Seeing Past the Wreckage: How Trump’s recklessness might benefit us all – Part 2

Technophile or technophobe, it’s easy to slip into an Orwellian panic when considering a highly-connected, technocentric government. For years now, we’ve all seen the dire reports about government databases being joined together and made accessible to every civil servant with a badge. We’ve heard about the potential horrors of mandatory federal identification cards and the types of tracking such a system could facilitate. Then there’s the matter of our votes. They’ll be hacked and we’ll never be able to prove anything!

Given the current state of technology in our government, these are actually quite valid concerns and there are a great many more to boot. The central problem, from which all of these issues stem, is that you cannot build a trusted system atop an untrusted one (for the purists, yes it’s actually possible but the degree of isolation required is practically unachievable in this context).

For purposes here, we’ll define an untrusted system as one that was not designed from inception with external auditing and monitoring capability for all components.

In addition to a trusted foundation, complex systems must be designed, from the outset, to be modular and scalable. Computer science has learned a lot about these design facets over the past 20 years. In the past, vertical scaling (making a single computer ever-more capable and resilient, usually through the addition of expensive, specialized hardware) has given way to horizontal scaling (distribution of computing tasks across a large number of standardized computers).

Writing applications for a horizontally scaled environment happens to lend itself well to the creation of a secure, highly accessible, highly distributed platform for facilitating democratic governance. As the smoke begins to clear and the ashes begin to settle in the post-Trumpian wasteland, there will be a void to fill and a renewed longing for a viable trust model for our government. This will be a golden opportunity to implement just such a platform.

By starting fresh and designing a modular, scalable system that employs open standards and secure design principles, we can restore faith in government through assured transparency (or opaqueness, where appropriate), accountability, and efficiency. In spite of the fact that technology has consumed our everyday lives, there are still individuals who are cynical toward any sort of technology-heavy approach to government. The fact is, though, that we’re already awash in computers, databases, and electronic ID. Unfortunately, none of it has been thought through holistically, it’s wildly insecure, and it’s ripe for abuse due to a woeful lack of controls.

Why wouldn’t we want to step back, design it right and make it do what we need? Design and deployment of a ‘democracy technology platform’ at the federal level would be expensive, no doubt. What’s the cost, though, of the millions-per-instance identity theft cases that we now routinely hear of (or fall victim to), election uncertainty, uncaught waste, etc. that will continue to undermine our government and financial institutions? At this point we really only have two options: continue to fall victim or get working on a viable solution.

 

Seeing Past the Wreckage: How Trump’s recklessness might benefit us all

I’m not really a ‘silver lining’ kind of guy. Although I do try to keep things constructive, anyone who knows me is aware of my innate, critical tendencies. Occasionally though, a few sparkling rays of natural optimism manage to pierce the otherwise impenetrable haze of critique. While speaking with an old friend yesterday, who happens to be an alderperson in a city of approx ~100k, I surprised even myself as I began to consider the very real benefits that Trump’s monkey-driving-a-bulldozer tactics could have when it comes to modernizing our democracy.

That the machinery of our government is broken is a notion that is, it’s fair to postulate, broadly accepted. To be sure, the foundation of our government, in the way of the Constitution and its basic structure, is holding together, however tenuously, and remains viable.  The machinery, though – the polling processes, tax levying and collection, public access to government data, general accountability – has had all manner of problems creep slowly in.  From technological advancements to rapidly shifting geopolitical realities, the lumbering and relatively disconnected nature of American democracy has led to chronic disillusionment on the part of the citizenry.  Our democracy may well be on the cusp of death-by-a-thousand-paper-cuts, even as we desperately wrap our arms ever tighter around our founding principles.

Far too many people believe that you’d have to be crazy to waste your time voting in even the most important of elections, as is evidenced by the 90 million registered voters who didn’t bother to show up for the 2016 U.S. general election. It shouldn’t be a shock, then, when crazy people wind up with outsized representation in our government.

