Month: June 2018

But he MADE me do it

I wondered if this was the logic when he first started in about how it was the Democrat’s that were forcing the separation. Not that the Dem’s passed some laws forcing kids to be separated from parents but that the Dem’s refusal to just go along with asinine policies that don’t even do much to reduce illegal entries mean the trump administration “has” to do all of this terrible stuff. Good to see the master negotiator at work here. 

Curious, too, that *immigration* laws are going to deter ‘criminals’ whereas gun laws won’t. I’d almost give on immigration policies for the analogous gun control policy: a wall (longer waiting periods), merit based immigration (more background checks and reasons for denying ownership), ending lottery/chain (no gun or ownership is grandfathered)

 

Better than a dog kennel

Looks like reporters have been allowed in to the detention facilities for kids separated from their families for immigration violations —  and some Twitter commentary from one of the NBC correspondents
 
Like the Russian sanctions that were enacted exceptionally slowly (allowing targets ample time to transfer assets around to minimize impact), it’s been over a week since Senator Merkley attempted to visit. That’s a lot of time to make the place look nice. And beyond the crazy murals (pretty sure the one on Twitter says “sometimes, in losing a battle, you find a new way to win the war” which … just doesn’t seem like a sentiment you want to convey to *kids ripped from their families and dumped into prison-like detainment facilities*), reporters think ‘prison’ when they tour the place. A step up from “dog kennel”, I guess, but remember these are the photos *approved* for release by HHS!
 
This report makes the recent initiative to house the kids in tent camps (on military bases & possibly other federal properties) more frightening. The current centers are licensed and operated by people who at least theoretically have some experience dealing with kids. Those tent camps – one of the things that makes them a quick solution is Trump & co don’t want to require licensed operators. What reporters see is the cleaned up version of what licensed professionals managed to do with an influx of kids. What do you think some random grifter looking to make a few bucks off the feds will manage? The whole thing reminds me of the ‘assembly centers’ for Japanese internment back in the 1940’s (WW2).
 
And if you’re not familiar with Japanese interment — started with Executive Order 9066 and more or less ended with a Supreme Court ruling, Endo v. United States (1944) (a ruling terrifying in and of itself — like the recent bigot baker case where the Court skips over the Constitutionality of the actual law to focus on comments made during the adjudicating process, the Endo case did not address the propriety of the underlying action — that is, they didn’t say the government was wrong to exclude people of a specific ancestry from parts of the country {an act which Korematsu v. United States (1944) upheld} but rather that the country could not continue to detain individuals who had been conceded to be loyal to the US). Which is all a very long way of saying we’ve been down this path before. It was repugnant to take American citizens and throw them into temporary encampments to “help” them relocate after they were excluded from the area where their home happened to be. The implementation ensured suffering — food shortages, overcrowded conditions, isolation from family.
 
A few years ago, EO 9066 was displayed next to Reagan’s act which officially acknowledged just how shitty the EO was and officially apologized for the evacuation, relocation, and internment undertaken in the EO. The juxtaposition of the two documents was a powerful reminder, in post-9/11 America, that actions which seem justified by ensuring the nation’s security are egregious violations of human rights and civil liberties.

LDIF To Move User Accounts In Oracle Unified Directory

Since I keep wasting an hour to figure this out every time I need to move a user within OUD, I’m writing down the proper LDIF text to move a user from ou=disabled,o=orgName to ou=users,o=orgName.

dn: uid=TestUser123,ou=disabled,o=orgName
changetype: moddn
newrdn: uid=TestUser123
deleteoldrdn: 1
newSuperior: ou=users,o=orgName

For some reason, Oracle’s documentation omits the newrdn component and it all fails spectacularly.

Git For Configuration Management

I am starting to use git to manage application server configurations — partially to ensure team members are familiarizing themselves with git and thinking about it when they update code (we’ve seen a LOT of tweaks that are not pushed to the git server), but also to reduce the administrative overhead of managing servers.

The best use case thus far has been our sendmail environment — seven servers with three configuration bases. By issuing certificates with SAN values for each host name and the VIP name, we are able to use the same cert and config file on each server in a functional group. Admins can make changes to the config offline (i.e. we’re not live-editing config files on the sendmail servers), there is history to who made the changes {and a quick means of reverting changes), and, using a cron’d pull, we can ensure changes are consistent across the environment.

