Twitter: @ewenmcneill -- November 2021
Sun Oct 31 19:15:48 +0000 2021 (#)
A fun tale of debugging a multi-step memory corruption bug on an computer without memory protection, or modern debug tools, or a minimised reproducible triggering use case.
All the more fun because it involves the computer system (Amstrad CPC) that I had growing up š https://twitter.com/drtune/status/1454343596199399425
Mon Nov 01 03:30:14 +0000 2021 (#)
āOur #NZCovid19 case numbers are up, especially among Maori, but not as much as we projected, so thatās why weāre going ahead with relaxing restrictionsā (this week Waikato; next week Auckland).
Thatās got strong ānot using enough of our error budgetā energy š¬
Mon Nov 01 03:36:54 +0000 2021 (#)
Replying to @ewenmcneill
Apparently weāve just hit ā80% eligible populationā double vaccinated for #NZCovid19 (good progress).
But it feels like thereās unwillingness to wait for the planned 90% eligible (~70-75% total pop) double dose level for the plans announced a week ago. https://twitter.com/farmgeek/status/1454989289314344960
Mon Nov 01 03:41:50 +0000 2021 (#)
RT @ExcitedLeigh: There's hot takes about how this isn't a "real" vuln, or a vuln in Rust, but if you've got a situation where someone coulā¦
Mon Nov 01 09:25:56 +0000 2021 (#)
Replying to @ewenmcneill
I just realised what bothers me most about the recent #NZCovid19 government response changes: it feels like now weāre repeatedly failing the marshmallow test this year, after doing so well on delayed gratification last year/earlier this year.
https://en.m.wikipedia.org/wiki/Stanford_marshmallow_experiment
Tue Nov 02 21:02:31 +0000 2021 (#)
Replying to @felix1234
Itās good to hear thereās at least an option for those without NZ/AU driverās license/passport.
But I agree verified RealMe via in person verification, just to get an online vaccination certificate, does seem a lot of hoops.
Hopefully they add more direct options soon.
Tue Nov 02 21:17:28 +0000 2021 (#)
RT @RealSexyCyborg: Now Live!
The @Razer Zephyr Is Useless- But It Has Potential
Full engineering breakdown, what the Zephyr does right,ā¦
Wed Nov 03 02:41:28 +0000 2021 (#)
Ansible magically figures out Ansible module dependencies and makes them available on the remote system for the module to run.
How Iād assumed it worked: load module locally, walk the imported path, copy those.
How it actually works: regexes. https://github.com/ansible/ansible/blob/devel/lib/ansible/executor/module_common.py#L428-L445
Wed Nov 03 02:44:37 +0000 2021 (#)
Replying to @ewenmcneill
This matters because it means ātryā / āexceptā around imports doesnāt stop import failures of ansible module_util modules (ie anything matching those regexes). Because it wants to find and copy over both versions.
https://github.com/ansible/ansible/issues/69821
Wed Nov 03 02:47:28 +0000 2021 (#)
Replying to @ewenmcneill
Which in my case matters because ansible-freeipa installed from RPM and ansible_freeipa installed from Ansible Galaxy live at (very) different module paths and thus need importing differently. So cross platform compatibility isā¦ difficult š¢
Wed Nov 03 03:05:10 +0000 2021 (#)
Replying to @ewenmcneill
The ansible-freeipa Ansible Galaxy release process solves this with a bunch of sed and other shell script magic.
But that doesnāt help for role local ālibraryā modules that try to build on the same ansible-freeipa foundations separately. https://github.com/freeipa/ansible-freeipa/blob/17dd8e4ec644ed2da74ac14e96b534ded95493e2/utils/build-galaxy-release.sh#L15-L24
Wed Nov 03 04:23:09 +0000 2021 (#)
Replying to @ewenmcneill
In theory I could work around this with a symlink somewhere on the python path. In practice not so much š¢
Python 3 doesnāt need init.py, but if you have one it effectively shadows the top level module init.py (at least, maybe whole module). https://python-notes.curiousefficiency.org/en/latest/python_concepts/import_traps.html
Wed Nov 03 04:34:07 +0000 2021 (#)
Replying to @ewenmcneill
But the Ansible module exporter has its own ideas about how to find things, a bunch of references to init.py, and doesnāt seem willing to follow my symlinks at any useful search depth without init.py, even on fairly recent Python 3 š¢
Wed Nov 03 06:07:56 +0000 2021 (#)
Found a workaround that doesnāt involve 2 copies of the scripts: role/FOO/meta.yml aliasing allows finding Ansible modules.
