It’s not Irma La Douce; it’s Irma L’Acide (excuse my French). Nothing sweet about this Irma.

Monday September 11, 2017 0040 EDT

The remnants of the northern eyewall of the Category 2 hurricane hammered Lakeland and Bartow with 100+ mph winds and very heavy rain, moving more or less NNW.

Here in northwestern Hillsborough county, the heavy rain and winds have just passed us by, thankfully and almost unbelievably without known damage - we’ll see in the morning.

Here’s a radar image from Fox 13’s SkyTower radar app showing the tail end of the storm near us, and Lakeland due east in the danger zone of the Category 2 hurricane. Our thoughts are with those in the path of that eyewall.

Signing off until the morning for some well-earned sleep.

Sunday September 10, 2017 1842 EDT

Irma is expected to weaken to a Category 1 hurricane by the time it hits Tampa Bay. One of the reasons given is shear: winds blowing from east to west is pushing Irma to the west (again), disorganizing its circular pattern.

This is in addition to the weakening from having its heat engine removed by being over land.

But like Paul Dellagatto of Fox 13 says, you can’t just look at a number and know what a hurricane is going to do locally. Irma still has an eyewall that is on its way. Anything in its path is going to have a tough time. There are also bands of high, gusty winds and heavy rain to deal with.

Irma is a very unusual hurricane.

It has rain bands that span the entire state.

People who have lived in Tampa for multiple generations have never seen the water in the bay recede as far and fast as they did.

In fact, they receded so fast that some manatees around Sarasota were stranded. We saw video of people dragging a manatee on a tarpaulin into the water, where it swam off.

Residents of those areas near the coast are apprehensive about the return of the waters, which come rushing back fast enough to drown unfortunate people who underestimated the speed with which the storm surge travelled.

Irma is also causing flooding along the entire east coast of Florida and beyond, even though the eye is on the west coast. The winds were high enough in Miami to destroy the anemometers measuring then.

Here in Tampa, we didn’t exactly dodge a bullet: We dodged a cannon shell, but a smaller yet dangerous bullet is still on its way.

I feel much more optimistic than I did 24 hours ago. Then, I was fearing a catastrophic Category 4 storm; now I am expecting a Category 1. Speaking of which, the rain is picking up now, and I think the outer bands are arriving.

Updates here may be delayed when power and communications go out.

Sunday September 10, 2017 1635 EDT

Irma made landfall at Marco Island near Naples, at 130 mph. That’s really bad for Marco Island and Naples, and we should spare a thought for their misfortune.

Hurricanes seem to be zero-sum entities. Marco Island’s misfortune has improved our outlook in Tampa Bay. Its landfall is much further south than expected, meaning it is expected to weaken as it travels over land towards us. At the moment (and hurricanes are capricious things, so this is not cast in concrete), it is expected to be a Category 1 or maybe 2 when it gets here.

That’s a lot better than 4 or 5.

Irma is a hurricane of epic proportions.

It is so widespread that at the precise instant Irma made first landfall, Miami, 91 miles away from the eyewall of Irma, on the other coast of Florida, was getting 90+ mph winds and large storm surge, putting entire streets underwater and blowing over two cranes (hint: not birds) that were previously believed safe.

It is so big that it is causing heavy rain in Georgia - beyond the northern border of our state.

It’s still expected to dump 10-12 inches of rain over Tampa, and winds will still be a sustained 60+ mph, so it’s no picnic, and we will still be without power for anywhere from hours to days or weeks, but our outlook is much better.

Right now, anyway.

We’re waiting anxiously for midnight, the expected peak of the storm, but we are feeling more cheerful about our prospects.

Saturday September 9, 2017 1934 EDT

Well, at least Irma is not tracking directly over our house anymore, although the eye is so big it doesn’t make that much difference.

I’ve been talking to our neighbors and my wife about going to a shelter, and also looking on TV at the people who are going to the shelters. Many shelters are already full, and most of the people there seem to be those who live in mandatory evacuation areas and mobile or manufactured or structurally unsafe homes, or are elderly or unable to take care of themselves.

