More Zonkyness

Blog

  • Tories Blame The Immigrants For Everything

    Well that speech wasn't much of a surprise; the Tories are busy blaming immigrants for every single one of their failings. It is hardly surpising that Theresa May is the one giving that sort of speach; she's on the lunatic fringe of the Tories and would probably be happiest if they brought back birching (especially if she got to wield the birch). 

    Are you having trouble finding a house? The Tories say that immigrants are to blame.

    Are you having trouble finding a job? The Tories claim that immigrants are to blame.

    Did your cat go missing yesterday? The Tories claim that immigrants are to blame.

    Is the TV on tonight boring? The Tories claim that immigrants are to blame.

    Every sensible study into the impact of immigration into the UK has shown that they contribute far more than they take, and I for one am getting pretty sick of all this pandering to the fascist wing of the British public. It's also out of step with the mood of the nation – with many people looking at the Syrian refugee crisis and looking to help.

    Anyone would think that the Tories are terrified that UKIP might start taking votes away from them, and have decided to adopt the far-right anti-immigration party's policies to steal their thunder. Not exactly the moral high ground.

  • Linux Containers: Don’t Configure The Container Network

    More up to date information can be found here.

    One thing that has always puzzled me about Linux Containers was why it is necessary to configure the network address in two places – the container configuration, and the operating system configuration. The short answer is that it isn’t.

    If you configure network addresses statically within the container configuration :-

    » grep net /var/lib/lxc/mango/config 
# networking
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.ipv4 = 10.0.0.35/16
lxc.network.ipv4.gateway = 10.0.0.1
lxc.network.ipv6 =         2001:0db8:ca2c:dead:0000:0000:0000:000a/64
lxc.network.ipv6.gateway = 2001:0db8:ca2c:dead:0000:0000:0000:0001

    Then the configuration within the container’s operating system can simply be :-

    » cat /var/lib/lxc/mango/rootfs/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual
iface eth0 inet6 manual

    And that works fine.

  • Linux Containers: Disabling The Autoconfigured IPv6 Address

    A newer post has more information (and more reliable information).

    One of the things that has been mildly irritating me about my little collection of Linux containers has been that in addition to the statically defined IPv6 addresses, there is also an automatically defined IPv6 address :-

    » lxc-ls --fancy
NAME      STATE    IPV4       IPV6                                                              AUTOSTART  
---------------------------------------------------------------------------------------------------------
apricot   RUNNING  10.0.0.34  2001:db8:ca2c:dead:21e:a0ff:feb6:6a, 2001:db8:ca2c:dead::3eb      YES        
chagers   RUNNING  10.0.0.32  2001:db8:ca2c:dead:804a:bfff:fe83:f98d, 2001:db8:ca2c:dead::5e11  YES        
glanders  RUNNING  10.0.0.31  2001:db8:ca2c:dead:21e:a0ff:feb6:66, 2001:db8:ca2c:dead::ba11     YES        
lyme      RUNNING  10.0.0.30  2001:db8:ca2c:dead:21e:a0ff:feb6:65, 2001:db8:ca2c:dead::cafe     YES        
mango     RUNNING  10.0.0.35  2001:db8:ca2c:dead:6c42:24ff:fe7d:4e9, 2001:db8:ca2c:dead::a      YES        
peach     RUNNING  10.0.0.33  2001:db8:ca2c:dead:21e:a0ff:feb6:68, 2001:db8:ca2c:dead::3a11     YES        
rhubarb   RUNNING  10.0.0.40  2001:db8:ca2c:dead:21e:a0ff:feb6:69, 2001:db8:ca2c:dead::dead     YES

    Now this is hardly the end of the world, but it is not tidy and it is the sort of thing that may lead to problems down the road if servers are communicating on an address that is not reverse DNS registered. Or indeed when someone contacts a server on an address such as 2001:db8:ca2c:dead::3eb and the reply comes from 2001:db8:ca2c:dead:21e:a0ff:feb6:6a.

    After any number of false starts, the answer is quite simple – use sysctl to turn off autoconfigured address from within the container; which doesn’t make much sense logically – containers don’t have a kernel of their own, so the global kernel should be the one that is tuned. However :-

    for container in $(lxc-ls)
do
  echo net.ipv6.conf.eth0.autoconf = 0 >> /var/lib/lxc/$container/rootfs/etc/sysctl.conf
done

