This Blog Is Not For Reading

A blog, just like any blog, only more so

  • Subscribe

  • Categories

  • RSS Bob Jonkman’s Microblog

    • New note by bobjonkman 12 December 2017
      And just to get this thread in the appropriate hashtag lists: #KWLinuxfest #Linuxfest #GNULinuxfest #Kitchener #Waterloo #Ontario #Canada
    • New note by bobjonkman 12 December 2017
      We're looking for a new venue, too. Possibly one of the local tech companies that uses and contributes to GNU/Linux and #FreeSoftware
    • New note by bobjonkman 12 December 2017
      I know... The founder and primary organizer Colin Mills @_c_jm@twitter.com is a student at Conestoga College so we were holding the event there. But there was a strike by Ontario's college staff and faculty, and the school year got compressed, so the venue was no longer available on the original date, and Colin will be […]
    • New note by bobjonkman 11 December 2017
      93.6% in fact. I'm having a 50% probability of errors while mathing today.
    • New note by bobjonkman 11 December 2017
      If you've got a 6.4% probability to miss in all three turns, then for the next three turns I would expect a 93% probability of getting at least one hit -- much higher than the probability of missing three turns in a row again!
    • New note by bobjonkman 11 December 2017
      Exactly! So if your typical hit rate is 50%, but you have a run of misses, then for the next run I would expect a hit rate of 50% -- much higher than your previous run of misses! :-)
    • New note by bobjonkman 11 December 2017
      OK, what do this company do? "$COMPANY invests in and supports experienced operators and world-class researchers to build transformative businesses and products for global markets based on classical technologies."
    • New note by bobjonkman 11 December 2017
      Do they publish a calendar in machine-readable format? ie. iCal or CalDAV or even just a static .ics file? #CALSCH
    • New note by bobjonkman 11 December 2017
      Poor you. I haven't needed to touch ArcServe in over a decade, back on Novell Netware systems. Whenever there was a problem, ArcServe was always a contributor, somehow.
    • New note by bobjonkman 11 December 2017
      That's not incorrect. If your unit misses several times, then you should expect to hit more frequently after a run of misses, assuming your normal average of hits is greater than zero.

How To Create an Encrypted Drive in a File Container

Posted by Bob Jonkman on October 9th, 2017

Inspired by The Linux Experiment, I want to create an encrypted drive in a file container using only the command line.

Creating an encrypted file container

Create the container file. We’ll call it containerfile.img:


laptop:~/temp$ fallocate -l 250MB containerfile.img

laptop:~/temp$ ls -l
total 244148
-rw-rw-r-- 1 bjonkman bjonkman 250000000 Oct  8 22:45 containerfile.img

laptop:~/temp$

Create the encrypted LUKS volume. Note that creating volumes and file systems requires elevated privileges, so we use the sudo command:


laptop:~/temp$ sudo cryptsetup luksFormat containerfile.img 
[sudo] password for bjonkman: 

WARNING!
========
This will overwrite data on containerfile.img irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
Verify passphrase: 
Command successful.

laptop:~/temp$

Of course, the passphrase doesn’t show on the screen, not even as asterisks. That would give a shouldersurfer an idea of how long the passphrase is. It is a long passphrase, right?

Open the encrypted LUKS volume, which we’ll call cryptvolume:


laptop:~/temp$ sudo cryptsetup luksOpen containerfile.img cryptvolume
Enter passphrase for containerfile.img: 

laptop:~/temp$

Let’s see if the encrypted LUKS volume exists:


laptop:~/temp$ lsblk
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0 465.8G  0 disk  
├─sda1                                          8:1    0   243M  0 part  
├─sda2                                          8:2    0    14G  0 part  /
└─sda3                                          8:3    0     1K  0 part  
loop4                                           7:4    0 238.4M  0 loop  
└─cryptvolume                                 252:11   0 236.4M  0 crypt 

laptop:~/temp$

Yay!

Now we create a filesystem inside the encrypted LUKS volume. We’ll give it the label cryptdrive:


laptop:~/temp$ sudo mkfs -L cryptdrive -t ext4 /dev/mapper/cryptvolume 
mke2fs 1.42.13 (17-May-2015)
Creating filesystem with 253952 1k blocks and 63488 inodes
Filesystem UUID: 040765be-eddb-4ea6-b8d8-594b81233465
Superblock backups stored on blocks: 
	8193, 24577, 40961, 57345, 73729, 204801, 221185

