The Advisory Boar

By Abhijit Menon-Sen <>

Using eBird in 2016


Make eBird your New Year's Resolution for 2016!”, they said, with a picture of a Steller's Sea Eagle that looked like it meant business. So I did.

A month and a half into the year, it's become a habit to record and submit lists during the day. It's given me a reason to get out of the house for a while in the morning and evening, and to take occasional breaks from work during the day, all of which has made me fitter, happier, and more productive.

I have many complaints about the eBird interface. The "Submit observations" page needs to be a couple of orders of magnitude faster. The Android app shouldn't be so dependent on network connectivity. Both need to be much smarter about interpreting abbreviations. I can think of various features that would make reviewers' lives easier. But those are just details (I hear the eBird team is receptive to suggestions), and none of it takes away from the fact that eBird has helped me to start birding regularly and seriously again.

As new year's resolutions go, I can't think of one that's worked out better.

Debian 8 on the Lenovo Ideapad S206


I got my dad a Lenovo Yoga 300 a few days ago, and installed Debian 8 on his old Ideapad S206 before giving it to Ammu, who has been using my old (and increasingly broken) Thinkpad X120e for months now.

The Linux Laptop Wiki has a page about the Ideapad S206; the quick summary is that everything works with only a little tweaking.

Wifi worked out of the box with brcmsmac. Bluetooth worked fine after installing the firmware-atheros package. Sound input and output worked fine out of the box. The hotkeys to change the volume (and brightness, etc.) also worked. I didn't try the card reader or the webcam.

I didn't bother with the fglrx video drivers, but I had to install firmware-linux-nonfree to enable KMS (kernel mode setting) to get suspend/resume to work properly. (Hibernation worked fine anyway.)

This is a sleek and light machine, quite a step up from the earlier Ideapad models I've used. The screen is a bit shiny, but stops short of being annoying. The keypad is unfortunately very jittery—unless you are very deliberate about tapping-to-click, you'll most likely just move the pointer a bit rather than clicking. This was my father's biggest problem with the machine (and it wasn't just a matter of acceleration settings).

But it's working nicely otherwise, and I hope Ammu gets some good use out of it.

DMT DiaSharp diamond sharpening plates


A friend sent me a pair of DMT DiaSharp “bench stones”. These are steel plates surfaced with diamond particles—an alternative to old-fashioned oilstones for sharpening steel cutting edges. I have been using them for several months now, and they have lived up to their reputation as being fast, durable, and convenient. I am very happy with them.

I have the D6CX and D6EF, each of which has two continuous sharpening surfaces measuring 150mm*50mm (6"*2"). The D6CX has extra-coarse (220 grit) and coarse (325 grit) sides, while the D6EF has fine (600) and extra-fine (1200) sides.

I have used them to sharpen kitchen knives, sharpen and flatten the back of a very hard plane iron, restore the badly-damaged cutting edges of some old chisels that belonged to my grandfather, and hone some new Narex chisels and other assorted tools. I follow more or less the same process shown in this video by Paul Sellers:

The DMT plates are fast and a pleasure to work with. Flattening large steel surfaces does take a half-hour or so of extra-coarse rubbing (mind your knuckles don't scrape the plate! I learned this the hard way), but that isn't a task I would even attempt on my old Norton oilstone. Tuning up a blunted (not damaged) edge takes a couple of minutes at most, while restoring a nicked edge might take ten.

I use the plates with a bit of water sprayed from an old bottle of glass cleaner, and wipe them down afterwards with an old shirt. They are easy to maintain (but the coarse grits must be cleaned gently, because they will happily shred cloth), and do not need to be flattened periodically the way an oilstone might. The fine surface developed a few tiny black spots on the very first use, but extensive use thereafter has not made them any larger or more numerous. (DMT is reputed to have good customer support, but they didn't respond to my question about the black spots.)

(I also have the DuoBase stand. The rubber feet do keep it from moving, and the clearance makes it easy to flip the plates over. It works fine, but I could easily do without it.)

I like sharpening things, but I am not obsessive about it. I have not tried to measure how flat the surface actually is, nor have I looked at the sharpened edges under a microscope. The plates are flat enough, and the edges sharp enough for me; and it doesn't take too long to get them that way.

