The Advisory Boar
The mains power supply in Lweshal is dismal.
There are frequent outages, of course—the transformer in the village
blew up earlier this year, and we had no power for a week. Two or three
times in the summer (when forest fires were burning everywhere) a tree
fell on the line and cut off power for a few days. There's a big fuse
near Mauna which seems to keep melting down. But none of that is really
a surprise in a remote area.
The unpleasant surprise was how bad the supply could be when there's no
outage. For some reason, extreme voltages are quite common. I've seen
the mains voltage at a record low of 25V for several hours once, and
we've had whole days when it stayed around 60–90V—voltages so low that
the electricity meter stayed off, even though our 9W LEDs inside would
light up. Free power!
High voltages don't last nearly as long, but we've seen spikes of 300V
and more on occasion. It's difficult to decide which condition is more
destructive. High voltages fry appliances, but persistent low voltages
where some lights appear to work encourage people to draw more current
than their circuits can safely carry—and in a place where people use
1.0mm² wire even for 16A circuits, and nobody has any earthing, that
isn't something to be taken lightly.
Either way, voltage fluctuations blew up our UPS twice. The first time
we didn't have any sort of voltage regulator installed. After having to
pay for a new logic board, we installed a custom-made "constant voltage
transformer" (a big auto-transformer with a voltage meter). It clicked a
lot to indicate its displeasure, and we had to take it back to the shop
to make it cut off the output altogether if the voltage was too low (but
why didn't it do that to begin with?). Then the next fluctuation killed
the UPS again.
In such a dire situation, only a device with a genuine superhero name
could possibly save us, and the
certainly delivers on that front. I bought one from Amazon, and we
installed it upstream of the main distribution board. It doesn't do any
voltage regulation, just cuts off the output beyond the predefined low
and high voltage thresholds. Here is it in action.
It has worked correctly in various low-voltage conditions (we've had a
130V supply for most of the past two days). It has high- and low-voltage
bypass modes that I have never tried, and an optional output timer that
restores power to the house only if the power stays on for two minutes.
It's very handy that it displays the input voltage, and the 32A circuit
breaker is very handy when we're working on the distribution board.
Other Amazon customers assured me that the device makes no noise during
operation, but of course it does. It clicks away merrily, but it's a
small price to pay for reliable regulation.
My mother called to tell me that people were complaining that mail sent
to her address at one of my domains (menon-sen.com) was bouncing. Here's
an excerpt from the bounce message she sent me:
DNS Error: 27622840 DNS type 'mx' lookup of menon-sen.com responded
with code SERVFAIL
I thought it was just a temporary DNS failure, but just for completeness
I tried to look up the MX for the domain, and got a SERVFAIL response. I
checked WHOIS for the domain and was horrified to find this:
Name Server: FAILED-WHOIS-VERIFICATION.NAMECHEAP.COM
Name Server: VERIFY-CONTACT-DETAILS.NAMECHEAP.COM
In a near-panic (because this meant email to one of my work addresses
was also being bounced), I checked a bunch of stuff: No, the whois
details for the domain were not incorrect (nor had they been changed
recently). No, Namecheap had not sent me any whois verification mail
about the domain. No, Namecheap had not sent me any notification that it
was going to suspend the domain. No, the Namecheap admin page didn't say
anything about the domain having been suspended.
I couldn't find any relevant articles in the support knowledgebase, so I
opened an emergency ticket with Namecheap support. They responded in an
hour, and helped to resolve the problem immediately. They did admit that
I didn't receive a notification because of an error on their part:
We have double-checked contact details on the domain in question and
registrant details appeared to be missing on the domain due to a
one-time glitch at our end. That is the reason you have not received
verification email. Please accept our most genuine apologies for the
inconvenience caused you.
I have always found Namecheap support to be responsive and helpful. I do
appreciate their candour and the prompt response in this case as well,
but I am deeply shaken that their system has no controls in place to
prevent a domain from being suspended without any sort of notification
(especially since they were sending me notifications about other domains
registered under the same account in the same time period).
I don't know when exactly the domain was suspended. I have actually lost
mail because of this incident—and at least one of them was an important
response to some mail I sent. But thanks to my mother's correspondents,
I think the problem was discovered before very long. I cannot afford to
worry about this happening for my other domains that are up for renewal
in the near future. If the same thing had happened to toroid.org, it
would have been catastrophic.
I have been a happy customer of Namecheap for more than five years, and
recommended it to any number of friends during that time. Along with
(which is much more expensive), it's by far the best of the dozen or so
registrars I've used over the past two decades. I have no idea where to
move my domains, but I'll start keeping an eye out for an alternative.