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done 

laptop:~/temp$

Create a mount point, which we’ll call mountpoint, then mount the encrypted drive:


laptop:~/temp$ mkdir mountpoint

laptop:~/temp$ sudo mount /dev/mapper/cryptvolume mountpoint

laptop:~/temp$ lsblk
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0 465.8G  0 disk  
├─sda1                                          8:1    0   243M  0 part  
├─sda2                                          8:2    0    14G  0 part  /
└─sda3                                          8:3    0     1K  0 part  
loop4                                           7:4    0 238.4M  0 loop  
└─cryptvolume                                 252:11   0 236.4M  0 crypt /home/bjonkman/temp/mountpoint

laptop:~/temp$ ls -l
total 244149
-rw-rw-r-- 1 bjonkman bjonkman 250000000 Oct  8 23:19 containerfile.img
drwxr-xr-x 3 root     root          1024 Oct  8 23:14 mountpoint

laptop:~/temp$

Note that the encrypted file system still belongs to root:root because we used the sudo command.

Change file ownership to bjonkman:bjonkman so I can read/write to it without elevated permissions:


laptop:~/temp$ sudo chown bjonkman: mountpoint/

laptop:~/temp$ ls -l
total 244149
-rw-rw-r-- 1 bjonkman bjonkman 250000000 Oct  8 23:19 containerfile.img
drwxr-xr-x 3 bjonkman bjonkman      1024 Oct  8 23:14 mountpoint

laptop:~/temp$

Since an encrypted container file is probably secret, it shouldn’t be visible to groups or others, so remove those file permissions:


laptop:~/temp$ chmod go-rwx containerfile.img 

laptop:~/temp$ ls -l
total 244149
-rw------- 1 bjonkman bjonkman 250000000 Oct  8 23:34 containerfile.img
drwxr-xr-x 3 bjonkman bjonkman      1024 Oct  8 23:14 mountpoint

laptop:~/temp$

Do some work in the encrypted drive:


laptop:~/temp$ echo "Hello World" > mountpoint/hello.txt

laptop:~/temp$ ls -l mountpoint/
total 13
-rw-rw-r-- 1 bjonkman bjonkman    12 Oct  8 23:53 hello.txt
drwx------ 2 root     root     12288 Oct  8 23:14 lost+found

laptop:~/temp$

And finally, unmount the encrypted filesystem and close the encrypted volume:


laptop:~/temp$ sudo umount mountpoint/

laptop:~/temp$ sudo cryptsetup luksClose cryptvolume 

laptop:~/temp$

Using an encrypted file container

Next time you want to do some work:


laptop:~/temp$ sudo cryptsetup luksOpen containerfile.img cryptvolume
Enter passphrase for containerfile.img: 

laptop:~/temp$ sudo mount /dev/mapper/cryptvolume mountpoint

laptop:~/temp$ echo "Hello again" > mountpoint/again.txt

laptop:~/temp$ ls -l mountpoint/
total 14
-rw-rw-r-- 1 bjonkman bjonkman    12 Oct  9 00:12 again.txt
-rw-rw-r-- 1 bjonkman bjonkman    12 Oct  8 23:53 hello.txt
drwx------ 2 root     root     12288 Oct  8 23:14 lost+found

laptop:~/temp$ sudo umount mountpoint/

laptop:~/temp$ sudo cryptsetup luksClose cryptvolume 

laptop:~/temp$

Using an encrypted file container from the GUI

Once the encrypted file container has been created you can open it from the graphical file manager just by double-clicking:
File manager window

Enter the passphrase to unlock the volume:
A file manager window and a password prompt window

A file manager window for the encrypted volume opens:
Two file manager windows

Note that the mountpoint is /media/bjonkman/cryptdrive/, chosen by the Gnome Disk Mounter application that runs when you doubleclick the container:


laptop:~/temp$ lsblk
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0 465.8G  0 disk  
├─sda1                                          8:1    0   243M  0 part  
├─sda2                                          8:2    0    14G  0 part  /
└─sda3                                          8:3    0     1K  0 part  
loop5                                           7:5    0 238.4M  1 loop  
└─luks-54f8e41b-73bf-4adf-aa29-a147733c5202   252:11   0 236.4M  1 crypt /media/bjonkman/cryptdrive

laptop:~/temp$

Also, note that the encrypted drive is mounted read-only:


laptop:~/temp$ mount | grep cryptdrive
/dev/mapper/luks-54f8e41b-73bf-4adf-aa29-a147733c5202 on /media/bjonkman/cryptdrive type ext4 (ro,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)

laptop:~/temp$

Gnome Disk Mounter can be launched from the command line with a --writeable or -w parameter:
Command line window and Enter Passphrase window

Happily, this all works without elevated privileges; no sudo required. I don’t know how to open an encrypted file container using only command line tools without using sudo, nor how to launch Gnome Disk Manager in writeable mode just by doubleclicking — if you know, leave a comment or send me e-mail!

