Tuesday, August 04, 2020

Homemade (and grown!) English-style pickled onions

English-style pickled onions in malt vinegar are an acquired taste, but I have firmly acquired it.

I picked, prepared, and pickled the onions in the space of one day. The onions were Barletta type (they have early maturity and are naturally small in size) and I used this recipe. I haven't eaten one yet (they need to mature for a few weeks) so I can't vouch that either of things are net positives!




Monday, August 03, 2020

PowerShell and passing command-line arguments to external scripts

I like PowerShell a lot, but occasionally you run into something that seems mind-bendingly over-engineered. The simple act of calling an external script and passing command-line arguments to it is one of those things.

To avoid wasting any more of your time, here is the best way I have found to do it.

I will call the following Python script my_script.py from PowerShell, which simply prints out the arguments passed to Python:

import sys

for i in range(len(sys.argv)):
print("my_script args: " + str(i) + ": " + str(sys.argv[i]))

The script is called from PowerShell by putting the Python command-line arguments into an array and passing them to the external script using the Splat operator.

# Put Python command-line arguments into an array
$cmd_args = @("c:\temp\my_script.py", "-f", "c:\myfile.txt", "-t", "5")

# Call the Python executable, supplying arguments using the Splat operator
& python.exe @cmd_args

Which produces the expected output:

my_script args: 0: c:\temp\my_script.py
my_script args: 1: -f
my_script args: 2: c:\myfile.txt
my_script args: 3: -t
my_script args: 4: 5


Splunk and the self-signed certificate on port 8089

I'm writing this post after finding a solution to this problem. Pieces of the solution were scattered around the web but I didn't find them all in one place.

Problem

Splunk's ports when accessed using SSL/TLS are by default protected with a self-signed certificate. Many Enterprises are beginning to scan for these cases and flagging them for remediation so that the encrypted communications are protected by a certificate signed by the Enterprise itself.

Using an alternate certificate for the Splunk web UI (port 8000 by default) is well-documented but I did not feel that it was documented well for the management port (port 8089 by default).

Solution

The solution has a few steps:
  1. Generate a Certificate Signing Request (CSR) and private key.
  2. Use the CSR to obtain a signed certificate from a Certificate Authority (CA)
  3. Obtain the Root CA certificate chain for the organization that provided the signed certificate
  4. Combined outputs of steps 1-3 as required by Splunk
  5. Configure Splunk to use the items in step 4
  6. Restart Splunk
Before going further, consider whether you need the management port to be enabled for Universal Forwarders (UF). It is not required for forwarder management from the web UI, nor for deployment apps. It is required for API or CLI communication with the UF. If you don't use these features then you can simple disable the port by putting the following in server.conf and restarting the UF.

[httpServer]
disableDefaultPort = true

However, if you want to leave the port open and protect it with your own certificate then read on.

And, unless you have changed the default configuration, Splunk KV stores on the same server will also be protected by the configuration applied in this post.

Step 1: Generate a Certificate Signing Request (CSR) and private key.


These steps will leave you with a CSR stored in server_conf.csr and a private key in server_conf.key

Linux

openssl req -out server_conf.csr -new -newkey rsa:2048 -keyout server_conf.key

Windows

REM SPLUNK_HOME is the root of your Splunk Enterprise installation set SPLUNK_HOME="C:\Program Files\Splunk"

REM TMP will hold the generated private key and CSR files
set TMP=C:\TEMP REM Generate the private key for the certificate.

%SPLUNK_HOME%\bin\splunk cmd openssl genrsa -des3 -out %TMP%\server_conf.key 2048

REM Generate the CSR request file
%SPLUNK_HOME%\bin\splunk cmd openssl req -new -key %TMP%\server_conf.key -out %TMP% \server_conf.csr

You should leave this step with two outputs:
  • CSR file
  • Private key

Step 2: Use the CSR to obtain a signed certificate from a Certificate Authority (CA)

Step 3: Obtain the Root CA certificate chain for the organization that provided the signed certificate


The method to accomplish Step 2 and 3 will vary by CA, but you will normally need to provide your CSR file as part of the process.