I also heard a response by the meteorologist to questions asked on Facebook to Fox 13 that asked: is it safe to shelter in place in a house that has no storm shutters or window protection?

The answer was unequivocally that, as long as you are not near windows, in an interior room with no windows on the lower floor (we will be - our laundry room), and the house has concrete block construction (it does), and is not in an evacuation zone (it is not), it will be ok.

None of our neighbors are leaving, even those who have no window protection. They are hunkering down in a windowless room and riding out the storm. They are not stupid people - the ones I talked to are intelligent professionals.

We’ve prepared as best as we can. We have flashlights and lots of batteries for them, charged battery packs for the cell phones, food and water for a while. I’ve uploaded insurance photos of the house and possessions, and most of our important documents, to the cloud. The computers in the house are all off and my work is now on a cloud server. My personal data is on a WD MyBook, which is too big to backup to the cloud, so it’s in my backpack with my MacBook and critical things.

Here’s the bottom line: given that we have a well-built, newer house, and enough drinking water and food for 3 days, we are better off than many people in our region who need shelter and would be displaced by us if we went and we didn’t absolutely have to.

And that is ultimately unacceptable.

As stupid as it might sound, it’s a calculated risk (in an admittedly very uncertain threat model), so we’re going to ride it out. We’ve told our neighbors where we’re going to be, and of course anyone reading this blog knows, too.

It is going to be really rough, with no power, no running water, no cooling, 4 people being stuck in a small room for at least 12 hours and maybe more, and a massive hurricane blowing outside.

It is what it is.

I’ll update as power and communications allows.

Friday September 8, 2017 2050 EDT

For Tampa Bay, the current storm track has worsened the local outlook considerably. No longer going up the middle of the state, the track has moved westwards, threatening the Gulf Coast. From storm winds earlier expected to top out at under 60 mph, the forecast has increased to maxima just under 90 mph, and conditions which were recently unfavorable for tornadoes have become favorable.

People in our neighborhood looked uneasily at my next door neighbor, who had had the foresight to have plywood shutters made (probably long ago), nailing them onto his home’s windows. Like us, they probably wished they had thought of that, too, but too late.

Being from southern Africa, where the only natural disasters are flood and famine, this is terra incognita for me (and there’s much terra).

A grim outlook indeed unless the track swings further away from the west coast out to sea, which seems unlikely.

Friday September 8, 2017 1300 EDT

All SunCoast CU branches closed until further notice:

Due to the effects of Hurricane Irma and the safety of our employees, ALL Suncoast Credit Union branches and the Members Care Center will be closed at 1:00 PM on Friday, September 8th through Monday, September 11, 2017. We will reopen on Tuesday, weather permitting; however, this may change based upon the storm’s progression and emergency management recommendations.

Friday September 8, 2017 1100 EDT

Irma’s track has shifted west around 11 PM EDT last night so that it drives up the middle of Florida. This is a worst-case scenario because nobody walks away unscathed. It all hinges on precisely when Irma makes its right turn, and what the conditions are at that time.

Thursday September 7, 2017

I have friends and relatives around the world who would appreciate knowing my family’s status as Hurricane Irma approaches, and hopefully bypasses, Florida. This blog seems like a good way to publish our status.

Boring Technical Stuff

I’ve set up my blog so that it lives on Amazon S3 and is replicated by Amazon Cloudfront. My blog source is on a private hosted git repository, and my publishing software (Octopress) is installed on a Linode that has read-only access to the git repo.

I have Working Copy and Byword on my iPad, so I can pull the git repo, update the blog and push it back to the git repo (if I have any Internet access).

To publish to S3, I’ll ssh to the Linode using Prompt, pull the git repo, and run Octopress to generate the update and push it to S3.

It’s probably overkill for a blog that almost nobody reads, but it’s good practice for me.

I had installed ovftool and was trying to use it copy a VM between two ESXi servers, based on this useful post from virtuallyGhetto. For various reasons, it’s often a better idea to use ovftool for copying VMs than by just using scp on the raw files.

Immediately, I ran into a WTF? moment.