Update, moments after writing the above: my friend Steve points
out that there's something to be said for having a vendor who admits to
their errors honestly; and only a pattern of errors rather than a single
incident would justify moving my domains away to an unknown registrar.
A few days from now, I hope to be able to properly appreciate Steve's
wisdom in this matter. Meanwhile, I'm saved from precipitous actions by
the fact that I haven't the faintest idea where to migrate anyway.
I have never had a refrigerator that was not subject to periodic power
failures. The severity and frequency of the outages varied from several
small interruptions per day to extended power failures lasting sixteen
hours or more; the former could be ignored, while the latter usually
meant throwing everything out and starting afresh.
As I grew up and started working with computers, a succession of power
backup devices entered my life, and I eventually became accustomed to
“uninterrupted” power, but it was strictly rationed. I was never able to
connect anything but the computers and networking equipment to the UPS,
and certainly nothing like a refrigerator.
So I have never experienced refrigeration as it is meant to be.
Until now. Thanks to our solar power setup, we have been able to keep
our refrigerator running without interruptions for several weeks on end.
Suddenly it feels as though we have a magical new refrigerator in which
food doesn't spoil. Coriander and green chillies stay fresh and usable
for days. Cream skimmed off the top of boiled milk is something we can
collect for the rare fettucine alfredo. Our precious cheese collection
is something we can enjoy at leisure. These days we don't have much in
the way of leftovers, and we can use fresh vegetables from our kitchen
garden often enough that we store only a few in the refrigerator, but
everything remains usable for an absurdly long time.
that has something to do with
a water monster.
I'm not very clear about the details, but there's a crocodile (or half a
crocodile) involved in some way, and that's good enough for me. So in
honour of the water monster, we cleaned the fridge today. Nothing was
spoiled, and the dreaded “fridge smell” was very faint. The fridge is
now spotless, and the monster is appeased.
Sometimes the most mundane of insights can seem profound if it comes
from experience: modern refrigeration is pretty nice.
I have more than a passing interest in VPN software, and have looked at
and used many different implementations over the years. I haven't found
much to cheer about, which led me to write
for my personal use.
I've been reading about
for the past few weeks, and I really like it so far. It follows through
on many of the same goals that I had with tappet, and goes much further
in areas important to more widespread adoption. The author,
articulates the project's design goals in this presentation:
Keeping the code small and easy to review was a primary consideration
for me (tappet is under a thousand lines of code, not including NaCl).
By this measure, Wireguard does an admirable job of staying small at
around 15,000 lines including crypto code and tests.
When I wrote tappet, the
did not exist in a usable (or recommended) form. Wireguard's adoption of
this framework brings a host of desirable properties that tappet lacks,
notably including perfect forward secrecy.
One of my major frustrations with OpenVPN is the extraordinary time it
takes to establish a TLS connection on a high-latency link. Very often,
when tethered via GPRS, it will retry forever and never
succeed. Tappet goes to the other extreme—it requires zero
setup for encrypted links (at the expense of perfect forward secrecy).
Wireguard restricts its handshake to a single round-trip, which is an
entirely acceptable compromise in practice.
Wireguard runs in the kernel, thereby avoiding the need to copy packets
in and out of userspace. I didn't care nearly as much about performance.
Tappet is fast enough in userspace that it keps up with the fastest link
I've tried it on (42.2Mbps DCHSPA+), and I didn't need anything more.
Wireguard accepts multiple peers per interface, while tappet is limited
to setting up point-to-point encrypted links. The former is obviously
more practical in realistic deployments. (On the other hand, Wireguard
is a Layer-3 VPN, while tappet operates at L2 and forwards Ethernet
frames instead of IP packets. How much that matters depends on the
I look forward to a time when I can use Wireguard in production.
We bought dark kitchen towels to wipe our iron woks, which tend to leave
rust-coloured stains—at least temporarily. But Ammu got her hands on one
of them, and made it much too pretty to wipe anything with.
On the twelfth day after christmas, my true love said to me, “This
wordpress theme won't let me save any customisations. Can you take a
look at it?”
The theme customisation menu in WordPress displays various options in
the left sidebar, and a live preview of the changes on the right. You
can edit things in the menu and see what they look like, and there's a
"Save and Publish" button at the top. But the button remained stuck at
"Saved" (greyed-out), and never detected any changes. Nor was the menu
properly styled, and many other controls were inoperative.
