“Unable to negotiate SSH” after “upgrade”

If you update to Ubuntu LTS (version 22.04), you will want this in your .ssh/config:

PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa

Failure to do that gets you this:

Unable to negotiate with best-friend.server.ssh port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

The dear old NSA of the USA is gently shoving everyone away from effective cryptography towards backdoored nonsense, so you need to now tell your ssh that you want to be able to connect to older servers with fewer cryptographic backdoors.

Posted in Stuff | Tagged , , , | Leave a comment

Licences are a lie

My wife and I have two cars. To drive these cars according to government rules, we need six licences: two for the cars, and two each for us (the one car is bigger). It is, however, well nigh impossible to get these licences: the licence departments are unlawfully closed at the times that they should be open; the queues are hours long, and to even be in the queue it is required to get an appointment, but appointments are rationed, and only those in the know can actually get an appointment. To even get an appointment, we have to drive to the next town, or further, and during that drive, we are treated to people flagrantly violating traffic rules.

The system has failed. Every month the standard of driving drops: more people jump red lights, don’t stop at stop signs, overtake unsafely, drive on parts of the road that are not for driving, and the smashes get more and more impressive. Entitled taxi drivers will damage your property without any consequences for them, while their passengers travel in fear of their lives, because they will gladly murder and maim anyone that would threaten their transport monopoly (private taxis, and buses) and harass anyone that looks like he might be competing with them, with threats of death. There is no safety on the road, because there is no enforcement of law and justice, and yet, we are supposed to submit to the ridiculous licence process that promises road safety, and is patently failing to deliver it. It’s a load of stinking rubbish. The officers of the law themselves despise the law, driving with complete disregard of all road rules, but they lie in wait to do just one thing: to check your licence.

A licence is a permission to do something that you can actually do without the licence:

  • To hunt, to fish, to mine: hunting licence, fishing licence, mining licence
  • To marry: marriage licence
  • To drive: driving licence
  • To have a car, truck or trailer: vehicle licence
  • To have a weapon: gun licence
    • To preach: preaching licence

Licences seem to start out with noble intentions. Rather than letting things go bad, a licence process promises to stop a dangerous situation from developing:

  • Fishing licences will save our fishing stocks for the locals
  • Hunting licences will save our game for actual farmers
  • Mining licences will stop strangers come and steal our minerals.
  • Marriage licences will prevent harmful marriages
  • Driving licences will keep incompetent and dangerous people off the roads
  • Vehicle licences will keep dangerous vehicles off the roads
  • Gun licences will stop idiots from shooting innocent people
  • Preaching licences will ensure that you always have the best preaching

And, of course, they deliver nothing of the sort. The conditions change. The validity of the licence is shortened continually, so that the thing becomes illegal:

  • Fishing licences become the state selling fish to the locals, and then also to foreigners
  • Hunting licences become the total prohibition of hunting, except at the pleasure of the state
  • Mining licences steal all the minerals from land owners, and give them to politicians and the foreigners that bribe them.
  • Driving licences keep people at the mercy of the state for transport, and the conditions of this mercy become slowly more and more onerous. Normal people are slowly forced off the road.
  • Vehicle licences allow the state to dictate ever-crazier ideas about how cars should work. Slowly they decide for you what purposes you can use your vehicle for, and arbitrarily change fundamental things like what fuels your car may use.
  • Gun licences ensure that only criminals have guns, and that there is no protection for innocent people.
  • Preaching licences ensure that only the very worst preachers are heard, and that the truth is never heard.

The enforcement of licences goes like this:

  • You have a thing
  • You use the thing
  • Government men come and see you use the thing
  • You need to show the paper that said that you can use the thing
  • If you don’t have the paper, then you are punished: you lose your goods, or your freedom, or both.

When the government men show up, they are not doing any of the things that licences promised to do. They are simply oppressing the people who have failed to keep up with the ever-changing conditions of the licence. Oppressing people on behalf of government is wicked. The government that demands licences is wicked, and the officials who enforce the licence are wicked.

The licence adds nothing to the thing that it licences:

  • The fish don’t bite any better with a licence
  • The deer taste the same whether or not you have a licence
  • The gold is just as shiny, and the salt is just as salty, whether or not you paid the government a bribe to let you haul it out of the ground, or dredge it out of the sea (yes, they demand a licence for taking salt out of the sea).
  • The driving is just as hard and fraught with danger, whether or not the driver has a licence. Licensed drivers vary from completely incompetent to excellent, and even excellent licensed drivers drive poorly when intoxicated.
  • The car goes just as well whether or not it has approval from the state. The state is not involved in the physics of the car’s operation at all.
  • Guns shoot projectiles without regard to whether government paper exists to authorise them to go pow. Some of the most effective projectiles are shot by guns without the approval of the state.
  • Some of the very best preaching doesn’t have a licence. The government or church licence does not cause a preacher to preach any better, neither with regard to delivery, nor content – if anything, it makes it worse.