You should leave these steps with:
  • CA-signed certificate provided by your CA
  • Root CA and Intermediate CA certificates provided by your CA

Step 4: Combine outputs of steps 1-3 as required by Splunk

All of the files you have created so far are plaintext files. They need to be combined in specific ways:
  • Root CA and Intermediate CA certificates combined into a single file (example: server_conf_root.pem)
  • CA-signed certificate and private key (example: server_conf.pem)
By "combined", I literally mean to copy and paste the contents of the files you received into a single file, one after the other. The example filenames above will be used in subsequent steps.

Store the files in a location accessible by your Splunk installation that will not be affected by upgrades. For example, you may choose to create a directory like $SPLUNK_HOME/etc/auth/mycerts, giving you these files:
  • $SPLUNK_HOME/etc/auth/mycerts/server_conf_root.pem
  • $SPLUNK_HOME/etc/auth/mycerts/server_conf.pem

Step 5: Configure Splunk to use the items in step 4

Modify your server.conf file to include these attributes:

[sslConfig]
enableSplunkdSSL = true
serverCert = /opt/splunk/etc/auth/mycerts/server_conf.pem
sslRootCAPath = /opt/splunk/etc/auth/mycerts/server_conf_root.pem
sslPassword = <key password entered during CSR creation>

Note that, when you restart Splunk in a subsequent step, the sslPassword value will be replaced with a hash of the value by Splunk. As long as everything is working you do not need to worry about it.

Step 6: Restart Splunk

This step hopefully does not need any elaboration!

After the restart, you can use a browser to access the management port (i.e. https://splunk.mycompany.com:8089) and confirm that it is using your CA-signed certificate using the browser's certificate inspection functionality.

Unless you have changed the default configuration, Splunk KV stores on the same server will also be protected by the configuration applied in this post.

Wednesday, June 17, 2020

Real estate and the 5-year outlook

One thing about the real estate industry.

If you were to ask them today what the housing market will be like in 5 or 10 years' time, they may hum and haw about pros and cons but tell you that there's no way of knowing what conditions will be like in 5 years' time.

However, I have never - ever - heard a standard real estate agent say that now is not a good time to buy a house.

So, really, they do know what the market will be like in 5 years' time: it will be a great time to buy or sell a house.

Monday, May 25, 2020

While politicians regain control of the COVID-19 narrative, a void...

Like a lot of people, I'm confused by the apparent lack of a roadmap for COVID-19 recovery in society. Newspapers float a lot of ideas, but it's increasingly hard to tell which have serious intent behind them and which are just the napkin scribblings of career jockeys that find the notion of recovering through methodical, nose-to-the-grind diligence and hard work increasingly boring and tedious.

At first I perceived this to be an issue with our leaders and a lack of planning or vision. After all, most leaders simply look at what other people are doing and copy it within their own fiefdom. And there's no-one to copy in this situation. But, lately, I'm becoming convinced that this recent void is intentional.

I think what we are seeing is a weeks-long transition from a strategy led by medical advice based on data, testing, and targets, focused solely on virus case management, to one that is led by politicians who are accountable for the longer-term health of the economy of which all other goods (including the healthcare system) depend.

I think it has become increasingly apparent that we can't afford to have the recovery led solely by medical advice. It seemed prudent at the beginning when there was so little information about how the virus would spread, but it's now emerging that their concerns are very solitary and, really, the models were overly pessimistic. This mirrors the public's own reaction - very cautious at the beginning, but increasingly relaxed as they see no or very little impact within their sphere and are emboldened by each inconsequential, tentative step outside The Village.

What we are doing in lockdown isn't "scientific". It's likely good advice, and the advice comes from scientists, but it's not science because it has never been tried before, there are too many variables, and there is a strong cultural component to outcomes. There's no "if you do X then Y will happen". It's a hypothesis that we can't afford to complete controlled tests on at the scale required. Scientists aren't elected, and they don't have to consider the broad variety of concerns that politicians do, yet politicians are the ones that will take fire when the results take too long to materialize.

So, I think what we may be seeing is a void while the deckchairs are reorganized and the politicians regain control of the narrative. I don't think it's a coincidence that we are seeing exposés in the international media of politicians that didn't follow their own advice. Months ago they'd have been expected to resign, but now they are defended. They're just like everyone else, wanting to get on with their lives. Soon, I think we'll start seeing things that go against the medical advice given out weeks ago. We can't afford to follow it. And hopefully people will forget what that advice was... and as long as new cases don't start to surge in any significant way, they will.