    Does the trick (after a reboot)  :-

    » lxc-ls --fancy
NAME      STATE    IPV4       IPV6                                                              AUTOSTART  
---------------------------------------------------------------------------------------------------------
apricot   RUNNING  10.0.0.34  2001:db8:ca2c:dead:21e:a0ff:feb6:6a, 2001:db8:ca2c:dead::3eb      YES        
chagers   RUNNING  10.0.0.32  2001:db8:ca2c:dead:18d9:99ff:fe28:3591, 2001:db8:ca2c:dead::5e11  YES        
glanders  RUNNING  10.0.0.31  2001:db8:ca2c:dead:21e:a0ff:feb6:66, 2001:db8:ca2c:dead::ba11     YES        
lyme      RUNNING  10.0.0.30  2001:db8:ca2c:dead::cafe                                          YES        
mango     RUNNING  10.0.0.35  2001:db8:ca2c:dead:2411:80ff:feb9:6600, 2001:db8:ca2c:dead::a     YES        
peach     RUNNING  10.0.0.33  2001:db8:ca2c:dead::3a11                                          YES        
rhubarb   RUNNING  10.0.0.40  2001:db8:ca2c:dead::dead                                          YES        

    Except for the older containers 🙁

    I’ve obviously missed something, but fixing nearly half of the containers is a good start.

    After attending to pending upgrades (some of my old containers were still running wheezy), and setting the network configuration to manual, one of the recalictrant containers (glanders) lost it’s autoconfigured address.

    Two more containers lost their unwanted extra addresses after “fixing” their configuration. I’m not sure what was wrong with the old configuration, but after copying and modifying a recently created container configuration, they rebooted with just one IPv6 address. The last one was mango, but after an extra reboot, it also was fixed :-

    » lxc-ls --fancy
NAME      STATE    IPV4       IPV6                      AUTOSTART  
-----------------------------------------------------------------
apricot   RUNNING  10.0.0.34  2001:db8:ca2c:dead::3eb   YES        
chagers   RUNNING  10.0.0.32  2001:db8:ca2c:dead::5e11  YES        
glanders  RUNNING  10.0.0.31  2001:db8:ca2c:dead::ba11  YES        
lyme      RUNNING  10.0.0.30  2001:db8:ca2c:dead::cafe  YES        
mango     RUNNING  10.0.0.35  2001:db8:ca2c:dead::a     YES        
peach     RUNNING  10.0.0.33  2001:db8:ca2c:dead::3a11  YES        
rhubarb   RUNNING  10.0.0.40  2001:db8:ca2c:dead::dead  YES        

  • Gun Control (Again)

    In the wake of yet another senseless slaughter in the US perpetrated by a supposedly anti-Christian mindless thug, it is time yet again for the US to contemplate a sensible level of gun control.

    The US does not have a problem with gun control; it has a problem with mindless violence. There are other countries in the world where gun ownership is at the same level or even higher than in the US – such as Switzerland.

    But gun control is a sensible measure to take whilst the real problem – a tough problem to tackle – is dealt with. The fact that the US constitution protects gun ownership is a red herring; as the name implies (the Second Amendment), the US constitution is amenable to amendment.

    And even that is a bit of a red herring – the second amendment does not protect gun ownership for the purposes of self-defence, playing with guns at a gun range, or murdering innocent animals,  It protects gun ownership for the purposes of making up a well-regulated militia :-

    A well regulated militia being necessary to the security of a free state, the right of the people to keep and bear arms shall not be infringed.

    Gun control regulations that do not prevent gun ownership by members of a well regulated militia are not in breach of the second amendment.

    If for example the US brought in laws which required gun owners to be members of a well regulated militia (which as a minimum should ensure that militia commanders are subject to stringent checks), store their weapons in a militia armoury, and only be allowed to use those weapons under the supervision of militia officers, it would go a long way to preventing senseless slaughters.

    The main aim with that is to ensure that gun usage is subject to collective decision making – crowd-sourcing the decision to use the weapons if you like.

    If gun usage is controlled by collective decision making, there is less chance of a murderous maniac slaughtering innocent victims.

    You may think that as a UK citizen, this is none of my business, but I dispute that. The victims of this latest senseless slaughter were my fellow humans, and as a human I have the right to stick my oar in.

  • Dear Mr Huawei ..

    2015-09-24 19.02.32

    Your new phone turned up on my desk today. It's all very sparkly but there is one big problem with it.

    The name.

    If you are going to release a product named with an English-language word, then you may want to check the spelling of that word because spelling that word wrong is not very impressive.

    Now Americans would have you believe that the word is spelt as you have spelled it – honor. However there is a clue to the originators of the language in the name; you should the spelling with the English.

    If you ever release a version of the phone in North America, it would be reasonable to use their spelling of the word. But elsewhere in the world, please use the correct spelling.

    It's a bit over the top to insist on a product recall for this, but please remember when it comes to releasing the next version of this phone that it should be called the "Honour 8".