Thereās exactly 1 Ansible FreeIPA module_utils module I care about: it works if I symlink in deb/rpm packaged ansible/module_utils. https://twitter.com/ewenmcneill/status/1455728304325988353
Wed Nov 03 06:11:41 +0000 2021 (#)
Replying to @ewenmcneill
Iām glad I finally found a workaround. I dislike that it involves injecting symlinks into /usr/lib/python*/{dist,site}-packages. But nothing else worked.
So now the Ansible Server setup Ansible role does this, if required, auto discovering the packaged ansible/module_utils dir.
Thu Nov 04 06:32:08 +0000 2021 (#)
Replying to @pjf
Theyāre good keybindings though š
(Turns out I too am āolder than viā š®)
FWIW I long ago concluded general IT renewal trends routinely used up my quota of āgood with changeā. Some days it feels like IT fashion moves 10x faster than clothing fashion š¢
Thu Nov 04 06:53:36 +0000 2021 (#)
RT @mjg59: 50 years ago, the first edition of Unix was released. This has made a lot of people very angry and has been widely regarded as aā¦
Thu Nov 04 19:50:05 +0000 2021 (#)
Replying to @thatcks
There are tools to convert MH mailboxes to Maildir (format used by many IMAP servers). And IIRC at least one IMAP server that supported MH storage format.
āModern IMAP client that I likedā is harder: I use several, and theyāre all āokayā at best. But IMAP helps use several.
Thu Nov 04 21:15:02 +0000 2021 (#)
Replying to @RealSexyCyborg
āIf youād like to be cool in an impractical kind of way like me, Iāll put the link in the description box.ā š
(Definitely another review well worth watching to the end!)
Fri Nov 05 20:44:34 +0000 2021 (#)
RT @DrJinRussell: A mini thread on why NZ needs to quickly up our game on rapid antigen testing and why we can learn from Singapore (and otā¦
Sat Nov 06 00:59:24 +0000 2021 (#)
Replying to @sophywong
If the new MagSafe adapters are anything like the old (1 to 2) ones, theyāre pretty marginal reliability when connecting. Itās okay on a desk once itās in place, and nothing moves. But on connecting power up it usually takes a few attempts/extra pressure to recognise the charger.
Sat Nov 06 01:09:01 +0000 2021 (#)
RT @tveastman: This is what the rename was for: so they can say "Facebook won't do xxx anymore" while meta does exactly xxx https://t.co/1Vā¦
Sat Nov 06 01:18:52 +0000 2021 (#)
Replying to @minxdragon
More generally, almost any opening greeting is both political and othering. Even the common ones. Especially the common ones.
Framing matters.
Sat Nov 06 05:59:10 +0000 2021 (#)
Replying to @Danjite
I believe Iāve finally figured out where you flew, and why.
Good topic to talk about, and the āfireside chatā format seemed to work. Hope the stress of āgetting there to present in personā wasnāt too bad š https://mobile.twitter.com/CHCon_nz/status/1456472201121521664
Sat Nov 06 06:14:23 +0000 2021 (#)
The best time to start getting vaccinated (in New Zealand) was at least 2 months ago; the second best time is this weekend.
80+% of 12+ New Zealanders are already vaccinated ahead of you. You definitely know someone with personal experience to ask if you have questions. https://twitter.com/tveastman/status/1456812034733973505
Mon Nov 08 05:12:58 +0000 2021 (#)
Replying to @ExcitedLeigh
Settings -> Notifications-> Photos -> Memories: Off
Made my life better. Iām not sure it stops it making memories, but theyāre no longer shoved in my face, so Iāve not seen any āmemoriesā for years.
