My 7″ 1280x800 monitor got a bit flaky during the data center move, and while it survived, the screen quality will never be quite the same, so I picked up an Eyoyo 10″ 1920x1200. The blindingly bright blue power LED needed covering with gaffer tape, but the image quality is excellent, and it even has speakers. Works great with my Mac, but even though my Surface Pro 2 detects it and shows its resolution, for some reason it doesn’t send a video signal out to it via HDMI. I tried two different mini-Displayport adapters and a brand new high-end cable, so I suspect HDCP handshake issues.

[Update: there’s something a bit odd about the Eyoyo monitor; when I first plugged it into my new Raspberry Pi 3, it worked perfectly, including showing the splash screen, but ever since, it only works if I force-select a video mode. Still works fine with the Mac, but it simply cannot auto-sync with the Pi, or show anything from the Surface Pro 2, which makes it “less than versatile”]

While setting up my cube in the new building (which included swapping the desk pieces around and adding a partial roof), I decided to ditch the crufty old USB2 hub I was using in favor of an Anker 10-port USB3 with fast charging support. Mostly because the right-hand USB port on my MacBook Pro went out a while back. Maybe after the holidays I’ll send it in for service; I think the AppleCare runs until February.

Those were easily justified purchases, but in the nearly-pure toy department, I picked up a TrueRNG3 USB hardware random number generator. Automatically supported in Linux, works on a Mac if you manually send the output to /dev/random, and they have a Windows driver. Sadly, while OpenBSD 6.2 supports several USB HRNG, it looks like the TrueRNG isn’t one of them. Yet.

I don’t have dieharder test output from it at the moment, because it only delivers 50 KB/s of random bits, but ent really likes its output. The vendor claims to pass the dieharder tests, but doesn’t say how long it took to generate enough samples (some of the tests consume a lot of bytes).

Why am I trying to improve the quality of my random numbers? Because I’ve been playing with random passphrase generation again, using a rule-based generator that lets me feed in a variety of patterns and dictionaries, for Diceware-style generation with calculated entropy. For instance, one script generates an improved romanized Japanese diceware list, based on the word-frequency rankings in JMdict, and I can do side-by-side comparisons between different lists to see how easy the results are to remember. Side note: the EFF wordlists are a nice improvement on the original English 5-dice lists, and they’ve got two nice 4-dice lists as well, with interesting properties.

For real fun, I set my generator up to allow mixing multiple rulesets, which is a relatively minor increase in entropy, but definitely more entertaining (especially if you include the Lord Of The Rings ruleset…).

And it also let me prototype an updated syllable-based system using polyhedral dice. Cut out and save!

+--------------------------------------+--------------------------------------+
|     Random Passphrase Generator      |      Digits, Specials, Uppercase     |
|                                      |                                      |
|  1  2  3  4  5  6  7  8  9 10 11 12  |     1  2  3  4  5  6  7  8  9  0     |
| -----------------------------------  |     @  #  %  $  !  |  &  _  ,  :     |
|  s  v  p  h  f  k  r  t  j  m  w  b  |     A  B  C  K  N  Q  T  X  Y  Z     |
|                                      |     +  -  *  /                       |
|       1   2   3   4   5   6   7   8  |                                      |
|   +--------------------------------  |     d12 * d8 * d6 = 9.17 bits        |
| 1 | eth  id  ol  eg  od  az  it  el  |     var/op/digit = 8.64 bits         |
| 2 |  ug  og  an  as  on  ar  is  al  |     d10 = 3.32 bits                  |
| 3 | ath  ay  ot  iz  us  os   a   e  |     d4 = 2 bits                      |
| 4 |  et  il   u  ed  ig  uz oth   o  |                                      |
| 5 |  oy  ul  ag  en  un  oz  or  es  |     10 syl ~ 14-char random ASCII    |
| 6 |  ad  ez ith  ut   i  ud  in  at  |     12 syl > 16-char random ASCII    |
+--------------------------------------+--------------------------------------+

(this table shouldn’t wrap on most screens, but for some reason it does in Chromium on my shiny new Raspberry Pi at 1920x1200, unless I zoom the font size to 80%, 110%, or 200%; some odd scaling in the version of Bootstrap I’m using, I guess)

Most people never find the old Diceware tables for generating syllables, special characters, etc. They’re buried in the original mailing-list post for Diceware, and aren’t referenced in the current HTML pages. Most of them aren’t particularly useful, but if your password policies require some combination of upper-case, special characters, and digits, they’re better than just appending “A1!” to every password. My var/op/digit rules above exist for the same reason; I find it pretty easy to remember “Z/4” or “X+2”.

