Ethics

Conflicts of interest and personal agendas

Posted on by Kenneth Ballard / 0 Comment

Recently I’ve started listening to various YouTube channels that read out stories posted to Reddit. One story was classified as “pro-revenge”. And I found the original post in question, called “I got back at childhood bullies by destroying an entire town“. To note, the factual nature of the story has been called into question. But like another story regarding the “Trump Cup” phenomenon I looked at 2½ years ago, we can still discuss the story as a hypothetical case study. Go ahead and read the story to take in the full picture. I’ll do my best to summarize.

The OP (original poster) described a childhood in a very conservative Christian, “one smokestack” town. For the unfamiliar, that is a small town centered around one business or industry – mining or a manufacturing plant. Economically, they literally have all their eggs in one basket. There are a lot of towns like this peppered across the greater United States. Some are still thriving, or at least getting by, but others fell to the 2008 crash and 2009 recession. The one the Obama administration said lasted only 6 months, only because there was a tidal wave of government spending that inflated the GDP numbers and made the economy look better than it was actually doing.

OP is also a rape baby. So being conceived and born out of wedlock in a very Christian conservative town, his life growing up was hell. But he still managed to graduate with decent grades and escape the town in question, going to college and getting a decent job as an “analytical consultant”.

Part of his work involved downsizing evaluations – determining which locations get closed or who gets laid off or transferred. And he was pulled in to evaluate three plants to determine which would get shuttered and their operations transferred. One of those plants was in the town where he grew up.

If you know anything about business ethics, red flags should be going off. Unfortunately the ethical conflict is one many likely don’t readily see, given how many have readily applauded what is described. In short this is a massive conflict of interest.

Once the OP saw that his hometown is one of the plants he would be evaluating, he should’ve recused himself completely. He was being brought in to give an impartial evaluation. And his descriptions of his mindset and actions show he was unable to give an impartial evaluation. This statement in particular is telling:

Inside I was seething with hatred and enjoying this all. I really loved seeing their faces, seeing what they had become, because fuck it, I was going to take it all away from them.

And

My state of mind was something close to sexual arousal. I had never understood why people pursue positions of power, but yeah, now I understood.

Again he was unable to be impartial. And impartiality is part of a consultant’s fiduciary duty. Since they hire an outside consultant for an independent, impartial opinion. But instead of doing his fiduciary duty and recusing himself, he took it as an opportunity to carry out a personal agenda. Again, a massive conflict of interest that rendered him unable to be impartial.

I wrote a really scathing report, documenting every little flaw and mistake ever done in the town plant. I didn’t need to lie or fabricate – I simply took things that existed and polished them till they looked even worse than they were. The factory was shut down and in the following three years, the town died.

If the plant was as badly managed as described,

The religious community running the town ran the factory as well. The big shots in the community tended to be bosses in the factory. This meant that the factory wasn’t run that well; promotions were based on “holiness”, not on merit or skill.

a truly impartial auditor would’ve recognized the shortfalls and still recommended the plant be closed.

But what if he walked in and discovered the plant was productive and profitable (earning more than it cost to operate it, even if not by a significant margin), running like a clock and reasonably well-managed? Possibly even the best of the three plants being evaluated? Would OP still have recommended the place be closed? The above statements answer this clearly in the affirmative.

He first states that he didn’t need to lie or fabricate anything regarding the plant, but then admits to doing just that, “polishing” details till they “looked even worse” than what was truthful. Meaning he likely would have lied and fabricated statements about the plant to see the outcome he desired. His personal agenda became a conflict of interest by completely nullifying any ability to be impartial, and possibly introducing a willingness to commit fraud and defamation.

Conflicts of interest are taken very seriously in business, since it calls into question whether you can be impartial and seek the best outcome given a circumstance. And personal conflicts with other people can become conflicts of interest simply due to the risk your impartiality will be compromised.

Some conflicts of interest are quite obvious. Interviewing your high school bully for a position on your team. A salesperson approaching a prospect wherein a former significant other or someone else with whom they have “a history” has influence over the purchase decision. And of course the classic conflict of interest: an affair between a manager and a direct report or someone along the direct chain of command.

And once the conflict of interest has been identified, the parties involved have a duty to recuse themselves from the business interaction where possible. Such as when there is a merger and one a manager’s new direct reports is someone with whom their ex-husband had a fling or affair. Such was the case in a letter to the Ask A Manager blog (original is #1 here, update, and second update is #5 here), and the conflict of interest I don’t feel was taken seriously enough by the employing organization.

And in the above story, the conflict of interest is the OP’s history with the town and the people therein, including those running the plant. The OP clearly had no intention of being impartial, let alone the ability, and should not have been involved in the decision at all. And an impartial auditor arriving at the same decision doesn’t mean the conflict of interest wasn’t a factor in the OP’s decision.