On Denuclearization

They value tribalism over actual plans with specifics, objective reality, or independent thought too. The logic currently being peddled seems to be that any diplomatic overture is vastly better than nuclear holocaust. Now I’m not one to make the argument that there’s a scenario where nuclear annihilation is preferable but it’s disingenuous to call this development a stunning success.

Don’t forget that there was progress in the late 90’s — until GW took over and sought to end the Agreed Framework. The US cut back diplomatic contacts in 2001 while the new administration’s policy was under review. By 2002, NK was asking IAEA inspectors to leave. In 2005, an agreement that might have allowed IAEA inspection was considered progress. Maybe GW was justified in distrusting NK’s concessions (or *not* trusting NK with light-water reactors) — although NK may have violated more the ‘spirit’ of the agreement than the actual substance. But, historically speaking, we’ve been lowering the bar for NK for over a decade. We’re no longer seeking access for IAEA inspectors, now we’re almost looking for agreement that nuclear weapons are a heap-o bad news.

Ignoring decades of history in Korea, Trump was still complicit in the brinkmanship – taunting someone into nuking you then celebrating your negotiating skills when tensions are reduced is a bit like “hero fireman” setting blazes and then saving people from the inferno. And somehow it’s a major bonus that Trump didn’t give un-freeze 150 billion in Iran’s assets for NK? (Republican marketing is winning in the Iran discussion, and Obama unfreezing billions in Iranian assets has been conflated with the US government forking over billions of taxpayer dollars … but what that has to do with North Korea I cannot imagine)

Destroying missile engine testing sites after you’ve got one that works? Not such a concession. Hell, promising not to test any more nukes isn’t a significant concession – once you’ve got the thing working, tests become a way of reminding everyone you’ve got the bloody things. The US has been adhering to terms of the CTBT since, what, 1996. Doesn’t mean we’ve denuclearized. Last year, NK detonated a 200+ kiloton bomb and launched the Hwasong-15 missile which gives them theoretical delivery to the US. Sure they might need more testing to get a functional re-entry vehicle. Worst case, launch with an untested re-entry vehicle. And their current design isn’t as apt to be obliterated on re-entry — it merely lacks accuracy. Well, as someone who lives in the “oops, we missed” zone for a few high probability targets … low accuracy nuclear strikes are still REALLY REALLY BAD.

The WSJ report a year and a half ago about Trump conceiving a brilliant strategy for dealing with NK … after Trump spoke with Putin. The strategy? Cease joint military exercises with SK. Because damaging US / SK relations doesn’t help Putin in any way? For a guy who pulled out of the Paris Accords ostensibly because it was such a bad deal for the US (which, I guess, has plans to jettison everyone with more than nine hundred thirty seven million dollars in net worth to some secret space colony where they’ll be able to fly around extracting resources from planets throughout the solar system), this move hardly seems in line with the “America First” doctrine. Stopping the ‘war games’ is something NK wanted – they offered to stop nuclear testing back in 2015 if we stopped the military exercises. And it’s only *saving* money if you don’t spend it elsewhere. Anyone think the US military budget will decrease by a few mill if we can “save” that by avoiding US/SK joint military exercises?

So we’ve seen destruction at some missile and nuclear test facilities (journalists were invited to watch the destruction at Punggye-ri. Journalists and IAEA reps watched the explosion at Yongbyon in 2008 – the destruction of a cooling tower. After which it was discovered that NK was building a new facility to continue production of fissionable material. And they used another method to cool the reactor at Yongbyon after the cooling tower was destroyed. So destruction at a facility isn’t {a} new or {b} terribly meaningful), agreed to suspend military exercises, and gained NK’s commitment to complete denuclearization. Sounds good on it’s face, once you add complete denuclearization in there.