TL;DR:


fallocate -l 250MB containerfile.img

sudo cryptsetup luksFormat containerfile.img

sudo cryptsetup luksOpen containerfile.img cryptvolume

sudo mkfs -L cryptdrive -t ext4 /dev/mapper/cryptvolume

mkdir mountpoint

sudo mount /dev/mapper/cryptvolume mountpoint

sudo chown bjonkman: mountpoint/

chmod go-rwx containerfile.img

(do some work)

sudo umount mountpoint/

sudo cryptsetup luksClose cryptvolume

-----

sudo cryptsetup luksOpen containerfile.img cryptvolume
sudo mount /dev/mapper/cryptvolume mountpoint
(do some work)
sudo umount mountpoint/
sudo cryptsetup luksClose cryptvolume

Tags: , , ,
Posted in Crypto, GNU/Linux | 1 Comment »

Pictures of #SysAdminDay Dinner 2017 at @Abe_Erb

Posted by Bob Jonkman on August 4th, 2017

The last Friday in July is System Administrator Appreciation Day, and SysAdmins from Kitchener-Waterloo went to the Abe Erb Restaurant and Brewery for dinner.

Abe Erb Brewing Company

Abe Erb Brewing Company

The Whole Gang (almost)

The Whole Gang (almost)

Infinite Beer

Infinite Beer

Having a laugh

Having a laugh

Beer Valves

Beer Valves

Jean and Laurel

Jean and Laurel

Beer Console

Beer Console

Beer Admin

Beer Admin

More SysAdmins

More SysAdmins

Beer Vat

Beer Vat

Empties

Empties

Ooh, The Shiny!

Ooh, The Shiny!

Something is funny

Something is funny

Acidulated Malt

Acidulated Malt

A beer thing

A beer thing

Tech Talk

Tech Talk

Wild Goose

Wild Goose

Such shiny things!

Such shiny things!

Having dinner

Having dinner

In The Brewery

In The Brewery

Twilight

Twilight

SysAdminDay

SysAdminDay

There are more pictures in the SysAdminDay gallery.

Pictures taken at the System Administrator Appreciation Day Dinner at the Abe Erb Restaurant and Brewery on Friday, 28 July 2017.

Pictures by Laurel L. Russwurm, used under a CC-BYCC BY 4.0 license.

Tags: , , , , ,
Posted in Events, System Administration | No Comments »

Planning #SysAdminDay Dinner

Posted by Bob Jonkman on June 28th, 2017

It’s a go! Reservations made for Friday, 28 July 2017 from 6:00pm to 9:00pm at Abe Erb’s at 151 Charles St, Kitchener Map.

Abe Erb’s is popular too, they’re so busy on a Friday that dinner orders are taken at 7:00pm. But I suspect they don’t mind us staying longer and enjoying their beverages…

System Administrators at the Egg Roll King Restaurant, 29 July 2016

System Administrators at the Egg Roll King Restaurant, 29 July 2016

The year is rapidly closing in on System Administrator Appreciation Day, held every year on the last Friday of July, the 28th this year. In the Kitchener-Waterloo area that means System Administrators appreciate each other with a SysAdmin Day Dinner.

Egg Roll King

Egg Roll King Restaurant

Unfortunately, my favourite restaurant Egg Roll King is doing extremely well. So well that Tony, the Egg Roll King himself, is too busy to have dine-in customers on Fridays and Saturdays.

So, unless we want to sit on the sidewalk eating take-out, we have to find a new venue.

Let’s use this poll to figure out attendance as well as venue. On Monday, 24 July 2017 at noon I’ll count the total number of responses, then make a reservation at the most popular choice. Vote early, vote often, vote for your family members and friends!

Remember, SysAdminDay Dinner is for SysAdmins, their partners, children, friends, and anyone else who appreciates SysAdmins!

This poll is closed! Poll activity:
Start date 28-06-2017 15:58:16
End date 24-07-2017 11:59:59
Poll Results:
Where should we have the Systems Administrator Appreciation Day Dinner? (Fri, 28 Jul 2017, 6pm-9pm)

If you add a new venue, leave a comment to say why you like that place.

Tags: , ,
Posted in System Administration | 3 Comments »

Auto-Type Keywords for KeepassX

Posted by Bob Jonkman on November 1st, 2016

KeepassX logo

KeepassX

I use KeePassX to keep track of passwords for web sites, server logins, and encrypted disks. And, at the touch of a keystroke, KeepassX can auto-type login names and passwords to those web sites, servers, and disks.