The first I heard of Runaways was when it was first licensed by Hulu. Since I had a cheap subscription to Marvel Unlimited, I went ahead and read the available mini-series, which, to quote Cat Grant, had “you look like the attractive yet non-threatening, racially diverse cast of a CW show” written all over them.

The early cast photos showed that they’d nailed the look of the characters, but after watching it so far, I’d say they got everyone to nail their roles, too.

They’ve made some interesting choices with the series, and on the whole I think they’ll make for a better story. They’ve trimmed the cast by making Molly an orphan adopted by Gert’s parents, they’ve dialed back both the scope and absurdity of The Pride’s power and goals, some of the parents are actually sympathetic characters, and they’ve given Nico an older sister to make the initial awkwardness between the kids more grounded.

Also, I completely failed to recognize James Marsters as Chase’s dad.

Now, if they could just arrange a crossover with The Gifted involving Lauren Strucker, Karolina Dean, and a hot tub, I could die a happy man. (after Natalie Alyn Lind turns 18, please; feel free to substitute Amy Acker before then; oh, wait, she is 18; they can still put Amy Acker in the tub with them, though)

That’s one hell of a Cyber Monday special…

(previously, etc)

I’m down to two regulars, Scrawny and Dumas, although Whitefoot did show up for dinner last night for the first time in a week.

Scrawny and Dumas are now almost fully J-tolerant. They rush the front door whenever I open it, to try to enter The Place Food Comes From, and rub against my legs while I’m opening the containers. They accept any amount of petting and skritches, for as long as I’m willing to keep at it.

Dumas, with his bouncy kittenish behaviors, was never as skittish as any of the others, so it wasn’t too surprising that I’m now able to pick him up and cuddle him for about 30 seconds before he wants down.

Scrawny’s the real wonder. Even though she still flinches ever-so-slightly every time my hand comes near her head, yesterday she not only allowed me to lift her up onto her bench cushion, but also accepted 5 minutes of two-handed petting afterwards, including tummy rubs.

When applying the $Age / 2 + 7 rule, can you add their ages together for a threesome?

Asking for a friend.

So, we’re in the new building. Well, not the me part of “we”, yet; we’re still down the street from the old place for another month, until that lease is up, allowing them to use our space for storage and staging and such this week. It’ll shave about 15 minutes off my commute when I do get moved there, though, so that’s nice.

We kicked off the move early Thursday morning, powering down the data center and grabbing some essential servers and gear that we wanted back online as soon as they swung over the Cogent line, leaving the rest for the professional server movers (for the first time, this was Not Our Problem).

Anyone in the Bay Area may recall that it started pouring down rain in the wee hours Thursday, the first real rain of the season. Those of us who were still a bit groggy as we finished the server shutdown were suddenly WIDE AWAKE when the fire alarm went off.

…because the rain was coming into the electrical closet through a conduit, right onto the fire control panel. Smaller quantities were also coming into the server room, including a small amount right into the rack where all of the Really Important Servers we were about to hand-carry were located. Fortunately, we got everything out intact.

To our immense surprise, we could plausibly claim to be fully functional this morning when people showed up. They couldn’t all unpack their offices and cubes because things were still being moved and built, but that was also Not Our Problem this time.

Pro tip: when you have to be out of your old building by date X, get the keys to the new one no later than X - 90. Not X - 20ish.

So, if you’re trying to add a shiny new office color laser printer (such as the two Kyocera TASKalfa 5052ci that were delivered to our new building), and you’re running Mac OS X El Capitan, and you get a spinning beachball of doom no matter what protocol you try to connect with, here’s what’s going on and how to fix it.

Let’s say you try to use the LPD protocol. As you type each character of the host name, Apple looks it up in DNS and tries to connect via SNMP to figure out what it is. When you click “Add”, it then uses IPP to query for device options.

This is where it goes to hell. The Mac posts a request using HTTP, and the Kyocera says “that shit’s insecure, call me back on HTTPS”. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. Repeat. killall AddPrinter

The same thing happens if you try to use IPP directly, or JetDirect, or pretty much any protocol. Works fine on Sierra or High Sierra, blows chunks on El Capitan.

The only fix is to log into the printer and completely disable SSL. Note that it is not sufficient to simply shut off SSL; you must also disable the “Secure Only” feature for every protocol (and probably login to the printer again, since you’ll be killing the HTTPS page that you’re currently logged in through), or it will keep redirecting you to pages that it knows perfectly well don’t exist.

Not a big fan of shutting off SSL, but redirect-to-broken-SSL is worse.

(original via)