We found other
reports of the problem,
but no definitive solution. Disabling certain plugins fixed the problem
for some people, but that didn't help us—hardly any plugins were active
anyway, and none of the problematic ones were installed.
We looked at network requests for the page in the Chrome developer
console, and saw a series of 404 responses for local CSS and JS
resources within the
Here's one of the failing URLs:
That /var/lib/wordpress certainly didn't belong in the URL, so we went
grepping in the code to see how the URL was being generated. It took us
quite some time to figure it out, but we eventually found this code that
was used to convert a filesystem path to the static resources into a URL
(slightly edited here for clarity):
site_url(str_replace(ABSPATH, '/', $_extension_dir))
(Summary: Take /a/b/c ($_extension_dir), replace /a/b/ (ABSPATH) with a
single /, and use the resulting /c as a relative URL.)
ABSPATH was set to /usr/share/wordpress/, but the extension dir was
under /var/lib/wordpress/, so it's no surprise that stripping ABSPATH
from it didn't result in a valid URL. Not that doing search-and-replace
on filesystem paths is the most robust way to do URL generation in the
first place, but at least we could see why it was failing.
The Debian package of WordPress is… clever. It places the code under
/usr/share/wordpress (owned by root, not writable by www-data), but
overlays /var/lib/wordpress/wp-content for variable data.
Alias /wp /usr/share/wordpress
Alias /wp/wp-content /var/lib/wordpress/wp-content
This is a fine scheme in principle, but it is unfortunately at odds with
WordPress standard practice, and the Debian README mentions that liberal
applications of chown www-data may be required to soothe the itch.
Unfortunately, it also means that themes may not be installed under
ABSPATH, which usually doesn't matter… until some theme code
makes lazy and conflicting assumptions.
The eventual solution was to ditch /usr/share/wordpress and use only
/var/lib/wordpress for everything. Then ABSPATH was set correctly, and
the URL generation worked. (We tried to override the definition of
ABSPATH in wp-config.php, but it's a constant apparently set by the PHP
In the end, however, I couldn't quite make up my mind whether to blame
the Debian maintainers of Wordpress for introducing this overlay scheme,
or the theme developers for generating URLs by doing string manipulation
on filesystem paths, or the Wordpress developers for leaving static file
inclusion up to theme developers in the first place.
Well, why not all three?
I remember, as a child, reading about the discovery of the
cave paintings in Altamira
by an eight-year-old, and her wonder at seeing bison and other animals
seeming to dance in the flickering light of her torch.
Despite my fascination with palaeolithic rock art, I had never seen any.
I had read about cave paintings at Lakhudiyar near Barechhina in Almora
district, the best-known of Uttarakhand's many such sites. It's not far
from where we live, but not close enough for a casual visit either. We
had an opportunity to stop for a few minutes on a recent drive past
It's not really a cave, just an overhanging rock face; and it's
a far cry from Altamira. In fact, it looks a little like it might have
been the work of a bored schoolboy waiting for a bus home. But there's
an ASI “protected heritage site” notice-board, so it must be legit…
Notice the obvious (and accurate) “hairpin bend” road sign in the centre
of the image. The paintings are a bit repetitive, and unfortunately the
ones closer to the ground are quite worn. Here's a video that shows more
of the rock face:
Here's another video that
shows the approach to Lakhudiyar.
Hassath's birthday present this year was an
(with 8GB of Kingston DDR3L RAM and a 250GB Samsung SSD 750 Evo) to
stand in at home for her ageing Thinkpad X131E.
It took some time for the machine to reach our remote mountain abode,
but we have it working nicely after spending a few hours wrestling with
it. Here's a quick summary of our experience
wasn't really useful).
Hassath loves her old Samsung SyncMaster 172s monitor (1024x768, VGA)
and resists the idea of a new wide-format monitor. Getting the NUC to
work properly with this display took the most time (but none of it was
the display's fault).
We connected the monitor to the NUC's VGA port and were greeted with a
"Video mode not supported" error on the monitor. The debian installer's
text-mode display worked fine after boot, but we couldn't see any of the
UEFI setup menus. Fortunately, we were able to sidestep the problem by
using an HDMI→VGA adapter that we had ordered “just in case”. Using the
HDMI output resolved the display problems with the UEFI menus.
After we installed Debian (8.1 from a USB stick created from the DVD
image), X wouldn't start. The intel driver didn't work, and Xorg fell
back to the VESA driver, and
died while trying to set the video mode.
