Setting Up A New Fortigate Firewall

Sooo…my Cisco Meraki subscription runs out next month, and Cisco doesn’t want to talk to me about what their re-licensing options are. I like my MX64, the interface is really nice, and the device is super effective. But I can’t find out what they want to charge me for a fresh license, or even if they will sell me one. Their partners wouldn’t respond, they themselves wouldn’t respond, so I took the logical next step.

And I upgraded to a Fortinet firewall. I wanted a NGFW with full-service features, Fortinet’s got it. I wanted one that had a great rep, they got it. I wanted a good, clean UI, and they got it. Well, mostly they got it. I’ll say this – Meraki’s UI has Fortinet beat on intuitive nature, clean look, and logical division of features. It’s just better. But Meraki’s UI has a flaw: it is entirely cloud based. If I have a problem with my firewall, chances are high that I can’t reach the internet. And that means I have no method to work with my firewall unless I happen to have all the CLI memorized and the Meraki unit decides to be kind to me while trying to authenticate my login with Putty.

So I got myself a little Fortinet, a model 40F. Much like the Cisco offering, Fortinet uses the same web interface and commands across the board of their product line, so if you learn one you can run them all. Nice touch, that.

And it’s just so cute.  Who’s a widdle firewall?

And much like the difference between the UIs, the setup had a similar situation.  Fortinet just required a bit of a push over the finish line, and it was a frustrating push.  With the Meraki, it was quite literally a plug-it-in-register-go affair.  You could add more complicated configs after setup, but if all you needed was an above-average firewall that would let you go after setup, that was the bomb.  I had it in and running in ten minutes. 

Next-Gen v. Traditional Firewalls

You keep hearing about “NGFW” devices in network circles, but what exactly are they? 
 
Briefly, traditional firewalls worked on a port-and-IP basis, blocking undesirable connections by simply turning away traffic that wasn’t addressed acceptably.  Maybe it came from the wrong country, or asked for a port that wasn’t “open”.  This is called “intrusion prevention.”

NGFW devices do that too, but additionally they can inspect the contents of the packets that are accepted, and are able to filter traffic that contains unacceptable content.  For example, a NGFW might know to look for viruses or dangerous payloads in email traffic. 
 
As well, the NGFW is usually enabled with frequent updates to its library of dangers, or it may even perform cloud-based real-time inspection to catch zero-day threats.  A Fritz!Box just doesn’t do that.

Not so much the Fortinet. 

Which is why I’m writing this:  I want you to be able to do a fast setup and avoid the stress I had. 

So let’s go through it, shall we? 

When you get your new device, you pop open the box and the first thing you see is a “quick start” manual, which will do you no good at all.  I’ll explain why shortly. 

Beneath that, you’ll get a net cable, a power adapter (standard wall-wort with various national plug adapters), and of course the device itself sealed up in a plastic bag.  As well, a little sticky that has some simple steps on it. 

Position yourself within arms’ reach of your internet modem/router, and lay your things out around you in easy reach.  Have a laptop or other computer powered up and ready here.  Minimally you’re going to need the Fortigate device, its power adapter, two patch cables (LAN cables), and your computer. 

Important:  Don’t Get Ahead Of Yourself.  I had this device up in my office, getting it revved up to take over from the Meraki, and I was setting port forwards and a bunch of other stuff prior to the following steps.  That was a mistake that cost me a few serious head-scratches.  Some of that stuff conflicted with the basic setup and cost me time.

Yeah, that’s the sticky

1. Follow the instructions on the sticky, but not in the order given.

Do the “Cloud Setup” first.  Go register your name and enter the “cloud key” like it says.  

Next, assemble the power plug and plug the little critter in.  Attach your laptop or other computer to the device using the included cable.  Turn off WiFi if it’s on, and either enable DHCP (in which case you then need to tell your adapter to renew its IP) or set it to IP 192.168.1.1 with a subnet mask of 255.255.255.0. 

If you have a mac or an iPhone, do that Apple stuff.  Whatever. 

Open a browser and go to HTTPS://192.168.1.99.  < Note the “S” there.  Gotta have that.  The device by default won’t feed you a page if you’re not on HTTPS.  You should at this point be given a web page interface to the device.  By the way, the login is “admin” with no password.  It’ll prompt you to change that when you enter.


Should look a little like this (I pulled my ISP’s IP and the license server’s IP just to avoid confusion – your IPs will be different)

By the way, go look for my article on passwords.  You want to set a good one for your firewall.  And keep it safe in a manner that you won’t forget it.

It will also prompt you to register your device.  Ironically, you won’t be able to, so just tell it “later”. 

If it does not give this to you for some reason, get your vendor on a chat line or a phone line and have them walk you through enabling the web GUI (details can be found here: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34688).  I didn’t have this problem, so I don’t anticipate it to be common on new devices.

All good so far?  I hope so. 

2. Plug the Fortigate in to your modem/router.

I have a “Fritz!Box” 7490 here (yeah, I run multiple firewalls in a chain, call me paranoid if you have to), but this will work from a regular modem or other router, too.  The physical structure of your network when you do the setup should break down into the following:

Wall Socket > modem/router > Fortigate device

Where “>” represents a physical cable (it might also be wireless, but I’m not getting into that here).  So the wall cable goes into the “WAN” or “Internet” port (or whatever similar word they’re using on the brand you have).  You’d normally then have 2-4 “LAN” ports beside that which are supposed to lead to your computer or a switch or something. 

Take the second of your patch cables and plug it into the “WAN” port of the Fortigate (the first is running from the Fortigate’s LAN port to your PC), and the other end of it should go in one of those LAN ports on your modem/router. 

Wait a few seconds, and then in the UI page of the Fortigate, navigate the left-side menu to Network > Interfaces.  You should see at the top of this page a little indicator showing which ports are active on the device.

That’d be what I’m talking about right there.

You can hover over the ports, by the way, and they’ll give you a read of the connection details.  Nice touch there, Fortinet, I appreciate that attention to detail. 

Fly-by hints are nice. IP blocked to protect the innocent.

This would be a good time to go into your modem/router and fix the IP it gives your Fortigate, just so you have a record of it somewhere. 

3. You’re all done!  Happy surfing.  No, just kidding, this is just where they dump you on the side of the road.

No, really.  This is where they leave you.  On my old Meraki, that’d be fine, because I could get out to the internet from here and start goofing around and playing World of Warships or reading stupid Facebook posts.  But really, you’re not done here.  If you try to get out to the internet (go ahead, I’ll wait) you’ll find that your browser just gives you the finger.  Usually in the form of “DNS can’t be resolved” or something equally useful.  Also, in the Fortigate dashboard you’ll see under “Licenses” that none of them are confirmed and there’s a red bar that says “Unable to connect to Fortinet servers” or something like that.

@Fortinet – here’s where you guys dropped the ball.  A couple of simple defaults would have saved me (and who knows how many other people) a few hours of grief and head-scratching. 

Are you still at the “Network > Interfaces” page?  If not, go back there.  You have to configure something.  In my case (with a model 40F) there aren’t too many interfaces to choose from, and mine is called the “Physical Interface”.  Yours probably shows up as “wan” or something similar.

That’s the bugger right there.

Double-click on its name or right-click and choose “edit”. 

Here’s what you get taken to next – most of it won’t need to be modified, you just need to review it and be passingly familiar with what’s in here:

Let’s touch on these points in red.

The items highlighted in red there are ones you need to pay attention to.

  1. Alias – give your WAN connection a meaningful name.  Even if you only have one WAN hookup, it doesn’t hurt to name it after your router or your ISP so you know what you’re looking at.
  2. Leave role as “wan”.  If you’re using others, then you probably know enough that this article isn’t telling you anything new.
  3. Depening on how your modem/router hands out IPs to equipment, pick the appropriate style here.  My Fritz!Box is set up to use DHCP, and I’ve told it to always give the Fortigate the same IP when it sees it, so that’s the route I took here.  If you prefer to fix the IP within the device itself, then you’ll want to set it up on Manual. 
  4. DNS – confirm that your DNS server is set correctly.  If you don’t know what I’m talking about, ignore this for now.  I prefer to use Google’s DNS servers for my stuff, so the Fritz! Hands that off when an IP is requested.  Your mileage may vary. 
  5. Default gateway – for the Fortigate, its default gateway out to the internet will be your modem/router.  Ensure that this value represents the IP that your modem/router presents inside your walls (not the value it uses on the world-facing side).

Record your default gateway value in notepad or something.  You’ll need it shortly.

4. Here’s The Biggie

We’re at the point where the biggest “missing link” should have been.

@Fortigate – again, a short add here will save your customers some grief.

Devices like a regular modem/router or regular commercial firewall products that you can buy at MediaMarkt or Best Buy, etc., have a default rule in them: “If I get traffic coming in on the LAN ports, and the address isn’t in my house, squirt it out to the internet to find its way.” 

That rule doesn’t exist here on the Fortigate.  Which is why if you try to reach a Google server right now, your system will tell you to go spin.  So, we have to create it and give it to the Fortigate, so it knows that it should do its job. 

Navigate on the left-hand menu to “Network > Static Routes”.  There’ll be a big bag of nothing there.  At the top, choose “Create New”, and you’ll get this:

Just need to tell the Fortigate where the door is so it can let your traffic out.

