Twitter: @ewenmcneill -- November 2021

Sun Oct 31 19:15:48 +0000 2021 (#)

A fun tale of debugging a multi-step memory corruption bug on an computer without memory protection, or modern debug tools, or a minimised reproducible triggering use case.

All the more fun because it involves the computer system (Amstrad CPC) that I had growing up 💜

Mon Nov 01 03:30:14 +0000 2021 (#)

“Our #NZCovid19 case numbers are up, especially among Maori, but not as much as we projected, so that’s why we’re going ahead with relaxing restrictions” (this week Waikato; next week Auckland).

That’s got strong “not using enough of our error budget” energy 😬

Mon Nov 01 03:36:54 +0000 2021 (#)

Replying to @ewenmcneill

Apparently we’ve just hit “80% eligible population” double vaccinated for #NZCovid19 (good progress).

But it feels like there’s unwillingness to wait for the planned 90% eligible (~70-75% total pop) double dose level for the plans announced a week ago.

Mon Nov 01 03:41:50 +0000 2021 (#)

RT @ExcitedLeigh: There's hot takes about how this isn't a "real" vuln, or a vuln in Rust, but if you've got a situation where someone coul…

Mon Nov 01 09:25:56 +0000 2021 (#)

Replying to @ewenmcneill

I just realised what bothers me most about the recent #NZCovid19 government response changes: it feels like now we’re repeatedly failing the marshmallow test this year, after doing so well on delayed gratification last year/earlier this year.

Tue Nov 02 21:02:31 +0000 2021 (#)

Replying to @felix1234

It’s good to hear there’s at least an option for those without NZ/AU driver’s license/passport.

But I agree verified RealMe via in person verification, just to get an online vaccination certificate, does seem a lot of hoops.

Hopefully they add more direct options soon.

Tue Nov 02 21:17:28 +0000 2021 (#)

RT @RealSexyCyborg: Now Live!

The @Razer Zephyr Is Useless- But It Has Potential

Full engineering breakdown, what the Zephyr does right,…

Wed Nov 03 02:41:28 +0000 2021 (#)

Ansible magically figures out Ansible module dependencies and makes them available on the remote system for the module to run.

How I’d assumed it worked: load module locally, walk the imported path, copy those.

How it actually works: regexes.

Wed Nov 03 02:44:37 +0000 2021 (#)

Replying to @ewenmcneill

This matters because it means “try” / “except” around imports doesn’t stop import failures of ansible module_util modules (ie anything matching those regexes). Because it wants to find and copy over both versions.

Wed Nov 03 02:47:28 +0000 2021 (#)

Replying to @ewenmcneill

Which in my case matters because ansible-freeipa installed from RPM and ansible_freeipa installed from Ansible Galaxy live at (very) different module paths and thus need importing differently. So cross platform compatibility is… difficult 😢

Wed Nov 03 03:05:10 +0000 2021 (#)

Replying to @ewenmcneill

The ansible-freeipa Ansible Galaxy release process solves this with a bunch of sed and other shell script magic.

But that doesn’t help for role local “library” modules that try to build on the same ansible-freeipa foundations separately.

Wed Nov 03 04:23:09 +0000 2021 (#)

Replying to @ewenmcneill

In theory I could work around this with a symlink somewhere on the python path. In practice not so much 😢

Python 3 doesn’t need, but if you have one it effectively shadows the top level module (at least, maybe whole module).

Wed Nov 03 04:34:07 +0000 2021 (#)

Replying to @ewenmcneill

But the Ansible module exporter has its own ideas about how to find things, a bunch of references to, and doesn’t seem willing to follow my symlinks at any useful search depth without, even on fairly recent Python 3 😢

Wed Nov 03 06:07:56 +0000 2021 (#)

Found a workaround that doesn’t involve 2 copies of the scripts: role/FOO/meta.yml aliasing allows finding Ansible modules.

There’s exactly 1 Ansible FreeIPA module_utils module I care about: it works if I symlink in deb/rpm packaged ansible/module_utils.

Wed Nov 03 06:11:41 +0000 2021 (#)

Replying to @ewenmcneill

I’m glad I finally found a workaround. I dislike that it involves injecting symlinks into /usr/lib/python*/{dist,site}-packages. But nothing else worked.

So now the Ansible Server setup Ansible role does this, if required, auto discovering the packaged ansible/module_utils dir.