Mon Nov 08 09:22:13 +0000 2021 (#)
RT @ExcitedLeigh: I recently got the opportunity to pull some folks off of different teams at work to form a "strike team" to get somethingā¦
Mon Nov 08 09:27:16 +0000 2021 (#)
Replying to @__fincham
Modern X11 largely relies on client side font rendering (via xft), which in turn relies on the clients having fonts available. Most still fall back to 1980s font rendering if client side isnāt available, with the handful of built in fonts.
https://www.freedesktop.org/wiki/Software/Xft/
Mon Nov 08 09:29:58 +0000 2021 (#)
Replying to @__fincham
From memory ~/.Xresources is for Xlib (server side) font rendering/selection. And xft has its own configuration file.
Most Linux distros preinstall xft and fonts for you; X11 on macOS is rather more BYO.
So Iād start by figuring out which font rendering was activeā¦
Mon Nov 08 20:01:45 +0000 2021 (#)
Replying to @GyledC
Iāve long suspected that installs that cable tied down are installed āby the rackā or āby the datacentreā. Ie if anything fails itās just turned off / ignored until they roll in a new rack.
(Itās possible to get close with hook/loop wraps though, and thatās more maintainable.)
Tue Nov 09 00:51:27 +0000 2021 (#)
Replying to @aurynn
Matrix is what I see suggested most as a ābetter than IRC, not Slack or Discordā option. Matrix is particularly good at bridging into other systems (including IRC).
Iāve heard of Mattermost and RocketChat, but havenāt really heard of communities actively using them.
Tue Nov 09 06:42:00 +0000 2021 (#)
RT @tommarmstrong: A really interesting article on the check in QR codes. āMechanical sympathy for QR codes: making NSW check-in betterā htā¦
Tue Nov 09 09:39:12 +0000 2021 (#)
RT @DrStruthers: Itās about time they set a Hitchcock-style black and white thriller movie in a watchmakerās workshop. This is George the 1ā¦
Wed Nov 10 20:46:41 +0000 2021 (#)
RT @alicegoldfuss: puts work pronouns in the sink takes good pronouns out of the display cabinet
Thu Nov 11 03:49:45 +0000 2021 (#)
Achievement unlocked: first phishing/spam email received in Maori āØ
Thu Nov 11 06:29:18 +0000 2021 (#)
Replying to @gregdotexe
That was šÆ my thought when I realised it was actual phishing in Maori.
Itās a living language again yāall š
Thu Nov 11 06:32:01 +0000 2021 (#)
Replying to @__fincham
Yeah, in general most built-for-Mac software is better tested with the Quartz or other native backends. Iām only using X11 on macOS for a couple of things which either arenāt ported, or where Iād already fine tuned the display for X11 and the native backend looked worse.
Sat Nov 13 00:21:12 +0000 2021 (#)
RT @bestinsio: I dont know what gender I was assigned at birth. I dont remember anything from that day
Sat Nov 13 08:00:58 +0000 2021 (#)
Me to Mobile Safari (iOS): this is an interesting page, Iād like to airdrop it to my other device.
Mobile Safari: sure, ready to airdrop a link, where to?
Me: is it the page I was looking at?
Mobile Safari: ā¦. maybe? š¤·āāļø
Me: Maybe?! š¤
Narrator: often it is not š
Sat Nov 13 08:02:47 +0000 2021 (#)
Replying to @ewenmcneill
As best I can tell from watching closely over the last couple of years, initially it is the page Iām looking at and wanting to share to my other device.
Then something rediscovers then URL from recently loaded pages, and decides to share that instead š¬
Sat Nov 13 08:05:36 +0000 2021 (#)
Replying to @ewenmcneill
Shoutout to the programmer who decided the best way to find the URL of the current tab was to look at ārecently loaded URLsā and pick the most recent š¢
(Usually reloading the tab once, or sometimes twice, before sharing fixes this. Sometimes thatās after the first airdrop.)
Thu Nov 18 19:36:20 +0000 2021 (#)
RT @jljcolorado: 9/ CRITICALLY, ventilation is "not good" IN MOST INDOOR SPACES WORLDWIDE, including in advanced countries like US. Shouldnā¦
Thu Nov 18 20:30:22 +0000 2021 (#)
Replying to @BR3NDA
Yes, the reasoning seems to be āif we didnāt switch to the traffic light system, weād have to move Auckland to Level 2. So the traffic light system is better.ā
It also seems ābetterā here is āmore businesses can always operateā rather than specific health outcomes.