Leave “Destination” alone.  That represents the address of the packets the firewall receives.  Grab that “Interface” drop-down and choose the Wan interface you configured (you did give it a good name, right?) a few moments ago.  It should populate the Gateway Address for you automatically, but if it doesn’t, you can enter it because you recorded it in Notepad or something when I told you to. 😊

When you’re done, it should look like this:

It assigns this just from choosing that drop-down.

In computer-speak, we’re creating a default static route that’ll go into the route table of the device.  In human language, that means “When the firewall sees an address on a packet it doesn’t recognize, it throws it out the window into the Internet to get handled.” 

@Fortigate – Really folks, you should just include this as a default.  Experienced users can always delete or disable it.  How many people buy a firewall and then don’t have a default like this? 

Don’t worry about Advanced Options or anything, just make sure to “OK” it.

At this stage, I re-booted my firewall (just pull the power and put it back in) to get it to take up the new route.  I suspect if you go get a coffee or something instead it will eventually pick up the rule and apply it without this, but I didn’t want to wait. 

Now that the static route is in, you should be able to connect to the internet from your firewall.  At the top right of the page, you’ll see an option for a command-line interface:

That’s it, right there ^^

Click on that, and in the faux terminal that pops up, enter:

execute ping 8.8.8.8

You should be getting back something that looks like this:

Queue John Mayer singing about 1983…

You can also now connect out from your computer connected to the firewall.

The dashboard of the Fortigate should now also show under “Licenses” which ones are active, and that red “unable to connect” bar should be gone.

By the way – you can now safely set up your port-forwarding rules.  If you’d done so before this, your default way out into the internet would have conflicted with rules already governing the default gateway, and you’d be wondering why the Fortigate won’t accept your default route outwards. 

That sucked, for about a half an hour.

5. You’re in the Home Stretch now

So, you bought a firewall, and you’re all set to connect to the internet.  But this isn’t just some plain old Fritz!Box, this is a Next-Generation Firewall that can protect you in all manner of ways that you should expect out of a 21st Century product. 

But as with the “tell it to send my traffic to the internet” case, we have to actively tell the firewall to use those abilities

@Fortigate – really?  You ship all these cool features and you ship with them disabled?  The FW can’t ask “what am I licensed to turn on” and then turn that stuff on in a policy for the user?  At least provide some basic enabled stuff, folks. 

Let’s turn on the goods you paid for. 

This is the stuff you pay annually for, the really solid protection measures.  You might have bought your device without any subscription, in which case you can skip this step, but I suspect you wouldn’t shell out that kind of bank just for an intrusion-protection brick. 

In the left-hand menu, head for “Policy & Objects > IPv4 Policy”.  There will be one or more rules already present in that bucket.  What you want is the one that is titled “internal > [your WAN name here]”.  Open that one up and edit it. 

You’ll get a screen something like this:

This is fully configured for me, see below for what would be some good ideas to perform on your own.

First, give it a name.  I use “Default Permitted” because this policy will by default permit someone to issue requests out to the Internet, and will only interfere if the target has some issue.  Hence, by default it permits the traffic. 

Incoming interface refers to where the firewall is seeing the traffic originate.  In this case, it will come from my internal network.  Outgoing is where the traffic wants to go – in this instance, out the WAN into the wild, wild internet.

Source/Destination should be “all” in this case.  I’m defaulting to allow almost anything, after all.

Schedule – how or when is this rule going to run?  You can create rules that apply only during office hours, or ones that turn off when the kids are at school, etc. 

Service – this refers to what protocols are covered (HTTP, mail, pings, yadda yadda).  Kind of a poor choice of name for a pack of protocols.

Action – in my case here, “accept”.  If I wanted to shut everything down by default then I’d use deny.  If, for example, I was operating a high-security bank or defense contractor, I’d probably start with “deny” and add exceptions for accept.  But, this is my home network, and I want my Netflix, so Accept it is. 

The Firewall/Network options should be left alone.  If you’re comfortable enough to dork around with those, you don’t need to be listening to me ramble on.

Now, here’s what you paid for: “Security Profiles”.  By default, these things are turned off.  Turn them all on.  Your device will eventually complain to you if you don’t have a license to run a particular profile, and you can turn it off then.  This section should have been called services, because really that’s what they are – paid services that add value beyond just the hardware and the Fortinet SOC chip. 

Take note of the “Web Filter” – you’re probably going to want to go in and adjust a few things there, as this is what governs the content filter for your network.  For example, I occasionally play on pokerstars, but gambling sites are by default blocked.  So I wanted to loosen that rule a bit.  I also wanted to block certain types of site from my net which my kid doesn’t need to see, so reviewing those settings was pretty important. 

Once you’ve enabled what needs to be on, make sure “Enable this policy” is green and “OK” this to apply it.  The line entry should now look a little bit like this:

Safe as houses.  Well, hopefully more, since most accidents happen around the home…

6.  You’re All Done!  Seriously, this time.  Time to wrap up.

So, from the perspective of a home or small business, you should now be good to go.  If you are going to implement a security fabric, that’s really beyond the scope of this little how-to (and if you’re familiar with that angle of Fortinet’s stuff, you probably didn’t need this guide anyway). 

Anyway, I hope this helped to walk quickly through the setup of your new Fortigate, without all the hair loss and whiskey drinking that my own setup ended up putting me through.  If it did help you, let me know in the comments.  Makes me feel good to know that I helped at least one person avoid the trouble. 

Happy (safe) computing 😊. 

This all seems like a lot of trouble…

Yeah, admittedly it is a bit of a pain in the ass.  But I have to say, as an IT person reading the news, the cost of a NGFW is pretty worthwhile.  In the case of Fortinet, you pay about six to eight hundred euros for the device itself and a one-year subscription to the security services.  It’ll be a two or three hundred per year after that.  Other vendors of similar quality cost about the same.  That’s not cheap. 

But then, losing my entire ripped video or music collection would represent a few hundred hours of work that would have to be re-done.  Worse still, losing the first eight years of digital photos of my kid would really chap my ass too.  And I haven’t even touched on the potential for identity theft or potential monetary loss if my digital bank statements got stolen.  Or if my network somehow became compromised and my work laptop got exposed.  I think it’s safe to say that anyone who runs their business on computers needs the kind of protection a NGFW offers.

None of these problems is a certainty, and none of them is even a probability.  I know my stuff, and I’m not likely to have a fault in my own behavior.  Likely being the key word.  I can still make mistakes.  Hell, even Jason Momoa has a squad of bodyguards.  Jason freaking Momoa. 

I’ve got a family now.  My kid has figured out how to download stuff to her tablet (thanks, Google, for the Family Link – I know exactly what she’s getting into now).  My mother doesn’t necessarily have the same paranoid instincts I do about mail attachments.  My wife is pretty darn sharp, but she can make an error just as I can.  Who knows what some cretin in a professional hack-farm is designing right now to screw everyone over with? 

I know I won’t necessarily be prepared to deal with it.  So, I outsource it to the best minds in the business.  They will see the news about that guy before I ever do, and will be working on a fix before I’m done with my coffee that morning.  They’ll jet it into my device while I’m still getting dressed.  

I like that. 

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Justice Must Be Served Upon Them

Unfortunately, ‘taking the high road’ is what led us to where we are now. Taking the high road fails to oppose people who don’t give a shit what road you’re on. I’ve been extremely vocal about this stuff for probably the last fifteen years – mainly because I can see where it is headed.

In fact, it’s why I left the USA to live overseas in 2008. It comes down to this: it only takes one side to wage a war. When that side has determined that war is its preferred / only option, they will proceed. Pretending that isn’t happening by the other side(s) only enables it.

The Republican party has been sleepwalking into war against our citizenry for the last thirty years.

They’ve had outlets for their (often religiously-inspired) violence overseas during much of that time. However, their latest batch of leadership took the racist trappings of the Teabaggers and dressed it up with the criminality of the Trump family, while adding in Trump’s own sympathies for the American Nazis and the KKK.

And those fucking people *NEVER* just “walk away” from power.

They (individually) almost had their hands on the brass ring. Their own guy did have it there, and despite the leashes on it, he nearly brought our country down. They can *see* it is in their reach. These filth are compelled to grasp for power, in their urge to abuse others with it.

For those who committed crimes while Trump was in office, Trump included, pursuit of that power is quite literally a life-or-death struggle.

So FOX, OAN and Newsmax, these are just the “pravda” wing, the modern apparatus that Joseph Goebbels would have jumped for joy to have at his beck and call. And they know they can pave their way to fortune with the racism, with the hate. So they’ll keep blathering it on, because that’s how they keep pulling in support for their attempts to create their own version of “America”.

And the only way to fight them without actually barricading the doors and burning down their office (which I think I would prefer), is to call them out for shame, for ridicule, for prosecution.

It won’t end there. They’ll never stop coming back, until we kill enough of them and their children to convince them that this is a bad path they are on. By opposing them though, one encourages others of good nature to oppose them as well, and it fights the fear that these would-be dictators want to use against the rest of us.

So yes, speak out against them. Even if you’d never pull a trigger against their forces. It might not feel like you’re doing much, but you’re signaling that what they are saying is not okay – you recognize it. And you endorse speaking out against it by your own action.

But be ready – it won’t end with just talking. They *will* convince themselves that war is the way, and when they stop sleepwalking it, we had better be ready to put them down like the rabid dogs they are.