Thu Nov 04 06:32:08 +0000 2021 (#)

Replying to @pjf

They’re good keybindings though 💖

(Turns out I too am “older than vi” 😮)

FWIW I long ago concluded general IT renewal trends routinely used up my quota of “good with change”. Some days it feels like IT fashion moves 10x faster than clothing fashion 😢

Thu Nov 04 06:53:36 +0000 2021 (#)

RT @mjg59: 50 years ago, the first edition of Unix was released. This has made a lot of people very angry and has been widely regarded as a…

Thu Nov 04 19:50:05 +0000 2021 (#)

Replying to @thatcks

There are tools to convert MH mailboxes to Maildir (format used by many IMAP servers). And IIRC at least one IMAP server that supported MH storage format.

“Modern IMAP client that I liked” is harder: I use several, and they’re all “okay” at best. But IMAP helps use several.

Thu Nov 04 21:15:02 +0000 2021 (#)

Replying to @RealSexyCyborg

“If you’d like to be cool in an impractical kind of way like me, I’ll put the link in the description box.” 😂

(Definitely another review well worth watching to the end!)

Fri Nov 05 20:44:34 +0000 2021 (#)

RT @DrJinRussell: A mini thread on why NZ needs to quickly up our game on rapid antigen testing and why we can learn from Singapore (and ot…

Sat Nov 06 00:59:24 +0000 2021 (#)

Replying to @sophywong

If the new MagSafe adapters are anything like the old (1 to 2) ones, they’re pretty marginal reliability when connecting. It’s okay on a desk once it’s in place, and nothing moves. But on connecting power up it usually takes a few attempts/extra pressure to recognise the charger.

Sat Nov 06 01:09:01 +0000 2021 (#)

RT @tveastman: This is what the rename was for: so they can say "Facebook won't do xxx anymore" while meta does exactly xxx…

Sat Nov 06 01:18:52 +0000 2021 (#)

Replying to @minxdragon

More generally, almost any opening greeting is both political and othering. Even the common ones. Especially the common ones.

Framing matters.

Sat Nov 06 05:59:10 +0000 2021 (#)

Replying to @Danjite

I believe I’ve finally figured out where you flew, and why.

Good topic to talk about, and the “fireside chat” format seemed to work. Hope the stress of “getting there to present in person” wasn’t too bad 💚

Sat Nov 06 06:14:23 +0000 2021 (#)

The best time to start getting vaccinated (in New Zealand) was at least 2 months ago; the second best time is this weekend.

80+% of 12+ New Zealanders are already vaccinated ahead of you. You definitely know someone with personal experience to ask if you have questions.

Mon Nov 08 05:12:58 +0000 2021 (#)

Replying to @ExcitedLeigh

Settings -> Notifications-> Photos -> Memories: Off

Made my life better. I’m not sure it stops it making memories, but they’re no longer shoved in my face, so I’ve not seen any “memories” for years.

Mon Nov 08 09:22:13 +0000 2021 (#)

RT @ExcitedLeigh: I recently got the opportunity to pull some folks off of different teams at work to form a "strike team" to get something…

Mon Nov 08 09:27:16 +0000 2021 (#)

Replying to @__fincham

Modern X11 largely relies on client side font rendering (via xft), which in turn relies on the clients having fonts available. Most still fall back to 1980s font rendering if client side isn’t available, with the handful of built in fonts.

Mon Nov 08 09:29:58 +0000 2021 (#)

Replying to @__fincham

From memory ~/.Xresources is for Xlib (server side) font rendering/selection. And xft has its own configuration file.

Most Linux distros preinstall xft and fonts for you; X11 on macOS is rather more BYO.

So I’d start by figuring out which font rendering was active…

Mon Nov 08 20:01:45 +0000 2021 (#)

Replying to @GyledC

I’ve long suspected that installs that cable tied down are installed “by the rack” or “by the datacentre”. Ie if anything fails it’s just turned off / ignored until they roll in a new rack.

(It’s possible to get close with hook/loop wraps though, and that’s more maintainable.)

Tue Nov 09 00:51:27 +0000 2021 (#)

Replying to @aurynn

Matrix is what I see suggested most as a “better than IRC, not Slack or Discord” option. Matrix is particularly good at bridging into other systems (including IRC).

I’ve heard of Mattermost and RocketChat, but haven’t really heard of communities actively using them.