The solution to licences is simple: END ALL LICENCES. It is not the job of government to tell you that you can do a thing that you can do. If you do harm, and if you do evil, and if you do wickedly, then government has a job to do:

  • If you dynamite the fish, government should whip you (or they might not care)
  • If you kill deer and don’t eat it, government should whip you (or they might not care)
  • If you mine on land that you don’t own, government should make you pay the owner of the property
  • If your driving causes damage to property, or injures people, or kills people, government should deal with you according to the actual damage you caused. Maybe they should whip you for being rude on the road too, but if no harm happened by reason of your driving, government should leave you alone.
  • If your piece of junk vehicle loudly belches black smoke and throws parts on the road, government should invite you to compensate the people who had to deal with the mess you made.
  • If you actually kill or injure someone with a gun, that’s a great time for government to dispense justice. If you just have a gun, or a rocket launcher, or a brick, government should leave you alone.
  • If you preach lies … government should make sure that they find and encourage someone to preach the truth louder than you are preaching lies. Giving you a licence to preach what the government thinks is truth is probably a bad idea.

Not one of these licences has any merit. Except maybe one …

The only licence that has any value is the marriage licence: having government men check that a marriage is valid before it begins can be a really useful. Modern government seems to have no idea what marriage is though: they allow people that cannot form a valid marriage to be “married”, and encourage the dissolution of valid marriages for invalid and transient reasons. Neither do they seem to know how to protect marriage against predators. So, while the idea is good, the execution is so horrible, that it might be best that the government leave marriage to people who actually know what it is.

And here’s the conclusion:

As saith the proverb of the ancients, Wickedness proceedeth from the wicked: but mine hand shall not be upon thee.

1 Samuel 24:13 KJV

The system of licences is wicked.

The system comes from wicked people.

People that enforce licences are wicked.

Licences must go.

Posted in Stuff | Tagged , , , , , , | Leave a comment

A values-driven political party

A problem

By supporting the system, you support the system

The political party system is broken. There are a few major problems:

  • People seek elected office in order to personally benefit (not to serve)
  • People in elected office are subject to corruption
  • Political parties promise to use their power to give advantage to their voters.
  • Parties do not do what they promised at election time.
  • Parties are infiltrated by sleeper agents.

Democracy is not a great system,

A solution

So let’s fix it. Here’s the plan:

  • A new kind of regular political party.
  • Criteria: The party has unchangeable public criteria for elected officials
  • Qualified candidates: The party makes a list of its members that meet the criteria.
  • Simple selection: party candidates are selected from the list completely at random.

That’s it. It’s a values based party, and when you vote for that party, you get someone that subscribes to the values that the party verifies by means of its public criteria. People who like the values and the criteria can vote for the party. People who don’t like the criteria can do as they please.

The principle is this: the party exists only to endorse the principles of their candidates. It exists for a democracy, but is not itself governed by democracy. It’s a bit like signing up for jury duty, but without the lawyers.

A party example

How would it work out? Here’s the kind of party I would support – the “Married Christian Fathers Party”. The criteria for elected officials would be:

  1. Married: A married man
  2. Christian: Confesses that Jesus Christ is the Son of God, who died on the cross for our sins and rose again from the dead.
  3. Fathers: The father of at least two natural children of his own with his wife
  4. Never divorced, married to a woman never divorced
  5. Having an actual job by which he provides for his family

I think that these few criteria would tend to select a man who has at least one woman and two children that are able to follow his leadership, and who would have a lively interest in the future. It would tend to exclude losers that are beholden to foreign powers. By choosing men that have a demonstrably proven track record of leadership in one matter (marriage), people with no character and skills would be sifted out. It would not be perfect: but it only has to be better.

It should be possible to have parties for other sets of values that people may consider “electable” – e.g. atheist professionals with Ph.D’s – maybe that is the kind of thing that people will support. Or “national sports heroes” – being people that have attained a certain minimum level of achievement in some sporting code (e.g. at least a bronze medal in tiddlywinks). There may even be a way of organising a party that fields candidates ejected from other parties for corruption and moral failure – and who would not want to vote for that?

Minor details to be thrashed out

Party governance: The party will have to have internal leadership of some sort to ensure that funds are administered correctly, for campaigning, and for conducting the processes of the party. These should ideally be professional people (and some volunteers), and they should be overseen by a board of trustees, with random selection of qualified people (i.e. those that meet party criteria) in and out of the board every year for four year terms. This would be a good test of whether the party is able to organise itself on the basis of its chosen criteria: if the party implodes under its own incompetent leadership, then it will automatically shield the general public from having to vote for it.

Consecutive terms: It would be useful to have elected representatives that continue for multiple terms. I think that the decision about whether an elected representative should be offered in the following election without being selected by lot should be a 2:1 coin flip (i.e. 2 thirds of officers are retained, one third is replaced, completely at random).

Random numbers: The mechanics of selecting from a complete list would be like this:

  • A list should be made, and numbered (starting at zero, to avoid adding 1 later)
  • Twice as many candidates as are needed should be selected
  • Each candidate selection should be calculated as the sum of at least three random factors, one of which is a computer-generated random number (from a competent random source, such as /dev/urandom), and two of which are proposed by party members in a secret ballot — that sum, modulus the number of candidates.
  • After candidate selection, candidates must be examined to determine whether they actually do meet the qualifications.
  • Candidates that are found to be unqualified, or unwilling to stand for election, must be summarily expelled from the party.
  • If there are no qualified candidates available in a particular area, the party should not offer any candidates for election, but seek to recruit people that meet the party standards.