(Also, virtual terminals didn't work at all until we added an xorg.conf
snippet to force the resolution to 1024x768.) It didn't work even with
the DVI-D input (via another “just in case” HDMI→DVI-D cable) on my
We stumbled around for a while, but we eventually got it working. The
key was to apt-get dist-upgrade against jessie-backports to install a
new kernel and drivers (e.g., libdrm-intel1). We also updated the BIOS
from revision 0054 to
but I am not sure that this was necessary, or even helpful. Xorg works
with the new kernel and Intel driver. We didn't bother to check if the
VESA driver would also work if we forced its use.
(Aside: we had no UEFI boot-related problems at all. We didn't even need
to try the legacy boot option, either for the installation from the USB
stick or to boot the installed system.)
Everything else worked
The Ethernet controller is a Realtek RTL8168h, which works out of the
box with the r8169 driver. Installing the firmware-realtek package got
rid of an “unable to load firmware patch” message, but the adapter
worked fine without it.
The wireless controller is an
Intel dual band wireless-AC 3165,
which required the new kernel from backports (4.8, though 4.2+ should
have worked from what we read) and the firmware-iwlwifi package to be
installed. It worked fine thereafter.
The audio controller is an Intel "Braswell" 2284, which works out of the
box with the snd_hda_intel driver. Audio output goes simultaneously to
the headphone connector on the front panel and the glowing red S/PDIF
plus headphone connector on the back. We did not try S/PDIF audio (no
cable, no devices) or HDMI audio (no audio port on the HDMI→VGA
adapter) or recording (no mic—or at least, no mic on my desk).
The Intel Bluetooth 4.0 controller (8087:0a2a) works out of the box with
the btusb driver. We were able to pair with an Android phone and a
Bluetooth speaker. We were not able to play audio to the speaker, but
that is probably not a problem with the NUC, because we didn't manage to
get it working with any of our other machines either.
We didn't try the SDXC card slot or the infrared sensor.
Update (2017-01-18): The SDXC card slot works fine. I used it to
write a Raspbian image.
Before we installed a towel rail in the bathroom, we kept clean clothes
on an old newspaper on the washbasin counter while bathing. It kept the
clothes dry and kept me entertained while brushing my teeth for several
months (I would unfold and refold it differently every few days when the
top stories began to seem familiar).
“Pollution report malicious, incorrect: Javadekar”
dated June 7, 2016 quoted the reaction of the Union Minister for
Environment, Prakash Javadekar, to a paper that was widely reported
with headlines like
“Life expectancy in Delhi has
reduced by six years because of air pollution, reveals study”.
Here's a clipping:
The original paper, “Premature mortality in India due to PM2.5 and ozone
exposure”, written by scientists at
and published in Geophysical Research Letters, was not
immediately available for download. The Minister's scathing indictment
shows that he is only too aware of
the threat posed by Elsevier journals.
Of course, this is hardly the first attempt to maliciously target India
overblown pollution reports:
Volcanic activity in modern-day India, not an asteroid, may have killed
the dinosaurs, according to a new study.
Tens of thousands of years of lava flow from the Deccan Traps, a
volcanic region near Mumbai in present-day India, may have spewed
poisonous levels of sulfur and carbon dioxide into the atmosphere and
caused the mass extinction through the resulting global warming and
ocean acidification, the research suggests.
Barely a month after his astute recognition of this pattern, however,
a cabinet reshuffle
saw Prakash Javadekar reassigned to the Ministry of Human Resources and
“Javadekar does a U-turn after questioning pollution study”.)
A little over a month ago, our Glorious Leader eliminated corruption,
black money, terrorism, and poor people in one bold and innovative move
by declaring most of the currency in circulation to not be legal tender.
We are fortunate that we can get by without much cash in hand. We eat
mostly what we grow, or is grown nearby in the village, and what few
additional expenses we have (e.g., milk) have so far been met by the
ten— and twenty-rupee notes we had collected to save time by paying
exact tolls on the highway.
Our one visit to the nearest bank yielded a two-thousand rupee note and
a bag of coins each—the most the branch could spare per person, given
that they've received no cash for several days.
In Delhi, Ammu is not so lucky. Her landlord demands the rent in cash,
and in exam season, she has had to stand in queue for several hours at
an ATM to withdraw a quarter of her rent (which is the maximum one can
withdraw in a day). Strangely, the vegetable and fruit sellers in her
locality do not accept digital payments yet.
I was looking forward to hearing what the Supreme Court of India had to
say about demonetisation, but they haven't said much, because they're
busy with matters of real importance to the nation, like how
often the national anthem should be played and how straight one should
stand to properly demonstrate one's “constitutional patriotism”.