By default, KeepassX sends the sequence

{USERNAME}{TAB}{PASSWORD}{ENTER}

but if the Username field is blank then KeepassX just sends

{PASSWORD}{ENTER}

or if the Password field is blank then KeepassX only sends

{USERNAME}{ENTER}

But what other things can KeepassX send? A quick look at the AutoType.cpp source code reveals these additional keystrokes:

  • {tab}
  • {enter}
  • {up}
  • {down}
  • {left}
  • {right}
  • {insert} or {ins}
  • {delete} or {del}
  • {home}
  • {end}
  • {pgup}
  • {pgdown}
  • {backspace} or {bs} or {bksp}
  • {break}
  • {capslock}
  • {esc}
  • {help}
  • {numlock}
  • {ptrsc}
  • {scolllock}
  • {add} or {+}
  • {subtract}
  • {multiply}
  • {divide}
  • {^}
  • {%}
  • {~}
  • {(}
  • {)}
  • {{}
  • {}}
  • {f1}
  • {f2} .. {f16}

KeepassX is written by Felix Geyer and Florian Geyer with reporter Tarquin Winot, and is released under the GNU head logoGNU General Public License.

Tags: , , , ,
Posted in FLOSS, security, Software | No Comments »

Electoral Reform — My Submission to the #ERRE Committee

Posted by Bob Jonkman on October 7th, 2016

To: Special Committee on Electoral Reform

From: Bob Jonkman
6 James Street
Elmira, Ontario
Canada N3B 1L5

Summary:

* I’m in favour of any electoral system that provides a proportional outcome.
* I’m opposed to a referendum.
* I’m opposed to mandatory voting.
* I’m opposed to online voting or using voting machines.

Submission:

I am the Co-Chair for the Fair Vote Canada Waterloo Region Chapter, and was a Green Party candidate in the 2015 Federal Election. Since the 2007 Ontario referendum on Electoral Reform I have been advocating for a proportional representation system at all levels of government by speaking with fellow citizens at local festivals, information booths, and community dialogues.

However, I submit this brief personally, as one individual citizen. Although my views have been shaped by working for advocacy groups and speaking with others, this brief represents my views alone.

The First-Past-The-Post system does not meet any of your (the Special Committee on Electoral Reform’s) principles for electoral reform:
* FPTP is not effective or legitimate: 39% of the vote should not result in a majority in Parliament.
* FPTP suppresses voter engagement: People don’t bother to vote when results aren’t effective or legitimate.
* FPTP is not inclusive: More than half of the voters are not represented by someone they voted for.
* FPTP undermines integrity: While election results are verifiable, there is little public trust that those results reflect the voters’ will.
* FPTP does not result in local representation: Anyone who did not vote for the winning candidate is not adequately represented.

Proportional Representation will fix all these problems. It does not matter much to me what kind of electoral system is chosen, as long as the outcome is proportional, that the party allocation of seats in Parliament reflect the proportion of votes cast nationally, and that all votes count equally.

There is no need for a referendum; the decision to eliminate the First-Past-The-Post voting system has already been made by the voters in the previous election.

I won’t detail the mechanics of any preferred electoral system, that is best left to an expert group which can be appointed as part of Elections Canada to implement the recommendations of this Committee. I do want to indicate my preference for multi-member districts, with votes counted by a Single Transferable Vote system.

Of course, the larger the multi-member district, the better the proportionality, but larger districts mean poorer local representation. There is no need to have all multi-member districts be the same size, or have the same number of representatives, or have the same population. A maximum district size of 10-15 current ridings in densely populated areas would ensure that even smaller parties are represented, while still having Members of Parliament accessible to all citizens. Sparsely populated areas can have larger areas with fewer members. A smaller province or territory can form an entire multi-member district.

Perhaps to better meet the Local Representation criterion a Mixed Member Proportional voting system can be used; again, densely populated districts can be made up of 10-15 current ridings. There is no need to have all districts be the same size, or have the same ratio of single-member ridings to top-up members, the better to adapt to the different populations and geographic size of different areas of Canada.

Do not create an unnecessary division of voters, as the Urban-Rural voting system proposal would do. Canada is a population of many groups, cultures, religions, and economic conditions; formalizing a divide between urban and rural areas by having one voting system for urban populations and a different voting system for rural populations violates the Inclusiveness criterion. Having different voting systems for men and women, or rich and poor, or Indigenous and Colonialists, or Muslims and Jews would not be tolerated in Canada; don’t create such a division between Urban and Rural.