Conduct in office: Should an office bearer become unqualified during the course of his representation, then he should be expelled from the party. If possible, he should be replaced by the next qualified person on the list.

It might be helpful to make the verification of the qualifications of candidates public, so that the public at large can verify that the criteria were followed. No accusations against office bearers should be received without two witnesses, who should be reasonably independent. Accusations against office bearers that do not disqualify them according to the party criteria should have no weight at all (e.g. the office bearer offended someone).

Every office bearer is elected by the party, but serves the public in his personal capacity, and may support any policies that do not disqualify him from being a party office bearer.

It will probably be necessary to have every office bearer take an oath (or put money on the table) that he will resign he position should he be faced with compromise, or intimidation, or blackmail that would effectively cause him to compromise his values.

Unqualified party members: While the party exists to participate in a majority vote system, nothing within the party is done on the basis of majority vote of members. Members that are not office bearers (by reason of not being chosen) are all on an equal standing, whether they qualify as office bearers or not. Party members will have privileges like being able to identify themselves as a member of the party (wear the t-shirt), to participate in the selection of candidates (by submitting number to be added into the random mix, by participating in the vetting process), and submit proposals to the trustees.

Changes to the party criteria: Over time it will probably become necessary to make changes to the party criteria, name, etc. Protections against subversion of the party could include things like prescribed long delays in implementation of changes, prescribed change of party name triggered by changes to fundamental criteria.

Update: I thought that a 50% retention was a bit low … upped that to 2/3 retention.

Posted in Stuff | Tagged , , , , | Comments Off on A values-driven political party

Pop goes the (LED) light bulb

Spar whitelabel LED light bulb

Spar sells a LED light bulb: it’s nice, until it pops – and that doesn’t take long. It fairly bright, it uses 7W of power, it has the bayonet style connection.

There’s a problem though: it doesn’t last. It popped loudly exactly when a neighbouring circuit in the suburb tripped. This says that the voltage spike from the neighbours broke it.

This means nothing but “inadequate over-voltage protection”. I’m not buying another one, until someone fixes the electronics, and it says “WITH OVERVOLTAGE PROTECTION”. The circuit is three capacitors, a tiny transformer, a big resistor and two tiny resistor, and packages that look like a diode bridge, and a tiny unmarked IC with 6 legs (two of which are soldered together).

LED board hiding transformer, showing black mark where the POP popped out.

External markings:
Globe A60
Cool White
LED 9w 60mA BC
180-240Vac ~ 50Hz
FGLA60RSWB22
19957

Circuit markings on the LED board:
5930-5C7C9C-950130 D39.85
PE1878A0 19/12▴

Update: Since I wrote this, I’ve learned a little more about LED lights. It seems that the current state of LED lighting is to use relatively few LEDs and to drive them hard, rather than using more LEDs and powering them at something of a normal operating voltage for fractionally more cost. The upshot of this is that LED lighting is made to fail, simply by reason of the manufacturers wanting to sell more and more junk, rather than selling a durable product.

Posted in Stuff | Tagged , | Comments Off on Pop goes the (LED) light bulb

Lockdown demonstrates that the bill of rights is worthless

The constitution of the republic of south africa (oops, didn’t type capital letters, sorry) of 1996 includes a pretentious section labelled “the bill of rights”. This purports to provide the following rights, all of which have been summarily take away during the “lockdown”. If the rights can be taken away so easily, it is proof that the bill of rights is as vain as the statement “May God protect our people” which precedes it.

Some institution of the South African government says: “STAY HOME AND STAY SAFE. For more information and support on COVID-19 please visit www.sacoronavirus.co.za

The Bill of Rights, trampled

These are the things promised by the bill of rights, but each one of these specific rights has been summarily taken away from the people in this little lockdown.

Freedom and security of the person

12. (1) Everyone has the right to freedom and security of the person, which includes the right –

(a) not to be deprived of freedom arbitrarily or without just cause;

(b) not to be detained without trial;

Everyone has been put under house arrest. Everyone has been arbitrarily deprived of freedom without just cause. Everyone has been detained without trial.

12. (2) Everyone has the right to bodily and psychological integrity, which includes the right –

(b) to security in and control over their body; and­

(c) not to be subjected to medical or scientific experiments without their informed consent.

The entire country has been subjected to an epidemiological experiment, where the unproven method of confining the healthy is being attempted to prevent the spread of a disease. We are threatened with medical testing or summary house arrest without trial.

Assembly, demonstration, picket and petition

17. Everyone has the right, peacefully and unarmed, to assemble, to demonstrate, to picket and to present petitions.

Suddenly, all assemblies are illegal.

Freedom of association

18. Everyone has the right to freedom of association.

No, stuff that. You will associate with nobody, except family members and your work colleagues if you are an “essential” person.

Freedom of movement and residence

21. (1) Everyone has the right to freedom of movement.

No, you will be detained. You will be thrown in jail for trying to exercise your freedom of movement, unless you are moving for very limited purposes.

(2) Everyone has the right to leave the Republic.

No, you cannot go. You will be turned back from the port of exit. Driving to Namibia? Sailing to the Seychelles? Forget it. You cannot.

(3) Every citizen has the right to enter, to remain in and to reside anywhere in, the Republic.

Apparently not. Because they said so.