When you further consider that, in the history of the U.S., there have been five occasions where a loser of the popular vote in a presidential race has still managed, nonetheless, to secure the office, things look seriously askew. Of those five instances, two have occurred within the past five election cycles. Before George W. Bush’s contentious electoral college win in 2000, it had been 112 years since this phenomenon had reared its insidious head in our Republic.

There’s not much room for arguing that things are actually going well or that this is all just another routine, generational crisis. The world has changed dramatically in just the past 20 years but the machinery of our democracy hasn’t. How many political campaigns are founded on the vague premise of ‘change’. Regardless of a politician’s sincerity in their commitment to righting whatever wrongs they set their sights on, the system has become inexorably gamed against them. While ‘politics as usual’ may be part of the problem, it’s becoming clearer by the day that we’ve been saddling up our elected representatives in a Model-T and then expecting them to contend in the Daytona 500.

This is where Trump comes in.

He’s fond of the term “drain the swamp.” He misses the mark with that expression though, and not just because replacing career politicians with obscenely ignorant billionaires doesn’t actually count as draining anything other than our dwindling faith in the system. No, he’s not draining the swamp, he’s burning the forest down.

Imagine the U.S. government as…well, what it is….an ossified, overgrown, moss-covered forest where little of anything new can possibly thrive. The status quo is so deeply ingrained and self-preserving that fundamental change is simply not possible. Nature has an astonishing method for dealing with this type of stagnation. It strikes quick and unexpectedly. When all is through though, a smoldering blank canvas is laid bare and from the ashes is born a reinvigorated, lush new forest.

With his all-too-brazen eschewing of political norms, established alliances and data-driven rationale, Trump is burning the forest to the ground. His intentions may not be pure, or even comprehensible. His methods may not be orthodox, or even sane. However, just as with an out-of-control forest fire, all of the dry old tinder will succumb and soon be out of our way.

The challenge we face now is to see the framework of our government through the most intense challenge it’s known to date. If we can maintain the foundation while undertaking this massive rebirth of its machinery, we can prove the worth and beauty of our way of life through a highly efficient, resolutely democratic form of self-governing.

Quick and Dirty ADS-B with dump1090 server and PlanePlotter

While there are some excellent decoding and aggregations tools for linux, the available options for visualization are lackluster at best. PlanePlotter a nice commercial win utility for mapping planes with ADS-B data and grabbing ACARS messages. Since I’m running a bank of RTL DVB sticks on linux as a homebrew SDR rig, use of any graphic interface is best achieved via one of the many established network protocols. Here’s the in-a-nutshell version of feeding PlanePlotter with data from dump1090, an ADS-B decoding utility that works nicely with the linux rtl-sdr driver.

linux server
git clone https://github.com/MalcolmRobb/dump1090
cd dump1090 && make dump1090
./dump1090 –no-fix –enable-agc –net

win wks
In PlanePlotter, Options->I/O Settings-> Mode-S/ADS-B-> Beast Receiver TCP
Then, Options->Mode-S receiver->Beast receiver->Setup TCP/IP client [Server IP]:30005
Process->Start (or the little round green button in the menubar)

13-year slow-mo train wreck

Pictured: Ballmer's Legacy

The aftermath of Ballmer’s decision to finally set sail from Microsoft is a bittersweet chapter for a storied company. The organization he took charge of in January 2000 was a significant and growing force in personal computing. Windows, after all, had truly brought computing to the masses. While others had devised graphical operating systems long before Windows (anyone remember GEOS?), Gates & Co. stumbled upon the secret recipe.

Innovation and technological vision, however, are antithetical to a profit-centric culture. Having walked into many similar situations, I know how frustrating this can be for the guys stuck in the boiler-room – the same guys that would otherwise be driving innovation and endearing the community beyond a stiff and embarrassing ‘Developers!’ chant.

While I’ve never worked at Microsoft, I’m fairly positive that senior management is comprised of business school grads and back-slapping guy-smiley sales types. Individually, they get a lighthearted chuckle from their general lack of technical expertise and, as such, find the irony of running such a large technology company amusing.