I am opposed to any thresholds. It is often suggested that there be a threshold of 5%, 10% or even 15% of the popular vote in order for a party to gain any seats in a proportional system. But a threshold denies the voters for a small party their proportional representation. When a party receives 0.295% of the popular vote (that is, the equivalent of 1 seat out of 338) it shows sufficient interest by the voters that the party should receive 0.295% of the seats.

Whatever system is chosen, it must achieve proportionality of votes to seats in Parliament.

Electoral Reform is a process, not an event. Whatever system is chosen, it must be clear that future enhancements can be made to fix deficiencies that are sure to be identified in the next election. These fixes can range from changing electoral district boundaries, to changing the ratio of single-member ridings to top-up members, to increasing the number of members in Parliament.

I fear that some future government may change the electoral system back to a non-proportional system, by burying such legislation in an omnibus bill in which most of the legislation does have support of the House. To ensure the longevity of the changes being proposed by the Committee, perhaps one of the recommendations can be to have the principle of proportionality in an electoral system enshrined in the Constitution. That recommendation can be implemented after one or two elections, once Canadians have become familiar with a cooperative parliament that builds legislation by consenus.

I urge the Committee to make a recommendation that Parliament pass legislation to implement an electoral system that achieves Proportional Representation, but that the Committee’s recommendation only broadly describes an electoral system such as STV or MMP to achieve Proportional Representation, and to leave the details such as number of citizens per district, number of Members per district, ratio of single-member ridings to top-up members, etc. to a group of experts working for Elections Canada.

While it is not part of the mandate of this Committee, I would like to point out that Canadians are woefully under-represented by their Members of Parliament. Typical electoral district sizes have 100,000 citizens for one Member of Parliament; even if the MP spent eight hours a day, 365 days a year meeting with the constituents, each constituent would have less than two minutes to spend with the MP, and the MP would have no time to spend in Parliament to do any other work. While it is an unpopular opinion amongst taxpayers, I think Canadians would be well served and get better representation by having more politicians.

I am against Mandatory Voting: Candians should not be coerced into casting a ballot. There is no issue of safety (as with mandatory drivers’ licences), or social covenant (as with mandatory taxes).

Imposing penalties for not voting will unfairly and disproportionally punish those who do not vote today: The poor, the homeless, and the uneducated; those who can least afford to pay fines and spend time in court or jail.

Today there is no effective way to cast a ballot of dissent. A ballot spoiled to indicate dissatisfaction with all the candidates is indistinguishable from a ballot spoiled by someone unskilled in the art of voting.

Rather than mandatory voting, give voters the opportunity for greater expression in the marking of their ballots. Provide an option to decline to vote at the polling booth, and have a “None of the above” choice on the ballot. But when “None of the above” achieves a significant number of votes (such as a plurality in a single-member riding or reaching the quota in a multi-member district) there must be consequences, such as calling a by-election to allow fresh candidates to fill that vacancy.

I am a little bit sympathetic to the idea that with mandatory voting political parties may change their campaign strategies to appeal to that portion of the electorate that does not vote today, but there are other ways to get political parties to civilize their campaign strategies by reducing campaign spending limits and allowing small campaign contributions only from private citizens.

I am opposed to electronic voting and online voting. I am a computer consultant by profession, and nothing I see in my work shows that people’s home computers or even the computers in most businesses have the security capable of upholding the Integrity requirement, ensuring reliable and verifiable results.

The main issue with online voting is not computer security, but a fundamental incompatibility between voter identity and the secret ballot.

When voting takes place outside of a polling station it is important that voter identity is established to prevent fraud. It must be provable that the ballot filled in online was actually filled in by a registered voter, and not by someone impersonating that voter. To achieve this, voters need to be issued a ballot with a serial number or barcode to ensure that only that one ballot is filled in for that registered voter. But if every ballot cast has a serial number, then the completed ballot with the voter’s choices is identifiable with the voter’s name and registration information. The secret ballot is impossible, and the Integrity criterion cannot be met.

When voting does not take place in a polling station then it is possible that a voter will be coerced into voting according to the demands of the “head” of the household, or voting at the workplace according to the employer’s demands. Without the scrutiny of Elections Canada, voting integrity cannot be ensured.

But computer security is an issue too. People’s personal computers are constantly being attacked by computer viruses, malicious web sites, and denial of service attacks from compromised Webcams. And spam. The difficulty of ensuring online voting integrity is at least as great as is the difficulty of eliminating spam (unsolicited, unwanted e‑mail, sometimes commercial in nature, sent in bulk). If you haven’t experienced problems with spam then it is likely your E‑mail Service Provider is filtering your e‑mail for you – but how many good messages are being filtered accidentally? You’ll never know, because you’ll never see them.

