The Advisory Boar

By Abhijit Menon-Sen <>

Debian 8 on the Intel NUC5PPYH


Hassath's birthday present this year was an Intel NUC5PPYH (with 8GB of Kingston DDR3L RAM and a 250GB Samsung SSD 750 Evo) to stand in at home for her ageing Thinkpad X131E.

It took some time for the machine to reach our remote mountain abode, but we have it working nicely after spending a few hours wrestling with it. Here's a quick summary of our experience (InstallingDebianOn/Intel/NUC5PPYH wasn't really useful).

Display problems

Hassath loves her old Samsung SyncMaster 172s monitor (1024x768, VGA) and resists the idea of a new wide-format monitor. Getting the NUC to work properly with this display took the most time (but none of it was the display's fault).

We connected the monitor to the NUC's VGA port and were greeted with a "Video mode not supported" error on the monitor. The debian installer's text-mode display worked fine after boot, but we couldn't see any of the UEFI setup menus. Fortunately, we were able to sidestep the problem by using an HDMI→VGA adapter that we had ordered “just in case”. Using the HDMI output resolved the display problems with the UEFI menus.

After we installed Debian (8.1 from a USB stick created from the DVD image), X wouldn't start. The intel driver didn't work, and Xorg fell back to the VESA driver, and died while trying to set the video mode. (Also, virtual terminals didn't work at all until we added an xorg.conf snippet to force the resolution to 1024x768.) It didn't work even with the DVI-D input (via another “just in case” HDMI→DVI-D cable) on my monitor.

We stumbled around for a while, but we eventually got it working. The key was to apt-get dist-upgrade against jessie-backports to install a new kernel and drivers (e.g., libdrm-intel1). We also updated the BIOS from revision 0054 to revision 0058, but I am not sure that this was necessary, or even helpful. Xorg works with the new kernel and Intel driver. We didn't bother to check if the VESA driver would also work if we forced its use.

(Aside: we had no UEFI boot-related problems at all. We didn't even need to try the legacy boot option, either for the installation from the USB stick or to boot the installed system.)

Everything else worked

The Ethernet controller is a Realtek RTL8168h, which works out of the box with the r8169 driver. Installing the firmware-realtek package got rid of an “unable to load firmware patch” message, but the adapter worked fine without it.

The wireless controller is an Intel dual band wireless-AC 3165, which required the new kernel from backports (4.8, though 4.2+ should have worked from what we read) and the firmware-iwlwifi package to be installed. It worked fine thereafter.

The audio controller is an Intel "Braswell" 2284, which works out of the box with the snd_hda_intel driver. Audio output goes simultaneously to the headphone connector on the front panel and the glowing red S/PDIF plus headphone connector on the back. We did not try S/PDIF audio (no cable, no devices) or HDMI audio (no audio port on the HDMI→VGA adapter) or recording (no mic—or at least, no mic on my desk).

The Intel Bluetooth 4.0 controller (8087:0a2a) works out of the box with the btusb driver. We were able to pair with an Android phone and a Bluetooth speaker. We were not able to play audio to the speaker, but that is probably not a problem with the NUC, because we didn't manage to get it working with any of our other machines either.

We didn't try the SDXC card slot or the infrared sensor.

Update (2017-01-18): The SDXC card slot works fine. I used it to write a Raspbian image.

Malicious pollution reports


Before we installed a towel rail in the bathroom, we kept clean clothes on an old newspaper on the washbasin counter while bathing. It kept the clothes dry and kept me entertained while brushing my teeth for several months (I would unfold and refold it differently every few days when the top stories began to seem familiar).

Pollution report malicious, incorrect: Javadekar” dated June 7, 2016 quoted the reaction of the Union Minister for Environment, Prakash Javadekar, to a paper that was widely reported with headlines like “Life expectancy in Delhi has reduced by six years because of air pollution, reveals study”. Here's a clipping:

Pollution report malicious, incorrect: Javadekar

The original paper, “Premature mortality in India due to PM2.5 and ozone exposure”, written by scientists at IITM Pune and published in Geophysical Research Letters, was not immediately available for download. The Minister's scathing indictment shows that he is only too aware of the threat posed by Elsevier journals.

Of course, this is hardly the first attempt to maliciously target India with overblown pollution reports:

Volcanic activity in modern-day India, not an asteroid, may have killed the dinosaurs, according to a new study.