$ ovftool vi://root@10.1.2.3/
Enter login information for source vi://10.1.2.3/
Username: root
Password: *******
Error: Could not lookup host: root

Error: Could not lookup host: root???

This confused the living daylights out of me. This has nothing at all to do with looking up a host.

Right?

Wrong.

And the answer is… drum roll…

Locators. At least, the URI-flavored ones. A locator points to different resource types like VMs or hosts.

When ovftool gets a URI, it’s more or less of the form protocol://username:password@host:port/ or protocol://username@host:port/

(protocol can be one of the standard schemes like https or file, or VMware-specific ones like vi or vcloud.)

If ovftool gets a URI without the password - which I would imagine most security conscious people would prefer - it quite sensibly prompts for a password and captures it without displaying it.

At this point, it appears that ovftool forms the full URI - including password - and uses that to authenticate with the remote system.

You can see where this is going.

The ovftool PDF manual clearly notes (but not clearly enough, in my view):

Encoding Special Characters in URL Locators

When you use URIs as locators, you must escape special characters using %
followed by their ASCII hex value.  For instance, if you use a “@” in your
password, it must be escaped with %40 as in vi://foo:b%40r@hostname, and a
slash in a Windows domain name (\) can be specified as %5c.

Now I get it.

1. ovftool captures the password from stdin and does not urlencode it.
2. ovftool forms the URI with the unencoded password, and does not check it for validity.
3. ovftool uses the URI to contact the remote system.
4. The malformed URI is interpreted such that the user name - root in this case - is considered to be the remote system’s host name.
5. The connection attempt dies with the oh-so-misleading message, Error: Could not lookup host: root.
6. I get a headache.

This hypothesis can be proven as follows.

• urlencode the failing password;
• Feed the encoded password to ovftool at the Password: prompt;
• …
• Profit!!

What I think ovftool does wrong

1. ovftool violates The principle of Least Astonishment. When a tool accepts a password for input, it is expected that the tool does any necessary transformations to it prior to using it. ovftool must urlencode the password if it obtains it via a password prompt.
2. ovftool fails to check that the URI is well-formed. The characters that must be urlencoded in the various parts of a URI are well-known, and it should be fairly easy to test this.
3. A more minor, yet valid quibble, is that ovftool echoes asterisks once the password has been entered, which is ok, except that it echoes the same number of asterisks as the number of characters in the password. Exact password length can give a useful clue to a would-be attacker (who would need to be looking over your shoulder, but still, it’s so easy to avoid this mistake).

A simple workaround

A simple workaround is to urlencode the password yourself on the command line. If you have access to a clipboard-copy-paste utility, the entire thing can be done without displaying the password.

Let’s say that your password is my@random pass/+?$#%^&*()-_+={}[]\|;:'”,/?.

This code snippet will prompt for the unencoded password, urlencode it, and put it into the clipboard, ready for pasting. The advantage of using this over the various command-line urlencoding utilities - that might or might not be available - is that Python is available just about everywhere these days. If not, there’s always Perl.

python -c 'import urllib; import getpass; print(urllib.quote_plus(getpass.getpass()))' | $CLIPUTIL

Clipboard utilities

Possible values of $CLIPUTIL include

• Windows 10: clip (or redirect to /dev/clipboard in older versions)
• macOS: pbcopy
• Linux (X): xclip -selection c

Having a cheat sheet can be pretty useful, so here you go.

This cheat sheet is based on a post by Christophe Porteneuve (many thanks).

Configuration settings

• diff.submodule = log (so you get clearer container diffs when referenced submodule commits changed).
• fetch.recurseSubmodules = on-demand (so you are confident new referenced commits for known submodules get fetched with container updates).
• status.submoduleSummary = true (so git status gets useful again when a referenced submodule commit changed).