Fri Nov 19 04:01:07 +0000 2021 (#)
RT @alispagnola: Here's how I transformed Baby Shark to a Lady Gaga song...
Sat Nov 20 02:20:05 +0000 2021 (#)
Got my #NZCovid19 Vaccine Pass this afternoon in a couple of minutes (had registered earlier this month).
Iām rather surprised how small they made the QR code: 24x24mm printed out (to A4), and about 19x19mm in Apple Wallet on my phone (out of an area 55x80mm for the whole pass).
Sat Nov 20 02:34:19 +0000 2021 (#)
Replying to @ewenmcneill
Looks like the #NZCovid19 vaccine pass is an 81x81 position QR code, with about 620 Uppercase Alphanumeric symbols in it (out of a possible 854).
Which seems a lot to cram into a visually small QR code that needs to be scanned quickly š¤ https://www.sproutqr.com/blog/qr-code-types#toc-qr-code-version-guide
Sat Nov 20 02:42:46 +0000 2021 (#)
Replying to @ewenmcneill
In case it helps anyone the QR code in the PDF is a vector graphic so you can zoom into the PDF and take a āfull screenā screenshot, which may help if you need to show it to someone actually verifying the #NZCovid19 Vaccine Pass QR code. (I have a āVaccine Passā photo album now.)
Mon Nov 22 21:28:16 +0000 2021 (#)
New variation today on calling NZ Inland Revenue: takes all the details, then tells you āhigh call volumesā and offers to either schedule a call back or hang up without scheduling a callback. If you donāt want eitherā¦ it just insists you pick āschedule callbackā or āI give upā. https://twitter.com/ewenmcneill/status/1453835014584496131
Mon Nov 22 21:30:35 +0000 2021 (#)
Replying to @ewenmcneill
First available callback: tomorrow. Afternoon.
Itād obviously be rather more efficient to coordinate all of this via email, but IRD (a) takes 4-6 weeks to respond to MyIR messages, and (b) repeatedly fails to do what was requested even then. Hence phone calls š
Mon Nov 22 22:54:00 +0000 2021 (#)
Replying to @kiwibrew
Yes, I have a Chartered Accountant, who I also asked to follow this issue up with their IRD rep. I got the strong impression they too were struggling with IRD constantly rewriting their software and not responding to requests in a timely/useful fashion.
Mon Nov 22 23:15:58 +0000 2021 (#)
The #Covid19NZ Vaccine certificate verifier app is out today, and the Terms and Conditions include a link to some of the Vaccine Pass specifications (on GitHub), which includes verification steps. https://github.com/minhealthnz/nzcovidpass-spec https://www.health.govt.nz/our-work/diseases-and-conditions/covid-19-novel-coronavirus/covid-19-vaccines/my-covid-record-proof-vaccination-status/nz-pass-verifier https://covid19.govt.nz/alert-levels-and-updates/latest-updates/tech-ready-for-businesses-and-events-to-open-up-for-summer/
Mon Nov 22 23:22:35 +0000 2021 (#)
Replying to @ewenmcneill
The #NZCovid19 vaccine verifier app does install on iPhone 5S as claimed (oldest test device I have), and can scan my paper / Apple Wallet vaccine passes okay.
Scanning/verification takes ~7-10 seconds, including fancy āscanningā animation. (Possibly faster on newer phone? š¤)
Mon Nov 22 23:26:03 +0000 2021 (#)
Replying to @ewenmcneill
I suspect with practice (and a better phone camera) one could get the #NZCovid19 vaccination verification down to maybe 5 seconds per QR code, from a āhotā app (ie already used). About half of that is camera focusing on tiny QR code, and half is the āscanning animationā check.