This is the way it should be.




Thursday, April 16, 2020

Learning to get along with COVID-19 (and possibly take a selfie with it)

Everything I'm seeing tells me that we've painted ourselves into a corner on COVID-19.

To encourage people to take the short-term lockdown seriously, a significant number of people have been put into a panic about the virus. To be sure, it is to be taken seriously, but perhaps not this seriously as long as you are following the rules of social distancing.

The people who are dying in Canada from COVID-19 are dying during a lockdown with many precautions in place, and with full access to ICUs and ventilators. They are not dying because of unavailable critical care. There is no shortage of ICUs and ventilators because of actions taken so far to divert resources to deal with the epidemic - in fact there is a significant excess.

This is good news, but it's only good news for a short period of time. At some point, it begins to look like a misallocation of resources during a time of economic collapse.

So, once we are confident in our ability to consistently help those that can be helped, excess resources need to be reallocated where they will be more likely to save lives. Such as resuming cancer consultations, pre-emptive surgeries, and similar things that have been put deprioritized and put on hold. Putting people back to work is also effective medicine where the unemployed condition involves over-eating, alcohol or drug abuse, depression, and other grotty things that fall under the banner of "idle hands syndrome".

Without a vaccine and/or some other anti-viral therapy that is discovered to improve survival rates, that percentage of susceptible people would still die with or without a lockdown. But without a lockdown, or with a relaxed lockdown, it's now going to be seen by some as the government's fault to some extent if lockdowns are relaxed and people suffer, as they inevitably will.

Unless seasonal weather changes things. Hopefully, but hopefully not - because, if true, then come June it becomes the southern hemisphere's turn to deal with this.

We don't know if you become immune after you've caught it once, and if we suspect that you are then we don't know for how long... but hopes pinned on a vaccine are high.

We don't have the means to know broadly whether someone has already caught it and acquired some immunity.

But, it sounds like mutation of this particular type of virus is a red herring as far as vaccination goes.

Like many others, I can see a way that life gradually returns to normal by gradual easing of the lockdown. I don't know how businesses that were marginally surviving at full capacity would survive at half-capacity. Live events and restaurants that normally need to fill 90% of seats may not survive filling 50% of seats. Airlines won't. Transit won't. But it's better than nothing and perhaps government programs can compensate in part where they are currently compensating in full, which is still a net benefit. At some point it has to end in full because we can't afford to do otherwise, and this is independent of whether or not there is a vaccine.

Even with all sensible measures in place, this doesn't stop a certain % of susceptible people from meeting an early death as restrictions are relaxed, nor does it help governments that have taken full responsibility for the lockdown absolve themselves in the public eye of responsibility for outcomes.

To be clear, I would not hold the government responsible because (a) I don't see any of this as the government's fault and (b) I see relaxing the lockdown as soon as possible as an absolute necessity and accept that mistakes will be made. If that's evil then it is a necessary evil. But that's just me and people that think like me. Click-bait media (most mainstream media) would hold them accountable; political opponents would; and undoubtedly would reddit. Even if those factions didn't believe the government was responsible in their heart, they would still blame and provide encouragement to those looking for a scapegoat.

Here's one communication point that would set the stage: start emphasizing now that the goal is not to prevent everyone from being afflicted by COVID-19, but to ensure that we have all necessary resources available to assist when someone does catch it and needs attention. That has always been the goal, but it is not at all clear.

Proof? Grocery workers, transit workers, and nurses refusing work or agitating over work that they believe mean "it's only a matter of time" until they acquire COVID-19. Well, it's only a matter of time until all of us catch it.

The concern about kids catching this ("...and she has 2 kids at home!") seems particularly misplaced. I'm sure someone has a link they can send me of one child that has died from it. That is beside the point, but it's also part of the irrational hysteria that cohabits with the rational hysteria around COVID-19.

The people I have most affinity toward during these times are those special epidemiologists who say that we can't just be listening to medical professionals on this issue. These people are out there. Medical professionals are not elected and have no accountability to keep society functioning. Nor do the media. Scientists go where their scientific specialty leads them and the media are starved for revenue, with attention being a proxy for revenue. Both have had an overweight say in public policy on this issue until now. Medical professionals very clearly have valuable advice to impart, but we also need the equivalent of "engineers" that are going to put that scientific knowledge to effective use (and I mean real engineers - not software ones).