Adding or cloning

• Initial add: git submodule add <url> <path>
• Initial container clone: git clone --recursive <url> [<path>]

Grabbing updates inside a submodule

cd path/to/module
git fetch
git checkout -q <commit-sha1>
cd -
git commit -am “Updated submodule X to: blah blah”

Grabbing container updates

git pull
git submodule sync --recursive
git submodule update --init --recursive

Updating a submodule inside container code

git submodule update --remote --rebase -- path/to/module
cd path/to/module

Local work, testing, eventually staging

git commit -am “Update to central submodule: blah blah”
git push
cd -
git commit -am “Updated submodule X to: blah blah”

Permanently removing a submodule (1.7.8+)

git submodule deinit path/to/module
git rm path/to/module
git commit -am “Removed submodule X”

Quick look: An Erlang list

This is the in-memory layout of the Erlang list "phi".

[112, 104, 105]

As a reminder, Erlang treats a string as a list of small integers; 'p', for instance, is 112. Don’t worry too much about the bitwise details of the diagram - we’ll cover those later on.

CAR and CDR denote the head and tail of the list, respectively (the Erlang ‘C’ source defines CAR and CDR macros, so I’ve adopted the same Lisp-y terminology).

Each of CAR, CDR, and NIL occupies one word in memory. A word is 4 bytes on a 32-bit system, and 8 bytes on a 64-bit system, so “phi” uses 2 + 2 + 2 + 1 = 7 words (28 bytes on 32-bit, and 56 bytes on 64-bit).

That’s right: 56 bytes for a 3-character string on 64-bit systems.

This is why Erlang developers routinely store strings as Erlang binaries. For more information, see the Erlang Efficiency Guide.

Let’s dig a little deeper into the memory layout.

Tagged Erlang term (Eterm)

Erlang data is represented internally by a typedef named Eterm.

An Eterm (a “tagged Erlang term”) is a data type defined in the Erlang emulator C code in sys.h. It is an unsigned integer that is chosen to be at least as large as a pointer on the architecture for which the Erlang emulator was compiled.

Tagged values are a clever way of saving memory by taking advantage of memory alignment rules, and using a word as either an immediate value or a pointer, depending on its tag.

An immediate value is a value that is in the word itself, as opposed to one obtained through pointer indirection.

A tag is a fixed number of least significant bits in the word, which are reserved for identifying attributes of the tagged data. Although this reduces the size of the data that can be stored in the word, it more than makes up for it by avoiding or reducing the overhead of pointers and descriptors.

Sidebar: Tagged values

On many CPU architectures, performance is penalized if access is made to data that is not aligned on a word boundary, that is, a 4 byte boundary on a 32-bit system, and an 8-byte boundary on a 64-bit system. This fact often drives designers of memory allocators to place data on word boundaries.

Addresses on word boundaries are even numbers that are multiples of the word size (e.g. 4, 8, 12, … on 32 bits, 8, 16, 24, … on 64 bits). This means that the addresses will have binary zeroes in their least significant bits: the least-significant 2 bits on a 32-bit system, and 3 bits on a 64-bit system. (This is because 4 in binary is 100 and 8 in binary is 1000).

Taking advantage of this, system programmers use these zero-bits to store information about the data, which could be an actual value like an integer, or it could be a pointer. When using a word, the bits are set at the time its data type is decided. If it’s a pointer type, those bits are masked off (zeroed) when the word is used (otherwise it would point to the wrong address).

Eterms in depth

There are 4 primary kinds of Eterm:

• Header - If the data cannot fit into a word, the Eterm becomes a header, which is a descriptor of the data, followed by the variable-length data.
• List - This is a pointer either to the first node of a list, or to the immediate value NIL. A node is a two-word array to hold CAR and CDR. CDR points either to the first node of the tail of the list, or NIL. CAR, being an Eterm, can be a List, Immediate, or Boxed value.
• Boxed - A boxed Eterm is a pointer to a Header.
• Immediate - If the data is small enough to fit into a word (minus the space used by the tag bits), it is called an immediate value.

Here’s my view of what the various flavors of Eterm look like for a 32-bit version of Erlang.

Note the 4 primary types we just mentioned, namely Header, List, Boxed, and Immediate. They are identified by the 2 least significant bits (for example, Header is binary 00, and Immediate is binary 11).