On the rare occasions that ‘technical stuff’ must factor into decision-making, they call one of the ‘smart guys’ (a perjorative in my book) into a conference room to field a few select questions. Those seated at the table quickly realize that they’re in over their heads and, with only half-baked answers in hand, dismiss the summoned egghead with a patronizing and stealthily condescending, “thank god you geeks understand all this stuff!” Afterwards, since no one with a strong technical background is ever allowed to remain in the conference-room (technically proficient individuals can’t possibly comprehend business, after all), everyone shrugs off the ‘confusing technical-jargon’ and the numbers-driven decisions resume unabated. Then, golf.

Meanwhile, the guys back in the boiler-room, many of whom have been working day and night on some great new product or feature, will soon learn that management doesn’t ‘get’ the value of their recent efforts. Innovative projects are scrapped and those who long to do something new and responsive to the market are reassigned as “team-leaders ” to some stale group that maintains a rickety 20-year-old product. Of course, they’re told, “This is not a step down. You’re being given charge of one of the company’s core assets….and a promotion to team-lead to boot!” Ahh yes, the Bermuda-Triangle-like netherworld of full responsibility and zero authority known to the corporate masses as ‘team lead’.

And another one bites the dust.

Although I’ve never been in this situation myself (one of the reasons I stick with small businesses), I’ve seen it in my consulting work time and time again. This sort of culture is nearly impossible to shake out. It’s an us vs. them mindset and as long as money keeps flowing through the door, investors believe that their technologically inept golf-buddies have everything under control. Had it been a team effort with different perspectives well-represented, Microsoft might have remained inexorably dominant in the technology industry. Their profits, while likely more modest, might have also remained sustainable over the long run.

As the world watches Microsoft bail water at lightning speed, I can only hope that this particular lesson sinks in (pun intended) elsewhere. I doubt it but I can hope.

spice console in openstack

Documentation for many openstack features exists only in the form of source code. This is a result of everything still being under heavy development. My most recent experience in divining configuration details from python source was related to the use of spice as the console protocol.

I’m told that Redhat is shipping spice enabled by default. Ubuntu still ships with vnc. Converting from vnc to spice should be easy – and it is if you know what nova is looking for. I couldn’t find any practical references in the official documentation nor in any of the various support forums.

Initially, after disabling vnc (‘vnc_enabled=False’ – this is mandatory) and adding the spice configuration options, I was getting libvirt xml files that did not containg any graphics or video stanzas. It turns out that, unlike vnc, spice needs its own tag. Here’s what needs to be appended to nova.conf to bring spice to life:

Controller Node
[spice]
enabled=True
html5proxy_base_url=http://{nova-spiceproxy public IP}:6082/spice_auto.html
keymap=en-us

Compute Nodes
[spice]
agent_enabled=True
enabled=True
html5proxy_base_url=http://{nova-spiceproxy public IP}:6082/spice_auto.html
keymap=en-us
server_listen={private IP of compute node or 0.0.0.0}
server_proxyclient_address={private IP of compute node}

Other notes:
– Be sure to comment out or remove all vnc-related options ~except~ vnc_enabled=False.
– The previous example assumes port 6082 for nova-spiceproxy.
– Ensure that the vncproxy has been disabled and that the spiceproxy is running on this port (or adjust the url’s above accordingly).
– In order to get secure (encrypted) console sessions, you’ll need to enable tls w/ spice.

Slipstream virtio drivers into Windows Server 2012 install ISO

 

Windows administration is not my strong suit but occasionally I find myself having to coax MS products into action. I was surprised when I couldn’t find any specific guidance for slipstreaming virtio since…you know…openstack. Anyway, the following process was undertaken on a Win 2012 server (64-bit) with the resulting image also being Win 2012. Since this version of Windows appears to be little more than Windows 8 without the magnificently atrocious Metro interface, it should work on there as well…that is if you can keep random crap from popping up and stealing focus while you’re trying to work. Good luck on that.