And with the production pipeline shut down this year, there will be very few new Hollywood movies next year.

Dark skies ahead, but hopefully warmer weather.

Thursday, March 19, 2020

Have some self-control: COVID-19 subsidies are for the people that really, really need them

In semi-lockdown like most other people due to COVID-19, I'm a bit disappointed to see people who can well-afford to maintain their lifestyle for the time being trying to apply pressure via social media or elsewhere to get free benefits such as cheaper electricity, increased Internet caps, and other similar things.

Some of these people are even people I know to be on fixed-income. Times like these are when fixed-income is a blessing rather than a curse. Imagine that: someone else is responsible for making sure you get paid when they themselves may be losing!

The impact to the economy of this lockdown will be incredible. I would not be surprised to see a "pandemic tax" come out of this, and for good reason. Subsidies are for the people who will suffer extreme hardship.

The role of anyone who can still afford to pay their bills for the time being is to continue to pay them as promised for the services they chose, and be glad that they are in a position to do that.

And why not donate any money you are saving from driving less, taking fewer transit trips to work, or buying fewer coffees or take-out meals to a local charity that will help people in your community who will soon begin to struggle?

Thursday, March 12, 2020

The post on COVID-19 that nobody asked for

The last thing anyone needs is another post on this topic. But, at this point it is therapeutic for me to try and connect and resolve the many conflicting pieces of information I've absorbed from the five sources of quality news that I pay for, together with the highly interesting and insane cross-section of information gleaned from free clickbait sources and back-alley slums of ill-repute like reddit.

Plus, it'll be interesting to look back and see how wrong or naive I was in retrospect.

What have I learned about COVID-19?
The fact that I've learned it doesn't mean it's true, but this is where I think it is at:
  • When the virus first appeared in China, efforts were focused on quarantine and elimination of the virus.
  • Most people who get the virus are no worse off than if they'd got a cold or the flu. Some people have an extremely serious infection that requires mechanical ventilation and intensive care facilities.
  • Mechanical ventilators and intensive care facilities are in short supply around the world. This is reasonable.
  • Global efforts are no longer focused toward elimination of the virus, but instead on controlling its inevitable spread so that it doesn't overwhelm healthcare resources such as available ventilators and intensive care units.
  • If healthcare resources are overwhelmed, triage will determine who will live and who will die. More people will die than would die if resources were unoccupied. The deceased may include among them people who did not have COVID-19 but had another serious accident or illness at the wrong time - for example, a severe case of regular influenza or an unrelated heart attack that required intensive care facilities.
  • Healthcare systems have generally have not been good custodians of the supply chain. Important tools in the pandemic toolkit such as masks and other protective equipment have not been stockpiled. Further, many are produced in China along with certain important medications and these supplies are now quarantined along with a large chunk of the Chinese population.
  • With all of the above in mind, reducing the opportunity for all types of illness, injury, and accident while COVID-19 is a clear and present risk makes sense, and to me this is why shutting down events and travel makes sense. If you have a serious car accident travelling to an event when COVID-19 is in full swing, you may be out of luck.

What I don't understand: why not inverse quarantine?
I don't fully understand why we are roping everyone into the cancellations and restrictions that are now becoming widespread. There is a clear profile of the type of person that is vulnerable and they are in the minority: older people with existing health conditions. These are the people who have the most self-interest in protecting themselves, and they are also the reason that everyone else should be trying to avoid catching the virus - not so much for themselves as for someone who is vulnerable that they may pass it on to.

Why wouldn't we get in touch with the most vulnerable people, have those people quarantine themselves with supports to ensure they have what they need for the duration, and let it blow through everyone else as quickly as possible - the vast, vast majority of whom will not suffer greatly though may be contagious for 2 weeks? Perhaps it is too large of an effort to orchestrate reliably and quickly, but it seems that most people are hyper-aware of this issue so the communication would surely not be a problem. If there is a vulnerable person that does not know that they are at risk from this virus by now, I would be extremely surprised.

