Electronics testing at the airport

I haven’t posted a TSA story in a while because I’m lucky enough not to travel as often as I did. When I have traveled, I have come to appreciate how professional the team at my home airport, Raleigh-Durham, is. I’ve never had a bad experience with them and this – I want to stress – is not a bad one, either. Just unusual.

For years I have enjoyed the benefit of TSA-Pre, allowing me to speed through security lines. Naturally, I headed into the TSA-Pre line when I flew out of Raleigh on Wednesday morning. Expecting all to be well, I was intrigued when I apparently set off the metal detector.

“Wait right here, sir,” the screener said, calmly. “We’re going to screen your electronics.”

I waited on the mat next to the metal detector while another agent got through checking another traveler’s electronics. He invited me over and I carried my bags to the testing station.

“Got any thing that is sharp, going to stick me, contraband, etc?” he asked. When I answered no, he politely asked if I had a laptop in the bag. I showed him the pocket it was in and he laid it out on the counter.

He then swabbed my laptop with a chemical pad, popped the swab into the sensor for analysis, and stepped away. To my surprise, the sensor began beeping. My newish work laptop had only been on my office desk and my home desk – not to the coca fields of South America or anything. I began to think over kind of substance could have possibly set off this false alarm.
Continue reading

A Destroyer – By John Steinbeck

USS Elliot (DD-967) in North Arabian Gulf, circa 1998

John Steinbeck spent a few weeks aboard a destroyer in World War II, the USS Knight (DD-663), and wrote this ode to destroyers called “A Destroyer” in 1943. It appeared in a collection of his dispatches published in 1958 in a book called Once There Was a War.

I think it sums up life on a destroyer quite well.

A destroyer is a lovely ship, probably the nicest fighting ship of all. Battleships are a little like steel cities or great factories of destruction. Aircraft carriers are floating flying fields. Even cruisers are big pieces of machinery, but a destroyer is all boat. In the beautiful clean lines of her, in her speed and roughness, in her curious gallantry, she is completely a ship, in the old sense.

For one thing, a destroyer is small enough so that her captain knows his whole crew personally, knows all about each one as a person, his first name and his children and the trouble he has been in and is capable of getting into. There is an ease on a destroyer that is good and a good relationship among the men. Then if she has a good captain you have something really worth serving on.

The battleships are held back for a killing blow, and such a blow sometimes happens only once in a war. The cruisers go in second, but the destroyers work all the time. They are probably the busiest ships of a fleet. In a major engagement, they do the scouting and make the first contact. They convoy, they run to every fight. Wherever there is a mess, the destroyers run first. They are not lordly like the battleships and the men who work them are seamen. In rough weather they are rough, honestly and violently rough.
Continue reading

AD/LDAP authentication on Linux hosts

I’ve been working with the Lightweight Directory Access Protocol (LDAP) for 18 years now. Then Microsoft embraced and extended LDAP with Active Directory. Nowadays most companies base all of their authentication and authorization on Active Directory and for good reason. In a Windows-only world it works great. For a mixed-platform environment, it’s a bit more difficult to make work.

I recently worked out how to make Linux systems authenticate against Active Directory using only the LDAP protocol and wanted to share it here for any fellow DevOps/sysaedmins who might want to try it themselves. The goals were to do it with minimum fuss and using the native tools – no third-party apps. I also want to do it solely with LDAP and not have to worry about pointlessly “joining” a Linux host to a domain.

The modern way that Red Hat likes to connect Linux hosts to AD like to do this is to use the SSSD suite of packages, join the host to the Active Directory tree, and talk to AD directly. This seems like a lot of bloat to me when all you need is authentication. Fortunately, you can use the “legacy” means and do it all with LDAP libraries.

Bridging Active Directory and Linux hosts

One way to integrate Linux/UNIX hosts into AD is to add Microsoft Windows Services for UNIX (SFU) schema extensions. This means every AD entry would be defined with common Unix attributes like uid (user id) and gid (group id). These could sometimes get out of sync with the AD attributes and at any rate would require constant updating of the AD records.

Ideally, we won’t depend on Services for UNIX additions in AD and the complexity it brings. Instead, we’ll identify standard AD attributes and map them to Linux/UNIX equivalents. The nss-pam-ldapd package allows us to do this in the /etc/nslcd.conf file, which we’ll see in a minute.

Differences between CentOS 6/AWS and CentOS 7 hosts

One stumbling block has been that Amazon Linux (amzn) uses old, old libraries, based on CentOS 6 packages. The nss-pam-ldapd package which ships with this version of Amazon Linux is version 0.7.5; a version too old to include the mapping functionality we need to avoid using Services for UNIX.

Fortunately, we can remove the amzn version and add an updated one. I have tested one I have found at this link which updates any amzn hosts to the 0.9.8 version of nss-pam-ldapd.

The version of nss-pam-ldapd that ships with CentOS 7 is 0.8.3 and works fine with attribute mapping.