Since the conflict of interest means we cannot know whether the plant was evaluated honestly and the proper decision made. We cannot know if the claims about how it was run are truthful. We cannot know because OP couldn’t be impartial. Once he saw his hometown on the list, he saw the opportunity to ruin those who wronged him, completely jettisoning any potential for impartiality to pursue a personal agenda.

Ultimately we cannot know if that plant was the one that needed to be closed because the OP couldn’t make an impartial decision. So he should not have been involved in the decision at all.

Supreme Court/Vaccines

Well beyond unconstitutional

Posted on by Kenneth Ballard / 0 Comment

Recently a New York county decided to ban unvaccinated minors from public places in response to a measles outbreak. And it is so beyond unconstitutional it’s not even funny.

Local and county governments are subject to the same Bill of Rights as the Federal government via incorporation. So has said the Federal judiciary, including the Supreme Court of the United States, numerous times over.

So let’s say there is an unvaccinated child in a public place in this New York county. Beyond the parent or child (because, let’s face it, the most truthful people in the world are drunks and children) openly admitting such, what would constitute probable cause in this instance? What would constitute even reasonable suspicion to detain someone?

The government would also have to demonstrate the child is not vaccinated. There is no obvious physical indicator of a person being vaccinated or not against measles. This isn’t like with smallpox where the vaccine leaves an obvious scar or blister. So demonstrating the child is sero-negative to measles, meaning they have no antibodies against it, requires a blood test. And unless the parent voluntarily consents to the blood test for their child, which no parent in their right mind would do, the police would need to demonstrate probable cause to get a warrant, since the blood test is a search under the Fourth Amendment – see Birchfield v. North Dakota, 579 US ___ (2016).

And the parent refusing to consent cannot be used against them in any way. It is not automatic probable cause. The police would still need something else.

So given that blood tests are out of the question, again absent probable cause or voluntary consent, what about vaccine records? Should parents have to carry around their children’s vaccine records wherever they go in that county, to be produced upon demand of law enforcement? Under the Health and Insurance Portability and Accountability Act (HIPAA), No. Vaccine records, like all other records related to a person’s past medical history, are protected health information (PHI) under the HIPAA Privacy Rule. Meaning law enforcement cannot demand you produce them without a court order.

The county said they have no intention of actually arresting people, but instead using this as a wake-up call regarding the measles problem they’re having. Except the law being on the books is still the issue, since the county could, at any time the law is active, choose to start enforcing it, such as if they aren’t getting the results they expect from it.

And that is where the county will fast run into the Fourth Amendment.

Mira

Some changes to the radiator box

Posted on by Kenneth Ballard / 0 Comment
Build Log:

Back almost three years ago in 2016, I set out to do something rather unique with regard to water cooling: building an external, self-contained radiator box. And for the most part I achieved that goal. Maintenance cycles would see some improvements to the implementation, leading to a box that is very quiet, and a total water cooling setup that provides very good temperatures.

There were still additional improvements to be made. Particularly with the power delivery. Powering everything was initially… messy. Integrating a hodgepodge of parts that more or less got the job done with as little need for modifying anything as possible and virtually nothing custom.

Here’s the parts:

And the power went into two voltage regulators, one a step-up to run the pump at greater than 12V when I had a D5 Strong, and the other a step-down to undervolt the fans. So it was a bit of a mess with regard to cabling.

I still have the switch, along with the step-down regulator to undervolt the fans. The step-up regulator isn’t needed. And most everything else from this is gone. In its place is this: NiuGuy 12V/4.2A (50W) power supply. And wires. And a terminal block.

All of this started when I was casually browsing Home Depot and saw terminal blocks in the electrical section, a part of the store I normally don’t pay much attention to. From there I purchased a crimp tool kit, terminals, and wire. Later I acquired 2.8mmx.5mm spade terminals to get rid of the vandal switch wiring harness. The small power supply came later.

And that power supply is seriously small. Smaller than the power brick I was originally using. I was actually surprised when I first saw it. Here’s a size comparison of the product box with a PS3 game case. The power supply itself is only slightly smaller than the box.

I’ve encountered power supplies like this before and had previously considered employing them in the radiator box. But I initially wanted something that didn’t require much in the way of additional tools and electrical supplies to build, so I went that direction. I also didn’t know much about electronics and circuitry at the time and have since enlightened myself.

I kept the NCASE M1 power cable, cutting off the C13 connector and stripping the insulation back so I could add terminals for the power supply. The switch is inline between the power supply and terminal block. One pair of terminals create the circuit for the pump and rear fans at 12V, while the other pair creates the circuit with the voltage step-down regulator for the radiator fans. Bus wires connect the circuits in parallel.

Much simpler and cleaner compared to what I had previously since I wasn’t having to figure out what to do with really long cables coming off pre-fab items. And sure there are a couple ways this could be cleaner, but I wasn’t concerned with perfection.