Prep

You’ll need:

– Windows 2012 Server install ISO
– The latest signed virtio drivers for windows from RedHat. As of the time of writing, these are contained within virtio-win-0.1-59.iso
ImgBurn or any other tool capable of manipulting ISO images. That we’re in the year CE 2013 and this functionality is not included out of the box on every version of windows is nothing short of criminal. You’re free to open the iso’s in linux and grab what you need as well.
– That’s pretty much it. Everything else, amazingly, is included with a standard windows installation.

Details

  1. I’ve found relative paths to be a bit of a foreign concept in windows-land (%WINDIR% being the-difficult-to-type exception)  so, for ease of explanation, I’ve created the following:

    c:\iso
    c:\iso\ms-iso
    c:\iso\ms-mount 
    c:\iso\virtio-iso
     
    Go ahead and put the windows and virtio iso images in c:\iso.
     
  2. Using ImgBurn or the tool of your choice, extract the contents of the windows install iso to c:\iso\ms-iso.
     
  3. Extract the contents of the virtio iso into c:\iso\virtio-iso. Alternatively, you could just mount the iso and reference the appropriate path when you reach step  #5. I’m just trying to keep this walk-through simple and tidy.
     
  4. Next, we’ll use dism to mount the wim image. From an elevated command prompt:
  5. dism /mount-image /imagefile:c:\iso\ms-iso\sources\install.wim /index:1 /mountdir:c:\iso\ms-mount
    
  6. Time to insert the drivers. Note that due to linux’s own historical baggage, the driver directory is named AMD64. In spite of the name, the drivers are perfectly compatible with all 64-bit x86-derivative platforms.
  7. dism /image:c:\iso\ms-mount /add-driver /driver:c:\iso\virtio-iso\WIN8\AMD64 /recurse
    

    I find myself recursing quite a bit when interacting with dos’ archaic shell but, alas, we’re almost through. Don’t even get me started on the wildly verbose and pseudo-random command syntax of powershell. 

  8. If all went well, 5 of 5 drivers will have successfully ‘installed’. Now we seal the deal:
  9. dism /unmount-wim /mountdir:c:\iso\ms-mount /commit
    
    
  10. Now we have to run through the same process but this time we’re updating boot.wimso that we can see the virtual drive during the install process.
  11. dism /mount-image /imagefile:c:\iso\ms-iso\sources\boot.wim /index:1 /mountdir:c:\iso\ms-mount
    dism /image:c:\iso\ms-mount /add-driver /driver:c:\iso\virtio-iso\WIN8\AMD64 /recurse
    dism /unmount-wim /mountdir:c:\iso\ms-mount /commit
    
  12. Now all that’s left is to glue the iso back together. In ImgBurn this accomplished by:
    1. Mode -> Build
    2. In the ‘Source’ section, click the ‘Browse for a folder’ icon. Select c:\iso\ms-iso.
    3. In the ‘Destination’ section, click the ‘Browse for a file’ icon. Give your iso a name and put it where you’d like.
    4. Under the Options tab on the right, set ‘File System’  to ‘UDF’ and ensure that ‘Recurse Subdirectories’ is checked.
    5. Under the Labels tab, set an appropriate label (eg., ‘win2012-virtio’) in the UDF field.
    6. Under the Advanced -> Bootable Disc tab:
      1.  Check the ‘Make Image Bootable’ checkbox
      2. Emulation Type: None (Custom)
      3. Boot Image: c:\iso\ms-iso\boot\etfsboot.com
      4. Platform ID: 80×86
      5. Developer ID: Microsoft Corporation
      6. Load Segment: 07C0
      7. Sectors to Load: 8 (for Vista and earlier, this would be 4)
      8. Patch Information Table: Unchecked
    7. Finally, click the ‘Build Image’ button on the bottom left.

All done. I’ve noticed that ImgBurn seems to be under regular development so the UI may present additional features beyond those listed here. If so, use your best judgement or google (preferred).

And…we’re back.

The old blog theme I’d been using was very unwieldy and made adding new entries a royal pain. So, rather than changing the damned theme, I wound up just ignoring the blog and eventually pulled it offline. Maybe I’ll go back at some point and import the old blog entries. For now, though, we’ll start fresh and with a simple theme.