Thursday, February 1, 2024

Some thoughts on 'population control'

 

Some thoughts on handling the so called population problem...

1. Govt to issue two credit vouchers to every person upon reaching legal marriage age. Tied to their adhar number.

2. The value of each voucher is equal to half of median (not average) cost of raising a child up to 18 years of age. It gets adjusted every year.

3. Every year up to 10% of the credit can be converted to cash depending upon the value of the voucher at that time. When the child turns 18 all of remaining value gets cashed and deposited in his account.

4. Govt schools/hospitals etc. will have no free facility. These credits will be used for payment at these facilities. 

5. Released credits amount get attached to child's adhar and can be used as payment card for child's expenses.

5. It must be legal for people to sell these vouchers to others. This will reward people to have less children (since they can sell the unused credit and make money) at the same time people who can afford to have more children, they can have if they want. These voucher will sell in market for a reduced value and will be bought by people who have decided to have more children.

6. 5% of the taxes paid by a household must go to surviving parents. This will encourage parents to raise their children to become productive citizens as a guaranteed income source.

7. If a parent does not educate his/her children severe punishment including auction off their property educate the children. Govt enables the parent for child RTE by giving the credit voucher, now its the parent's responsibility to ensure child's RTE.

Some benefits:

  • Illegal aliens won't able to leech tax payers money.
  • Poor people or childless couples can sell the voucher and make money to support their family.
  • Government will need not fund inefficient schools/hospitals since people will go where the service is good.


Friday, June 3, 2022

Using extended disk in a virtual machine

   

These are the steps to use the extended SCSI disk in a VM. The disk shows up in VM as device /dev/sdb mounted as /opt/app. It was extended from 1 TB to 2 TB.

 # Unmount the logical volume

  umount /opt/app

  # Create a new additional partition and change the system id to 8e. Use fdisk as shown below and chose to create a new primary partition. There is only one partition /dev/sdb1 to start with. New partition will be /dev/sdb2.

  fdisk /dev/sdb

  # Partprobe to reaload the prtition table into kernel

  partprobe

  # Create physical volume

  pvcreate /dev/sdb2

  # Find name of volume group to extend. In our case the name is localvg

  vgdisplay

  # Extend the volume group

  vgextend localvg /dev/sdb2

  # Find name of logical volume

  lvdisplay

  # Extend and resize the logical volume

  lvextend -r -l +100%FREE /dev/localvg/bbed92058c4903275172716dd4a26a15

  # Mount the logical volume

  mount /dev/localvg/bbed92058c4903275172716dd4a26a15 /opt/app

Thursday, May 9, 2019

How to install pip when you are behind corporate MITM proxy?

How to install pip when you are behind corporate MITM proxy?

1) Execute this to download get-pip.py
curl -k https://bootstrap.pypa.io/get-pip.py -o get-pip.py

2) Open the get-pip.py file and change this line.
shutil.rmtree(tmpdir, ignore_errors=True)
to this line:
print ("Pip extracted to " + tmpdir)#shutil.rmtree(tmpdir, ignore_errors=True)

3) Execute this:
python get-pip.py
 It will error out but print name of the host it is trying to contact and also create a tmp folder and extract pip into that folder. Look at the output and notice last line:
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting pip
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)) - skipping
  ERROR: Could not find a version that satisfies the requirement pip (from versions: none)
ERROR: No matching distribution found for pip
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)) - skipping
Pip extracted to /tmp/tmpKGoLfQ

 4) Now go to the tmp folder (something like tmpKGoLfQ) and add it to the path.
cd /tmp/tmpKGoLfQ
export PATH=$PATH:`pwd`

5) Execute this from tmp folder (/tmp/tmpKGoLfQ):

sudo python -m pip install pip --trusted-host pypi.org --trusted-host files.pythonhosted.org
 if you find another mirror is being used then add that as another trusted host.
 It will install pip and now you can use it normally. If you need to install another package you can add --trusted-host option as shown above or the better choice, install your corporation's root CA cert in python's cert store as displayed by:
python -c "import ssl; print(ssl.get_default_verify_paths())"


Thursday, May 2, 2019

What is Intelligence?

Intelligence is ability to create cognitive models of observed reality. It is inversely proportional to the time taken to create the model, number of iterations needed to create the model and number of input required in each set of observation. It is directly proportional to the accuracy, precision and agility of the created model.