The D5 pump (Koolance PMP-450 specifically) is out with a DDC pump (Swiftech MCP50x) replacing it. The only reason I swapped it out is clearance. The DDC is more compact. And the one I selected is PWM controlled, so I can dial it down to a lower RPM using a manual PWM fan controller like the Noctua NA-FC1. I clipped off the pump’s SATA power connector to use terminals to power it from the terminal block, after extending the wires using butt splice terminals with equivalent gauge wire.

So why the lower clearance necessitating the smaller pump? I lowered the reservoir using 120mm mounting rails (Performance-PCs) for the Singularity Computers Ethereal Single (Performance-PCs). (Since I say this every time, I’ll again do so here. Full disclosure: I also support Singularity Computers via their Patreon.) Much more stable compared to how I had it previously, and it allowed me to secure the reservoir more toward each of the end caps. And the lower position meant lower clearance, necessitating the smaller pump.

And I swapped the Bitfenix fans I had at the rear for Nanoxia Deep Silence 120mm fans, the ones that previously were in Absinthe, now Amethyst. They are super quiet (14.5dB/A) at 12V while still moving 60CFM. I’m not sure how that’ll affect cooling, but it’s bound to be better than the rear fans being voltage-synced with the radiator fans. And as a bonus, they match the green ring light on the power switch.

I still have the pipes I showed in the previous article. They keep the coolant flow well out of the way of power and data cables, reducing the amount of soft tubing needed, even if it does create a little headache for maintenance. I’ve considered adding a valve to the pipes as well to make it easier to drain. Instead I used a 4-way block with a couple spare quick-disconnect fittings to create something to drain the system.

Performance

I’ve made some changes to the tubing in the H440 as well, but not in a way that drastically affects performance. The GTX 1070 still barely touches 40ºC under load, and I was able to bump the CPU overclock (i7-5820k) to 4.3Ghz while still keeping temperatures in the mid to lower 60sºC.

I’ll detail the changes and reasoning behind those changes separately.

Possible next steps

Since first building this, I’ve loved having an external water cooling setup. It’s unique, and I’ve yet to see someone else do this. Sure the setup is a little complex, and maintenance can be a little bit of a headache, but having a water cooling setup that is not tied to any particular chassis or hardware setup is the main benefit. And I see no reason to go back to the traditional in-chassis water-cooling setups that… nearly everyone else does.

Maintenance is, of course, the main drawback. Good thing it really only needs to happen once a year.

And there really isn’t much of anything to add to this. A better mount for the pump? Not entirely necessary. I would like to have temperature sensing on the coolant, but that isn’t a pressing concern. Replacing the radiators or radiator fans with better options? I don’t really have a reason to do that. The XS-PC EX360 radiators work without any issue here, and I have zero reason to believe better radiators (e.g. AlphaCool, Hardware Labs) would make a significant difference, though they would certainly inflate the cost.

The only realistic direction I can go is making the box smarter.

The last couple years have seen the introduction of various ways of controlling fans using software. I’ve used NZXT’s Grid for powering a lot of fans at once. Future adaptations saw the Grid+, which allows for software control of the fans based on temperatures via their CAM software. The latest incarnation is the Grid+ V3, which supports PWM fans, meaning it should also support PWM pumps.

And the Corsair iCUE Commander Pro is an option to integrate temperature sensing and fan control. But it requires all three voltages from its SATA power connector – 12V, 5V, and 3.3V – whereas the Grid+ requires only 12V and uses a barrel connector – meaning no modification to the device. The power supply noted above is 12V only, so I’d need a voltage adapters to provide 5V and 3.3V, or I’d need to replace the power supply with one that can provide at least the 12V and 5V.

I’ll figure out which to use later, along with how to connect it to the main system.

Server projects

Hosting a mail server on a home network

Posted on by Kenneth Ballard / 0 Comment

Before diving deeper, a preface.

This article will not be discussing how to set up a mail server. Mostly. Instead I’m going over some of the complications that can arise after you have the mail server set up with receiving mail to the domain(s) the server hosts. You’ll need to go elsewhere if you’re expecting a tutorial on setting up and configuring a mail server.

Before continuing, let me explain my setup so you can understand where I’m coming from and going:

  • Mail server: virtual machine with 2 cores, 2GB RAM, Ubuntu 18.04
  • Software: iRedMail
  • Port forwarding: random port number -> port 25 on mail server
  • DNS name: NoIP dynamic DNS hostname, dynamic IP address

Assumptions

From here I’ll presume you have a similar starting point to me, that you:

  • own one or more domains which may or may not already receive mail through the domain registrar or other service
  • want to spin up your own mail server to receive that e-mail to your home network
  • have a typical home Internet broadband connection with a dynamic IP address
  • have a dynamic DNS name to point to your home network

If you are not already signed up for a dynamic DNS service, do that first before setting up a mail server. I recommend signing up for one that your router directly supports. I use NoIP, and I also pay the $25/yr subscription fee to make things easier.