DMT manufactures a great variety of these plates: larger and smaller sizes, coarser and finer grits, single- and double-sided, or with “interrupted” surfaces that reduce the buildup of swarf (abraded steel particles that must be cleaned away). I might try a single-sided 8"*3" continuous surface plate someday—it should make it a little easier to sharpen my larger knives.

Vodafone India snoops on e-mail


An article about Vodafone injecting javascript into web pages reminded me of a problem I investigated last year when Hassath couldn't send mail when connected through her phone's mobile hotspot.

My first response to any network problems is to run tcpdump, and I saw the following EHLO response from my own SMTP server.
250-SIZE 307200000
250 DSN

Vodafone is transparently proxying outgoing SMTP traffic and replacing STARTTLS in the EHLO response with XXXXXXXA, so that the client doesn't try to negotiate TLS. If you issue STARTTLS anyway—which no normal SMTP client would, but openssl's s_client can do—the TLS negotiation fails. So it's not just a downgrade attack, it's actively sabotaging TLS connections too.

This was the case in mid-2014, and it's still the case at the time of writing. I wonder how many terabytes of email logs they have collected in the meantime, how they are stored, and who is reading them.

While I was tethered to my phone, I did a bit more testing. Vodafone India doesn't seem to mess with HTTPS connections, and IMAP connections are not downgraded either (i.e., the server's STARTTLS advertisement is not modified, and the TLS negotiation succeeds). Nor did it inject any Javascript into the web pages I tried (yet).

Thoughts on specimen collection


I have now lost count of the number of forwarded copies of the “A scientist found a bird that hadn’t been seen in half a century, then killed it” mail that people have sent me. The collection of a Bougainville Moustached Kingfisher specimen by an AMNH team in Guadalcanal has drawn intense criticism and reignited the debate about whether scientific collection is justified or even necessary.

Moustached Kingfisher [Illustration: J G Keulemans (1842–1912), Novitates Zoologicae]

I don't have anything new or insightful to add to this debate.

Read more…

Handling SSH host key prompts in Ansible

2015-11-25, updated 2015-12-17

I've written about the various SSH improvements in Ansible 2, including a rewrite of the connection plugin. Unfortunately, the problem that originally motivated the rewrite currently remains unsolved.

Competing prompts

If you ssh to a host for which your known_hosts file has no entry, you are shown the host's key fingerprint and are prompted with Are you sure you want to continue connecting (yes/no)?. If you run ansible against multiple unknown hosts, however, the host key prompts will just stack up:

The authenticity of host 'magpie (a.b.c.d)' can't be established.
ECDSA key fingerprint is 2a:5a:4c:4b:e0:40:de:8b:9b:e6:0f:90:45:68:89:fc.
Are you sure you want to continue connecting (yes/no)? The authenticity of host 'hobby (e.f.g.h)' can't be established.
RSA key fingerprint is 61:84:90:47:f7:0f:7b:a2:d5:09:98:6f:bb:3c:50:d9.
Are you sure you want to continue connecting (yes/no)? The authenticity of host 'raven (i.j.k.l)' can't be established.
RSA key fingerprint is ab:97:c2:7d:b6:8e:c3:ab:78:a2:20:04:af:9c:6f:2b.
Are you sure you want to continue connecting (yes/no)?

The processes compete for input, so typing “yes” may or may not work:

Please type 'yes' or 'no': yes
Please type 'yes' or 'no': yes
Please type 'yes' or 'no': 

Worse still, if some of the targeted hosts are known, output from their tasks may cause the prompts to scroll off the screen, and ansible will appear to hang.

Inter-ssh locking

The solution is to acquire a lock before executing ssh and releasing it once the host key prompt (if any) is negotiated. Ansible 2 had some code copied from 1.9 to implement this, but it was agonisingly broken. It wouldn't have always acquired the lock or released it correctly, but the actual locking was commented out anyway because of lower-level changes, so it just scanned known_hosts twice for every connection. Even if the locking had worked, the lock would have been held until ssh exited.