Obtaining the domain’s ObjectSID

The goal of using a directory is consistency. If a user appears in AD, that user will be available to Linux hosts. Also, that user will be treated the same on every directory-equipped server as that user will ideally have the same uid/gid. Without adding Services for UNIX, we need some way to ensure a uid on one host is consistent with the uid on another host. This is done by nss-pam-ldapd by mapping Linux uid/gids to their equivalents in AD, called ObjectSIDs. You need to obtain your AD server’s domain ObjectSID.
Continue reading

My sledding souvenir

The start of the fateful sledding run

I spent this past week at the Veterans Administration’s War-Related Illnesses and Injuries Center (WRIISC), getting examined to figure out the strange health issues I’ve had since leaving the Navy (more on that later).

One issue I discussed with them has bothered me for the past few years.I’ve had a numbness that has developed along my right quadricep. It’s icy-cold sensation can wake me from a deep sleep and is quite aggravating. They asked me if I could recall any injury I may have had to my lower back.

At the time I could think of none. but when pondering it this morning the answer came to me and it is decidedly not war-related. Instead, it’s the long-delayed consequences from an injury I received from snow sledding with the family.
Continue reading

The Book of Prince | The New Yorker

On January 29, 2016, Prince summoned me to his home, Paisley Park, to tell me about a book he wanted to write. He was looking for a collaborator. Paisley Park is in Chanhassen, Minnesota, about forty minutes southwest of Minneapolis. Prince treasured the privacy it afforded him. He once said, in an interview with Oprah Winfrey, that Minnesota is “so cold it keeps the bad people out.” Sure enough, when I landed, there was an entrenched layer of snow on the ground, and hardly anyone in sight.

Prince’s driver, Kim Pratt, picked me up at the airport in a black Cadillac Escalade. She was wearing a plastic diamond the size of a Ring Pop on her finger. “Sometimes you gotta femme it up,” she said. She dropped me off at the Country Inn & Suites, an unremarkable chain hotel in Chanhassen that served as a de-facto substation for Paisley. I was “on call” until further notice. A member of Prince’s team later told me that, over the years, Prince had paid for enough rooms there to have bought the place four times over.

My agent had put me up for the job but hadn’t refrained from telling me the obvious: at twenty-nine, I was extremely unlikely to get it. In my hotel room, I turned the television on. I turned the television off. I had a mint tea. I felt that I was joining a long and august line of people who’d been made to wait by Prince, people who had sat in rooms in this same hotel, maybe in this very room, quietly freaking out just as I was quietly freaking out.

Source: The Book of Prince | The New Yorker

Our car’s keyfob was hacked – the question is how?

We were out of town over the weekend and at 5:30 AM Saturday I awakened to the sound of one beep of our car’s “alarm” horn. Thinking it was the neighbor’s car and knowing our car was locked, I went back to bed. When we walked to the car later that morning, the hatch was standing wide open. Nothing appeared to be touched or taken.

I was immediately concerned that somehow our keyfob had been hacked. Kelly thought something probably bumped up against one of our keyfobs and that caused it to open. We’ve had the car for years, though, and an “accident” like this has never happened. If something pressed a keyfob button, why would it sound just one beep of the horn alarm? Why not trigger it to sound repeatedly, as would happen if it were a single press of the button? Seems unlikely an accidental press of a button would cause one clean beep and then cause the hatchback to open.

So, naturally I am fascinated with whatever technology was used for this! There are a couple of approaches.
Continue reading

Deed to the Christmas property

I spent a little time earlier this year traipsing through the Wake County Register of Deeds records, trying to find out more about the history of my community. I traced the ownership of my property back to the mid-1800s, including this deed for 109 acres for what became known as the Christmas property, filed in January 1899. Bridges was the owner of the Oak City Dairy Farm, if I recall correctly.

The property was sold for $2,616. According to one inflation calculator, $2,616 in 1899 dollars is equivalent to $80,731. An acre of land here appraises today for $43,200. You could say we’ve seen some growth. 🙂

Below is the deed as transcribed by me. Here’s a scanned PDF of the original handwritten version at the Wake County Register of Deeds.

North Carolina
Wake County

This deed made by Mary M. Christmas Executrix of the late Thomas B. Bridges to Lewis J. Christmas of Charleston, West Virginia. Witnesseth:

That whereas by his last will and testament the said Thomas B. Bridges directed that all his real estate be sold for cash after giving thirty days notice and appointed Mary. M. Christmas his Executrix, which will was duly admitted to probate in the Superior Court of Wake County before the clerk and said Mary M. Christmas duly qualified as executrix and letters testamentary were duly issued to her as such and whereas it being necessary to sell the lands hereinafter conveyed in order to pay the debts of said T. B. Bridges the said Mary M. Christmas as Executrix as aforesaid after advertisement for thirty days in the Times Visitor a newspaper published in Raleigh, N.C. and the court house door in Raleigh, N.C. did on the 27th day of December 1898 expose the lands hereinafter conveyed to public sale to the highest bidder at the court house door in Raleigh, N.C. for cash and at said sale said lands were purchased by said Lewis T. Christmas be being the last and highest bidder for said lands and whereas said Lewis T. Christmas has paid the purchase money for said lands in cash to wit the sum of $2616.00 for the tract of 109 acres known as the Home Place and the sum of $150 for the tract of about 58 acres known as the Brown tract:
Continue reading

Go Tell It On the Mountain — THE BITTER SOUTHERNER

Great writing here.

