ruler had intervened in their creation. I never achieved the same thing with a circle.

Needless to say, is an overused phrase. And so-called edgelords love pointing out the apparent need for this, because of course everything is a zero-sum game to them. I honestly think one of the biggest challenges facing the world is the idea that people don’t have to lose for others to win, or even break even. It applies to social interactions, the environment, business, everything.

Anyway, this original post is gone, but I saw this being retweeted and thought it was brilliant.

drarna: asking for straight pride is like asking for able bodied parking spaces.

Problem is, I’ll bet a couple of people saw this and agreed, because they were shopping on a Saturday and an accessible spot was the only one free.

There’s not much point to this post; it was bourne of some idle curiosity. Ah man, that pun was top shelf. macOS has shipped with the KornShell since Tiger, but I was interested to see which version it had. Here’s 10.14 Mojave:

$ /bin/ksh --version
    version sh (AT&T Research) 93u+ 2012-08-01

I’d been installing it with Homebrew (via Ansible) since I switched to it as my primary interactive shell, but it’s the same:

$ /usr/local/bin/ksh --version
    version sh (AT&T Research) 93u+ 2012-08-01

The latest version from FreeBSD ports is fresher:

$ ksh93 --version
    version sh (AT&T Research) 93v- 2014-12-24

Although I had a treat:

# pkg upgrade ksh93
==> [...]
==> Installed packages to be UPGRADED:
==> ksh93: 20141224 -> 2020.0.0.a1,1

The port’s commit history shows a lot of changes over the last month which I’m still mentally processing.

Speaking of plastic waste, I saw a couple of video news clips on Twitter.

The Australian Academy of Science posted above about my personal environmental rage topic, microplastics:

They can be intentionally manufactured that way (primary) or they may result from lager pieces of plastic breaking down into smaller fragments (secondary). It’s estimated that 1.5 million tonnes of primary microplastics are washed into the ocean every year.

1.5 million tonnes just for the microplastics we intentionally make for shitty cosmetics and scrubs? For those who didn’t see my post about it last year:

Plastic micro‐beads are comparatively recent. They were proposed and developed with full knowledge that it’d be washed down sinks, and end up in the oceans. And they didn’t care. These are incontrovertible facts; I don’t buy any defence of this decision.

Oil spills garner headlines, but I put these people in the exact same league. Possibly worse, because while oil is used to power things, micro‐beads are an entirely useless marketing gimmick. They saw a potential environmental disaster, and thought they could make a quick buck off it.

Get this out of toiletries, now. Governments, legislate against this shit, because we can’t trust businesses to act in our collective interest here. And to the people who thought this was a good idea; choke on a plastic-filled fish. Bon Appétit, halfwits.

Not that I was furious.

And DW News reported on a project by the Bing Bang Fair:

British Synchronised swimmers Kate Shortman and Isabelle Thorpe attempt to recreate their World Championship routine in a pool filled with plastic - a challenged posed by The Big Bang Fair to help highlight how the eight million tonnes of plastic dumped in the world’s oceans every year affects marine life.

I’ll bet they had no trouble finding all that plastic too. Imagine if they all left that pool after shooting that, and returned a thousand years later somehow. It’d all still be there. A testament to the twentieth and twenty-first centuries in all their shortsighted glory.

But there’s some promising new research by Alvin Orbaek White, as tweeted earlier this month in The Conversation:

For our new study, we took plastics – in particular black plastics, which are commonly used as packaging for ready meals and fruit and vegetables in supermarkets, but can’t be easily recycled – and stripped the carbon from them, then built nanotube molecules from the bottom up using the carbon atoms.

I’d still say we should be avoiding the use of it altogether, but let’s not make perfect the enemy of good. There’s so much of this stuff floating around; literally.

Benedict Reuschling showed us last year how to use Ansible on FreeBSD at AsiaBSDCon. The key is to bootstrap Python using the raw module, so it can connect. I always thought the claim that Ansible didn’t have dependencies was suspect ;).

I thought I was going crazy this afternoon when my bootstrap playbook seemingly sat there, doing nothing. I ran it with more verbosity, and saw the problem:

Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 6 package(s) will be affected (of 0 checked):
    
New packages to be INSTALLED:
    python3: 3_3
    python36: 3.6.8_2
    readline: 8.0.0
    indexinfo: 0.3.1
    libffi: 3.2.1_3
    gettext-runtime: 0.20.1
Number of packages to be installed: 6
    
The process will require 107 MiB more space.
16 MiB to be downloaded.
    