• The Header type uses an extra 4 tag bits to identify 16 subtypes (only 15 are shown in the image, but BIGNUM has a sign bit, so it really has two header types).
• The Immediate type is broken down into 4 subtypes, but one of those subtypes is called Immediate2, which is not shown but uses an extra two bits, which extends the number of immediate subtypes and sub-subtypes from 4 to 6, with one spare. The immediate types include a 28-bit small integer, which gives a signed integer range of -134217729 < i < 134217728. This is the data type used to represent a character in strings, which is why using binaries to store long strings is much more space-efficient.

Basic Erlang Data Types

We’ve already seen Erlang’s list and small integer, so let’s look at some other basic data types.

Tuple

A tuple is a fixed-size collection of values, somewhat like a struct in ‘C’.

A tuple is also a boxed value, so it consists of a Boxed pointer (1 word) to an ARITYVAL header (1 word), after which appear the elements of the tuple.

The arity part of the ARITYVAL header is a 26-bit (on a 32-bit system) integer value containing the number of elements in the tuple. It follows that the size of a tuple is 2 words + the size of the data following the header.

This is illustrated by this tuple of characters (integers, really).

{$H, $e, $l, $l, $o}

Binary

A binary is an interesting Erlang data type, because there is more than one flavor:

• Heap: A binary that is up to 64 bytes long is created on the process heap and is not reference counted.
• Refc: A binary that is longer than 64 bytes is created in a shared heap, and is reference counted.
• Sub: A sub-binary is a descriptor that references a part of a binary. Two sub-binaries are created when, for example, splitting a binary.

Heap binary

A heap binary uses this data structure:

1
2
3
4
5

typedef struct erl_heap_bin {
    Eterm thing_word;		/* Subtag HEAP_BINARY_SUBTAG. */
    Uint size;			/* Binary size in bytes. */
    Eterm data[1];		/* The data in the binary. */
} ErlHeapBin;

<<"0123456789ABCDEF">>

Pid

There are two types of pid: internal and external. An internal pid refers to processes on the local node, while an external pid identifies processes on remote nodes.

Internal pid

External pid

TODO

Port

There are two types of port: internal and external. An internal port refers to a port on the local node, while an external port identifies those on remote nodes.

Internal port

External port

TODO

Combined data types

It gets interesting when we combine the data types. We’ll look at a tuple of lists, and a list of tuples.

Tuple of lists

{"phi", "eta", "rho"}

List of tuples

[{$p,$h,$i}, {$e,$t,$a}, {$r,$h,$o}]

Disclaimer

This information is based on an analysis I did of the Erlang C source code on github circa June 2016. In particular, I looked at erl_term.h and sys.h. I did my best to avoid mistakes, but I’m not an expert on Erlang internals, so YMMV.

The org chart hierarchy is based on the manager LDAP attribute. Required LDAP attributes are, by supported schema:

The sections below summarize how to use this utility.

Usage

1

gen-orgchart [options] <ldapuri> <basedn>

Prerequisites

• Python 2.x (>= 2.7)
• docopt
• jinja2
• python-ldap

Comments

• There’s no real attempt at a pretty layout, but it does the job.
• It would be useful to be able to specify an LDAP filter. Currently, it includes everything under the base DN, which is not ideal if the directory is complex.
• It’s useful to pipe the output to a renderer like xdot.
• It’s only been tested on Debian/Ubuntu.

Examples

1

gen-orgchart --help

1
2
3
4
5
6

# Generate an org chart from an Active Directory server at
# ldaps://ad.example.com, binding as me@example.com and prompting
# for a password.
gen-orgchart \
    --binddn me@example.com --askpass \
    ldaps://ad.example.com ou=people,dc=example,dc=com | xdot -

1
2
3
4

# As above, but with short options
gen-orgchart \
    -D me@example.com -W \
    ldaps://ad.example.com ou=people,dc=example,dc=com | xdot -

Dear Bank of America,

Your MSB department believes I am a wicked money launderer or something, so you froze my personal account. If I hadn’t been paying attention, it could have been very nasty indeed, but I drained my accounts and left you only $27.08 in the one you subsequently froze. Don’t spend it all at once.

Apparently, my evil scheme was sending monthly child support to my kids in South Africa through XETrade. (By the way, I’ve been doing that since 2005. Oh! The humanity! This is an act that will live in infamy.)