What I won’t cover

For the sake of brevity, I won’t be delving into setting up and administering a mail server. As I said above, you’ll need to go elsewhere to find that information. There are also several “distributions” – e.g. iRedMail, Mail in a Box, etc. – that can handle much of the dirty work for you, all of which have their own steps for setup and administration.

Basically setting up the mail server is on you. All I’m discussing herein is what you need to do once the server is set up on your home network, with a dynamic IP address, so you can receive mail to it. Since plenty of other articles say you can’t.

Set up a self-hosted VPN

Allow me to establish one additional prerequisite: set up a self-hosted VPN. OpenVPN is one of the more popular packages available for that, and I also have a guide on how to run that in a Docker container if you’re so inclined. Others have set it up to run on a Raspberry Pi. One of my coworkers uses ZeroTier and he seems to like it.

Having the self-hosted VPN means you only need to expose the SMTP port through your router’s port forwarding. You would then access your e-mail by connecting to the mail server through the VPN connection or an SSH tunnel when you’re away from home. Which will provide an additional safeguard for your e-mail.

Overall order of operation

Again, you should already have the mail server set up, with the domains and e-mail accounts configured. So now you need to make it so you can receive that mail on your home network through your dynamic DNS hostname.

  1. Pick a random port number to map to port 25 on the mail server
  2. Sign up for a mail relay service (more on this later)
  3. Modify the DNS settings for your domain for the mail relay service
  4. Wait a little for the settings to propagate
  5. Send test e-mails to verify everything is working
  6. Profit!!!

Random port number? Mail relay service?

By now hopefully you’ve already looked into what is required to establish a mail server for your domain(s). So you should’ve encountered explanations for the DNS entries, in particular how to configure the DNS entries to avoid other mail servers refusing to talk to yours.

Specifically, the “reverse DNS” entry for your mail server’s host name. Which is impossible to create for a dynamic IP address. And with a static IP address, you probably have to jump through a ton of hoops with your ISP.

Mail relay services avoid this complication, accepting the mail for your domain(s) and relaying it to another mail server. They are advertised as allowing you to bypass your ISP blocking port 25, allowing you to host your mail server on a port other than port 25. This should also be coupled with a backup service that retains e-mails for a period of time, in case your mail server can’t be reached for some reason, to avoid e-mails being rejected or black-holed.

Your dynamic DNS service provider may already have this available. NoIP has Mail Reflector for $100/yr per domain. Dynu, on the other hand, has an Email Store/Forward service for $10/yr per domain. The latter is what I currently use, and it works well.

While you don’t need to use a port than 25, I’d highly recommend doing so since the relay service allows for it. I’ll just reiterate what I said in my OpenVPN guide (linked above):

In general, when exposing services where they are accessible outside your network, you want to avoid using default port numbers. Either configure the service to use a different port number, or use the port forwarding on the router to provide a different port number.

Port forwarding for mail relay

So with that explanation out of the way, it should be clear how to expose the mail server via port forwarding. The order of operations means you

  1. select a random port number for port forwarding
  2. set up port forwarding: [random port number] -> port 25 on mail server
  3. set up the mail relay -> [dynamic DNS host name]:[random port number]
  4. DNS “MX” entries for your domain -> mail relay service
  5. Profit!!!

Finishing up

So now with everything set up the way you need, send some test e-mails to make sure everything is getting through.

One thing to note: it will take several days for the updated DNS entries to propagate around the world due to DNS server caching. So you may need to continue to check your e-mail through any previous mail hosting service until you confirm all e-mails are no longer being sent there. If you’re planning to transfer domain registrations to another provider, hold off for a few days before initiating the transfer if there are any frequently-used e-mail addresses involved.

And another point: if you use iRedMail, turn off greylisting. If you use another distribution, determine how to disable greylisting with it. Or at least figure out how to whitelist the mail relay service you choose. If you don’t, it’ll take multiple tries for the relay service to get the mail to your system. Turning off greylisting or whitelisting the mail relay service will avoid this.

One additional complication

Mail server blacklisting is something else you need to keep in mind. This doesn’t stop you from receiving mail, since it will be going through a mail relay service. But it might keep you from being able to send messages to some recipients.

As part of an effort to combat spam and scam e-mails (such as this and this), mail transport agents may be blacklisted. It’s up to every mail server administrator as to whether those blacklists will be honored – it should be off by default. And this isn’t an issue exclusive to residential Internet IP addresses. I encountered it with my previous web hosting provider when I tried to forward a phishing e-mail to SunTrust Bank.

So if you find that e-mails you are sending are routinely being rejected, check your IP address and dynamic DNS hostname and domain through MXToolbox to determine if it’s been blacklisted. You may need to sign up for an outbound mail relay service to bypass this.