Proceed with this action? [y/N]: Terminated

It will happily just sit there waiting for your input. Using -y will assume the answer is yes.

I lock down my browsers pretty tight. Cookies are routinely wiped, I block JavaScript and trackers by default, and I have a sophisticated Curmudgeon Engine. I wish I could say it was for privacy and security – two related, but discrete reasons – but it’s the only way to make the modern web tolerable.

While I assert the usability benefits still outweigh the limitations, it does cause problems with a few sites. For example, Cloudflare always needs to validate my existence with CAPTCHAs. Under a giant yellow exclamation mark it reads (numbers added):

Why do I have to complete a CAPTCHA? Completing the CAPTCHA proves you are a human (1) and gives you temporary access to the web property. (2)

Point (2) is definitely true for me! But forgive my nitpicking for once, point (1) is incorrect. CAPTCHAs assert the likeliness of you being a person. There are already sophisticated tools now that beat these kinds of checks at rates higher than simple trial and error.

What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to a run a scan across the network looking for misconfigured or infected devices.

This sounds like questionable advice. A home user encountering this page will reasonably assume their machine is infected after seeing that message, and will rush out to buy expensive anti-virus software. All because their browser environment couldn’t be verified.

I’m assuming Cloudflare have the metrics to correlate browser behaviour and infection rates. I also concede my use case is probably very rare. But normalising these kinds of alerts also seems a bit irresponsible; and frankly grates when I’m seeing this precisely because I browse with an abundance of caution.

Yurucamp was one of the most heartwarming anime series Clara and I have seen in a long while. It’s in my top ten of all time, I don’t even care. I was waiting for scale figs to come out, but these Nenderoids are almost too cute.

Here’s the effervescent Kagamihara Nadeshiko:

The quiet Shima Rin:

And our favourite, Inuyama Aoi:

My only conciliation is a studio apartment can’t fit any more of this stuff.

Benjamin Wittes’s recent interview with Sam Harris on Making Sense gave some much-needed perspective and insight into the Mueller Report that, bluntly, I hadn’t given much thought to until now. I’ve quoted a few sections, but you should hear the whole episode if you want the full picture.

Benjamin on the first volume of the report:

One can say “therefore he’s been cleared of collusion” or “the pattern of behaviour that Muller documents is bizarre, concerning from a counter-intelligence and what leverage the Russians might have on him, etc, but does not obviously violate criminal law”.

On the second volume:

The gravamen is the President acted in a way that Muller did not say was obstruction of justice, but conspicuously didn’t say was not obstruction of justice. I personally find it extremely hard to read that evidence as anything other than a long-term pattern of attempts to obstruct an investigation by the President. Whether that’s a concern primarily for criminal purposes or impeachment is a complicated question, or maybe it’s both.

On whether Mr Orange was exonerated:

The office of special counsel says the President cannot be indited for obstruction of justice while he’s in office. Muller interprets this, correctly, as binding him. […] Did anyone else commit obstruction? His answer is no. Can the President be indited once he leaves office? His answer is yes. So if the President is guilty of a crime, it’s important to have the record clear, so a future prosecutor can make an appropriate judgement. This is the legal justification for the investigation. […] He does explicitly say the one exception here is if I could clearly exonerate the President, I would. I can’t, so I’m not going to.

On impeachment:

Does the evidence describe impeachable offences? Unambiguously, it does. […] High crimes and misdemeanours is a term of art in the constitution, not a reference to the US criminal code. […] refers to a body of unacceptable Presidential behaviour that you can remove somebody from office for.

I didn’t know the difference, but he provided a useful example:

If the President, one day, took a lawn chair onto the front law of the White House and said “I’m just not gonna do the job any more, I’m just going to play chess with people”, nobody would suggest he committed a crime. And yet he would be impeached and removed from office for it. The set of things that are impeachable offences include a lot of crimes, but it is not co-extensive with the criminal code.

He concludes:

I believe Donald Trump committed criminal acts documented in volume two of this report. He also committed impeachable offences.

It’s a fascinating reversal of the impression I got as a layperson reading about the report. The spin doctors and liars are in full force.