I mentioned prosecution earlier. Justice must be served upon them, as I said in the title of this post. Prosecution, you ask? Yes, prosecution. There is a crime here, being committed in front of cameras and in broad daylight. Almost daily it is being committed. What might it be, you wonder?

Accessory After The Fact. Also, Misprision of Felony.

The perpetrator determined to be an Accessory After The Fact is someone who assists someone who has committed a crime, after that person committed said crime, with knowledge that the crime was committed, and with intent to help that person avoid arrest and/or punishment. It is a form of obstruction of justice, and can be prosecuted as such. So when Elise Stefanik steps in front of a camera and tries to levy blame onto a primary victim of the Jan 6th Insurrection – trying to deflect blame onto Nancy Pelosi, who was a target for assassination by the insurrectionists – she is committing felony obstruction of justice and is an Accessory After The Fact.

When Representative Andrew Clyde downplays the insurrection and claims the Republican terrorists were no more than “tourists”, he is an Accessory After The Fact.

When Trump himself attempts to gaslight the media with his blather of “so much love” and fabricates that the police “greeted them with open arms”, he is an Accessory After The Fact.

Misprision of Felony is itself a felony crime, prosecutable against anyone who, having knowledge of the commission of a felony, conceals said crime and does not as soon as possible bring that crime to the attention of a a judge or other civil / military authority under US code.

So when we do find that Jim Jordan, or Lauren Boebert, or their staffers have knowledge of collaboration with insurrectionists and failed to report those crimes, they are guilty of misprision.

And these crimes must be punished to the fullest extent of the law. To fail to prosecute invites a repetition of those crimes. These people, and their ideology, must be ended.

On top of that, we have discovered now that to allow fascist ideology to go unpunished invites insurrection. The American Nazi party, and all of its offshoots, as well as the KKK and its offshoots, are long past due to be declared as terrorist organizations, their membership hounded down and exited from society with extreme prejudice. People need to be made aware that their choices to follow vicious and anti-American agendas come with severe consequence.

We have coddled these freaks for far too long.

Posted in Uncategorized | Leave a comment

The Storm Continues

About a year ago, I wrote “The Perfect (Digital) Storm“.

In it, I stressed “Authoritarian Behavior” as a key element to a dystopian hellish future.

Some few months earlier, I wrote “The Worst Enemy We Have Ever Faced As a Nation“.

In that, I pointed out that the Republican party had become a nation-eating cancer.

To quote Ian Malcolm (Jeff Goldblum’s character in “Jurassic Park”): “Boy, do I hate being right all the time.”

Since writing those pieces, we’ve found out that Trump not only incompetently handled the Covid-19 crisis, he intentionally mishandled it, leading to the 2nd-Degree Murder of over 500,000 Americans alone. We’ve seen him – and the entire Republican party behind him – use police to attack crowds of peaceful protesters. We’ve seen the Republicans attempt an overthrow of a fair and lawful election on Jan 6, 2021, which was also an attempted assassination of the 1st and 2nd in line of succession. We’ve been watching a slow-motion coup as Republican state legislatures enact laws that dismiss the results of elections they don’t favor.

It’s time for people to step up and act.

I fully support not only an investigation of the Jan 6 insurrection, but expulsion of all Republican members of Congress or the Senate who voted against such an investigation. And so should any and all persons regardless of political party, if they hold even the slightest loyalty to the USA.

Because attempted insurrection must be punished.

ON TOP of that investigation, I think it behooves everyone to recognize something *extremely* important here: the Republican party has begun its metastasis into a violent terrorist group.

As an organization it must be treated as a domestic terror organization, and its donors and supporters put on notice that any further support will be considered support of terrorism.

I warn anyone within sight or earshot – if you fail to treat them as what they show you they are, you encourage their action. They have already led an attempted multiple assassination and coup attempt.

They do not understand “reason” or “compromise”. They only understand violence.

Hence it must be visited upon them with such severity that no individual member will be willing to broadcast or act upon his/her support of their “cause”. Their leadership must be tried and have justice visited upon them in the harshest form, and we should not be afraid to sit more than a few of them in the chair upon conviction.

The *only* reason we are seeing this happen today is because we were too timid and allowed prior Republican administrations off the hook for their crimes. So emboldened, Republicans no longer take “justice” seriously. Why should they?

And if we do not harsh down on them now and demonstrate that their brand of crazy carries unbearable consequences, they will do this again. And eventually they will succeed.

And when they do, the US will be run by a pack of violent half-wits who will believe any crazy conspiracy theory they are fed – which will include and result in the execution of gays, Jews, liberals, or anyone else who opposes them.

Posted in Uncategorized | Leave a comment

Wrestling with Jira

I recently upgraded the home network here, and pulled a load of stuff back in from my AWS cloud. Not because I thought AWS was bad or anything, I just needed to satisfy some geekdom here in the house, and this seemed like a good way.

So…long story short, in the last eight weeks or so I’ve become comfortable with SuperMicro mainboards, lots of RAM, replacing Xeon CPU coolers, setting up iSCSI on Synology NASes, Installing and maintaining Hyper-V (I was going to go vmWare, but the cost for me as a personal user was prohibitive…and I refuse to run command-line trash unless I absolutely have to).

And Installing Jira.

First problem I encountered, Jira forgets to let you know that you don’t have the correct JVM version running on your machine, and it doesn’t bother to carry it along with itself, nor does it direct you to pull a copy down, so swing on by the Java page and get the latest-greatest onto your server in advance.

Now, Jira’s base demo install with its own bundled database is pretty simple. Pull it down, let it run, record the account names you give it, voi-la, done.

But if you try to get it to load on MS SQL Server, you better have a steady supply of blood pressure medicine, or you’d better read on.

Pertinent details: this is running on a Microsoft Windows Server 2019 Standard edition virtual machine, hosted within a WS2019 DataCenter edition host computer. The guest VM has an external switch, so it can reach out to the internet (for now, might change to internal only in a while) when it needs to.

My SQL server uses a named instance, which is both good sense and as it happens “best practice” in Microsoft circles. This seems to have escaped the notice of the folks at Atlassian, though, because Jira doesn’t know a goddamned thing about named instances. Maybe that’s because the folks who write it are using Java, and that’s always been a solution looking for a problem. Anyhow, my personal gripes with Java aside, for some reason Jira appears to be ignorant of how MS SQL uses named instances.

When it installs, Jira creates a configuration file called “dbconfig.xml” within its installation directory (to be specific, in the [Atlassian directory]\Application Data\Jira directory). Pretty simple little file, contains only the details necessary to connect the JDBC driver to the host database for your Jira install. When Jira’s service app wakes up, it reads from this file in order to get its parameters set correctly.

In order to get that file built properly, Jira will ask you for details regarding your setup during its installation. It’s the second thing you’ll see when you start up. Looks just like this:

As you can see here, you pick your DB type from the drop-down, give it the host name as either a resolvable name or an IP (in my case I used a name), a port (1433 is standard for SQL Server, more on this later), the name of the database you created for Jira to use, the login name, the login password, and a schema name for it to use.

Most developers would test this once the wrote a step of this importance. You’d think a company with the kind of cash Atlassian has could afford a proper QA team to put this through its paces, wouldn’t you? Yeah, I was surprised as well. The install screen’s code completely borks up the dbconfig file.

Once you realize that the regular install will simply not proceed (because “test connection” and “next” both bomb, timing out because it can’t even connect to your server), you’ll end up discovering that there’s this little Java applet called “config” which you can invoke from within the Jira directory. You have to get to it through a command line, but it has a handy little GUI into which you enter data similar to the above. But then config borks up the file in a similar fashion.

What you end up with is something like this (value you entered appear as “YOUR_SOANDSO_HERE” in Red):

<?xml version="1.0" encoding="UTF-8"?>

<jira-database-config>
  <name>defaultDS</name>
  <delegator-name>default</delegator-name>
  <database-type>mssql</database-type>
  <schema-name>YOUR_SCHEMA_NAME_HERE</schema-name>
  <jdbc-datasource>
    <url>jdbc:sqlserver://;serverName=YOUR_SERVERNAME_HERE;portNumber=1433;databaseName=YOUR_DB_NAME_HERE</url>
    <driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
    <username>YOUR_USERNAME_HERE</username>
    <password>YOUR_PASSWORD_HERE</password>
    <pool-min-size>20</pool-min-size>
    <pool-max-size>20</pool-max-size>
    <pool-max-wait>30000</pool-max-wait>
    <validation-query>select 1</validation-query>
    <min-evictable-idle-time-millis>60000</min-evictable-idle-time-millis>
    <time-between-eviction-runs-millis>300000</time-between-eviction-runs-millis>
    <pool-max-idle>20</pool-max-idle>
    <pool-remove-abandoned>true</pool-remove-abandoned>
    <pool-remove-abandoned-timeout>300</pool-remove-abandoned-timeout>
    <pool-test-on-borrow>false</pool-test-on-borrow>
    <pool-test-while-idle>true</pool-test-while-idle>
  </jdbc-datasource>
</jira-database-config>
   

Schema name is fine. That’s no problem. Same with your user name and password. The problem is in the assembly of the “URL” line there. In the case of a server running MS SQL with a named instance, Jira is going to need more, and correct, information. That URL line will have to end up looking something more like this:

<url>jdbc:sqlserver://YOURSERVERNAME\INSTANCE;instance=INSTANCE;databaseName=YOURDBNAME</url>

Notice the following:

1.  The semicolon preceding “serverName” is removed.

2.  The serverName should include the instance name, just as you would when logging into SSMS or literally any other software program on this freaking planet.