I tried to tell you. I wrote, I called, but you simply ignored the facts.

So, goodbye. I’m breaking it off with you after 17 years. I’ve closed all my accounts with you, not just my personal one. Don’t call, don’t write. I’m not angry or hurt, I just can’t leave my money with you because I can’t trust you any more.

Regards, Me.

The sinister Operation Choke Point

How, you may ask, were my nefarious activities (pfft!) finally exposed after a decade or so?

A new Bank of America computer system, I was told. And I learned about the strong arm tactics of the United States Department of Justice. And the sinister Operation Choke Point.

And… well, if you have the time and interest, here’s the back story.

The back story

I develop software for a living. Have done for 30 years or so, and I love it. In 1997 my dream of living and working in the USA came true, and I left South Africa together with my wife and child.

One of the first things I did when I got here was open a checking account with Bank of America. What a great name - it’s America’s Bank, right? My heart swelled with pride.

Fast-forward to late 2003. We all get our permanent residence cards, but my marriage is sadly over (amongst other things, immigration is hard on families). My wife and I negotiate a marital separation agreement in which I commit to sending monthly child support payments, helping with medical expenses, and so on. She heads back to South Africa with our two children. It is a sad time.

Wire transfers tedious in 2003

Initially I pay using wire transfers, but to do this, I need to go into my Bank of America branch every month and fill out a form. It also costs more than I think reasonable.

But the Internet quickly matures and in mid-2005, I sign up for XETrade. Now I can send my child support payments online at any time, for less money, at my convenience. I get better forex rates, which is good for my kids. XETrade gets paid via direct debit from my Bank of America personal checking account.

From 2005 to 2015 I send payments through XETrade every month. I also send extra money for things like birthdays and Christmas; to pay for nursing care for my late mother; and for my elder son’s college costs.

Everything is copacetic. And then it isn’t.

The bank loses its mind

In November 2015 I get a form letter from Bank of America. My personal account activities apparently include some that are “consistent with activity commonly associated with that of a Money Services Business (MSB).”

I don’t know about you, but I’d never even heard the term “Money Services Business” until then.

The letter goes on to warn that unless the innocuously-named 8-page Customer Data Form for MSBs is filled in and returned within 30 days, my account will be frozen and closed.

I lose my mind

At that instant, I take the letter seriously. Actually, I kind of lose my shit. For good reason, as it turns out.

The Customer Data Form for MSBs makes no sense to me. It asks questions about “the business” which, of course, I cannot answer, because “the business” does not exist.

I call MSB Customer Service and speak to a “Kim”. I explain that I have no clue what they are talking about and can’t fill in the form, and why are they targeting me like this?

Kim tells me that my account has transactions with Custom House, which apparently raises flags.

“Custom House…?” I rack my brains. Then it hits me: XETrade is a DBA of Custom House. No problem! I can explain everything, and it will All Be Ok(tm).

I describe how I use XETrade to pay child support to my boys in South Africa. I ask how I am supposed to fill in a form to which there are no answers, and she instructs me exactly which boxes to fill in and what to put in there.

I write a covering letter and fax the whole 10-page shebang to the MSB Fax Line. I fax it at least 3 times to make sure it doesn’t get lost.

Whisky Tango Foxtrot, Extended Edition

I get a letter from Bank of America dated November 17 2015, thanking me for the documentation and inexplicably, mind-numbingly, stupefyingly, jaw-droppingly concluding that: “your business activities qualify, under federal guidelines, as a Money Services Business”. Did they literally not get the memo?

It includes a page from my completed data form, advising that I need to provide some extra information, failing which they will freeze my account.

I mean, wtf, right? Wtf,f,f,f,f?!!

At this point I realize that I have already lost the battle. Nothing I say or do that doesn’t involve an army of high-priced lawyers and Scrooge McDuck’s bank vault full of $$$ is going to make any difference.

I go into damage control mode.

I immediately open personal and business accounts at a local credit union and transfer most of my money from Bank of America to the new accounts. I leave only enough to pay outstanding bills and upcoming ACH transactions, and start the tedious process of changing all the ACH details, bill payments, and so on, to use my new accounts.