There are actually very few large-scale spammers on the Internet, maybe a couple of dozen at most. But they’re responsible for almost all the unwanted e‑mail that clogs up billions of e‑mail accounts in the world. It shows how a few bad actors on the Internet can completely overwhelm an e‑mail system. Similarly, a few bad actors on the Internet can completely compromise an online voting system. If we can’t secure our mail systems to solve the spam problem, it is unlikely that we’ll be able to secure everyone’s computer to guarantee online voting integrity.

It is unfortunate that there were so few computer security experts providing witness testimony to the Committee. Almost every computer security expert who has commented on electronic voting since the U.S. “hanging chad” elections in 2000 has decried the use of voting machines, and, more recently, online voting. Voting machines are regularly compromised, are not auditable by design (they have proprietary source code), and are prone to failure when needed most. Computer security lecturers delight their audiences with tales of voting machine touch screens that dodge the target when the “wrong” vote is selected, or that play marching band music after they’ve been compromised by a prankish hacker.

Voting is very much different from buying a product from an online store. If the wrong product is delivered, the store will ship the right product the next day to ensure customer satisfaction. But if the wrong candidate is elected, there is no recourse the next day. It is unlikely that fraud will be detected until the voting machines are audited many weeks after the election, and even when fraud is detected the outcome will be hotly contested by the affected candidates. In fact, if voting machines don’t use publicly published open source code then it is likely election outcomes will be hotly contested because proving that no fraud was committed is impossible.

However, vote tabulation by machine is perfectly acceptable, although there must be a requirement that vote tabulators are also audited and their source code is made public. Ballots designed for vote tabulators (optical mark cards) can always be counted manually if the electronic tabulation is in dispute.

Thank you,
Bob Jonkman

6 James Street,
Elmira, Ontario
Canada N3B 1L5

+1-519-635-9413
bjonkman@sobac.com

Tags: , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Uncategorized | No Comments »

#SysAdminDay 2016 Pictures

Posted by Bob Jonkman on July 30th, 2016

For the fourth year, System Administrator Appreciation Day is celebrated by the SysAdmins of Kitchener-Waterloo going out for dinner, once again at the Egg Roll King Restaurant.

System Administrators at the Egg Roll King Restaurant, 29 July 2016

System Administrators at the Egg Roll King Restaurant, 29 July 2016

An Array of System Administrators: Bob Jonkman, Laurel Russwurm, Kiwi Ssennyonjo, Jean Smith, Jeff Smith, Brian Bentley, Leo Pepitas, Barbara Izma, Steve Izma, Sean Howard, and Marc Paré at the Egg Roll King Restaurant for System Administrator Appreciation Day Dinner on 29 July 2016.

Willem Jonkman

Willem Jonkman

Willem Jonkman, photographer of SysAdmins

Sean Howard and Marc Paré discuss SysAdmin stuff

Sean Howard and Marc Paré

Sean Howard and Marc Paré

Jeff Smith, Brian Bentley, Leo Pepitas, Barbara Izma and Steve Izma watching a demonstration by Kiwi Ssennyonjo at the Egg Roll King Restaurant for System Administrator Appreciation Day Dinner on 29 July 2016.

Jeff Smith, Brian Bentley, Leo Pepitas, Barbara Izma and Steve Izma watching a demonstration by Kiwi Ssennyonjo at the Egg Roll King Restaurant for System Administrator Appreciation Day Dinner on 29 July 2016.

Tags: , ,
Posted in Events, System Administration | No Comments »

System Administrator Appreciation Day Dinner — 29 July 2016

Posted by Bob Jonkman on July 13th, 2016

SysAdmin logo

It’s July again, and System Administrator Appreciation Day is always celebrated on the last Friday in July. Although the SysAdminDay website indicates that SysAdmins are the happy recipients of cake and ice cream, for the last few years SysAdmins in Kitchener-Waterloo have been celebrating SysAdminDay by taking themselves to dinner, along with spouses, friends, and co-workers.

This year we’re teaming up with the Kitchener-Waterloo VoIP Users Group. While KWVoIP meetings are usually scheduled for the fourth Thursday in July, this month we’re combining the KWVoIP meeting with SysAdminDay. There’s an overlap between the KWVoiP members and SysAdmins — VoIP systems need administration too! As a bonus, we’ll get a presentation from Brian Bentley about his roaming experiments in the U.S.

Tony, the Egg Roll King himself, is a versatile host. Not only are the egg rolls and spring rolls the best in KW, there are vegetarian meals available, and ERK has some of the best fried chicken, fish & chips, and poutine in town! Friday nights are busy at the Egg Roll King Restaurant, so leave a comment to let me know you’re coming and I can make a reservation.