Arrested, detained and accused persons

35. (2) Everyone who is detained, including every sentenced prisoner, has the right –

(f) to communicate with, and be visited by, that person’s –

(i) spouse or partner;

(ii) next of kin;

(iii) chosen religious counsellor; and

(iv) chosen medical practitioner.

No, actually only your chosen medical practitioner can visit you in your detention, and even then, he will be messed around. You cannot visit your brother, your wife. Your minister cannot visit you.

What’s the loophole?

So under the innocuous title “Limitation of rights”, the Bill of Rights has this text, under the pretext of which, the “Disaster Management Act” of 2002 has created a virtual state of emergency, calling it a “state of disaster” without all the pesky encumbrances and safeguards of an actual state of emergency. The broadest loophole ever in the constitution says:

36. (1) The rights in the Bill of Rights may be limited only in terms of law of general application to the extent that the limitation is reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom, taking into account all relevant factors, including –
(a) the nature of the right;
(b) the importance of the purpose of the limitation;
(c) the nature and extent of the limitation;
(d) the relation between the limitation and its purpose; and
(e) less restrictive means to achieve the purpose.

So here we see that the only thing that needs to be claimed (not even proved) is that it is “reasonable and justifiable” to take away all the rights offered from everyone. All they need is the appropriate fantasy, and against that fantasy, they can claim that the steps are reasonable, and that all the factors were taken into account. The destruction of the “open” of the “open and democratic society” is not important, because it’s just a literary gloss on how the justification must be framed.

  • The nature of the right: all rights.
  • The importance of the purpose: that precious party members don’t die
  • the extent of the limitation: universal
  • the relation between the limitation and its purpose: it worked for China, they said
  • less restrictive means to achieve the purpose: didn’t think about this, because we never heard that Taiwan and South Korea did proper contact tracing that worked, because we watched CNN instead of China Uncensored.

So here’s how it goes:

  • China makes a deadly virus, which kills a few of its people
  • China kills a stack of its people that it doesn’t like
  • China locks up its people for months, and then lies that was an effective way to handle the disease, and proceeds to distribute that same disease around the world. The actual samples of the disease, and research information they destroyed: either because it’s not as serious as they pretend, or because they are culpable in making it.
  • Government reasonably believes the propaganda from the Chinese Communist Party, and believes that following its example of universal repression is justified for medical reasons.
  • Government institutes a virtual state of emergency , but bypasses the provisions of the constitution (a 21 day limit, and parliamentary oversight), because it is using a “law of general application”.

All they had to do was be reasonably convinced by some lie, and believe that stupid measures are justified.

It’s surprising that they didn’t do it earlier, on the climate change fantasy, or on an ancestor-appeasement fantasy (the ancestors are angry, so we must take away things from the bill of rights by a law of general application). It’s kind of disappointing that they didn’t do the whole space-alien invasion fantasy: the CGI on TV would be better, especially compared to this “deadly unseen virus” story that they’re telling, which is nothing more than a bunch of numbers, and does not have good production values.

But it’s still stupid

The trouble is that the dear folks making the decisions don’t understand maths: they do not understand statistics; they do not understand exponential growth. They get to be led by the nose, and act in fear, and comply with whatever tale the media spins them.

Statistics: The deadliness of the disease was estimated from serious cases which required admission to hospital. It did not take into account the number of cases that did not require admission to hospital. Comparing the mortality rate from serious cases with the flu’s mortality rate from all cases gave alarming, and completely incorrect numbers.

Exponential growth: It does not really matter how many cases you start with. If the rate of transmission is high enough, just one case is sufficient to cause the entire population to be exposed to the disease (assuming it is truly as infectious as advertised).

In order for the lockdown to eliminate a serious virus from the country:

  • every person with the virus must comply completely with the lockdown
  • every person with the virus must immediately infect all his family members (co-residents) with the virus
  • all persons with the virus must display serious symptoms

Failing these conditions, just one person with a mild case of this virus, living in a family group of five can pass the virus on through the family at a generous rate of one new infection per week, and the last sick carrier of the virus can bring the virus unscathed through the lockdown, ready to begin its delayed exponential growth.

The lockdown can not work. It’s the wrong thing to do. It was always the wrong thing to do.

Quarantine

Quarantine is not this stupid lockdown. Quarantine is when people that are ill are confined away from the regular people. To confine the sick is quarantine. To confine the healthy is tyranny.

Quarantine is established in the Bible with the case of leprosy serving for an example:

Leviticus 13:45 And the leper in whom the plague is, his clothes shall be rent, and his head bare, and he shall put a covering upon his upper lip, and shall cry, Unclean, unclean.
46. All the days wherein the plague shall be in him he shall be defiled; he is unclean: he shall dwell alone; without the camp shall his habitation be.

The person who has the infectious disease gets two things:

  • A face mask (to keep his germs to himself, presumably)
  • He must move out, away from people

That is quarantine. Notice that quarantine applies to diseased people. Quarantine does not apply to healthy people.

We have heard a lot about how deadly this virus is, but if it is in fact a great deal milder than we are told, then it may be more appropriate to follow the rules for the common cold and flu:

Leviticus 15:2-3 Speak unto the children of Israel, and say unto them, When any man hath a running issue out of his flesh, because of his issue he is unclean. And this shall be his uncleanness in his issue: whether his flesh run with his issue, or his flesh be stopped from his issue, it is his uncleanness.