An example is Yahoo!. Several months after this article initially went live, my wife and I started shopping for a house. With one home we found, I was attempting to contact the real estate agent representing the property and sellers. The contact e-mail through her realtor’s domain could receive e-mail from my home mail server without issue. That address was set up to forward her e-mail to her personal Yahoo! account. If I tried to reply directly to her Yahoo! address, the e-mails did not go through.

So to end that frustration, I set up outbound mail relay through Amazon’s Simple Email Service and configured my server appropriately while we were still in talks on the home (which we did buy!) and getting everything figured out. Amazon SES has the benefit of a very, very low to practically no cost if you don’t send or receive much e-mail.

Conclusions

So contrary to a LOT of articles, it is possible to host a mail server on your home network. It just requires the additional mail relay service to make it all work, to bypass the “reverse DNS” complication.

It just typically isn’t recommended that you set one up since Internet mail servers can be complicated to set up and administer. But much like web servers, generally once they’re configured, you should only really need to touch it for software updates.

Charity/Taxes

False charity because #fuckTrump

Posted on by Kenneth Ballard / 0 Comment

Amazing how the Federal “shutdown” appears to be bringing people together, right? Bringing out people who are willing to help the furloughed government employees who are working without paychecks or not working at all. Showing that when people are in need, we’re willing to be charitable. Because that’s what decent people do, right?

Yeah I’m not buying it.

Simple question: if not for the government “shutdown”, how many of these same people would be spending their own time or money directly helping people who are in need? Likely answer: next to none of them.

Let’s be honest. There’s only one reason this is happening at all. #FuckTrump. That’s it. That and the chance at a little fame or exposure since the media is broadcasting whenever someone is being so grateful to furloughed government workers. Because again, let’s be honest, #FuckTrump. That’s the only reason.

Meanwhile there are millions of people in the United States who are in need of direct assistance in many ways every day. I’m sure you, dear reader, know at least one such person. Yet what’s the response? “Let the government handle it.”

Rather than go out and directly help them in some simple fashion, you’d rather instead have the Federal and State governments take more money from my paycheck and the paychecks of those who make more than me so that you don’t have to lift a fucking finger, or take a penny from your pocket.

Because when it actually comes to helping people, it seems the vast majority would rather be passive, lazy pricks who’d rather sit back and “let the government handle it” rather than getting off their asses and actually doing something to better someone else’s life.

I’ve probably shelled out more money over the last couple years than many others have in their lifetimes. And if you’re one of those people, someone who’d rather sit back and complain about things rather than getting off your ass to improve someone else’s life, who’d rather see more money taken from my paycheck because it means you don’t have to do anything, kindly go fuck yourself.

No, seriously. Fuck you.

Now get off your ass, find someone who needs something, and figure out how to help them. Rather than hoping someone else will do it.

You want to improve the world? Get off your ass already.

Solicitations

At least read the article before sending a solicitation

Posted on by Kenneth Ballard / 0 Comment

I’m really starting to ponder the commonality of this practice.

The below request is at least mildly understandable. They’re pointing out an article I wrote on pet care and asked that I link to their article on a specific dog breed. Which would be great… if not for a few issues with their e-mail.

Dear Editor,

My name is Jean and I’m the Editor at [REDACTED]. I was doing research on the Blue Heeler Pointer and just finished reading your wonderful piece: https://www.kennethballard.com/?p=1790

In that article, I noticed that you cited a solid post that I’ve read in the past: [REDACTED]

We just published an updated, comprehensive guide on 10 things you should know about the Blue Heeler Pointer on our sister site, [REDACTED]. It is completely free and you can find it here: [REDACTED]

If you like the piece we’d be humbled if you cited us in your article. Of course, we will also share your article with our 100k newsletter subscribers and followers across our social platforms.

Either way, keep up the great work!

Warmly,
Jean

If you’re going to send me a solicitation, have the courtesy to make sure you’re not going to include demonstrably false information.

First they claimed I linked to an article about the Alaskan Malamute, an absolutely gorgeous dog breed I would love to own, if I ever have land for it. Before now, though, I’ve never mentioned that breed here. My article on pet care mentioned two dogs my parents’ owned. One was a blue Australian Cattle Dog, Basenji mix. Yet they request I link to an article about blue Australian Cattle Dog, Pointer mix dogs – Blue Heeler Pointer is not a recognized breed.

Definitely a classic case of not reading the article before firing off a solicitation. Unfortunately all too common.

I also don’t sell any ad space on this blog, so views largely don’t matter. Instead any “revenue” comes through the Amazon Associates Program, and I typically make enough to nearly completely offset hosting costs.