Date: Friday, 29 July 2016 from 6:00pm to 9:00pm
Location: Egg Roll King Restaurant, 85 Courtland Avenue East, Kitchener, Ontario Map
iCalendar: kwvoip-2016-07-29.ics

KWVoIP Topic: Brian Bentley – Roaming Profile Experiments

Brian Bentley has returned from a short trip to the United States. Unfortunately, he wasn’t able to present last month, so he’s catching up this month.

In order to stay in touch telephonically, Brian used Roam Mobility for Data services. He tested Fongo (Canadian number) and TextNow (US number) for VoIP services. While in the US he tried to sign up for a Google Voice number. What worked? What was cheapest? Was it worth the bother? Come to dinner to hear Brian’s answers.

Cheese Wontons and Sweet and Sour sauce

Cheese Wontons for dessert!

Tags: , , , , , ,
Posted in System Administration | 4 Comments »

System Administrator Appreciation Day Dinner, 31 July 2015

Posted by Bob Jonkman on July 14th, 2015

Oh look! Pictures!

And the winner is: Chen’s Buffet! Reservations have been made; see you there on Friday, 31 July 2015 from 6:00pm to 9:00pm.

Chen’s Buffet Map
50 Weber Street North,
Waterloo, Ontario

+1-519-208-5688

System Administrator Appreciation DaySysAdmin logo falls on the last Friday of July every year, and is allegedly celebrated by users gifting their SysAdmins chocolate cake and ice cream. Hands up, those of you who have actually experienced that? Hmmm? I thought so…

Nobody appreciates System Administrators more than other System Administrators, so for the last few years I’ve hosted a Systems Administrator Appreciation Day Dinner in Kitchener-Waterloo. Last year we went to LaiLai’s, and previously we’ve gone to Egg Roll King.

SysAdminDay is on Friday, 31 July 2015, just over two weeks away. Where would you like to go this year? Potential venues must offer vegetarian fare, and be physically accessible. Leave suggestions in the comments or send me e-mail, then next week we can vote. If there’s more than one candidate on the list we’ll rank choices from 3 points (most favoured) to 1 point (least favoured), and I’ll add them up, post the results here, and we’ll all meet for dinner.

SysAdminDay Dinner is open to everyone, whether you’re a System Administrator, a SysAdmin Student, or a former SysAdmin who’s been lured to the dark side. And also their friends, family, and end-users. OK, maybe not the end-users. Unless they’re friends or family.

See you on 31 July!
–Bob.

Proposed Venues

Venue Votes
Star Wok 1.5
Lancaster Smokehouse 1
Chen’s Buffet (Bridgeport Plaza, Weber & Bridgeport) 5.5
A smattering of local sysadmins

A smattering of local sysadmins

Tags: , , , , ,
Posted in System Administration | 8 Comments »

Chotchkie’s Passwords

Posted by Bob Jonkman on March 7th, 2015

Note to security policy admins: Be sure there are technical means to enforce the policies you set, because, like physics, people tend towards the lowest energy levels.

It’s amazing what a little search’n’replace will do.

Manager: We need to talk about your password.

Joanna: Really? I… I have fifteen characters. I, also…

Manager: Well, okay. Fifteen is the minimum, okay?

Joanna: Okay.

Manager: Now, you know it’s up to you whether or not you want to just do the bare minimum. Or… well, like Brian, for example, has thirty seven characters in his password, okay. And a terrific smile.

Joanna: Okay. So you… you want me to use more?

Manager: Look. Joanna.

Joanna: Yeah.

Manager: People can get a password anywhere, okay? They come to Chotchkie’s for the atmosphere and the security. Okay? That’s what the password’s about. It’s about security.

Joanna: Yeah. Okay. So more then, yeah?

Manager: Look, we want you to secure yourself, okay? Now if you feel that the bare minimum is enough, then okay. But some people choose to have more and we encourage that, okay? You do want to secure yourself, don’t you?

Joanna: Yeah, yeah.

Manager: Okay. Great. Great. That’s all I ask.

Later…

Manager: We need to talk.

Joanna: Yeah…

Manager: Do you know what this is about?

Joanna: My password?

Manager: Yeah. Or your, um, lack of password. ‘Cause I’m counting, and I see only fifteen characters. Let me ask you a question, Joanna. What do you think of a person who only does the bare minimum?

Joanna: What do I think? You know what, Stan, if you want me to have 37 characters in my password, like your pretty boy over there, Brian, why don’t you just make the minimum 37 characters?

Manager: Well, I thought I remembered you saying that you wanted to secure yourself.

Joanna: Yeah. You know what, yeah, I do. I do want to secure myself, okay. And I don’t need 37 characters in my password to do it!