If you have a runny nose, you are unclean. That’s pretty simple. If you have some better means of detecting an infection, good for you. Everything that you touch when you are diseased should be washed. With water.

Leviticus 15:4-5 Every bed, whereon he lieth that hath the issue, is unclean: and every thing, whereon he sitteth, shall be unclean. And whosoever toucheth his bed shall wash his clothes, and bathe himself in water, and be unclean until the even.

It goes on for a good number of verses about how everything that he touches and uses is unclean. Everyone who comes into contact with him or his stuff must take a shower and stay away from people the rest of the day. If you can’t wash the thing he touched, throw it away.

When he seems better, then let him wait seven days before he is considered clean again:

Leviticus 15:13 And when he that hath an issue is cleansed of his issue; then he shall number to himself seven days for his cleansing, and wash his clothes, and bathe his flesh in running water, and shall be clean.

What I really think

No, tell me what you really think. No, I did. No, you didn’t. Okay, fine. I think that they cooked this thing up in a lab, that they released it by accident, that it killed a few, but the communist party killed many more in Wuhan, that old people die all the time with the common cold, and that even if the death rate were 25% of the whole population, it would be no reason to confine everyone to their house. People are smarter than the government gives them credit for.

And that’s not all I think. I think that it is the judgement of God that we have such weak leaders that allow themselves to be led by fireside ghost stories.

Also, I think that it is the work of Satan to cause all the governments of the world to work in concert in the same stupid manner, and his intentions are:

  • To stop evangelism
  • To stop the celebration of Easter: Jesus Christ rose from the dead. Yes, he did rise from the dead. Too bad.
  • To promote global government (his man of sin, Mr Fake Jesus, needs it for when he fakes rising from the dead).
  • To promote dirty vaccines which pretend to solve a problem, when the problem no longer exists, and when the cure is worse than the disease.
  • To promote the idea that the government is your only help in times of trouble, and you can be saved by having government stick a needle in your hand, and stick a temperature probe in your forehead.
  • To vilify those that are not pronounced clean by the government.
  • And to bring in a cashless society, because there’s no limit to greed.

This has been in the Bible for the best part of 2000 years, about the man of sin: once you’re used to the government sticking needles into you and approving your associations, then the next step is to link that to worship of the fake Jesus, and if you don’t, then no commerce for you:

Revelation 13:16-17 And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.

But, if you do take that mark, then (bad news dude), you will go to hell, whether or not you pass Go and collect $100:

Revelation 14:9-11 And the third angel followed them, saying with a loud voice, If any man worship the beast and his image, and receive his mark in his forehead, or in his hand, The same shall drink of the wine of the wrath of God, which is poured out without mixture into the cup of his indignation; and he shall be tormented with fire and brimstone in the presence of the holy angels, and in the presence of the Lamb: And the smoke of their torment ascendeth up for ever and ever: and they have no rest day nor night, who worship the beast and his image, and whosoever receiveth the mark of his name.

I don’t think this is it yet. I think this is a dry run. I speculate that the next time they run this little scam, it will be be a disease with a 25% death rate, and their “mitigation” measures will be even more ineffectual, and even more repressive. The death rate will be high, because people that take the dirty vaccine against this silly phase 1 will die in phase 2.

Posted in Stuff | Tagged , , , | Comments Off on Lockdown demonstrates that the bill of rights is worthless

ASUS UX581GV Laptop: sorry, no thank you

ASUS UX581GV Notebook, running xubuntu, with external USB wireless, because the internal wireless cannot reliably wireless.

Work brought me this ASUS UX581GV Laptop: a wondrous machine with two high resolution screens, both with touchscreens. Much as it pains me, I had to refuse this machine: it has some serious design flaws, and it is incompatible with Linux.

Nice things about this machine:

  • Two screens: everyone needs more screen space. The primary screen is a 15 inch display.
  • Touch screens: how many times have you touched a screen and expected it to work? Well, it works!
  • Super high resolution – no more anti-aliasing – on BOTH screen: lovely sharp text. It seems to be around 250 to 300dpi, which is like good quality laser printing.
  • Keyboard lighting
  • SSD storage: really fast or something
  • Lots of CPU power and GPU power (apparently: I don’t need all this power, so I didn’t properly test)
  • Earphone jack (yay!)

This laptop is missing some important things:

  • Ethernet – yes, you can plug in USB ethernet, but why is something that is going to live on a desk not set up for working on a desk?
  • USB ports (it has but 2 and a half – being a USB-C connector)
  • SD Card reader (no, not even a micro SD card reader)
  • High quality webcam – it got what seems to be a pinhole camera delivering what looks like blurry 320×200 images from 5 years ago, with an infra-red mode vaguely attached.

Show stoppers. Sadly, I can’t use this machine. It is unusable in a couple of important ways – the most important of which is that I hate putting my fingers on it because it is always hot. The other ASUS laptop I have shipped with an overly touchy touchpad, to the extent that I had to use an external mouse for some tasks which were impossible because it reacted to my heartbeat. It had problems with the screen backlight controller, and no insert key – but nothing like this one.