We deal with everything and everyone by running a simulation through these models. The difference between a normal person and 'madman' is that madman does not run most of his random thoughts through these models.

Culture is essentially "a package of cognitive models" that has helped that specific group survive.
Once a model is formed its more resource intensive to increase accuracy and precision.
Ever wonder why otherwise intelligent people have absolute wrong opinion about certain topics? Because they have created wrong cognitive model of those topics.

Monday, February 4, 2019

Security through obscurity is no security

So we have ssh client and some of our team member end of storing their passwords in the in the ssh client. Yes I know that its bad practice, but that's a separate discussion.
The interesting part is that the ssh client does not let you see the password once you have entered them. Of source its for "for security" reasons.

Few years after having entered these passwords, people leave, move to different projects and one is stuck with a ssh session that can be used for establishing the connection but can't change the password (since root ssh is not allowed and you can't do sudo because you don't have the password).

What the solution?
A ssh honeypot server.  http://3.91.206.83/
Change the IP of the session to this server and it will print the password back. If you can change the IP, redefine the host name in your local  hosts file to point to this IP.
Be aware that one your have retrieved your password through this, assume that it has been released to public. Change your password immediately.

The ssh client is trying to make the password secure by making it obscure. Newsflash! Its not secure. Its just making user's life difficult without adding any security.



Tuesday, October 16, 2018

Installing letscrypt certificate in grails

   Installing letsrcrypt certificate in grails.
   assumptions:
    domain name: app.example.com
    password   : supersecret
    linux app user account : appuser
 Use this URL to generate command for your site:

   As root:

   =============================================
   Step 1.
   Renew certificate using this command.
#certbot certonly
   (choose to renew option 1)
   It will create two file:
   /etc/letsencrypt/live/app.example.com/fullchain.pem
   and
   /etc/letsencrypt/live/app.example.com/privkey.pem
  
   Step 2.
   Combine cert and private key using this command.
#mkdir -p /home/appuser/etc/app.example.com
#openssl pkcs12 -export -in /etc/letsencrypt/live/app.example.com/fullchain.pem -inkey /etc/letsencrypt/live/app.example.com/privkey.pem -out /home/appuser/etc/app.example.com/app.example.com.cert.p12 -name app.example.com
<secret
as password>>
#chown -R appuser.appuser /home/appuser/etc/app.example.com

   As app user:

   =============================================
   Step 3.
   Convert p12 file into jks file using this command. Change supersecret to something that is really kept super secret.
$keytool -importkeystore -deststorepass supersecret -destkeypass supersecret -destkeystore /home/appuser/etc/app.example.com/app.example.com.cert.jks -srckeystore /home/appuser/etc/app.example.com/app.example.com.cert.p12 -srcstorepass secret  -srcstoretype PKCS12  -alias app.example.com
$rm /home/appuser/etc/app.example.com/app.example.com.cert.p12

   Step 4.
   Now pass these arguments to grails .
  
$./grailsw \
        -Dserver.address=0.0.0.0 \
        -Dserver.port=8443 \
        -Dserver.ssl.enabled=true \
        -Dserver.ssl.key-store-password=supersecret \
        -Dserver.ssl.key-store=/home/appuser/etc/app.example.com/app.example.com.cert.jks \
        -Dserver.ssl.key-alias=app.example.com \
        prod run-app



The form below hosted at https://jsfiddle.net/a2bfxdeq/2 generates command for you.


Sunday, March 18, 2018

Fixing grub2 on windows 10

Problem: Installed Linux on a external HDD connected to windows 10 using live CD and Grub got installed on internal HDD pointing to grub.cfg on external HDD. So if I remove the external HDD, grub.cfg is not found and can't boot windows.

Resolution:
1. Boot Linux by connecting the external HDD.
2. Mount the efi partition (Lets say its /dev/sda1. In my case it was first partition on internal HDD, about 256M in size)
  #mkdir /tmp/efi
  #mount /dev/sda1 /tmp/efi
3. Install grub.
  #grub-install --boot-directory /tmp/efi/grub --efi-directory /tmp/efi --uefi-secure-boot

4. Create the cfg file
  #grub-mkconfig > /tmp/efi/grub/grub/grub.cfg
 
 
Not tried but may be useful:
when you have grub prompt, try this:
echo $prefix

By default grub will look for $prefix/grub.cfg. If you can copy your grub.cfg from external HDD to the default location, that may work.