And this blog doesn’t get many views anyway, making every solicitation for this site I’ve ever received nonsensical. I’ve never had more than 500 views in any given day as of this article, an article about an espresso machine is my best article of all time on views, and I typically have only about 100 views/day. So sending me a solicitation hoping for more exposure to your content is only going to end up with me posting your solicitation with all site names, links, and the like redacted.

10Gb network upgrade/Product and service reviews

MikroTik CRS317 10GbE switch

Posted on by Kenneth Ballard / 0 Comment
Build Log:

For the last two years I’ve been using the Quanta LB6M as the backbone of my home network. A 24 port SFP+ switch with four (4) GbE RJ45 ports connecting two Gigabit switches and my Internet router. So everything came to the LB6M and was routed accordingly.

It works quite well, too. Provided you can live with the noise. The first thing I did when I received it, before putting it into service, was swap the rear 40mm fans on the fan sled with much quieter fans. This quieted down the system, but it also caused the switch to run very hot. Two things helped me counter this: I cut out the fan grills on the fan sled, and did some maintenance on the thermal paste inside it. And I also had a fan blowing onto the underside.

But replacing the fans didn’t entirely eliminate the noise since I was not going to replace the fans in the power supplies. I’d been looking around for better options since.

And that’s where this comes in: the MikroTik CRS317. (Buy it at Amazon or EuroDK) It comes at a slight premium. 400 USD MSRP compared to the about 240 USD I paid for the Quanta LB6M in January 2017. Though you can get it for less through different suppliers. Just pay attention to shipping costs.

And I jumped for it for three reasons:

  1. Passively cooled. Mostly. It has two 40mm fans, which should not be running all the time.
  2. SFP+. It should be drop-in to my current setup.
  3. GbE SFP module support. And it should just be plug and play.

That third point means this switch will be replacing two: the LB6M and a TP-Link 8-port GbE switch. Getting the LB6M working with GbE SFP modules is… it’s definitely NOT just plug and play and requires flashing a different firmware to the switch to get it to work. No thanks.

SFP modules

I’ve had no issues with Fiber Store’s 10GBase-SR SFP+ modules. They happily worked with the Quanta LB6M, and I fully expected them to work with the MikroTik switch. I returned to Fiber Store for their SFP RJ-45 modules (Generic), since they were also about 30+% less expensive than any price I could find for MikroTik’s SFP module. I ordered one for each GbE connection I had to the LB6M.

Using SFP modules to consolidate GbE connections is only cost and value-effective if you’re consolidating a few. Four or five at most. Beyond that, and it’s a better value acquiring a GbE switch with a 10GbE uplink to avoid having a significant number of 10GbE ports occupied by GbE connections.

Initial setup and SwOS

The initial setup was interesting. I’ll spare the details here, but getting it swapped over to SwOS and away from RouterOS was a little cumbersome at first.

Only because I discovered something the online documentation omits as of this writing: after changing it over to boot to SwOS, shutdown the switch (System->Shutdown) and unplug it. Don’t just simply reboot it. Then when you plug it back in, it should boot into SwOS and everything should work.

SwOS by default will automatically attempt to acquire an IP address via DHCP and only fall back to its default 192.168.88.1 if it’s unable to. This means you should be able to switch it over to SwOS, shut it down, and then add it into your network like any other switch. The IP address determines how easily you can access the web UI, and is a good check on whether the switch is configured properly.

Racking it up

I initially thought I wouldn’t be able to pull the TP-Link switch for lack of SFP modules. But I realized later that the IP-KVM and the UPS SNMP module are the only two devices connected to it. The SNMP module doesn’t need a lot of bandwidth. It’d probably be perfectly happy on a 10Mb connection. The IP-KVM? It really needs the GbE connection with as little contention as possible, so it’s getting hooked into the 10GbE switch.

So I connected the SNMP directly to the router, and connected the KVM to the 10GbE switch, allowing me to pull the GbE switch from the rack. If I really feel like doing so, I can order another SFP module to connect the SNMP into the 10GbE switch.

All the other 10GbE connections just worked with the Fiber Store SFP+ modules I’d been using. One thing I also realized in hindsight: I likely could’ve used the ETH/BOOT port (the RJ45 port with lights) as the uplink to the router, opening up a connection for the SNMP module. I’ll look at that later, though. For now, everything works.

Impressions and comments

This switch is very, very quiet compared to the rest of the hardware in the rack. The Quanta switch easily overpowered everything else on noise, even with the quieter fans and just one power supply plugged in. The Mikrotik switch, however, is easily overpowered by the NAS and virtualization server. This is a nice change. Unplugging the Quanta switch to pull it out of the rack… it’s amazing what you become accustomed to over time.

The MikroTik CRS317 is also very lightweight. It’s about the size and weight of a 1U GbE switch, like a 16-port TrendNet switch I have in my den.