3.  You must add an additional parameter, “instance=[insert your instance name here]”, following the server name and preceding the databaseName.

4.  The parameter “portNumber=1433” is removed (including a port # reference on an instanced connection string will confuse MS SQL, and will override the instance with the port number – so if your instance uses a different port #, that’s yet another problem).

There are a few threads running around on the net which allude to various aspects of this solution, but I was never able to find all of the points needed to correct the situation in one post.  Hence, I am attempting to include them all here.  I posted to this effect on the Atlassian community as well (where one of their “community leaders” had some particularly bad advice).

The final file should read something like this (substituting your own values where I have “YOUR_SOANDSO_HERE”, of course), as this is taken directly from the final working dbconfig.xml which got me up and running:

<jira-database-config>
<name>defaultDS</name>
<delegator-name>default</delegator-name>
<database-type>mssql</database-type>
<schema-name>YOUR_SCHEMA_NAME_HERE</schema-name>
<jdbc-datasource>
  <url>jdbc:sqlserver://YOUR_SERVERNAME_HERE\YOUR_INSTANCE_NAME_HERE;instance=YOUR_INSTANCE_NAME_HERE;databaseName=YOUR_DB_NAME_HERE</url>
  <driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
  <username>YOUR_USER_NAME_HERE</username>
  <password>YOUR_PASSWORD_HERE</password>
  <pool-min-size>20</pool-min-size>
  <pool-max-size>20</pool-max-size>
  <pool-max-wait>30000</pool-max-wait>
  <pool-max-idle>20</pool-max-idle>
  <pool-remove-abandoned>true</pool-remove-abandoned>
  <pool-remove-abandoned-timeout>300</pool-remove-abandoned-timeout>
 
  <validation-query>select 1</validation-query>
  <min-evictable-idle-time-millis>60000</min-evictable-idle-time-millis>
  <time-between-eviction-runs-millis>300000</time-between-eviction-runs-millis>

  <pool-test-while-idle>true</pool-test-while-idle>
  <pool-test-on-borrow>false</pool-test-on-borrow>
</jdbc-datasource>
</jira-database-config>

Notice you have to have the instance name in both the servername, and in the new “instance” parameter. And you delete the port parameter if it is present. And before you ask, yes, I do rankle at the thought of storing my password in an unencrypted text file on disk. However, if someone has access to that disk, there are a host of far larger problems that will have already taken place. All of which are bigger than someone having my Jira SQL password.

And that should get you past the problem with dbconfig.xml. I hope this helps someone else who will of course run into this problem, at least until 2024, which is when Atlassian will be discontinuing sales of its software products and moving everyone onto the Atlassian cloud. (I have to wonder if they made that decision because they had so many damned problems with their installations.)

Anyhow, I anticipate more than a few customers will be in process of migrating away from Atlassian products when that happens. I know of several major firms who won’t stand to have their information stored on a non-approved cloud platform, and Atlassian’s will have some serious hoops to jump through to win approval. As well, there are lots of little firms who simply don’t want to get tied into a monthly bill if they can run something on-prem.

Now I don’t want to give the impression here that I hate Jira. Quite the contrary. I’ve been using it for over a decade (almost two), and the only reason I fought with this goddamned thing for so long was because I want it to work, I want to use the damned thing. And I wrote this up in the hope that others will be able to work with it, too. Am I ashamed of whichever coder made this grotesque error? And the QA staff that let it escape into the wild? You bet I am. And I hope the shame of this makes them fix it.

But if they don’t, well, that’ll be a sad day when I finally decide enough is enough and end up moving to GitLab or something.

Posted in Uncategorized | Tagged , , , , , , | Leave a comment

Top 10 Horror Movies

Well, at least my top 10 :). I got asked to do one of those challenges on FB, and wrote up my top ten with a few notes on them, and I figure it’d be better to put them all together into one post here in the spirit of Halloween!

To start, a few honorable mentions:

The Shining – great film, very creepy, but unfortunately it has lost some of its grab on me over time. I do really appreciate seeing nods to this film appear in the most innocuous places though (like the carpet in Toy Story).

From Hell – wow, production values out the roof on this. A fantastic cast, a very bad-ass villain, and a neat jab at British royalty while they’re at it.

Lost Boys – great film from my teenage years. Still holds up as fun and cool, but not insanely horrifying.

They Live – an enduring message and a really fun concept piece. Plus, the longest fight scene known to man which was translated into the crowning glory of a South Park episode.

Dog Soldiers – this film is a real sleeper, and you can almost smell the inception of “Aliens” in it. Man, oh man, what a crappy situation to get stuck in!

What Lies Beneath – very cool piece, Harrison Ford gets to stretch his skills, and a fun watch all around.

Dark Water – Jennifer Connolly plays the lead in this ever-so-creepy ghost story. But, it doesn’t quite hold up against the top 10.

And starting at #10:

Near Dark

Speaking of “Aliens”, most of the memorable members of the cast of that film appear in this one, and it’s an absolute blast. Though the main character is a little dim (whether as a result of an insufficient script or some wooden acting), it isn’t him you’re here to see. You want to see this traveling band and all their hijinks. I remain convinced that this film was originally a fever dream conjured up, that became one of two scenes around which the entire film revolves (you’ll know them when you see them).

Coming in at #9, a classic that might have lost a little in the SFX department since its release, but which still carries a lot of weight.

Jaws

A classic film, characterized by a score that probably won John Williams the chance to really just blast his career sky-high, and a notable great tactic that not enough horror films use: saving the reveal for last. Sure, you know it’s a shark. Sure, you know that person just got eaten. But you don’t *see* it directly till late in the game, which leaves it all up to your internal emotions to deal with.

And those emotions didn’t like that, no sirree. Not one bit.

#8:

Predator

“Get to the choppah!!!”

One of Schwarzenegger’s best action films also happens to be a horror movie! After an initial setup establishing the characters as a bad-ass recon force, unleashing a metric ass-ton of ammunition, suddenly finding the tables turned. The titular creature picks off these high-skill commandos one by one as they realize that they themselves are being hunted, and being turned into gruesome trophies.

The horror value comes home in the realization that all our fancy hardware doesn’t mean anything in the face of this superior technology, it’s still going to kill you. It spawned one good sequel (Predator 2), and a host of others ranging from “meh” to “bleh”. It also was notable for its cross-over comic books which featured the “Aliens” from James Cameron’s universe. (The films of which were total turd-burgers, I’m afraid.)

This film also spawned a host of great quotes, which persist even today.

And #7 is…

Invasion of the Body Snatchers (1978)

Realistic people caught up in a terrible, wicked alien invasion. What’s more, add in no sleep, mutations, and a truly *awful* ending for people you end up caring about. Soul-draining, in more than one way. This was from an era when Americans were actually brave, and we didn’t expect horror movies to auto-magically end well.

And this one, in that regard, does not end well.

Coming in at #6 is…

The Exorcist

Whoa. It isn’t just about the vomiting. It’s Max-von-Freaking-Sydow versus a legion of Hell. It’s rampant cross-abuse. It’s all that and so much more. Pazuzu for the win.

Did I mention crab-walking?

Oh, and due to the extreme number of tragedies and deaths related to the production of the film, the producers actually called a genuine priest to literally perform a genuine exorcism on the set?

Or that two of the actual actors (“Burke Dennings” and Father Karras’ mother) died before the film was released?

Or that seven other people related to the production (in addition to the two above) also died during production?

We dip back into the vampire genre and come up with our #5…

Salem’s Lot

Before you go all crazy on me, I’m not talking about the 1979 mini-series (though that had a lot going for it at the time, not the least of which was James Mason playing as Straker, and Bonnie Bedelia being all “sexy next-door neighbor” on us). Oh, no. This was something different.

This was 2004. Rob Lowe plays Ben Mears, Donald Sutherland as Straker, Rutger Houer is Barlow, Andre Braugher as Matt Burke, and a bunch of others you’d recognize. This was a fun, extensive, and chilling version of the original novel (which you should read anyway).

A lot of Literature professors seem to find allegory in this story to an outbreak of disease, and while they aren’t necessarily wrong, I think Stephen King would say “Jesus, guys, shut the fuck up. It’s a vampire story, this is what would happen if you had a vampire invasion in a small town.” And it is.

This isn’t some shitty “oooohh, the ancient vampire is in love with me” bullshit. These are monsters. They eat us. And a death at the hands of a vampire condemns the dead to follow in the footsteps of the beast that slew you. A particularly good moment is seen in a hospital with a victim on her first evening of “unlife”.

It’s a great story and a really fun ride. When your friends and family are…corrupted…and…overridden…by an alien bloodlust, the horror creeps in. And when you’re forced to deal with that face-to-face, that’s when it really kicks you in the teeth. Childhood nightmares, come to life.

Combine that with good old-fashioned normal people living out their lives, as they get snuffed out one by one, and you’ve got a match made in hell.

Good times.

All righty!

We’re getting into the real meat of the horror genre now, coming in at #4 is….