Mon Nov 22 23:29:32 +0000 2021 (#)
Replying to @ewenmcneill
So hopefully the initial #NZCovid19 Vaccine Pass testing convinces the government to make the QR code print out/display bigger (~5 seconds best case is with āas providedā size).
https://twitter.com/ewenmcneill/status/1461882005260361736
Mon Nov 22 23:31:15 +0000 2021 (#)
Replying to @ewenmcneill
While ~5 seconds per #NZCovid19 Vaccine Pass scan is probably fine for small events, with few people, I suspect 5-15 seconds (plus finding pass) per person in a large event entry queue will become a significant amount of extra time.
Mon Nov 22 23:37:08 +0000 2021 (#)
Replying to @ewenmcneill
Also to note (mostly for those overseas) the #NZCovid19 Vaccine Pass (for domestic use only) has no other security features: as the Ministry of Health site warns āVisually checking passes is not enough to allow entryā, so proper QR code verification really matters here.
Mon Nov 22 23:40:27 +0000 2021 (#)
Replying to @kiwibrew
In this case I need a certificate issued by IRD to send to someone else (overseas), with my invoice, in order to get paid (proving to the other country that Iām tax resident here not in their country).
So no extension needed (my client gets ~3 months extra to get money ready š)
Tue Nov 23 00:09:27 +0000 2021 (#)
RT @xleem: @ewenmcneill and 5s is all assuming you're happy assuming the name the verifier shows you is actually the person in front of youā¦
Tue Nov 23 09:23:57 +0000 2021 (#)
Replying to @xleem
Supposedly (press conference, a month ago?, announcing Vaccine Passes) Google/Apple insist app approved for Bluetooth tracing API must only do tracing. Hence second app to show Vaccine Pass. But I agree it feels unnecessarily slow / inefficient.
Tue Nov 23 09:26:38 +0000 2021 (#)
Replying to @xleem
FWIW Iāve been scanning tracing QR codeās twice for over a year (Min Health tracer and Rippl), and itās pretty fast to do both as Iāve got them positioned on my home screen for easy opening. Iāve also got Apple Wallet there (with Vaccine Pass) so itās workable, but not ideal.
Wed Nov 24 01:58:42 +0000 2021 (#)
Replying to @ewenmcneill
To their credit IRDās phone system did call me back at the specified time, and conference bridge me to someone who investigated/explained. That was useful, other than the weird āboth received phone callsā verification dance.
Wed Nov 24 01:59:37 +0000 2021 (#)
Replying to @ewenmcneill
I now know the key reason for the delay: thereās one team in one office that handles this. Manukau, Auckland. 3 months in lockdown means no one has been in the office which means the usual issuance process hasnāt been followed.
Wed Nov 24 02:01:31 +0000 2021 (#)
Replying to @ewenmcneill
Itās unclear to me why someone at IRD couldnāt have said that ~2-3 months ago. Or diverted this āpaper requiredā task to some other IRD office.
But I guess my edge case didnāt feature in the Business Continuity planning š
Wed Nov 24 02:04:13 +0000 2021 (#)
Replying to @xleem
Totally, juggling apps is for the familiar.
Iām still using Rippl too because (a) it can record time at a location (up to 2 hours anyway), and (b) the āofficial appā was rather prone to not wanting to work when needed early on (eg logging itself out). So by habit I use both.
Wed Nov 24 02:32:16 +0000 2021 (#)
Replying to @dougludlow and @TProphet
Wed Nov 24 06:37:24 +0000 2021 (#)
Replying to @ewenmcneill
A great thread by Andrew Chen explaining why proper verification of #NZCovid19 Vaccine Passes is so important to them being effective.
Itās going to make a huge (NZ wide) health difference whether it is treated as āsecurity theatreā or actually enforced. https://mobile.twitter.com/andrewtychen/status/1462917008891146253
Thu Nov 25 05:55:58 +0000 2021 (#)
RT @RealSexyCyborg: 5 The problem on YT is clearly not my clothing- since countless others wear the same, the problem is I wear it while inā¦
Fri Nov 26 23:47:07 +0000 2021 (#)
RT @RealSexyCyborg: Once again, they were told, this was knownš https://twitter.com/RealSexyCyborg/status/1391395943732314112
Sat Nov 27 07:43:07 +0000 2021 (#)
RT @linuxconfau: Are you looking forward to attending #lca2022 in January 2022? We certainly are! 3 days of talks, 4 keynotes and 1 specialā¦
Sat Nov 27 20:08:36 +0000 2021 (#)
Replying to @RealSexyCyborg
Thereās definitely a masc āIāve never seen a problem I canāt solveā āsocial requirementā that contributes to this kind of response.