Now I wait to see what Bank of America does. I fully expect it will freeze my account without further notice.

It doesn’t disappoint me.

Baby, it’s cold in my account!

On Friday, December 18, I get notified via email that my Bill Pay on my personal account has been suspended. I assume this is because my account has been frozen, as threatened. There is no other notice that my account is frozen. Nothing.

The next day, I call Bank of America customer service. The representative confirms that my account is frozen until I return the required documentation. I politely and calmly tell the representative that it will stay frozen until the end of time, because I am never sending in the documentation. I explain the situation and decline all offers to “fix” it - it’s just blowing smoke up my ass, anyway.

I close all my Bank of America accounts and agree to let them mail me cashier’s checks for anything left in the accounts. I don’t care even if they take it all; it’s worth the remaining $100 to me to have the satisfaction of ending the relationship on my terms. I know Bank of America doesn’t really care about my tiny little account, compared to the impending wrath of the mighty US Department of Justice should they not kick me to the kerb.

The Mighty US Department of Justice Flexes Its Muscles

Why did it take Bank of America more than 10 years to catch me in the unforgivable act of paying my child support every month? And why is it doing this in the first place?

It turns out that Bank of America recently installed a new computer system that flags “suspicious activities” in customer’s accounts. According to what I read, it was effectively strong-armed into doing this by the US Department of Justice (and FinCEN).

Which brings me to the sinister Operation Choke Point.

Operation Choke Point

Operation Choke Point is

…the U.S. Department of Justice using pressure on the financial system to conduct “a massive government overreach into private businesses that are operating within the law.” bizzyblog

Let’s not mince words: a program that was built upon the goals of stopping financial fraud has devolved into a massive government overreach into private businesses that are operating within the law. … The intention of the government, it would seem, is to make the banks unwilling to deal with the government harassment and simply cut anyone in those industries off from the financial institutions. Nobody is happy about this. techdirt

Which legal private businesses are targeted? Those in “high-risk merchant categories”.

“High-risk” merchant categories

This is the DOJ’s shit list. Where do you think I fit in to this?

• Ammunition Sales
• Cable Box De-scramblers
• Coin Dealers
• Credit Card Schemes
• Credit Repair Services
• Dating Services
• Debt Consolidation Scams
• Drug Paraphernalia
• Escort Services
• Firearms Sales
• Fireworks Sales
• Get Rich Products
• Government Grants
• Home-Based Charities
• Life-Time Guarantees
• Life-Time Memberships
• Lottery Sales
• Mailing Lists/Personal Info
• Money Transfer Networks
• On-line Gambling
• PayDay Loans
• Pharmaceutical Sales
• Ponzi Schemes
• Pornography
• Pyramid-Type Sales
• Racist Materials
• Surveillance Equipment
• Telemarketing
• Tobacco Sales
• Travel Clubs

Money transfer networks considered harmful (by DOJ)

Yep - Money Transfer Networks. I committed the cardinal sin of using a Money Transfer Network to send support payments to South Africa, namely Custom House (DBA XETrade), a Canadian company. It seems that Custom House’s operations in the USA are handled by Western Union.

But… but… so what??

According to an informed source, it’s guilt by assocation. I was told that shady underworld types linger around Money Transfer Networks, such as Western Union (Custom House’s US partner). Hey, I’m not knocking Western Union, just passing on what I was told.

Steaming pile of crap

What should I have done? According to the same informed source, what other “respectable” people do: send money using the bank’s own wire transfer services. So that’s what I am doing now via my new credit union. I have to phone the credit union and give the details of my ex-wife’s bank account number, SWIFT code, and so on, every time. What - can’t they just save the information? Isn’t that why we have, you know, computers? The response was that it’s policy to have me call in and repeat all that data, every time, and have the phone call recorded.

Isn’t this a steaming pile of crap?

A cautionary conclusion

Who knew about all this? I certainly didn’t. But even so, I should be able to send my (legitimate) money to my (legitimate) family overseas any way I like, right? The land of the free and all that?

But if I do it again, the same crap will come down on me, so I dare not.