I can't help think, in the back of my mind, that this has largely become one big exercise to see how quickly and deeply governments can bring people under control should a more serious emergency or outbreak warrant it in future. How often does this opportunity come along with commensurate public support? The largest social experiment ever conducted - so much will be learned from this.

Ontario schools closed for 3 weeks - where do the kids of healthcare workers go?
March Break - an annual week off school in March - was to begin next week. It happens every year and parents plan around it. Parents have now been told that schools will be closed for an additional 2 weeks after March Break to reduce the chances of propagating COVID-19. Fair enough, but I can't help wonder what this does to healthcare workers with children not old enough to stay home alone. A great government support would be to do everything it can to provide free, priority daycare for children of healthcare workers. If this virus kicks off, the last thing you will want is healthcare workers torn and stressed between home and work-life issues.

The logic of closing down schools for 2 weeks after March Break appears to be that children returning from March Break travel to locations where the virus is more prevalent than in Canada will not have a chance to spread the virus among their classmates on their return. After 2 weeks, it'll be clear who does and does not carry the virus but immediately after March Break it will not.

Donald Trump and US Election 2020
It seems to go without saying that Donald Trump's prospects of re-election look worse at the moment than they did at the beginning of the year. I'm not sure they were ever that great - he won in 2016 by an extremely slim margin and lost the popular vote. It's hard to imagine that he has brought more people onto his side in the last 4 years, but there's no accounting for public affinity for an opponent who is older, appears confused a lot of the time, and will not bring out the youth vote... and that is what you have in Joe Biden.

If you look at the core of this COVID-19 issue and the havoc it has wrought in general to the economy and healthcare system so far, you see a fundamental issue of over-dependence on China both in the supply chains of every day products and in medical supplies that are critical to the health of the country. It really does seem feasible at this point that even the US military may not be able to function completely without the Chinese supply chain being intact, which seems unimaginable.

So, all I want to say here is that Donald Trump has made reducing dependency on China a central and highly-visible part of his presidency for the duration. He has been attacked from all angles for doing it, and primarily by his opponents (some of whom had a direct hand in implementing the over-dependencies). There is political gold to be mined for Donald Trump if done in the right way and at the right time, though I'd still have doubts in his ability to sway such a polarized population.

Donald Trump and the ban of EU travel
It was wrong to impose such restrictions without letting his counterparts know it was coming. But the immediate cries of "this won't work!" were really strange. China did it, and was praised for it. Granted, the US will not be able to be so draconian and complete in their shutdown. But how do the EU naysayers know that it won't work, and what position are they in to say so with all of their most prominent countries grappling with this virus more severely than is the US?

The US has some unique healthcare struggles with such an apparent lack of integration or common goal of public good within its fragmented healthcare system, and I have to wonder whether border restrictions may really be the best (if not the perfect) approach for that type of system.

Over-reaction and stockpiling
I went to the supermarket on the evening of March 12th to pick up a few things, but none of them were must-haves. It was worse than the height of Christmas. All aisles packed with shoppers and shopping carts going queued around the perimeter of the store waiting to be checked out. I've never seen anything like it, and I can't imagine what could be so urgent for so many people! I left.

I went back the following morning at 7:00am. Not as bad as March 12th but definitely abnormal - more on the scale of a busy Saturday afternoon, though with very few checkouts open.

India
I am absolutely amazed that this virus hasn't kicked off in India yet. but here you have it - as of today, only 73 cases and 1 death in an extremely crowded country of 1.3 billion people.

But life goes on...
For the most part, people I interact with on a daily basis are going about their day and getting things done. There's such a sharp contrast between portrayals in the media of absolute chaos at every turn and the calmness of every day life.

Sunday, February 02, 2020

How would you live if you really cared about the environment and climate?

I don't remember the trail of breadcrumbs that led to it, but I recently found myself watching a YouTube video of a Millennial lifestyle influencer type who was about to show her audience how she made her dinner.

Par for the course with lifestyle influencers.

The thing that stood out for me was the profuse apology for having brought home the groceries for said dinner in a single-use plastic bag. There was a rational explanation, she assured.

Nothing was said of the stream of single-use plastic clamshell fruit and vegetable packaging that emerged from said plastic bags, nor of a subsequent video of weekend trip by plane to British Columbia (a trip of over 4000km).

