Software, technology, sysadmin war stories, and more. Feed
Wednesday, March 28, 2018

Feedback: books, P25 crypto, not caring and more

It's been a while, so here are some responses to reader feedback.

A reader asks if can I please publish physical copies of my books so I can display them on their desk at work. This one is particularly good since it's from someone who would be showing their membership in the so-called "rebel alliance" by displaying it on their desk at a certain company, and that would be awesome.

I haven't seriously looked into turning the books into dead trees, but during a quick check a couple of weeks ago, it seemed like it might cost $40-50 each to actually make them, never mind the price it would have to sell for to obtain any sort of profit on it. It would have to be a labor of love done at a net loss based on what I was seeing.

I think I guessed the second book might have been close to 1000 pages if the Kindle app's estimate was any indication. Imagine that done at a reasonable size with full color printing since there are pictures scattered throughout. It isn't cheap! Maybe this is why some books have just a single signature in the middle with the color glossies and the rest of the pages surrounding it are just relatively boring black and white text?

I'm not opposed to the idea, but I don't think it would be a DIY type project like the existing electronic versions were. For one thing, me scribbling on my iPad for 5 minutes to make a cover (see the first book) would not fly in the real world... or would it?


Another reader wrote in asking about what to do instead of calling your employees "high maintenance", particularly if it seems like they need help in some way. They wanted to know if there were better terms to use, and what sort of position should be taken to improve things?

Based on my own experiences, I think it would be good for the manager to level with the employee and say something like "look, this sucks, I'm sorry, and we'll find a way through this". They might also tell the employee that they've done nothing wrong, and that there's simply a group of people who have resorted to middle school tactics and can't provide tangible examples to back up their mud-slinging. Then they'd reject the non-concrete feedback and carry on from there.

It's one thing if someone is doing something and that something is legitimate. Then you capture the details of it when it happens, and at the next appropriate meeting, sit down and talk about it. Go through the event and replay it. See where it went well and where it went sideways. Figure out if any of it is backed by data or if it's just bias seeping through from any of the parties. Then do the actual work to deal with what's actually wrong, and not what the loudest person in the room happened to be saying about it.

It's another thing entirely if it's all abstract and/or anonymous, particularly if the company supposedly prides itself on being open and connected. Also, if that company has taken steps to squash anonymized feedback channels it didn't like, while supporting others and allowing them to continue, that's really messed up.

Don't work at those places. It isn't worth it.


On an older post about people "spreading" on the bus, someone asked if maybe the person in question had a "long femur" or was "slouching with hips too far forward", and suggested purposely interfering with their space by pushing parts of myself that way what happens.

First, ew. I don't want to purposely reach out and touch someone like that. Second, whatever happens, I'm stuck with this person for at least the next hour if traffic is bad. I can't exactly hop out while the bus is in the #1 lane of 101 and seek alternative transportation if a confrontation goes sideways.

Third, I'm taller than the person in the picture, and I fit well enough.

What happened in the end was that I finally got tired of the regressions in shuttle service, terrible herky-jerky drivers replacing the good smooth ones, and general bad manners from a handful of riders and just started driving to work again. Thus, I became part of the traffic problem on 101, and then I became part of the parking lot problem at the office.

And boy, is there a parking lot problem, but that's a story for another time.


Regarding my P25 radio project stuff from ages ago, someone asks if I know of a way to decode those signals. The answer is: sorta. I'm aware that there used to be (and may still be) code in the OP25 repo which would take a DES (?) key and would decrypt incoming voice packets. I think there's still a video floating around which shows someone doing exactly that with their P25 handy-talkie and a key they obviously know.

I, however, have not done anything of the sort. I have a bunch of recordings from the newer P25 system in Santa Clara County ("SVRCS") in which some of the calls are encrypted, but I haven't tried to do anything with them. They're just a bunch of encrypted packets sitting on disk somewhere, waiting for the day that someone needs them and gets the historic key from a FOIA request.

It's not like anyone really cares about what was said over the radio at the Super Bowl three years ago, right? Maybe it was sensitive at the time, but now?

There are reasons I didn't stream SB50's radio traffic live. Part of it was that I hadn't built the system to do it yet, and part of it was just not giving random troublemakers a way to benefit from my work. It all went up long after the game was done and my little part of the world had gone back to normal.

When there are that many spooky agencies around town, you don't play games with their radio traffic. You just sit on it.


I was asked if I had ever run into scaling issues with apt/dpkg of the sort that I've encountered with RPM and yum. The answer is: not really, but I haven't had a reason to, either.

Of the biggest fleets I've worked on, some were based on RPMs and hence had various yum scaling issues, others had their own proprietary packaging and distribution methods, and still others had both. My experience with Debian type systems (including Ubuntu and derivatives) has largely been in one-off workstation environments. In that situation, you just don't see enough variety to give you the really interesting problems that only appear at scale.

To be clear, you can take RPM and yum pretty far, but at some point you have to ask yourself if you really want to. If you aren't building stuff that links up at a fundamental level with the rest of the stuff from the base OS, what's the point? If you're side-loading your own C libraries, compiler libraries, and other support stuff, and are ignoring the base OS completely to run in a container, what difference does it make?

Aside from a few leaky abstractions, you might be surprised what you can do inside a mere chroot. Want to have a Slackware-ish system on a Red Hat-ish system? Sure thing, just make a new root dir, install a bunch of packages, chroot in, and rock out. It'll feel just like home.

Now imagine doing that with your runtime environment. If it doesn't care about the host system beyond the usual Linux ABI, who cares if it isn't using the same packaging?

Linux distributions aren't exclusive environments, after all.


Several readers asked similar questions about the feedback stuff on the site, like why don't I have it linked to "social comments" (i.e., Facebook), where does it go, and what about spam bots?

The answers are all pretty much the same so I'll handle them together here. I don't want an open/public forum because those frequently go sideways. I'm not even talking the mere "middlebrow dismissal" that HN is so famously known for, but the outright hate which flows for no good reason on completely random posts.

I don't want to spend time dealing with the care and feeding of such an environment. Any posting system which can go straight online will eventually be abused, whether by spammers, or just plain haters. I want none of it.

This is why it just turns into an INSERT in a table, and I manually pull it out later and look at it. There is no fancypants HTML rendering going on, so attempts to inject XSS type stuff also do nothing. It's just text.


Someone asks if I had "tried not giving a shit at work". Ah, yes, I have. Truly. The problem is that my own inner value system eventually forces me to actually do the work they are paying for. There's only so much Minecraft-based avoidance I can stomach before it also becomes too painful to continue.

Basically, I think the question is "could I have just stayed in the job, shut up and done basically nothing for a long time", and I think the answer is "almost". Specifically, I think it's technically possible, since I have seen people hanging around who seem to do nothing. They've been at the company for a couple of years and never seem to have anything to show for it.

If you can be like them, then yes, I guess you can just go up on the roof with your Big Gulp and watch the world go by. Say hi to Big Head and the rest of the Hooli crew for me.

However, I cannot be like them. Assuming I'm not laid out with the flu or something, then there's this fire burning inside that wants to turn into productive output every single day. An otherwise normal day without something coming out actually starts feeling bad at some point, and enough of them in sequence is really terrible.

I guess in theory, I could get perma-loaded on some kind of depressant (of which California has a great many legal choices) and totally stop giving a shit. I also don't see any reason to do that. It's never appealed to me. If that's your thing, cool. (It's not like those folks are going to object to me being like I am. They're too chill to care.)

But me? I need to do more.