Tue Nov 09 06:42:00 +0000 2021 (#)

RT @tommarmstrong: A really interesting article on the check in QR codes. “Mechanical sympathy for QR codes: making NSW check-in better” ht…

Tue Nov 09 09:39:12 +0000 2021 (#)

RT @DrStruthers: It’s about time they set a Hitchcock-style black and white thriller movie in a watchmaker’s workshop. This is George the 1…

Wed Nov 10 20:46:41 +0000 2021 (#)

RT @alicegoldfuss: puts work pronouns in the sink takes good pronouns out of the display cabinet

Thu Nov 11 03:49:45 +0000 2021 (#)

Achievement unlocked: first phishing/spam email received in Maori ✨

Thu Nov 11 06:29:18 +0000 2021 (#)

Replying to @gregdotexe

That was 💯 my thought when I realised it was actual phishing in Maori.

It’s a living language again y’all 💚

Thu Nov 11 06:32:01 +0000 2021 (#)

Replying to @__fincham

Yeah, in general most built-for-Mac software is better tested with the Quartz or other native backends. I’m only using X11 on macOS for a couple of things which either aren’t ported, or where I’d already fine tuned the display for X11 and the native backend looked worse.

Sat Nov 13 00:21:12 +0000 2021 (#)

RT @bestinsio: I dont know what gender I was assigned at birth. I dont remember anything from that day

Sat Nov 13 08:00:58 +0000 2021 (#)

Me to Mobile Safari (iOS): this is an interesting page, I’d like to airdrop it to my other device.

Mobile Safari: sure, ready to airdrop a link, where to?

Me: is it the page I was looking at?

Mobile Safari: …. maybe? 🤷‍♂️

Me: Maybe?! 🤔

Narrator: often it is not 😔

Sat Nov 13 08:02:47 +0000 2021 (#)

Replying to @ewenmcneill

As best I can tell from watching closely over the last couple of years, initially it is the page I’m looking at and wanting to share to my other device.

Then something rediscovers then URL from recently loaded pages, and decides to share that instead 😬

Sat Nov 13 08:05:36 +0000 2021 (#)

Replying to @ewenmcneill

Shoutout to the programmer who decided the best way to find the URL of the current tab was to look at “recently loaded URLs” and pick the most recent 😢

(Usually reloading the tab once, or sometimes twice, before sharing fixes this. Sometimes that’s after the first airdrop.)

Thu Nov 18 19:36:20 +0000 2021 (#)

RT @jljcolorado: 9/ CRITICALLY, ventilation is "not good" IN MOST INDOOR SPACES WORLDWIDE, including in advanced countries like US. Shouldn…

Thu Nov 18 20:30:22 +0000 2021 (#)

Replying to @BR3NDA

Yes, the reasoning seems to be “if we didn’t switch to the traffic light system, we’d have to move Auckland to Level 2. So the traffic light system is better.”

It also seems “better” here is “more businesses can always operate” rather than specific health outcomes.

Fri Nov 19 04:01:07 +0000 2021 (#)

RT @alispagnola: Here's how I transformed Baby Shark to a Lady Gaga song...

Sat Nov 20 02:20:05 +0000 2021 (#)

Got my #NZCovid19 Vaccine Pass this afternoon in a couple of minutes (had registered earlier this month).

I’m rather surprised how small they made the QR code: 24x24mm printed out (to A4), and about 19x19mm in Apple Wallet on my phone (out of an area 55x80mm for the whole pass).

Sat Nov 20 02:34:19 +0000 2021 (#)

Replying to @ewenmcneill

Looks like the #NZCovid19 vaccine pass is an 81x81 position QR code, with about 620 Uppercase Alphanumeric symbols in it (out of a possible 854).

Which seems a lot to cram into a visually small QR code that needs to be scanned quickly 🤔

Sat Nov 20 02:42:46 +0000 2021 (#)

Replying to @ewenmcneill

In case it helps anyone the QR code in the PDF is a vector graphic so you can zoom into the PDF and take a “full screen” screenshot, which may help if you need to show it to someone actually verifying the #NZCovid19 Vaccine Pass QR code. (I have a “Vaccine Pass” photo album now.)

Mon Nov 22 21:28:16 +0000 2021 (#)

New variation today on calling NZ Inland Revenue: takes all the details, then tells you “high call volumes” and offers to either schedule a call back or hang up without scheduling a callback. If you don’t want either… it just insists you pick “schedule callback” or “I give up”.

Mon Nov 22 21:30:35 +0000 2021 (#)

Replying to @ewenmcneill

First available callback: tomorrow. Afternoon.

It’d obviously be rather more efficient to coordinate all of this via email, but IRD (a) takes 4-6 weeks to respond to MyIR messages, and (b) repeatedly fails to do what was requested even then. Hence phone calls 😔

Mon Nov 22 22:54:00 +0000 2021 (#)

Replying to @kiwibrew

Yes, I have a Chartered Accountant, who I also asked to follow this issue up with their IRD rep. I got the strong impression they too were struggling with IRD constantly rewriting their software and not responding to requests in a timely/useful fashion.