Alien

This came out when I was 12 years old, and it scared the living shit out of me.

Ridley Scott is a master of imagery. Not necessarily science, but imagery he is as much a god as when you talk about guitars and the names Eric Clapton or Mark Knopfler come up. And Scott’s goal of attacking people with H.R. Geiger’s techno-sexual-horror images was aimed just right…not just at me, but at the entire world. Let’s put aside the physics problems. This was a masterpiece of a film. It created an entire world, not just one little haunted house.

The universe is infinite, filled with infinite possibilities. And some of them might be the most horrific things one can imagine. This was one of those things.

Sliding back into vampire territory. Behold the absolute best vampire film I’ve ever seen, at #3:

Let the Right One In

(an Americanized version of this was released under the title “Let Me In”, which is almost as good as the Swedish original)

An adolescent, misfit boy meets a new friend – a girl of seemingly his age, who just moved in across the apartment complex with her (grand)father…? Things rapidly get strange, and the girl turns out to be a vampire, who shows a significant interest in protecting him from the school bullies. Loads of cool scenery, lots of cool vampy things going on.

And it isn’t until the very final moment of the film that you discover the really, truly, horrific thing that has taken place here.

Taking a detour from the priors, we now focus on the first horror film to also introduce humor as a way of ramping up the emotional investment, while still revealing the terrible nature of the subject matter. Coming in at #2 is…

An American Werewolf In London

Winning well-deserved awards for its practical special effects (including the Academy award for “Best Makeup”), this film follows the journey of two ill-fated American backpackers trekking across some seriously troubled moors. Written by John Landis (“National Lampoon’s Animal House”, “The Blues Brothers”), this film sports a compelling story of the Werewolf curse set against metropolitan London with a soundtrack of absolutely perfect tunes. It remains one of my favorite go-tos around Halloween simply because it never gets old for me. The humor, the sadness, the astonishing transformation scenes, a truly unique werewolf, and an absolute carnage in Picadilly Square? What’s not to love in this film?

“I’m sorry I called you a meat-loaf, Jack!”

And finally, we reach #1. A little precursor: most monster movies, even Alien, boil down to one big problem. They’re just a guy in a monster suit. Sure, CGI loosened up that rule a little. But it’s still always just a guy in a suit. Two legs, two arms, a head, maybe a tail. Guy in a suit.

Tonight’s winner turns that on its head. This #1 is a monster wearing a man suit. I know, I know, you’re muttering “You gotta be f***ing kidding me,” but no, I’m serious. This was the coolest, cleverest, most wicked monster there’s ever been. We couldn’t even give it a proper name. That’s because #1 is…

The Thing

Lock yourself up for months in an isolated station with maybe a dozen other people. And at least one of them is actually a vicious, disgusting monster just waiting for its chance to not only kill you, but *become* you. It can get you with the tiniest exposure, or it can catch you alone and violently consume you.

This film was based on a book written in 1938, which I read when I was probably ten years old. Great story. Magnificent casting, paranoia, body horror, awesome practical effects and a terrifying enemy combine to make the most awesome horror film I have personally ever seen.

So…there they are, my top ten favorite horror films. Maybe some of you have coincidant lists, maybe I missed a good one along the way. I’d be glad to hear about it if you think I did miss one, let me know what you think.

Posted in Uncategorized | Tagged , , , | Leave a comment

The Perfect (Digital) Storm

We’re in trouble.

All of us.

Deep trouble. 

Black, white, men, women, all political parties, all factions, we’re all in this.

What kind of trouble?

Life-threatening computer trouble. 

Hold on there, you say.  My PC isn’t waving a knife around.  What’s got me so crazy? 

It’s a confluence of things, really. 

Back in 1991, hurricane Grace had pretty much petered out and was getting ready to expire in the North Atlantic, when it happened to bump into – and merge with – a storm system blowing off the Canadian Maritimes.  When the two systems combined, they produced what would eventually become “The Perfect Storm”.  This storm system was so violent that it induced waves that were over seventy feet (and in fact could not be measured, as the sensor devices in place couldn’t go high enough to report accurately), obliterated the unsuspecting fishing boat Andrea Gail, and inspired both a non-fiction book and a fictionalized film. 

So when I title my article The Perfect (Digital) Storm, you can get some idea that I am not kidding around here.  This stuff is serious. 

Here we go.  Buckle up.

There are a half-dozen major technologies and non-technical trends in place and in use today, which are all dangerously close to being combined.  When they are, there won’t be a single person on the planet safe.  Here are a few biggies:

Behavioral Prediction Software

Have you ever been thinking about buying something, like perhaps a lawn mower or a new kitchen appliance?  Where you hadn’t told anyone you were even thinking about it, but you had decided “Okay, I need this,” and you were probably going to start shopping for one soon?

And then, that same day, Facebook or eBay or your news site starts spamming advertisements in their banner or skyscraper zones that have exactly that thing advertised for you?

That’s the result of behavioral prediction software.

All those privacy settings in your browser or computer, see, those are directly related to how marketing firms identify who is in the buying mood for what.  They also predict your “journey,” the path you will take from one page to another, one site to another.

You experience behavioral prediction every time you visit an eCommerce site of a major retailer.  Ever been browsing and suddenly you have a popup saying “save 10% when you buy today”?  That’s because that site’s prediction software has observed your path, and realized you’re only a step or two away from abandoning the site without buying something. 

This kind of software is also evident when you try to purchase an air fare online:  have you noticed that it almost never costs the same amount when you view the same flight from different sites, different physical locations, different times of day or week?  There is a “Big Data” AI reviewing those factors and deciding what is the optimal price to put on those fares to garner the most overall money for the seats on that flight.

A British firm, “Cambridge Analytica”, used behavioral prediction software to manipulate the election results of the US 2016 Presidential election, as well as that of British Parliament and the Brexit referendum.  By pushing out “quizzes” across Facebook and other social media platforms, they built profiles of individuals to then identify what kind of messaging to put in front of those individuals to induce certain behavior – such as staying at home rather than voting, getting out to vote, and so on.  Have you seen one of those “I scored a jillion points on this free IQ test” things shared on a friend’s timeline?  That’s one of those tools.  “Can this picture of a deaf and blind puppy get a million likes?” is another way they get to you – using emotional blackmail to get hold of your personal info and that of those connected to you.

Behavior prediction is also being used by the Chinese government in major cities (such as Beijing, Hong Kong, etc.) to identify citizens and other persons who are what they consider “anti-social” and dangerous to the State (which, in this case, means dangerous to its dictator, Xi Jinping).  A person’s ‘social score’ is built based on his/her actions and the values of those actions in their management system – and behaviors are being stacked into a prediction model to determine who might become “problematic.”

Personal Recognition Software

You’ve seen it in movies (facial recognition in 2008’s “The Dark Knight”, for example).  You may have even used it (biometric identification of your iris or finger).  This is a way of using your body in the same way police can use your fingerprint – there are certain unique combinations of features (your cheek height relative to the position of your right eye, for example, or the width of your chin or nose) which add up to a unique profile.  Even twins don’t have the same value. 

As I mentioned – it works in the same fashion as a fingerprint.  When forensics experts review a fingerprint, they are looking for a unique combination of whorls, lines, connections, etc. to build a “profile.”  In digital terms, this equates to building up a unque value (combination of numbes and letters) which are tied to your identity.  Your fingerprint gets translated into a bunch of 1’s and 0’s, the combination of which can only be created by reading your finger and using the same procedure.

This can be a wide variety of personal features.  The top of your head, how you walk, the motion of your arms, many different things can be used to build a profile of an individual.

The EU has recognized the gathering of this sort of information as a potential infringement of privacy rights, and led by Germany, instituted the “GDPR” regulation for securing of personally-identifiable information.  Seems they learned a bit about what happens when a government spends too much time paying attention to the identity and behavior of its citizens.

Basically, a camera paired with the correct software can identify you walking down the street in the same fashion as you can identify persons you know from a long way away.  But they do it really rather more quickly than you can.  It builds a profile watching you, or a part of you, and compare that profile’s “score” against its database of known profiles, producing a value-match that expresses varying degrees of certainty.  Most often we hear that as a percentage – “85% match” “99% match” and so on.

Artificial Intelligence

AI is a very much-abused term these days.  Most laypersons hear the term and think “Terminator” or “robot”.  But let’s first separate it from what it isn’t, by introducing a contrasting term – “general intelligence.”  General intelligence, in this context, is self-aware and self-motivating intelligence – a true ‘mind.’  You are a form of general intelligence, as is your dog or cat, birds, even to a much lesser degree flatworms.  AI, as we know it, so far is very specifically tuned intelligence that is itself not self-aware (it doesn’t recognize itself as an individual separate from other things), nor is it self-motivating (it does not decide one day “I am going to spend time making a sandwich” without someone else feeding it this idea). 

AI is a combination of technologies that enables digital machinery to make a decision regarding its own purpose on its own.  For example, a paperclip-manufacturing software might observe seasonal demand and anticipate that it needs to order additional raw materials in July, in advance of a busy August.  It does not identify itself as an actor, and neither does it truly “understand” its job.  It merely serves as an active model of what takes place in the manufacture of paperclips.

Often people will confuse “AI” with machine learning, or decision-support software.  Machine learning and decision support are often included in an AI, but they themselves are not AI.  AI can use the output of both systems in its own decision-making process, though.