I have been warned, and hopefully, so have you, dear reader.

Bank of America MSB Customer Service: 1 (800) 213-0236

A fungible resource is a human cog that managers and executives believe they can drop into a business machine to replace an existing cog. In other words, when developers part ways with a company, many managers believe that their replacements can quickly get up to speed and take over where their predecessors left off.

This is rarely true in any substantial development effort.

In his paper, Programming as Theory Building (PDF) Peter Naur - the “Naur” in “Backus-Naur Form” (BNF) - explains that as a program or system is built, the person or team that develops it builds a “theory” of the system. The theory embraces a dimension of software architecture beyond the well-known structural and behavioral views. This dimension cannot adequately be documented, a little like the “Quality Without A Name” cannot be described. No, it’s not woo. Every great developer understands this intuitively. (The paper is highly recommended reading for the patient and detail-oriented).

Naur describes how engineers who took over the development or maintenance of a system would modify it in ways that “make no use of the facilities that were not only inherent in the structure of the existing [software] but were discussed at length in its documentation, and to be based instead on additions to that structure in the form of patches that effectively destroyed its power and simplicity.”

He goes on to write that

“The conclusion seems inescapable that at least with certain kinds of large programs, the continued adaption, modification, and correction of errors in them, is essentially dependent on a certain kind of knowledge possessed by a group of programmers who are closely and continuously connected with them.”

Basically, you can’t throw away the old cog without steadily increasing grinding noises and smoke emanating from the gearbox as the system dies from the thousand cuts of unguided maintenance.

“The death of a program happens when the programmer team possessing its theory is dissolved…. The actual state of death becomes visible when demands for modifications of the program cannot be intelligently answered”.

Sounds familiar.

Does this mean projects are doomed when they lose their “theoreticians”?

Not necessarily. One way to soften the blow is to retain their services in a mentoring and advisory capacity. A caveat here is that if the advisors do not keep closely connected with the project as it changes, they will lose their special knowledge. Even more importantly, teams need to swallow their pride and actually take the advice of the old guard. This needs no small measure of maturity and humility, qualities which are conspicuously lacking in some developers.

So don’t be so quick to let core developers go. They are not fungible resources.

This text is an excerpt from Carl Sagan’s book, Pale Blue Dot: A Vision of the Human Future in Space, 1997 reprint, pp. xv–xvi. The photo was taken by Voyager 1 from the edge of the solar system.

From this distant vantage point, the Earth might not seem of any particular interest. But for us, it’s different. Consider again that dot. That’s here. That’s home. That’s us. On it everyone you love, everyone you know, everyone you ever heard of, every human being who ever was, lived out their lives. The aggregate of our joy and suffering, thousands of confident religions, ideologies, and economic doctrines, every hunter and forager, every hero and coward, every creator and destroyer of civilization, every king and peasant, every young couple in love, every mother and father, hopeful child, inventor and explorer, every teacher of morals, every corrupt politician, every “superstar,” every “supreme leader,” every saint and sinner in the history of our species lived there – on a mote of dust suspended in a sunbeam.

The Earth is a very small stage in a vast cosmic arena. Think of the rivers of blood spilled by all those generals and emperors so that in glory and triumph they could become the momentary masters of a fraction of a dot. Think of the endless cruelties visited by the inhabitants of one corner of this pixel on the scarcely distinguishable inhabitants of some other corner. How frequent their misunderstandings, how eager they are to kill one another, how fervent their hatreds. Our posturings, our imagined self-importance, the delusion that we have some privileged position in the universe, are challenged by this point of pale light. Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity – in all this vastness – there is no hint that help will come from elsewhere to save us from ourselves.

The Earth is the only world known, so far, to harbor life. There is nowhere else, at least in the near future, to which our species could migrate. Visit, yes. Settle, not yet. Like it or not, for the moment, the Earth is where we make our stand. It has been said that astronomy is a humbling and character-building experience. There is perhaps no better demonstration of the folly of human conceits than this distant image of our tiny world. To me, it underscores our responsibility to deal more kindly with one another and to preserve and cherish the pale blue dot, the only home we’ve ever known.