It's been in the back of my mind for years that the people that are highly vocal professionally about their concern for the environment and climate don't seem to be doing very much in their own lives to suggest that they really do take it seriously.

It has for some time been my thinking that healing a sick planet is not so much about doing more, but doing less.

And so I think that if I really cared about the issue to the extent that I was moved to do something about it, I would:

  • Not use the car, except where there was no real alternative. Electric cars are not a solution.
  • Live closer to work. Or at least live closer to a transit hub.
  • Forego or reduce certain things that require the use of a car because of my poor choice about where to live.
  • Not use a gym. There are plenty of things that need doing that can be done as exercise - including walking / biking / running to places that don't need to be driven to.
  • Work from home to the extent that it will not be a disruption (certain type of work is done better in the office). Not only does this save money and energy, but it frees up transit spaces on crowded transit for people that can't.
  • No more long-distance vacations. Planes especially are out. Cruises even more so.
  • Avoid the use of hydrated products where dehydrated products are as good or better (for example: bar soap and not body wash; ultra-concentrated laundry products; dried beans and not cooked/canned beans). The packaging is wasteful and it's more wasteful to produce and ship the products.
  • Look at things more as an issue of waste and less as a business proposition. For example: it's not better to buy the thing that will need replacing 5 times over the one that will never need replacing just because I could buy 5 of one for the cost of 1 of the other. It's not just about my personal bank account, and I don't need to "get my money's worth" from municipal waste services.
  • Resist "events". The amount of garbage that comes from organized events is astounding.
  • Resist useless additives. Fabric softener, air fresheners, scents, and dyes, for example.
  • Reusable produce bags? How about no produce bags?
  • Air-dry laundry. This is a no-brainer. It's very energy-intensive to dry anything with stored energy. In the summer things hung outside dry quickly outside with free energy from the sun; in the winter, things still dry quickly because the indoor air is so relatively dry and provides much needed humidity.
  • Leave time to care, stay informed, and reflect. Busy lives are sometimes necessary but often self-inflicted and they leave you in a daze. It might be worth it to you if you are making lots of money from doing it, but there's a cost to everyone else in the form of the above.
  • Remind myself that the cumulative effect of making small changes is significant. I usually think back to a previous post previous post to remind myself of this.
  • Remind myself that every single dirty industry exists to provide me as a "consumer" at the end of a chain with goods and services that I buy. There's a dirty industry out there to produce the twist ties that hold together the cord on your new kitchen gadget of questionable utility. You can't buy your way out of this problem - only do and buy less.
There are so many other things. This is a place to start. I am doing well at some of these things. Some I have regressed, and some I have earmarked to deal with on a certain timescale. This is my biased list and I'm sure others have their own.

Aside, I am less concerned about the energy consumption of data centres and digital services. To be sure, there is a lot of waste and needless digital activity out there (I shudder to think how many resources are diverted to keeping online and backing up near-identical photos of the CN Tower in the cloud, for example - to name just one world landmark). However, think of what data centres offset:
  • Manufacture, storage, and distribution of video material on plastic. Trips to the movie rental store to buy/rent.
  • Manufacture, storage, and distribution of paper books, newspapers, and magazines. Trips to the library to borrow them.
  • Trips to the bank.
  • Paper statements and the paper they are printed on (by a very dirty paper industry)
  • Postal mail and the paper it is printed on.
  • Plastic bags to carry all of the above.
All of the above were essentially dependent on harvesting natural resources and transforming/delivering them using fossil fuels. It is now possible to replace them with digital distribution powered by electricity that in theory could be renewable. Isn't that the dream?


Tuesday, January 14, 2020

Selectively angry about having to use self-checkouts

People are quite selective about where they get offended on this one.

Self-checkout for gasoline is apparently fine. I seldom hear people clamouring for a return of the full-service gas station.

Having someone pick, box, process payment, and deliver your stuff is in a near-sweatshop type of operation is apparently fine (i.e. Amazon).

And so is pushing your cart around a large supermarket to pick out your own groceries rather than going to a counter of a general or department store and telling someone what you want, as would have been done prior to the evolution of the self-serve supermarket.

But what's not on is to make you use a computer to check out and pay for groceries you've picked out yourself.