So it’s compact, quiet, lightweight, and supports up to (16) 10GbE SFP+ or GbE SFP connections. All brand new it’s significantly less than the cost of a brand new RJ45 10GbE switch. And it’s easy to get set up for SwOS, once you account for the one slight detail I provided above.

This is the much, much better option in my opinion over the Quanta LB6M. The noise aside, the fact the LB6M doesn’t support GbE SFP out of the box means you can’t really use that switch to its full potential in a smaller setup. But it was never meant for a smaller setup. That it has 24 ports shows this. That it’s louder than a 747 during take-off with the stock fans also shows this. It’s meant to be in a server room or networking closet.

The 16 ports on the MikroTik CRS317 shows it’s not exactly meant for a “small” setup either. But it’s a hell of lot better suited to a setup like mine than the Quanta. And it’s working as expected.

Firearms and Ammunition

No, there is no such thing as an “accidental discharge”

Posted on by Kenneth Ballard / 0 Comment

Let’s lay out a scenario.

A firearm owner decides they want a different trigger on their Glock 34. So they purchase the parts and attempt the installation themselves. Thinking they got it right. During drills, the firearm is misfiring. Then when they holster the firearm with a round chambered, the firearm discharges in the holster.

Accidental discharge? KR Training would like you to think so. The scenario above was reproduced from their description:

The student who experienced the accidental discharge was using a Gen 4 Glock 34 with an aftermarket trigger installed (Pyramid Trigger) and an OWB paddle holster. During the drill, he had several misfires occur, which he cleared and continued with the drill. When he holstered, with finger off the trigger, the pistol discharged in the holster.

There’s a reason many of us say “there is no such thing as an accidental discharge, only negligent discharges”. If a firearm goes off on its own with no manipulation of the trigger, something about the firearm is defective. In the above scenario, it’s the trigger assembly.

If a firearm discharges without any manipulation of the trigger, someone is to blame for that. If the firearm is brand new and such a discharge occurs when the owner is putting the first magazines through it, the negligence is on the part of the manufacturer. If it’s used, then it’ll depend on the chain of custody for the firearm to determine who should have known the firearm was defective – e.g. the prior owner, the shop trying to sell it, etc. And during continued ownership, if the firearm malfunctions, it’s the owner’s liability for failure to properly maintain it.

Accident means there is no one to blame.

But there is ALWAYS someone to blame when a firearm malfunctions and discharges, whether the trigger is manipulated or not. In the above scenario, that would be the firearm owner. If a gun armorer performed the trigger swap, liability would rest with them.

And that there is always someone to blame is why we say “there is no such thing as an accidental discharge”.

* * * * *

There’s something I overlooked initially when I wrote this article that is also pertinent to why we typically do not use the word “accident” when referring to an unintentional discharge. Since I recently recalled such in talking about the above-linked article on a Facebook post, I’ll just quote my original comment here.

But why is the common assertion to NOT use the word when it comes to an unintentional discharge? Why is the common parlance to call it “negligent”? Because we have a significant duty of care when handling firearms. And negligence is failure to take that proper care. Negligence in handling or maintaining a firearm – e.g. a faulty trigger replacement – can lead to a firearm malfunction, which can include a discharge without actuating the trigger.

Now with the faulty trigger swap, one could say it was ignorance that led to the fault. And it’s possible that was not their first trip to the range with the firearm, leading them to falsely believe they did everything properly while the trigger pin was working its way loose one pull at a time. Until the firearm suffered “several misfires” – something the article’s author notes should’ve prompted them to stop and inspect the firearm since it’s highly unusual to actually suffer several misfires in a row. Everything seemed fine until the problem presented. That passage of time could negate a claim of civil or criminal liability.

But the duty of care was still there. Which would include inspecting your firearms after use at the range to keep an eye on potential issues. The owner probably could’ve caught the trigger pin during a routine inspection. Or it was the first trip to the range after the assembly, and his ignorance caused him to do an incomplete or completely improper job and the pin popped out of place without much effort.

Either way, the duty of care was still there. And failure to take that proper care is negligence. And unintentional discharges resulting from failure with that duty of care are negligent discharges.

Concealed carry/Law Enforcement/Police/Second Amendment

Your concealed carry permit is not a badge

Posted on by Kenneth Ballard / 0 Comment

Back when I was first learning about firearms and concealed carry, I came across a video – since removed, unfortunately – called “Your concealed carry permit is not a badge”, or something along those lines. And recently I’m reminded of that sentiment with a story out of Marysville, Washington:

Authorities say two men were surrounded by customers with guns while attempting to steal tools from a Washington store.

The Daily Herald reports the men, ages 22 and 23, allegedly took four nail guns, each worth more than $400, from the Coastal Farm & Ranch store Saturday in Marysville.

The men walked out of the store and got into a Honda Civic, only to be surrounded by about six customers with guns raised.