But there *is* history in the relationship with North Korea. Objectively – “complete denuclearization of the Korean Peninsula” is what NK was pushing for as it involves eliminating American military presence on the peninsula too. It’s not the same as unilateral denuclearization. And if they want to consider delivery capabilities – complete denuclearization means eliminating all American nukes. Not like anyone included a three page appendix detailing what “complete denuclearization of the Korean Penninsula” means to both parties. There’s also the larger context of American military policy — even if we completely withdraw troops from the Korean peninsula, how does Trump’s desire to expand America’s nuclear capacity reassure, well, anyone?

But SCIENCE!

Trump’s press conference in Singapore where he tells us about the scientific fifteen year time period it takes to denuclearize — WTF? I’ve got all the respect in the world for PoliSci studies, but it’s not *scientifically* required that “you have to wait certain periods of time, and a lot of things happen”. Unless we’re talking about complete decay of the fissionable material – in which case fifteen years is WAAAAAY short. The half-life of U-235 is like 700 million years.

Blending it down to reactor-grade, though – NNSA contracts have down-blended well over a tonne of HEU a year. The problem is 1 tonne of HEU becomes 16 tonnes of LEU. And how many reactors, submarines, and space vehicles do we need to fuel? Doubtful NK’s got facilities for down-blending weapon-grade material, but “de-enrich my stuff at your facility for free and I won’t have nukes” would be a really strong negotiating position — and as much as Trump may decry billions Clinton spent to denuclearize NK … it would be billions well spent if there were no enriched material in the country. And NK has maybe half a tonne of HEU – the logistics of shipping the shit would take longer than down-blending it.

But we’ve got a president looking at what may be a reasonable political estimate of how long it would take the country to denuclearize and calling it a scientific requirement. Which is ironic given the number of *actual* scientific things the administration feels free to ignore.

Fake Wars!

Last week in fake history: just days before the Bowling Green Massacre, Canada invaded Washington DC and razed our federal buildings.

Historical ignorance (and sure it’s scary that Trump is both so ignorant of history AND unwilling to accept counsel), aside — so what if Canada *did* burn down the White House in 1814. Say Canada *were* a country aligned with England, and they participated in the war of 1812 by invading the US and burning DC. How does that make Canada a national security threat TODAY?

Controlling Printer Outlet

We normally keep our printer turned off. Residential printer standby can have a decent draw. It’s something you have to research specific to your printer — some have low single-digit standby draw and waste ink when powered on and off. Others, like ours, has a non-trivial standby draw that isn’t offset by ink savings. The problem is that you’ve got to turn the printer on, print your stuff, and then remember to turn it off. The tiny person remote power controller (i.e. Anya) works for this, but it’s not an elegant automated solution.

Scott set up a smart outlet for the printer – you can tell the Echo to turn the printer outlet on and off now. But you still have to remember to turn it off 🙂

So I set up a print queue on the server & all print jobs are submitted to the server-based queue. A scheduled task on the server checks the print queue for jobs and turns the printer on when jobs are found. When the printer is on but no jobs are in the queue, it waits ten minutes and checks again (otherwise you could turn the printer on & have the batch immediately turn it off. Or worse the job could be out of the queue but still printing!), then turns the printer off if there are still no jobs in the queue. Voila, now the printer turns itself on when you want to print something and it remembers to turn itself off later.

The tricky bit was figuring out how to post ‘ON’ and ‘OFF’ to the OpenHAB2 REST API. -Body with just the command:

Invoke-WebRequest -URI ‘http://openhabserver.domain.gTLD:8080/rest/items/Outlet1’ -ContentType “text/plain” -Method POST -Body ‘OFF’

The script is available at https://github.com/ljr55555/miscPowershell/blob/master/printQueueMonitor.ps1

Bigoted Bakers

The Supreme Court decision in the Masterpiece Cakeshop case clarifies exactly nothing — maybe the ruling would have stood if the review had not disparaged the baker’s religious beliefs. I’m not sure I’d want a baker who hates me (or something I do) to bake me a cake — too many ways to accidentially ruin a cake. Same with the photographer — why risk accidental overexposure or data loss destroying your wedding photos?