AI has been put into use in the military, as well.  Target identification, path-finding, and a number of other tasks have been subject to military use. 

Often, certain decisions are pushed into an AI’s domain – such as, for example, when to stop a car in heavy traffic (self-driving vehicles).  In some cases medical diagnostic software is deciding on diagnoses and recommendations for treatment – these are not yet in production, but are being tested alongside live doctors for potential deployment.  Autopilot software has been deciding how to fly planes for years.  The stock market is largely driven now not by the perceived value of a company’s future, but by the estimation of software programs attempting to determine whether a company’s stock value will rise or fall in a given period of time.  The 2008 financial crisis suffered a much amplified blow to market values because of such software – the fall precipitated software judgment that values would continue to fall, which induced selling behavior, which accelerated falling values, inducing further selling, and so on.

These decision-making systems are slowly becoming a form of general intelligence.  How do we, how will we know when these things genuinely are one, though? 

Answer is, we really don’t.  We don’t know the answer to this any more than we know a consistent definition of information versus data.

When you consider your own mind, taking a step back and considering how thoughts pass through it, you may find a surprising amount of randomness in there.  Among all the various sensory inputs that are being registered and ignored or acted upon, your mind itself tends to bubble up random bits of memory, interconnected bits, even invented concepts.  Your brain has been trained over many years to filter out elements which are irrelevant to the current and strongest path, which is generally the conversation you are having, the film you are watching, or the article you are writing. 

An artificial general intelligence will probably self-congeal from among a similar case, where thousands of various inputs as well as internal processes fight for the attention of the central core thought processes.  This is probably a topic for a dozen other papers or articles, and as cool as it is, it is beyond the scope of this piece. 

But AI has a direct impact on the topic at hand:  specifically, lazy decision makers relying on something they view as a “magic carpet ride” to shift the responsibility of decision making onto an automatic system.    

A benefit to such a system is that should something go wrong, they can blame the system, or the engineers who built it.  As well, decision makers who desire above all speed in decision making, these people will desire a system on which they can push important decisions that are time-sensitive.  The system can decide faster than the observe-pass on info-human decides-return decision-act cycle can produce an answer.  This is a legitimate concern in military decision making, if a valuable target shows itself for only a few moments.  But let’s not be so antiseptic about it – we’re talking about people.  Enemies, yes, but still people.

And that means command staff among the military, wanting to push a kill decision into a drone, to reduce reaction time to identifying a potential target.

Self-Navigation

Aircraft, automobiles, buses, trains, trucks, drones, a wide variety of self-moving machines are being enabled via GPS and navigation software to be able to navigate and maneuver to desired locations without human assistance.  Self-driving cars are anticipated to be available commonly in the next few years.  Aircraft are capable of a complete flight from takeoff to landing now without a human hand on the controls.  Remote drones can perform a variety of missions autonomously, and can loiter over a target area for extended periods.  They are literally ticking time bombs. 

Authoritarian Behavior

If the last four years have shown us anything, it is that about three out of ten people have a strong desire to control the other seven, possibly kill two or three among those seven, and that they will go out of their way to exert that power over them.  They also happen to be simplistic people, who are prone to violent tendencies.  These people form a “power core” behind dictators worldwide. 

And as was demonstrated last century, when they seize control of the mechanisms of power in a nation, mortal disaster follows for hundreds of thousands, if not millions of people.  People die. 

In the USA, the Republican party has demonstrated its disregard for the traditions of its country and that it has a motivation solely for raw power – and that it is willing to repeat the crimes of last century by opening concentration camps on the Southern border of the country to isolate “undesirables.”  Genocide has already been committed according to the letter of the law, though mass murder has not yet taken place.  Police kill black people indiscriminately.

Facebook’s CEO, Mark Zuckerberg, seems to show little concern and is willing to let his platform be used in support of this.  Twitter as well.  

In Russia, Putin collects power to himself and he refuses to let it slip away.

In Hungary, Poland, and Turkey, traditional democracies are falling and becoming dictatorships.

The Saudis have demonstrated their murderous nature against their own and even against American residents.

These are people who experience little remorse at committing crimes against people not of their political / religious / tribal identity.  They don’t view these as crimes.  Their leadership will attempt to enact laws that enable such acts and remove their criminality.

China is putting millions of Muslims into concentration camps as I write this, with the endorsement of President Trump.

Trump himself has demonstrated himself as incapable of either empathy or compassion. 

Bringing Them All Together

What I am describing here are:

  • Motivation
  • Mobility
  • Identification
  • Prediction of behavior
  • Projection of violence

And when you put them in the same room, you have a situation where one can construct and project military-grade power with very few humans having a hand on the tiller. 

Imagine, for example, the royal house of Saud in Saudi Arabia – their biggest fear is an uprising among the common people leading to an overthrow of their family.  It is in their interest to kill any potential leadership of such an uprising.

Now imagine a behavioral prediction system which takes the histories and behavioral cues of past and current “revolutionaries” to build profiles of individuals who can potentially develop into future revolutionaries. 

And imagine them purchasing drones from the USA or other technically-capable countries which are capable of self-navigation over areas where such individuals live, armed with long-range missile or sniper weapons, and which are enabled with recognition software that can identify such individuals from range.

And those drones are equipped and enabled to kill those people. 

Such systems are already being used today.  The US military uses drones to track, identify, and kill individuals labeled as terrorists or active military agents in combat zones.  The US has not yet pushed a “kill decision” into an automated drone, instead relying on the system giving human decision makers a % likelihood of identification. 

And these drones are nearly invisible from the ground.  Their active camouflage and ultra-quiet motors make them almost impossible to detect. 

Whether you like the prospect or not, your behavior is available for an ambitious (or, for those of you active on social media platforms, routine) program to assemble.  It is exceedingly likely that your face has already been entered into the database of “Clearview”, a company specializing in facial recognition. 

Whether you like it or not, even the USA is committing actions based on “loyalty” to the current administration – purging those perceived as disloyal, and hiring yes-men into positions of control.  Courts are being stacked with unqualified but ideologically compatible persons.  Police are using facial recognition of protesters to sieve through their past records, looking for outstanding warrants or infractions that can grant them a plausible excuse to arrest protesters.

And legislation is being fronted at every level to enable discrimination and even violence against “undesirables” – mostly it seems ‘Christian’ causes are being put forward as justification to discriminate against LGBTQ persons.  The USA already has a lengthy history of racism against non-whites, as well.

The current administration has demonstrated it is willing to commit crimes against humanity to achieve its goals, and has gone out of its way to praise and offer aid to white supremacists, the Nazi party, and other dictatorial groups. 

The tools are in their hands, and they have demonstrated that they are rapidly shedding the moral restrictions that hold people back from using their power to abuse and kill people to further entrench or enrich themselves.  The Republican-controlled Senate has demonstrated that it is fully in line with the administration, and the “conservative”-controlled Supreme Court has telegraphed its willingness to overlook crimes committed by them.

Time is proverbially – and literally – short.   

And this warning takes into account intentional use of these technologies.  I haven’t even begun to explore accidental use of them. 

One demonstration of an infantry robot armed with a large-capacity magazine on an assault rifle body nearly killed a stadium full of observers, and would have done had it not been tackled by an observant soldier supervising the robot.  Its target identification package suffered a glitch that disabled its ability to distinguish friend, so all were foe.

Drones have often been indiscriminate in their deployment of high-explosive missiles.  They have a long record of high collateral damage. 

Other non-military systems have suffered catastrophic failures for the simplest of reasons.  A multi-billion-dollar Mars probe self-immolated because a single developer made an error in using Imperial measurements rather than metric.  Denver International Airport suffered a multiple month delay in opening at millions of dollars per day lost, because software developers refused to accept that their chosen tools were simply incapable of handling the real-world traffic of the airport. 

Does anyone seriously believe that software designed for military use would be immune to such problems?  And when armed with lethal machinery under software decision making, that an error would be without impact? 

What Can Be Done?

We have to review our place in this grim picture. 

As individuals, what can we do against this?

First, vote.  Stand in line for hours if you have to, but vote.  Even if it feels pointless, vote.  Failing to vote is not a protest, it is a surrender.

Are you an educator?  Do you know one?  Insist on ethics courses for all students, or at least for computer science requirements in your university / college / higher education facility.  Demand your institution be transparent in its support of government-sponsored research programs.  Oppose those programs which you know to be wrong.

Spend time discussing these problems with those around you.  Make the issue known, and advocate avoidance of putting wartime decision making in the hands of machines.

Oppose dictatorial policies and parties.

Do you have spare time?  Run for a local office.  State legislator.  School board.  Anything.  Get involved.  If you are not ambitious for such office, that makes you the ideal candidate – it is our responsibility as ethical persons to remove and replace those in office who are amoral or unethical.

Get in touch with your national representatives and make your voice heard.   Ensure that democratic values are supported. 

Advocate for a human military.  Fighting machines detract from the fear of war that should be present for everyone involved.  Every development of new technology in the past two centuries that was lauded as “too frightening to make war viable any longer” have had the opposite effect:  they’ve made it easier to wage war, and they’ve resulted in a casual attitude towards what should be the gravest of actions a nation can take. 