The bit that baffles me is not doing 15 seconds research to check if itās already been suggested, or is trivially disproven as the answer š¤
Sat Nov 27 20:11:26 +0000 2021 (#)
RT @KimZetter: South African virologist says vaccines appear to protect against severe illness from new Omicron strain of COVID. āthe greatā¦
Sun Nov 28 02:01:52 +0000 2021 (#)
If you remember .mod files and other sound tracker formats from the early 1990s BBS/online days then āTrackers: The Sound of 16-bitā is a fascinating summary of the history of competing tracker formats and music produced (~41 minutes). https://m.youtube.com/watch?v=roBkg-iPrbw
Sun Nov 28 21:59:50 +0000 2021 (#)
Replying to @ewenmcneill
My IRD paperwork saga does have a happy ending: after 4 MyIR messages (over ~3 months) and several phone calls I got the relevant ācertificateā as a PDF, and was able to persuade my overseas party to accept a PDF instead of stamped paperwork ābecause of Covid-19ā.
Sun Nov 28 22:02:31 +0000 2021 (#)
Replying to @ewenmcneill
Actual payment arrived in a couple of days once the bureaucratic steps to unlock it in both countries were completed. (International electronic payments are way faster than the foreign currency cheque someone else insisted on sending earlier this year!)
Mon Nov 29 01:46:21 +0000 2021 (#)
Replying to @BR3NDA
Hopefully they also donāt fix that ambiguity by declaring ā12+ must be Covid-19 vaccinatedā since that creates a weird month long āmust be vaccinated, but canāt have been fully vaccinated yetā window.
ā13+ must show Covid-19 Vaccine Pass on entryā or similar would be clearer.
Mon Nov 29 06:47:52 +0000 2021 (#)
Replying to @tveastman
Best case: there are spot checks of larger venues (eg over āneed Passesā limits) to check everyone has a valid pass.
Likely case: āeveryone be on your best behaviour pleaseā, with no actual enforcement beyond whatever businesses do themselves.
Mon Nov 29 06:50:20 +0000 2021 (#)
Replying to @tveastman
It was already implied in a press conference (last week?) that the Police consider it impossible to (fully) enforce. And that itāll be spot checks at best.
TBH it feels very āSecurity Theatreā to me. (Although I do appreciate the increased vaccination rates it caused š)
Mon Nov 29 20:00:35 +0000 2021 (#)
Really good writeup by Slack of their DNSSEC related issues back in September.
TL;DR: an edge case in Route53 NSEC responses to lookups matching a wildcard record caught them out, then they compounded the problem by misunderstanding caching of DS records in parent zone. https://twitter.com/dnsoarc/status/1465350354594189314
Mon Nov 29 20:05:10 +0000 2021 (#)
Replying to @ewenmcneill
Thereās also slides from the DNS OARC36 talk, but most of the useful diagrams are also in the writeup.
The AWS Route53 wildcard NSEC edge case has apparently been fixed now (extra info: no record of that type exists but other types exist). https://twitter.com/dnsoarc/status/1465345460395118593
Tue Nov 30 01:36:48 +0000 2021 (#)
Replying to @xssfox and @BR3NDA
Yes itās definitely a bad print out (repeated paper misfeed?) and they should print it again.
But it does also scan repeatedly even from the photo on iPhone 8 and iPhone SE 2020 (at least in camera app). So I understand the āworks for meā shrug response a bit.
Tue Nov 30 01:44:58 +0000 2021 (#)
Replying to @xssfox
FTR, iPhone 5S struggled to scan it from the photo. One scan got COVID Tracer data link, and a few more got a QR code with āno usable data foundā, but very slow to recognise QR code existed. So itās definitely a marginal QR code.
(5S is iOS 12, and ~8 year old camera hardware.)