I submitted patches (12195, 12212, 12236, 12276) to add a connection locking infrastructure and use it to hold a lock only until ssh had verified the host key (not until it finished). Although most of the changes were merged, the actual ssh locking was rejected because it would (unavoidably) wait for ssh to timeout while trying to connect to unreachable hosts.

One of the maintainers recently said they may reconsider this (because it's painful to deal with any number of newly provisioned hosts otherwise), so I have opened a new PR, but it has not yet been merged.

Update: The maintainers went with a different approach to solve the problem. Instead of using locking inside the connection plugin, this checks the host key as a separate step at the strategy level, at the expense of having to parse the known_hosts file to check if a host's key is already known. I think that's a fragile solution, but it does eliminate the locking concerns and improve upon the status quo.

Another update: The commit referenced above was reverted later the same day, for some reason the maintainers did not see fit to record in the commit message. So we're right back to the broken starting point.

Strange pricing for books on the Amazon marketplace


Lars Svensson's classic “Identification Guide to European Passerines” was first published a few decades ago. It is no longer available from Amazon, but I have been keeping an eye on copies from other sellers on the Amazon marketplace, and I am increasingly puzzled by their proposed prices.

Amazon pricing screenshot

The absurdly high price isn't because the book is new, because there's a used copy for sale at $1847.20. Even the cheapest used copy right now is priced at $458.60, and that's still far more than I can imagine anyone wanting to pay.

The sellers don't look shady at first glance, and many are highly rated over a significant period. Maybe they didn't notice that the book is available elsewhere for twenty-odd euro? But no, it's probably an “algorithm” (note: those are scare quotes) at work.

A crocodile selfie


I was at the UP Bird Festival in Chambal, tempted mostly by the memory of seeing many crocodiles. There were very few crocodiles this time, but we found a medium-sized Mugger Crocodylus porosus sunning itself on the bank towards the end of our trip.

I had promised Hassath that I would take a crocodile selfie but alas, I managed to omit the actual crocodile. The crocodile-shaped object up on the bank is (what else?) a log.

Failed crocodile selfie

The crocodile was there, though, just beyond the edge of the frame.

Actual crocodile

Big brother, the tourist attraction


Every morning, children stream past our house in both directions on their way to school. There are the nearly grown-up, very self-conscious young ladies on the way to the inter-college, dressed in blue and white with neatly plaited and be-ribboned hair. There are groups of brown-and-white children, always squabbling over some snack. There are tiny red-and-blue primary school kids who drift past like tumbleweed—so easily distracted that it's a marvel that they ever make it to school.

And then there are the troublemakers, the wretched blue-and-brown boys who derive entertainment from pinching the valve-caps off our car tyres, or snapping off the occasional windshield wiper. We stuck a webcam in the window overlooking the car to keep an eye on these miscreants. It worked pretty well. A few of the smaller children still write their names on the windows when the car is dusty, but we haven't lost any more valve caps.

Webcam view

But now the webcam has become a local attraction, and we hear children of every colour walking past talking about the “CCTV”, bringing their friends around to point it out, and waving or posing (or dancing!) for the camera. A blue-and-white pair—not yet as serious as their elder sisters–recently made faces at it and ran away horrified but giggling when I replied with a cheerful “Hi”.

Ubiquitous surveillance? What fun!

Alpen Wings ED binoculars


Two years ago, I bought a pair of Alpen Wings 8x42 ED binoculars. These are one of the least expensive mid-range birding binoculars, but a big step up from my earlier Nikon Trailblazer 8x42 at three times the price.

Even so, I didn't expect them to be so much better than anything I had used before. The view is addictively bright and clear, and I use the 2.5m close-focus capabilities much more than I thought I would. The build quality is excellent, the adjustments are smooth and precise, and these binoculars feel reassuringly solid in the hand. The hard carrying case is also welcome.

On paper, the specifications are very similar to the Trailblazer: same magnification, similar field of view, waterproof and fogproof, slightly less eye relief, a bit smaller but a few grams heavier. I expected only a modest improvement in optics and better build quality, but they're in an altogether different league. Two years later, I'm still as happy and impressed with them as I was in the first five minutes.

(I also use an Alpen spotting scope, which I will review someday; suffice it to say that Alpen optics deserve their excellent reputation.)