Mon Nov 22 23:15:58 +0000 2021 (#)

The #Covid19NZ Vaccine certificate verifier app is out today, and the Terms and Conditions include a link to some of the Vaccine Pass specifications (on GitHub), which includes verification steps.

Mon Nov 22 23:22:35 +0000 2021 (#)

Replying to @ewenmcneill

The #NZCovid19 vaccine verifier app does install on iPhone 5S as claimed (oldest test device I have), and can scan my paper / Apple Wallet vaccine passes okay.

Scanning/verification takes ~7-10 seconds, including fancy “scanning” animation. (Possibly faster on newer phone? 🤔)

Mon Nov 22 23:26:03 +0000 2021 (#)

Replying to @ewenmcneill

I suspect with practice (and a better phone camera) one could get the #NZCovid19 vaccination verification down to maybe 5 seconds per QR code, from a “hot” app (ie already used). About half of that is camera focusing on tiny QR code, and half is the “scanning animation” check.

Mon Nov 22 23:29:32 +0000 2021 (#)

Replying to @ewenmcneill

So hopefully the initial #NZCovid19 Vaccine Pass testing convinces the government to make the QR code print out/display bigger (~5 seconds best case is with “as provided” size).

Mon Nov 22 23:31:15 +0000 2021 (#)

Replying to @ewenmcneill

While ~5 seconds per #NZCovid19 Vaccine Pass scan is probably fine for small events, with few people, I suspect 5-15 seconds (plus finding pass) per person in a large event entry queue will become a significant amount of extra time.

Mon Nov 22 23:37:08 +0000 2021 (#)

Replying to @ewenmcneill

Also to note (mostly for those overseas) the #NZCovid19 Vaccine Pass (for domestic use only) has no other security features: as the Ministry of Health site warns “Visually checking passes is not enough to allow entry”, so proper QR code verification really matters here.

Mon Nov 22 23:40:27 +0000 2021 (#)

Replying to @kiwibrew

In this case I need a certificate issued by IRD to send to someone else (overseas), with my invoice, in order to get paid (proving to the other country that I’m tax resident here not in their country).

So no extension needed (my client gets ~3 months extra to get money ready 😔)

Tue Nov 23 00:09:27 +0000 2021 (#)

RT @xleem: @ewenmcneill and 5s is all assuming you're happy assuming the name the verifier shows you is actually the person in front of you…

Tue Nov 23 09:23:57 +0000 2021 (#)

Replying to @xleem

Supposedly (press conference, a month ago?, announcing Vaccine Passes) Google/Apple insist app approved for Bluetooth tracing API must only do tracing. Hence second app to show Vaccine Pass. But I agree it feels unnecessarily slow / inefficient.

Tue Nov 23 09:26:38 +0000 2021 (#)

Replying to @xleem

FWIW I’ve been scanning tracing QR code’s twice for over a year (Min Health tracer and Rippl), and it’s pretty fast to do both as I’ve got them positioned on my home screen for easy opening. I’ve also got Apple Wallet there (with Vaccine Pass) so it’s workable, but not ideal.

Wed Nov 24 01:58:42 +0000 2021 (#)

Replying to @ewenmcneill

To their credit IRD’s phone system did call me back at the specified time, and conference bridge me to someone who investigated/explained. That was useful, other than the weird “both received phone calls” verification dance.

Wed Nov 24 01:59:37 +0000 2021 (#)

Replying to @ewenmcneill

I now know the key reason for the delay: there’s one team in one office that handles this. Manukau, Auckland. 3 months in lockdown means no one has been in the office which means the usual issuance process hasn’t been followed.

Wed Nov 24 02:01:31 +0000 2021 (#)

Replying to @ewenmcneill

It’s unclear to me why someone at IRD couldn’t have said that ~2-3 months ago. Or diverted this “paper required” task to some other IRD office.

But I guess my edge case didn’t feature in the Business Continuity planning 😃

Wed Nov 24 02:04:13 +0000 2021 (#)

Replying to @xleem

Totally, juggling apps is for the familiar.

I’m still using Rippl too because (a) it can record time at a location (up to 2 hours anyway), and (b) the “official app” was rather prone to not wanting to work when needed early on (eg logging itself out). So by habit I use both.

Wed Nov 24 02:32:16 +0000 2021 (#)

Replying to @dougludlow and @TProphet

Wed Nov 24 06:37:24 +0000 2021 (#)

Replying to @ewenmcneill

A great thread by Andrew Chen explaining why proper verification of #NZCovid19 Vaccine Passes is so important to them being effective.