An army of robots makes waging war easier and cheaper, and that army can be easily turned against its own people, should a party in power decide it does not want to relinquish that power. 

Most importantly:  If you are a US citizen, abandon and oppose the Republican party.  This will be particularly difficult for persons who consider party affiliation to be something deserving of blind loyalty.  This group has demonstrated itself to be a front – it has no values in common with American democracy, and deserves no further voice in the democratic process.  Join the Lincoln Project if you are a Republican.

I do not recommend joining the Democratic party, though I do support many of its members.  No, I simply recommend you oppose the Republican party in whole.  They no longer represent anything even mildly resembling the Ike Eisenhower era figures – they are characterized by three faces:  Donald Trump, Roy Moore, and Mitch McConnell.  All are anti-Democratic, all are unabashed racists, both the first two have lives irrevocably stained by sexual abuse of partners and children.  And the Republican party was just fine with all of that.

The party pushed back on their respective candidacies, right up until it was clear that they were going to be the nominees and would not drop out – at which point the party threw in and got behind them.  In short, the Republican party was more interested in ensuring a win than it was with putting a child molester and rapist into the most powerful seat(s) in the land. 

In short, supporters of the Republican party are the sort of people who would exercise the technological power this century is on the verge of granting us, to eliminate those who would oppose them.  The Senate’s handling of the Trump impeachment under McConnell should resonate as a clarion call that spells out that no abuse of power is unacceptable to them, so long as it is performed in service to their party’s continued power. 

And the slide into dictatorial political machinery won’t stop unless we stop it.  We’ve already seen the Republicans throw us into war – killing thousands of American soldiers and hundreds of thousands, if not millions, of Iraqis – for the sole purpose of winning an election.  The killing of persons, citizens or no, on our own ground is coming if they are not stopped. 

Going forward, these technologies are not going to go away.  We are going to need a renewal of the Geneva Conventions, and a whole new set of laws and oversight on how to utilize information technology when mated with potentially lethal combat machinery and tactics.  We will need politicians with good ethics (and yes, there are some) who can craft appropriate measures to govern their use.  We cannot rely on the Republicans to be so forward-thinking.

Boycott businesses that support Republican candidates or the party, and make it known to them the reasons you do so.  Stop giving to churches that obviously favor them.  Make it expensive for a business or church to throw its support behind such candidates. 

In Summary

Technology, and time, always march forward.  What we do with the tools that time and tech hand us is what will define our future.  We can no more ban them than we can stop the sun from rising and setting.  So it is up to us as a people – of a nation, of the world – to demand responsible use of these new technologies, and to prevent their use in service of an industry that has already proven itself too costly in human lives. 

The solution to this problem is one of ethics, and politics.  And the time we have to address this issue before it is upon us physically is running out. 

Posted in Business, Corruption, Development, IT, PC Stuff, Politics, Software | Tagged , , , | Leave a comment

War.

You are at war. 

Yes, you.

Every last one of you.

I have said this many times – Trump and his allies are traitors to the United States.  They despise everything it stands for.  This last week has demonstrated that clearly, and if you don’t “get it”, then you are part of the problem.

I have also said this, many times:  It only takes one side to start a war.

Well, they have brought the war to your doorstep.  It is rampaging through your streets as we speak. 

The “very fine people” of the KKK and the neo-Nazis, and their allies within various corrupted police forces, have turned a broad swath of non-violent protests into riots, in a successful effort to ignite a “race war”.  In this case, not one where black people have taken up arms against the US, but where white-trash racists have taken up arms against black people and their supporters. 

And Trump is finally stepping up to declare himself THEIR leader.  Not the leader of the USA, but just the leader of the bad actors. 

It should be abundantly clear to you all that he has allied himself with the worst of our international enemies, and now he is shoring up support with the worst of our own people.

Their goal is to kill you. 

No bullshit.  That is the only way they will ever be happy.  Any dissent with their aims is to put yourself into the “enemy” camp and they are incapable of acting any other way.  They *will* kill you.  And your children.  And anyone you are friends with. 

We’ve seen this movie before, people.  Hitler did it.  Stalin did it.  Mao did it.  Kim Jong Un did it.  Hussein did it.  MBS is doing it.  Putin does it.  And there are always those who are happy to serve their kind. 

They rise up, people don’t take them seriously, and then they gin up a reason to stage a coup and decapitate the existing government, to replace it with their own loyalists in the fragments left behind. 

Today, what you are seeing in the news, that is the United States having a Reichstag Fire. 

It is not, however, too late. 

The good news here is that Trump and his supporters, despite being violent assholes, are also generally pretty fucking stupid.  There are exceptions – William Barr being a good example – and those are the dangerous actors behind the throne, as it were. 

They are also, to a person, cowards.  They bluster when they have the advantage, but they have zero personal courage.  And that’s what makes them hate you.  They envy your courage, your independence, and your happiness.

And they will do everything in their power to drag you beneath them.

Because that is the only way they can feel good.  By establishing a false sense of superiority through strength, they can convince themselves that they are morally superior.  This is why White Evangelicals line up behind Trump – they’ve been raised from childhood to have an inferiority complex and to assume simplistic, idiotic traits like the color of one’s skin to be indicators of worth.  It’s what makes them fools and cowards, it’s what enables Trump to con them over and over again.

Trump has called out his intention to unleash the US military against protesters (which is an illegal order, for the record).  He has called out his intention to sic the US law enforcement agencies against “antifa” (a non-organization which is defined by its opposition to fascism).  Antifa, by the way, having no “membership”, means anyone who opposes a fascist dictator – by definition, if you oppose Trump, you can be labeled antifa. 

Think that over.

Those States which are not run by corrupted Republican officials must declare themselves in opposition to Trump’s actions.  Media outlets must declare Trump’s actions unlawful and violent.  The US Military is bound by law to dismiss the President’s illegal orders.  Those police forces which remain uncorrupted must dig out and destroy the threats to our citizenry.

On the assumption that there will actually be an election in November, individual citizens must re-check their registration status and get their votes in, on paper, and keep a copy for their own records to supply it in case it is needed for validation.

It would also be advisable to arm yourselves.  Because those violent hicks supporting Trump – both in and out of uniform – won’t think twice about using violence against you.  Being cowards, if they know there is a good chance of coming to harm themselves, they will avoid confrontations with anyone other than unarmed and defenseless persons. 

I cannot impart in words how saddened, how let down, how disgusted I am with the state of things today.  None of this brings me anything akin to joy. 

It does strengthen my resolve, however.  Resolve to support the country I grew up in, the United States and those people loyal to one another – because that is who the US is, it is her people.  And being loyal to the US is being loyal to one another, our neighbors. 

War is being fought against us.  Against our people.  By those we thought stood with us.  We’ve seen other countries go through this, we’ve fought this war once before already.

Sadly, it must be fought again.  Outside of the Trump supporters, no one wanted this war.  But here it is, on our doorstep once again. 

And we must take a stand here. 

I will end with a quote from Elie Wiesel:

“We must take sides. Neutrality helps the oppressor, never the victim. Silence encourages the tormentor, never the tormented. Sometimes we must interfere. When human lives are endangered, when human dignity is in jeopardy, national borders and sensitivities become irrelevant. Wherever men and women are persecuted because of their race, religion, or political views, that place must – at that moment – become the center of the universe.”

Posted in Uncategorized | Tagged , , | 3 Comments

A little DnD 5e idea I’ve been playing around with

Here’s a combo for you, which you who’ve been playing 5e probably already know, but might just have been overlooked:

Feats:
Polearm Master
Sentinel
plus
War Caster

Obviously the first two everyone knows are broken already, particularly when in combo.

Adding the third, however, to a HEXBLADE WARLOCK, (or Padlock if you have a few levels of paladin first), enables the following:

Abilities: you take a max-CHA build, I’m assuming you hit 20 early on here using an 18 + racial bonus. Adjust your figures if you choose otherwise.

Cantrips: Eldritch Blast (this is the reaction shiny) Booming Blade (for using your weapon)

Invocations: Agonizing Blast, Lifedrinker, Improved Pact Weapon, Eldritch Smite and some flavor ones

Let’s assume a pact glaive here, which you can summon to your hand any fight at all.

Some of this will be subject to a DM decision around “magical focus”. Since your Improved Pact Weapon is considered an arcane focus, and many abilities here read “when you hit” (not specifying a type of action, merely a hit), your DM may permit the use of effects on spell attacks cast through your focus, such as Lifedrinker and the Improved Pact Weapon magical bonus. As a DM, I do consider it valid, as the rule does not specify what form of action is being taken, only that you have to “hit” with it (meaning you roll a die to hit – so Magic Missile wouldn’t count here). You are rolling to hit with a magical attack or a physical attack, but your mileage with your DM may vary.

Back to the plan…

War Caster enables you to swap in a spell in exchange for the oppo attack – so long as it is a 1 action and targeting only that creature (thus no “Green Flame Blade”). Enter Eldritch Blast.

Now, your reaction instead of an oppo attack (which you can still do if you’d rather lock that guy down and kite him) becomes Eldritch Blast – and this feat triplet (when you finally have them together, probably 8th as a variant human, or 12th as anyone else) REALLY kicks in hard. Every reaction induced by this is now doing 2 attacks at 8th, 3 at 12th – each doing 1d10+11 (+5 Agonizing Blast invocation, +1 more for the Improved Pact Weapon bonus, and +5 necrotic more for Lifedrinker invocation). I’ll focus on 8th and 12th here.