There is NOTHING under the law that gives anyone with a concealed carry permit the legal ability or privilege to stop a criminal fleeing a crime scene. Someone’s life being in danger, whether yours or someone else’s, is the only justifiable reason you have to pull your firearm.

A friend of mine shared the above story on his Facebook wall, and he said this in response to a comment where I said you should not (indeed, you cannot) use your firearm to stop property theft:

I agree this isn’t a situation for a firearm, but by the same token it can’t be easy to stand on the sidelines watching people doing this.

Which is certainly a sentiment I understand. I’ve written about it on this blog. But that is an instinct that must be fought. Since, as I said to the friend, sometimes the hardest lesson to learn is that doing nothing is often the best response to a situation.

You may want to help, but your desire to help could land you in hot water. You could misinterpret a situation, meaning you’re not responding to it appropriately, or even make it worse.

Let me give you an idea from my recent past. A couple months ago, while driving down Santa Fe Trail Drive through Lenexa, KS, we came upon a nasty car accident outside the Lenexa UPS sorting facility. SUV on its side in about the middle of the road, and another truck off on the side of the road. Head-on collision from the looks of things. I pull over and decide to offer help. Several other civilians were already on scene doing the same. 911 had already been called by the time I arrived.

We leave the truck occupant alone since we could not ascertain the degree of his injuries. He was not in any obvious immediate danger. Moving him would’ve been the worst thing to do. Lenexa Police arrived first. EMTs and Lenexa Fire followed not long thereafter.

But car accidents are an easy situation to ascertain: figure out who is injured, get everyone out of harm’s way if necessary, make sure anyone with severe injuries doesn’t move, and get the hell out of the way of EMTs when they arrive. What about a situation that isn’t so cut and dry?

In CSI: Crime Scene Investigation (also known as “CSI: Las Vegas”), Season 3, episode 9 called “Blood Lust“, a taxi driver accidentally runs over a teenager who dies at the scene. The driver gets out to initially investigate, but then gets back into the car. A group of men see this and, thinking the driver is going to flee the scene, swarm the car, pull out the driver, and beat him to death.

There is one key detail the men didn’t slow down to actually consider: the taxi driver has a radio (episode aired in 2002, when cell phones weren’t yet as ubiquitous as they are now), and he was going to radio in to get an ambulance to his location.

What the men in Washington did was of similar vein to what is portrayed in the noted CSI episode. They saw something happen, and decided they needed to respond. Sure, no one died in the Washington incident. But that’s beside the point. A group of six men surrounded a car occupied and driven by fleeing thieves and drew their firearms. They saw fleeing thieves and used a threat of deadly force to detain suspects who, based on the immediate observable details, posed no threat to anyone.

So let’s drive the point home.

Your concealed carry permit is not a badge. It does not make you law enforcement, nor grant upon you any law enforcement authority, including the authority to detain a suspect at a scene.

Do not use your firearm to stop property theft. Do not use your firearm to prevent someone fleeing a crime scene. Do not attempt to pursue someone fleeing a crime scene.

Only employ and deploy your firearm when you can clearly see and articulate that you or someone is in danger of great bodily harm or death.

Unless you are law enforcement, you have zero authority under the law to use your firearm in any other manner. Taking the law into your own hands makes you a vigilante. And I have no respect for vigilantes.

Technology

Fix this, SunTrust Bank

Posted on by Kenneth Ballard / 0 Comment

I have a page up top for listing contact information for reporting phishing e-mails. SunTrust Bank, however, has their e-mail server set up in a rather weird way. I’ve tried forwarding an e-mail to them numerous times and keep getting this in response:

554 Unfortunately your access to this mail system has been rejected due to the sending MTA’s poor reputation and e-mail hygiene on the Internet. Please reference the following URL for more information: http://www.senderbase.org

When I took to Twitter to figure out an alternate way of forwarding them the phishing e-mail, they subscribed to me and said to forward screenshots of it via DM. Screenshots. Yeah, no. Thankfully I was actually able to forward the e-mail to them from a yahoo.com account. Let that sink in for a little bit…

So if someone from SunTrust happens upon this article, please have your IT department do something about your mail server. You cannot publicly advertise an e-mail address for forwarding phishing e-mails that rejects good faith attempts to provide said e-mails to you. I’ve never had an e-mail rejected due to some arbitrary “reputation” score.

At the least, set up a contact form that allows attachments with instructions on how someone can export an e-mail to a .eml file so the entire e-mail can be sent to you intact. Forwarding takes away a lot of potentially useful information, such as the originating mail servers. And screenshots are basically useless. Including screenshots of the raw e-mail unless you have an OCR program at the ready or are willing to manually recreate the e-mail by hand from the screenshots.

To everyone else seeing this, a quick reminder: your bank will almost NEVER contact you via e-mail if there is a problem with your account. They will instead call you since they have your phone number on file. And if you notice anything odd about your account, call in or visit a bank branch in person.