I had a dream.

The Georgia General Assembly funded a memorial for Martin Luther King Jr. and his top aides to be carved on Stone Mountain.

The lawmakers commissioned a bas-relief of MLK and John Lewis and Andy Young, this to be beveled into gray granite beside Jefferson Davis and Robert E. Lee and Stonewall Jackson. (A half-century ago, the Georgia General Assembly maneuvered to have that holy trinity of notable Confederates, along with their horses, carved onto Stone Mountain.)

At dream speed, hundreds of stonemasons dangled by rope down the side of the most famous … and infamous … pluton in the South. They lit the fuses on sticks of dynamite. They pounded chisels. They swung picks and fired up thermojet torches.

In no time, they sculpted a brand new Stone Mountain monument.When the artisans stood back to admire their work, they beheld the great black generals of the Civil Rights Movement. They stood side-by-side with the great white generals of the Civil War.

Here stood a New Stone Mountain.

Source: Go Tell It On the Mountain — THE BITTER SOUTHERNER

Rep. Joe John statement on Abe Zeiger’s arrest

NC House District 40 Representative Joe John was the person Abraham Zeiger was due to meet on Friday before Zeiger was arrested for carrying a pistol and two fully-loaded magazines into the North Carolina General Assembly building. Rep. John read the following statement on the House floor Monday night:

This gentleman actually had an appointment to see me. I made the following statement on the House floor Monday night:

Members, last week I had an 11:30 AM Wednesday constituent appointment with a resident of House District 40, whom I had not met previously, to discuss some fairly non-controversial issue. 11:30 came and went without the appointment being met, not all that unusual as many of you have experienced. When I went to lunch at 12:30, he was still a no-show.

We learned later that day the reason my appointment never arrived. He had been detained at our legislative building security check-in while attempting to enter this building with a loaded handgun and two full clips concealed in his bag, and had consequently been arrested and charged accordingly. He reportedly gave no explanation for his actions and was actually remarkably silent.

I want to thank publicly the members of the NC General Assembly Police Department who were on duty last Wednesday and acted expeditiously and appropriately. I would also like to thank the Legislative Services Officer and the Rules Chair for their follow-up and the many of you who expressed your concern.

That being said, in light of very recent events, I would ask each of you, for a moment, to imagine that the gentleman’s appointment was with you, in your office, rather than with me in mine. This incident after all took place, not hundreds of miles away in the distant states of Ohio and Texas, but right here, not only in our North Carolina capital city, but in this very building where we work and govern and spend so many hours. And as you reflect, I would ask you to consider whether it is now not time to throw partisanship and ideology into the trashcan, and to sit down for a full, frank and open-minded conversation about reaching a North Carolina common sense consensus with regards to role of firearms in our state.

I considered this often over the past weekend which Evelyn and I were able to spend at the coast with two adult children and three young granddaughters. I, for one, greatly enjoyed being “Pa” at the beach, I look forward to many more such weekends, and I am more than ready to have the conversation of which I spoke. If any of you feel the same, please let me know.

AP: Man with gun stopped by security at N Carolina legislature

Here’s an uncredited AP story on the arrest of Zeiger. It includes a quote from his attorney:

“It is unfortunate that any malice be attributed to such an upstanding citizen who merely made an oversight,” Gibson wrote.

Nice spin there, counselor! At the checkpoint, Zeiger was specifically asked whether he had any weapons in his bag. That should’ve been enough to trigger (so to speak) Zeiger’s memory that perhaps he did, in fact, have a weapon in his bag and that he should take it back to his vehicle. Oversight, my ass.

I look forward to Zeiger’s day in court.

August 2, 2019

RALEIGH, N.C. (AP) — A man faces charges of carrying a concealed handgun into North Carolina’s legislative building, which this year implemented airport-style security measures for people seeking to interact with lawmakers.

Abraham James Zeiger, 36, of Raleigh was charged with trying to carry the gun into the building on Wednesday, police records show. He sought to enter the building to speak to his legislator and didn’t realize he was carrying the gun, attorney Emily Gibson said in an email Friday.

“It is unfortunate that any malice be attributed to such an upstanding citizen who merely made an oversight,” Gibson wrote.

The General Assembly’s police chief and its chief management officer didn’t return a call Friday seeking more details about the arrest.

Zeiger was stopped by officers who spotted a suspicious item as his bag passed through an X-ray scanner, The News & Observer of Raleigh reported . Officers found a 9 mm handgun and two magazines, each loaded with 15 bullets, General Assembly Police Chief Martin Brock told the newspaper.

The arrest marked the first instance of a gun being found during the screening process at the entrance to the state’s legislative building, which hosts staff and legislative offices, hearing rooms and the chambers where the 50-member Senate and 120-member House meet.

Legislative activities were minimal this week as lawmakers try to overcome Gov. Roy Cooper’s veto of the two-year state budget. On Wednesday, House members discussed a commission to oversee the purchase and sale of milk and approved legislation to expand the requirement for adults to report claims of child sex abuse to the authorities.