Really cool looking BIOS screen that burns up power and spins the fan and lets you disable secureboot so you can load the bleeding edge kernel – but does not let you bring the heating under control
  • It runs really hot: just the BIOS display asking “Please select boot device” heats the system to fire-hazard levels while the fans calmly run between 2000 to 2500 RPM. The manual says, “Do not leave your Notebook PC on your lap or near any part of your body to prevent discomfort or injury from heat exposure.” It’s not a laptop if you cannot put it on your lap. It boots up with whining that the CPU had to be throttled so that it would not catch fire.
  • Battery life is pathetic – just under 2 hours on a full charge (since the system is pretty much a 50W fan heater.)
  • If you forgot to make a Windows 10 recovery stick, you cannot recover the system (The recommended software, Microsoft Windows 10 can boot its installer, but whines about needing unspecified drivers.)
  • It has no Page up, Page down, Home and End keys. Instead, there’s a “Fn+Arrow” system. It does have “Pause” and “PrtSc” though, which is so weird. I press Home and End multiple times per hour. Not having them is really bad.
Want to install Windows 10 from scratch No, that’s not going to work. No reason. Got a disk with all the drivers from ASUS? That won’t help either.

Linux incompatibilities:

Trying Fedora beta to see the colourful whining about overheating, and wireless weirdness
  • The wireless card is unreliable under Linux. It is not even recognised (apart from showing up in lspci) under older kernels, and under newer kernels with the latest firmware for iwlwifi it runs for a bit, and then dies. It recovers if you reboot, but who wants to reboot?.
  • Power control doesn’t work with any kind of predictability: can’t suspend, can’t hibernate – no reason, it just doesn’t work – except sometimes it does, or locks up hard – you never know.
  • Intel RST device has to be switched in the BIOS to AHCI mode, otherwise there’s simply no disk. Windows doesn’t seem to be able to make the disk work either.
  • The touch screens appear as keyboard-batteries in the device listing: I suspect they are mislabelled
  • The touch screens are not properly associated with the screens they are on. A couple of xinput and xrandr commands can make them work, but only Ubuntu Unity gets the association right.
  • The number pad is unsupported – it’s a bit of a gimmick, but still, it doesn’t work.
  • The “alexa” light under the keyboard is unsupported
  • The screen brightness control does not work – you can do dimming with xrandr, but I don’t know if that’s energy efficient
  • XFCE doesn’t properly understand scaling icons to 300dpi. That’s not ASUS’s problem.

Here’s the xrandr thing that makes the over-bright default somewhat less obnoxious:

#! /bin/bash
BRIGHTNESS="0.4" ; [ "$1" ] && BRIGHTNESS="0.$1"
# Arrange the display as it actually appears:
xrandr --output eDP-1 --auto --brightness $BRIGHTNESS --output DP-2 --auto --below eDP-1
sleep 1
# No really, actually do it
xrandr --output eDP-1 --brightness $BRIGHTNESS --output DP-2 --below eDP-1
# Link touchscreens to output devices
elan() {
#   ↳ ELAN9008:00 04F3:29B6    id=12	[slave  pointer  (2)]
#   ↳ ELAN9009:00 04F3:29A1    id=14	[slave  pointer  (2)]
xinput|sed "/$*/ { s/.*id=//; s/[^0-9].*//; q; } ; d"
}
xinput map-to-output $(elan 9009:00) DP-2 
xinput map-to-output $(elan 9008:00) eDP-1

Irritating things:

  • The keyboard lighting looks great from directly above, but from the side, it’s a stack of little LEDs that shine in your face while you’re trying to look at the screen.
  • The mousepad right next to the arrow and enter keys invariably attracts a pinkie click on some part of the screen.
  • The little “Fn” LED is annoying. It’s nice to have function lock, but this LED could fade.

I think the ASUS people don’t care 2c about Linux: if you don’t use the device in the way that it is configured when you receive it, then nuts to you. If you try to change something, then stuff you.

Image result for gift horse
A gift horse

And of course, the show stopper: it does not ship with a fire extinguisher. Matches are cheaper than this device, even if they don’t have as high a CPU speed.

Posted in Stuff | Tagged , , , , , , , | Comments Off on ASUS UX581GV Laptop: sorry, no thank you

Plugin ‘SPIDER’ registration as a STORAGE ENGINE failed.

I fixed a stupid error which had me stumped. Here’s the answer for posterity:

mysql_upgrade

I was doing this on mariadb to install the spiderdb engine, and it was not working:

MariaDB [(none)]>  install plugin spider soname 'ha_spider';
ERROR 1123 (HY000): Can't initialize function 'spider'; Plugin initialization function failed.

The .so file was present, and there’s really no reason for it to fail. Since I couldn’t find the log file, I was stumped … it was hiding away in /var/lib/mysql/$(hostname).err and saying:

2019-08-12 18:35:51 10 [ERROR] Column count of mysql.proc is wrong. Expected 21, found 20. Created with MariaDB 50541, now running 100407. Please use mysql_upgrade to fix this error
[ERROR] Column count of mysql.proc is wrong. Expected 21, found 20. Created with MariaDB 50541, now running 100407. Please use mysql_upgrade to fix this error
2019-08-12 18:35:51 9 [ERROR] Plugin 'SPIDER' init function returned error.
2019-08-12 18:35:51 9 [ERROR] Plugin 'SPIDER' registration as a STORAGE ENGINE failed.