Of course, you’re giving up that “speed set to zero” by doing this, but in exchange you are getting 2 or 3 attacks at 1d10+11 damage each. In addition, you have more warlock invocations you can use to further augment your EBlast with slow, push, or pull. Each hit will have an independent, additive effect on the target’s movement.

But let’s save two of those invocations, shall we? And one, let’s put it into Eldritch Smite, because there will be times when you just gotta put something on the ground. “Once per turn when you hit a creature with your pact weapon…” Again, not contingent on the type of action, only that you “hit” with it. That adds 4d8 plus prone (and possible falling damage if the target is flying) at 8th level, 5d8 at 12th.

It’s when you get physical that you can do this next part – in your regular attacks, you combine Booming Blade with your Eldritch Smite: all by itself, Booming Blade will add to your damage (scales up with level), and if the target voluntarily moves before the start of your next turn, it will take scaling damage when it does. Said damage is thunder, which is rarely resisted. You’re doing it with reach as well, using the pact glaive.

You now add Eldritch Smite after you establish the hit with Booming Blade, and use a spell slot to add 4d8 (8th level char) or 5d8 (12th level) damage to the hit and knock the target prone if it is Huge or smaller. Note that Eldritch Smite also references the “hit” mechanic and also does not specify whether that is with an attack action or casting of a spell.

So here, you use your main action with Booming Blade to injure the target for 1d10+1d8(scale)+4d8 or 5d8+11 to then drop them prone and add tell them “Stay!” with a conditional extra 2d8 (3d8 at char level 10) if they defy you and stand up.

If you simply want to beat them about the head and neck and don’t care about their movement, you use Thirsting Blade plus Polearm Master to generate up to 2 *(1d10+11) + 1d4+11 (pact glaive twice, and back-end. You have a myriad of potential triggers for your reaction, any one of which results in a lashing of either two or three sets of bolts for 1d10+11 with Eldritch Blast. If they are within 5′ reach you can make it the Booming Blade case above.

Of course, on top of these, using “Hex” and/or “Warlock’s Curse” is just extra 1d6 and Proficiency Bonus damage icing on that cake. If this is the BBEG of the adventure, of course both will be on, which also then turns this into a crit-fishing setup looking for 19s and 20s, which you would absolutely use Eldritch Smite on a crit.

Max damage figures at 12th level (assuming normal activity, no Eldritch Smites or other “nova round” tricks):
Main Action: Attack for 2 * 1d10+11, plus 1d4+11 : 46.5
Reaction: Eldritch Blast for 3 * 1d10+11 : 49.5 + possible movement effects

Total: 96 / turn (becomes 99/turn if you just spam Eldritch Blast)

Add 21 more if Hex is active on the target. Add 18 (8th level char) or 24 (12th level char) more if Warlock’s Curse is active on the target.

Note that this PC is not invulnerable – massed minions and/or ranged weapon/spell attacks are still a significant threat. However, from a “glass cannon” perspective, this feat combo has what it takes.

Posted in D&D, DnD 5e, Games | Tagged , , , | Leave a comment

The Worst Enemy We Have Ever Faced As a Nation

It isn’t COVID-19.

It is a political party turned rancid.

How many times does Trump have to do this sort of thing before people realize he is an enemy of the United States? Whether at the behest of a foreign power or not, he is an enemy.

Trump caused the COVID-19 disaster. This can all be laid at his feet without subterfuge, without any smoke and mirrors.

He was briefed in January about Covid-19. He ignored those briefings. Same way that Bush II ignored the report “Al-Queda likely to attack with aircraft.” Same result, except with a far, far more dangerous enemy.

The death toll of his ignoring this has already exceeded the toll of our Bush II loss at 9/11.

Because unlike Bush II, this asswipe tore out our ability to respond to the problem two years before it happened, because a black man created that response team. He also reduced funding of the CDC and public health organizations across the board, to make it look like he was making an accommodation for his gigantic tax cut which still threatens our economy independently of this crisis.

It would be as if Bush II had dismissed all the Special Forces of our various military branches in Feb of 2000.

Trump’s inaction and lying about the severity of this crisis will always hang around his neck, it’ll be his albatross. Sycophantic supporters of him will share that load.

Spending weeks pretending it was a hoax, weeks wearing his idiotic MAGA hat, weeks pretending “our fifteen cases will be zero next week”, “It’ll magically just go away”, and so on, those commissions of fraud and criminal negligence will cost.

This preoccupation with “looking competent” while *being* totally incompetent will cost.

The spewing of lies on camera that fly directly in contradiction with the information from people who actually know something about fighting viruses will cost.

This fumbling about while trying to funnel cash out of the government and into rich people’s pockets will cost.

These actions and inactions will cost LIVES. Thousands, tens of thousands, perhaps MILLIONS of lives.

By the time this is over, this orange shitstain and his enablers will have managed to kill more Americans than every enemy we’ve ever fought a war with – from the British to the Spanish to the Confederacy to the Kaiser to the Axis to the N. Koreans to the N. Vietnamese to every terrorist group there’s ever been.

COMBINED.

Today’s Republican party and its supporters have proven to be the worst national enemy the United States has ever faced.

Even today, 25.03.2020, Trump and other prominent Republicans are saying publicly that they want to end social prevention measures in order to get Wall Street moving again. They say that they are willing to sacrifice the lives of the victims of the virus in exchange for that. The Lt. Governor of Texas claims that the old should be willing to die to re-boot our economy.

That’s 8.25 million people. They are willing to let 8.25 million people die. To try to re-start stockholder’s recovery. Never mind that this wouldn’t even work, look at that number.

They mean you. You can die to help their bank accounts. Your mother. Your partner. Your child. They want you to sacrifice your life and the lives of your loved ones. For their money.

Could it be any clearer? If a foreign nation was attacking us, and was threatening to cause upwards of 8 million dead in such an attack, would we not have whipped up enough nukes against them to render their land a radioactive, glassy wasteland?

Then why are we treating the Republicans any differently?

For those of you without access to Twitter:

Posted in Uncategorized | 23 Comments

It’s about time we got something made clear here…

Okay, here’s the scoop.


Stop pretending “so-and-so is a Russian asset” and all that, as if individuals were lone wolves in this. They weren’t.


Here’s how it went: Russia has owned Trump since the 90s. He’s been laundering money through his shitty properties for ages.


At the Washington Correspondent’s Dinner, Obama pissed Trump off by making him a laughingstock in front of everyone, teasing him about his birther racism. So Trump decided to run for President and destroy anything that had Obama’s name on it.

Russia jumped in to help out, because Putin couldn’t stand the idea of Hillary putting her boot on his neck, and because they could use Trump to leverage against the USA and destroy NATO. Most importantly to Putin, Trump could ease sanctions which we’d imposed due to the invasion of Ukraine (which were really painful to Putin and his rich buddies, threatening his power base).

Putin also poured *huge* amounts of money into the NRA to be funneled into various Republican races (meanwhile, Wayne LaPierre grifted off his share, for which he’s currently being investigated), and managed to buy more than a few Congressmen and Senators in the process. What they didn’t get with NRA money, they’ve been “investing” in businesses local to other members of Congress, which then finds its way into political contributions.


This is why the “puzzling” attitude change took place about Russian sanctions during the RNC convention prior to the 2016 election.


Since then, through Trump properties, far more foreign money has been pushed into Trump’s pockets, further cementing their hold on him. Which puts him beholden to *foreign powers*, including Putin and the Saudis, and specifically *against* us, *against* the people of the USA. He has himself offered $millions to the various election campaigns of Republicans, with the expectation of total loyalty to him if they accept.


What you’re looking at today is this: if Trump goes down, he has very likely threatened all Republicans that they go down with him. He has them, because they all were on the take with him. They cannot possibly afford a fair Impeachment trial, because if there is one, he’ll be removed, indicted, and he’ll sing like a goddamned bird to take as many of them down as he can along the way.


So stop expecting the Republican party to act like a legitimate political party any more. They aren’t. They have morphed into a criminal enterprise, whether willingly or not, and their only hope is to cheat their way into ownership of the country. If they don’t succeed, they know that there’s a stack of indictments coming for each of them as soon as they lose control of the DOJ.


I’ve said many times “It only takes one side to wage a war” – the Republican party is waging an undeclared war against the USA. The sooner this becomes clear to everyone, the sooner we can gear up, fight it, and win it.


This is not the time for milquetoast bullshit like “how can they be acting so irresponsibly”. Recognize they are the ENEMY. They WANT to act this way. Their GOAL is to destroy our institutions, because that is their only path to safety. For them, this is life-and-death – because if they lose, they spend the rest of their lives in jail. Some may very well even end up in the electric chair for treason. They are desperate to avoid this – which is why you see Giuliani wandering around Eastern Europe on the payroll of Russians, doing “free” work for Trump. It’s why Bill Barr, who has no business doing business outside our borders, wandering around Europe. Both of them extorting bribes in the form of smearing Trump’s political opposition.

It should be obvious now to everyone that they take this shit very, very seriously. It’s about goddamned time the rest of the country – the press especially – did so as well. So if you know someone in the Press Corps, someone who works for the news, make sure they understand this.

Posted in Uncategorized | Leave a comment