It’s going to make a huge (NZ wide) health difference whether it is treated as “security theatre” or actually enforced.

Thu Nov 25 05:55:58 +0000 2021 (#)

RT @RealSexyCyborg: 5 The problem on YT is clearly not my clothing- since countless others wear the same, the problem is I wear it while in…

Fri Nov 26 23:47:07 +0000 2021 (#)

RT @RealSexyCyborg: Once again, they were told, this was known🙄

Sat Nov 27 07:43:07 +0000 2021 (#)

RT @linuxconfau: Are you looking forward to attending #lca2022 in January 2022? We certainly are! 3 days of talks, 4 keynotes and 1 special…

Sat Nov 27 20:08:36 +0000 2021 (#)

Replying to @RealSexyCyborg

There’s definitely a masc “I’ve never seen a problem I can’t solve” “social requirement” that contributes to this kind of response.

The bit that baffles me is not doing 15 seconds research to check if it’s already been suggested, or is trivially disproven as the answer 🤔

Sat Nov 27 20:11:26 +0000 2021 (#)

RT @KimZetter: South African virologist says vaccines appear to protect against severe illness from new Omicron strain of COVID. “the great…

Sun Nov 28 02:01:52 +0000 2021 (#)

If you remember .mod files and other sound tracker formats from the early 1990s BBS/online days then “Trackers: The Sound of 16-bit” is a fascinating summary of the history of competing tracker formats and music produced (~41 minutes).

Sun Nov 28 21:59:50 +0000 2021 (#)

Replying to @ewenmcneill

My IRD paperwork saga does have a happy ending: after 4 MyIR messages (over ~3 months) and several phone calls I got the relevant “certificate” as a PDF, and was able to persuade my overseas party to accept a PDF instead of stamped paperwork “because of Covid-19”.

Sun Nov 28 22:02:31 +0000 2021 (#)

Replying to @ewenmcneill

Actual payment arrived in a couple of days once the bureaucratic steps to unlock it in both countries were completed. (International electronic payments are way faster than the foreign currency cheque someone else insisted on sending earlier this year!)

Mon Nov 29 01:46:21 +0000 2021 (#)

Replying to @BR3NDA

Hopefully they also don’t fix that ambiguity by declaring “12+ must be Covid-19 vaccinated” since that creates a weird month long “must be vaccinated, but can’t have been fully vaccinated yet” window.

“13+ must show Covid-19 Vaccine Pass on entry” or similar would be clearer.

Mon Nov 29 06:47:52 +0000 2021 (#)

Replying to @tveastman

Best case: there are spot checks of larger venues (eg over “need Passes” limits) to check everyone has a valid pass.

Likely case: “everyone be on your best behaviour please”, with no actual enforcement beyond whatever businesses do themselves.

Mon Nov 29 06:50:20 +0000 2021 (#)

Replying to @tveastman

It was already implied in a press conference (last week?) that the Police consider it impossible to (fully) enforce. And that it’ll be spot checks at best.

TBH it feels very “Security Theatre” to me. (Although I do appreciate the increased vaccination rates it caused 👍)

Mon Nov 29 20:00:35 +0000 2021 (#)

Really good writeup by Slack of their DNSSEC related issues back in September.

TL;DR: an edge case in Route53 NSEC responses to lookups matching a wildcard record caught them out, then they compounded the problem by misunderstanding caching of DS records in parent zone.

Mon Nov 29 20:05:10 +0000 2021 (#)

Replying to @ewenmcneill

There’s also slides from the DNS OARC36 talk, but most of the useful diagrams are also in the writeup.

The AWS Route53 wildcard NSEC edge case has apparently been fixed now (extra info: no record of that type exists but other types exist).

Tue Nov 30 01:36:48 +0000 2021 (#)

Replying to @xssfox and @BR3NDA

Yes it’s definitely a bad print out (repeated paper misfeed?) and they should print it again.

But it does also scan repeatedly even from the photo on iPhone 8 and iPhone SE 2020 (at least in camera app). So I understand the “works for me” shrug response a bit.

Tue Nov 30 01:44:58 +0000 2021 (#)

Replying to @xssfox

FTR, iPhone 5S struggled to scan it from the photo. One scan got COVID Tracer data link, and a few more got a QR code with “no usable data found”, but very slow to recognise QR code existed. So it’s definitely a marginal QR code.

(5S is iOS 12, and ~8 year old camera hardware.)