And then I remembered that this is an installation that was upgraded from previous versions a few times over – and after running mysql_upgrade to create the table that says what plugins are enabled, it worked just great:

MariaDB [(none)]>  install plugin SPIDER soname 'ha_spider';
Query OK, 0 rows affected (0.075 sec)
Posted in Stuff | Tagged , , , | Comments Off on Plugin ‘SPIDER’ registration as a STORAGE ENGINE failed.

Ignoring out-of-band network policy systems with iptables

I’ve been working on parental controls using an out-of-band policy engine. It is easy to subvert, if you care to, since the controls it implements are very light, and it is not actually part of the conversation between you and the remote server.

Out of band policy engines are used for:

  • Transparent HTTP acceleration (we have a better and faster copy of what you want)
  • Network policy enforcement (we have a better idea of what you should be doing than you do)

The way these animals work is that they receive a copy of all the traffic on the network, and occasionally, when they are in the mood, they interfere with the traffic to provide helpful (or unhelpful) hints, namely:

  • TCP RST (the server you were talking to said sorry, we’re done)
  • HTTP redirects (the HTTP server you were talking to said please try another URL).

These tips are not provided by the server you are talking to, but by an intermediate server that sees fit to interfere with your communications. If your system ignores these helpful tips, then you can go on your merry way without the redirection and acceleration that they offer.

Here is a tcpdump of a connection to tumblr.com (a cesspool of questionable content) being blocked by a policy engine:

12:08:48.849796 IP 66.6.33.31.80 > 192.168.0.84.51172: Flags [P.], seq 2510308747:2510309104, ack 458187453, win 15, length 357: HTTP: HTTP/1.1 301 Moved Permanently
 12:08:48.849825 IP 192.168.0.84.51172 > 66.6.33.31.80: Flags [.], ack 381, win 251, options [nop,nop,sack 1 {0:357}], length 0
 12:08:49.099136 IP 192.168.0.84.51204 > 66.6.33.31.80: Flags [S], seq 3649489092, win 29200, options [mss 1460,sackOK,TS val 3200081088 ecr 0,nop,wscale 7], length 0
 12:08:49.313994 IP 192.168.0.84.51172 > 66.6.33.31.80: Flags [F.], seq 1, ack 381, win 251, length 0
 12:08:49.357485 IP 66.6.33.31.80 > 192.168.0.84.51204: Flags [S.], seq 2428884831, ack 3649489093, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
 12:08:49.357557 IP 192.168.0.84.51204 > 66.6.33.31.80: Flags [.], ack 1, win 229, length 0
 12:08:49.357854 IP 192.168.0.84.51204 > 66.6.33.31.80: Flags [P.], seq 1:75, ack 1, win 229, length 74: HTTP: GET / HTTP/1.1
 12:08:49.359564 IP 66.6.33.31.80 > 192.168.0.84.51204: Flags [FP.], seq 1:381, ack 75, win 4096, length 380: HTTP: HTTP/1.0 302 Moved
 12:08:49.359725 IP 66.6.33.31.80 > 192.168.0.84.51204: Flags [R.], seq 1, ack 75, win 16, length 0
 12:08:49.359742 IP 66.6.33.31.80 > 192.168.0.84.51204: Flags [FP.], seq 1:381, ack 75, win 4096, length 380: HTTP: HTTP/1.0 302 Moved
 12:08:49.359770 IP 192.168.0.84.51204 > 66.6.33.31.80: Flags [.], ack 382, win 251, options [nop,nop,sack 1 {1:382}], length 0
 12:08:49.359835 IP 66.6.33.31.80 > 192.168.0.84.51204: Flags [R.], seq 1, ack 75, win 16, length 0

The highlighted lines appear to be a very quick response from the remote server, saying (1) go to another URL and (2) close the connection – and these are the packets that were generated by the policy engine. The real server is blissfully unaware of the interference, and sends its own response – but by then, the connection has been closed:

 12:08:49.360259 IP 192.168.0.84.51204 > 66.6.33.31.80: Flags [F.], seq 75, ack 382, win 251, length 0
 12:08:49.615439 IP 66.6.33.31.80 > 192.168.0.84.51204: Flags [.], ack 75, win 15, length 0
 12:08:49.615475 IP 192.168.0.84.51204 > 66.6.33.31.80: Flags [.], ack 382, win 251, length 0
 12:08:49.615487 IP 66.6.33.31.80 > 192.168.0.84.51204: Flags [P.], seq 1:358, ack 75, win 15, length 357: HTTP: HTTP/1.1 301 Moved Permanently
 12:08:49.615505 IP 192.168.0.84.51204 > 66.6.33.31.80: Flags [.], ack 382, win 251, options [nop,nop,sack 1 {1:358}], length 0
 12:08:50.033977 IP 192.168.0.84.51204 > 66.6.33.31.80: Flags [F.], seq 75, ack 382, win 251, length 0
 12:08:50.202639 IP 66.6.33.31.80 > 192.168.0.84.51204: Flags [P.], seq 1:358, ack 75, win 15, length 357: HTTP: HTTP/1.1 301 Moved Permanently
 12:08:50.202668 IP 192.168.0.84.51204 > 66.6.33.31.80: Flags [.], ack 382, win 251, options [nop,nop,sack 1 {1:358}], length 0

By simply ignoring these packets, you can do (mostly) normal communications:

iptables  -I INPUT -p tcp -m tcp --tcp-flags RST RST -m multiport --sports 80,443 -j DROP
iptables -I INPUT -p tcp -m tcp --sport 80 -m string --string "Location: http://100.64.12.12:" --algo bm --to 65535 -j DROP
# iptables -I INPUT -p tcp -m tcp --sport 80 -m string --string "Location: http://" --algo bm --to 65535 -j DROP

The first ignores TCP reset packets from web servers, so that there is no way for a remote web server to shut down the connection.