Tags: , , ,
Posted in security | No Comments »

At the Canadian Open Data Experience event, 14 January 2015

Posted by Bob Jonkman on January 18th, 2015

Open Data logo

Open Data

On Wednesday, 14 January 2015 I registered for the Canadian Open Data Experience event called “Economic Potential of Open Data”. Speakers were to be Tony Clement, President of the Treasury Board; James Moore, Minister of Industry; and Ray Sharma, creator of the Canadian Open Data Experience (CODE).

Before the presentations started Tony Clement was off in a side office, unavailable for networking, and he left immediately after his presentation. James Moore was not present at all. For an Open Data event that promotes Open Government, it was a bit disappointing not to have access to the government ministers responsible for openness.

Here are some of the notes I took during the speakers’ presentations. My comments are indicated (like this).

Tony Clement, President of the Treasury Board:
  • Tony Clement referred to January 2014’s CODE event as the “first Open Data hackathon” in Canada (yet Open Data Waterloo Region has been holding Open Data Hackathons and CodeFest events since 2011)
  • CODE hackathon had 900 participants, with the spotlight on the business value of Open Data
  • “Electric Sheep” was the winner of the hackathon
  • Tony Clement and James Moore are making this road trip to announce 20 — 22 February 2015 as the CODE2015 Hackathon
  • Dates intentionally chosen to coincide with the International Open Data Hackathon; hopes to have international coexistence
  • There will be cash prizes for the top three apps created during the CODE hackathon
  • Tony Clement gave some words of praise to the Canadian government, saying that Open Data allows Canada to “compete with the world”.
Ray Sharma, creator of Canadian Open Data Experience:
  • Weather and GPS are commercially successful applications of Open Data
  • National competition had 930 participants
  • Ray Sharma talked of the “power of the crowd”, mentioning Litebox, WordPress, Kickstarter and Goldcorp
  • The economic potential of Open Data is like an iceberg — most of it is below the surface
  • There will be three hubs participating in the CODE2015 hackathon: Toronto, Vancouver and Montreal
  • The 2nd Generation of apps will use Open Data and Private Data, e.g. Zillo
Lan Nguyen, Deputy CIO for City of Toronto:
  • Toronto Open Data started in 2009 (although I remember Toronto setting up a blank Open Data web page after the Smart Cities conference in 2006)
  • Open Data is part of Toronto’s Open Government
  • There’s a long list of Open Datasets — Petabytes!
  • Unexpected benefits: silos of ownership; “See, Click, Fix” received 3,000 requests!
  • Commercialization of Toronto Open Data
  • Availability of budget and Council data
  • Transparent, engage citizens
  • Able to understand the outcome of Open Data
  • Liability, risk?
  • Open Data is available to everyone; it is Social Justice
  • Crowd sourcing: Encourage commercialization; partner with educational institutions
  • Next plan: Open Dashboard — reports from different stakeholders
  • Open Data is a powerful driver for Open Government
Devin Tu, founder of Map Your Property:
  • Idea for Map Your Property came from the fact that California has a single portal for geodata
  • MYP aggregates multiple datasets
  • Reports are made available in Microsoft .docx format and maps are exported as .pdf files (Oh great, Open Data in proprietary, non-consumable formats)
  • Benefits of Open Data: Entrepreneurs go to those places where there is Open Data
  • It is expensive to do business in places that don’t have Open Data!
Ryan Doherty, co-founder of IAmSick.ca:
  • Goal of IAmSick.ca: Reduce Emergency Room wait times
  • Integrated datasets? (speaking with Ryan Doherty after the presentation, I learned that much data was collected manually)
  • User tracking provides estimated wait times (are users aware their use of IAmSick.ca is being tracked? What information on users is retained? This could be a privacy leak nightmare waiting to happen. Speaking with Ryan Doherty afterwards, he assured me there was no medical information about users collected)
  • Improving business — efficiency in care delivery was apparent later

I found the focus on business interests and the competitive aspects of the CODE2015 hackathon a bit disconcerting. A cynic would say business is using $40,000 prize money in a competition as cheap bait to attract programmers to work for 24 hours straight. At 900 participants, that works out to paying only about $2.00/hour per programmer. And only four teams split the prize money, so most programmers go completely unpaid.

Still, CODE2015 only has three competitive hackathons on a weekend where the International Open Data Day holds hundreds of cooperative hackathons.

I hope OpenDataWR holds an event this year — the ones in 2013 and 2014 were fun, productive for some, and educational for all.

Tags: , , , , , , , , ,
Posted in Business, Open Data, Politics | 2 Comments »

 
Better Tag Cloud