But I can see being offended when someone refuses you service based on your sexual orientation (or religion, or ethnicity, or …). I had a whole host of medical problems — eventually learned that my body does not process sugars/carbohydrates well and simply limiting sugars and simple carbohydrates eliminated most of these problems. But a decade before that discovery, the only thing that sorted amenorrhea and fibromyalgia-like symptoms was hormonal birth control pills. My insurance copay was the same amount regardless of where I purchased medication, so I used a small, privately owned pharmacy in a boutique part of town. Until my state passed a law that permitted pharmacists to refuse to distribute anything that contravened their religious beliefs. Shortly thereafter, I got lectured about my sinful promiscuity instead of picking up my prescription. I’m sure there was some way to get the pills from that pharmacy, but frankly I was insulted and more than a little embarrassed. Not that it was the least bit of their business, but I was absolutely celibate. Just didn’t enjoy being chronically exhausted and in pain. Wasn’t worth arguing about, I transferred my prescription to a chain that wasn’t staffed by people who want to pass judgement on my medical prescriptions.

Thinking back to that embarrassment, I hope these anti-discrimination laws get tested by a case where the local officials don’t editorialize — just state the action violates the law and be done with it.

OUD Returning Some DirectoryString Syntax Values As UTF-8 Encoded Bytes

We are still in the process of moving the last few applications from DSEE to OUD 11g so the DSEE 6.3 directory can be decommissioned. Just two to go! But the application, when pointed to the OUD servers, gets “Unable to cast object of type ‘System.Byte[]’ to type ‘System.String'” when retrieving values for a few of our DirectoryString syntax custom schema.

This code snippet works fine with DSEE 6.3.

string strUserGivenName = (String)searchResult.Properties["givenName"][0]; 
string strUserSurame = (String)searchResult.Properties["sn"][0]; 
string strSupervisorFirstName = (String)searchResult.Properties["positionmanagernamefirst"][0]; 
string strSupervisorLastName = (String)searchResult.Properties["positionmanagernamelast"][0];

Direct the connection to the OUD 11g servers, and an error is returned.

     

The attributes use the same syntax – DirectoryString, OID 1.3.6.1.4.1.1466.115.121.1.15.

00-core.ldif:attributeTypes: ( 2.5.4.41 NAME ‘name’ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} X-ORIGIN ‘RFC 4519’ ) 
00-core.ldif:attributeTypes: ( 2.5.4.4 NAME ( ‘sn’ ‘surname’ ) SUP name X-ORIGIN ‘RFC 4519’ ) 
00-core.ldif:attributeTypes: ( 2.5.4.42 NAME ‘givenName’ SUP name X-ORIGIN ‘RFC 4519’ ) 

99-user.ldif:attributeTypes: ( positionManagerNameMI-oid NAME ‘positionmanagernamemi’ DESC ‘User Defined Attribute’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ‘user defined’ ) 
99-user.ldif:attributeTypes: ( positionManagerNameFirst-oid NAME ‘positionmanagernamefirst’ DESC ‘User Defined Attribute’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ‘user defined’ ) 
99-user.ldif:attributeTypes: ( positionManagerNameLast-oid NAME ‘positionmanagernamelast’ DESC ‘User Defined Attribute’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ‘user defined’ ) 

I’ve put together a quick check to see if the returned value is an array, and if it is then get a string from the decoded byte array.

string strUserGivenName = (String)searchResult.Properties["givenName"][0]; 
string strUserSurame = (String)searchResult.Properties["sn"][0]; 

string strSupervisorFirstName = "";
string strSupervisorLastName = "";
if (searchResult.Properties["positionmanagernamefirst"][0].GetType().IsArray){
    strSupervisorFirstName = System.Text.Encoding.UTF8.GetString((byte[])searchResult.Properties["positionmanagernamefirst"][0]);
}
else{
    strSupervisorFirstName = searchResult.Properties["positionmanagernamefirst"][0].ToString();
}

if (searchResult.Properties["positionmanagernamelast"][0].GetType().IsArray){
    strSupervisorLastName = System.Text.Encoding.UTF8.GetString((byte[])searchResult.Properties["positionmanagernamelast"][0]);
}
else{
    strSupervisorLastName = searchResult.Properties["positionmanagernamelast"][0].ToString();
}

Voila

The outstanding question is if we need to wrap *all* DirectoryString syntax attributes in this check to be safe or if there’s a reason core schema attributes like givenName and sn are being returned as strings whilst our add-on schema attributes have been encoded.