The second ignores packets that redirect to the policy engine enforcement URL, or to the caching server’s delivery URL – you need to customise that for your own policy engine’s redirects.

These rules could probably be improved to look for the tell-tale sequence number of 1, if the policy engine does what this one does. Oh wait, looking into that, it’s not going to work – that’s a synthetic number. It might work to check the TTL and only drop those that have the magic TTL that matches the distance from you to the filter device.

Posted in Stuff | Tagged , , , , | Comments Off on Ignoring out-of-band network policy systems with iptables

Shoprite wishes you a very Halal Christmas

Shoprite’s turkey for the Christmas season

We bought a turkey for Christmas from Checkers/Shoprite. It cost a stack of cash, but you know, Christmas – all about Christ, the Son of God, come to earth to save us from our sins – good tidings of great joy for all people – we can spend a bit of cash. We took it home, stored it, and then defrosted it to cook … and then noticed a little note that says:

“SLAUGHTERED AS PER ISLAMIC RITES”

So here’s the idea: you sit down to celebrate the birth of the Son of God, and your friendly turkey provider so completely despises the Son of God that he has decided to accommodate people that hate his name, that speak nothing but lies about him, and who would like their meat butchered not efficiently and humanely, nor wishing you a merry Christmas, but with the name of their false god “allah”. They would rather insult the majority of Christians to accommodate the minority of vocal muslims who hate Christmas. They despise their Christian customers. They don’t even put this offensive antichrist religion’s special stuff in a demarcated shelf labelled something like “Halal Antichristmas Turkey”.

Who is a liar but he that denieth that Jesus is the Christ? He is antichrist, that denieth the Father and the Son.

1 John 2:22 KJV

This is not an empty accusation. Islam specifically denies the Son of God: they hate Christmas.

Never has God begotten a son, nor is there any other god besides Him. Were this otherwise, each god would govern his own creation, each holding himself above the other. Exalted be God above their falsehood

Qur’an 23:91

That is nothing but a flat-out denial of the gospel, which is that God sent his Son into the world to save us from our sins:

For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life.

John 3:16 KJV

We fixed this problem for ourselves (but not the insult to Christ). Turkey is a bit dry. We followed the recipe, and covered it with another meat. It ain’t halal no more.

Shoprite’s halal Christmas turkey !? But we fixed it with bacon 🥓. Bacon is awesome! Bacon saved Christmas!
Posted in Stuff | Tagged , , , , , , , | Comments Off on Shoprite wishes you a very Halal Christmas

Freeradius Module-Failure-Message = “Failed retrieving values required to evaluate condition”

One of my radius servers stopped doing its radius thing. Everything was going along swimmingly, and then it suddenly stopped at 1:00AM.  Restarts didn’t fix it.

The way this server works is that the default handler receives accounting packets, writes it to spool files, and then another process forwards the contents of the spool files to the correct destinations (e.g. databases). However, it stopped. There was no reason, so I (eventually) looked at the spool files in /var/log/radius/radacct/blah and found this packet:

Tue Nov 6 00:57:15 2018
    User-Name = ""
    Event-Timestamp = "Nov 6 2018 00:57:15 SAST"
    Acct-Status-Type = Accounting-Off
    NAS-IP-Address = 104.78.28.84
    Connect-Info = ""
    Module-Failure-Message = "Failed retrieving values required to evaluate condition"
    Module-Failure-Message = "Failed retrieving values required to evaluate condition"
    Module-Failure-Message = "Failed retrieving values required to evaluate condition"
    Timestamp = 1541458635

That’s an accounting packet from the NAS that says it is rebooting, and all the sessions have are going away. When this packet was handled, FreeRadius lost its mind and added the Module-Failure-Message attributes.

The reason that this was happening to these accounting packets is that the processing section for the accounting packets said things like this (edited for brevity):

accounting {
    if ( &Framed-IP-Address =~ /^192\\.168\./) {
        detail-write-nat-server
    }
    # ...
    ok
}

The idea is to log to a spool file for handling by another server:

detail detail-write-nat-server {
    filename = ${radacctdir}/nat/detail-%Y%m%d:%H
    permissions = 0664
    header = "%t"
    locking = yes
}

So the trouble is that the Framed-IP-Address attribute is not present in this particular accounting packet. Here’s the right way of doing it:

accounting {
    if ( &Framed-IP-Address && &Framed-IP-Address =~ /^192\\.168\./) {
        detail-write-nat-server
    }
    # ...
    ok
}

So I fixed it, and now it’s better.

Posted in Stuff | Tagged , , , | Comments Off on Freeradius Module-Failure-Message = “Failed retrieving values required to evaluate condition”