Tens of thousands of years of lava flow from the Deccan Traps, a volcanic region near Mumbai in present-day India, may have spewed poisonous levels of sulfur and carbon dioxide into the atmosphere and caused the mass extinction through the resulting global warming and ocean acidification, the research suggests.

Barely a month after his astute recognition of this pattern, however, a cabinet reshuffle saw Prakash Javadekar reassigned to the Ministry of Human Resources and Development.

(Aside: “Javadekar does a U-turn after questioning pollution study”.)

One month after demonetisation


A little over a month ago, our Glorious Leader eliminated corruption, black money, terrorism, and poor people in one bold and innovative move by declaring most of the currency in circulation to not be legal tender.

We are fortunate that we can get by without much cash in hand. We eat mostly what we grow, or is grown nearby in the village, and what few additional expenses we have (e.g., milk) have so far been met by the ten— and twenty-rupee notes we had collected to save time by paying exact tolls on the highway.

Our one visit to the nearest bank yielded a two-thousand rupee note and a bag of coins each—the most the branch could spare per person, given that they've received no cash for several days.

In Delhi, Ammu is not so lucky. Her landlord demands the rent in cash, and in exam season, she has had to stand in queue for several hours at an ATM to withdraw a quarter of her rent (which is the maximum one can withdraw in a day). Strangely, the vegetable and fruit sellers in her locality do not accept digital payments yet.

I was looking forward to hearing what the Supreme Court of India had to say about demonetisation, but they haven't said much, because they're busy with matters of real importance to the nation, like how often the national anthem should be played and how straight one should stand to properly demonstrate one's “constitutional patriotism”.

Transferring domains from


A friend had a domain registered at 123-Reg that he no longer wanted. It was coming up for renewal later this month, and he offered to transfer it to me. The domain was not locked, so I asked him for an auth code, and immediately submitted a request to transfer it to Namecheap, my preferred registrar.

The transfer failed, and Namecheap sent me mail saying the domain was locked. I checked, and it was. It had also already been transferred to another sponsoring registrar (Mesh Digital, the company that owns both 123-Reg and Domainmonster). My friend contacted support to unlock the domain, but by then of course the domain had entered the sixty-day period during which it could not be transferred again. I was forced to pay the renewal fee to them, and will now have to retry the transfer after the embargo expires.

I suppose I could think of benign explanations for the above if I tried, but I'm not feeling especially charitable about it. terms of disservice


I wanted to buy a jacket from Decathlon, so I went to create an account on their site, which involved wading through as convoluted and boring a "terms of use" statement as I've ever seen. (Alas, I can't link to it because it's just in a textarea on the account creation page.)

Most of the terms were unremarkable (obnoxious and officious, but still unremarkable), until I encountered this gem about halfway down.

«11. The Buyers shall be responsible to up keeping the providing information relating to the products proposed to be sold by Us. In this connection, The Buyers undertake that all such information shall be secured in all respects. The Buyers shall not defame the attributes of such products or services so as to mislead other Buyers in any manner.»

I created an account anyway (and the jacket is rather nice), but I didn't want to be responsible for “up keeping” information relating to the products they sell. So I wrote to their customer support to ask what this ridiculous verbiage was supposed to mean. Much to my surprise, they not only responded to my mail, but actually asked their lawyers for a clarification.

I had a word with our legal department and they mentioned that the clause means if a customer has an issue with or an opinion about a product, they contact us first for us to help them with their issue and not post it on social networking sites or the media.

Not being a fan of idiotic and underhand (and poorly-written, to boot) attempts to restrict what one's customers can and cannot say, I tried to delete my account. The terms of service said I could delete my account at any time, but I could find no way to do so on the web site. So I asked Decathlon to delete my account.

First they said they had deleted my account. I could still login, so I wrote back to ask them to delete it again. Then they said that I had registered two accounts (which I had not; I had just changed my name to "ABC" in my profile), and asked me to send them a list of addresses I had used (which I did—one address). Then they stopped answering my mail.

Eight weeks later, I can still login to my account.

Technically, I don't think this post violates their terms of service, because I did contact them for help first. But they do have a stern profanity policy, so here's a little something to help the account suspension process along: What the fuck, Decathlon? You're a bunch of incompetent nincompoops!

Update (2016-12-13): The account still works, but the “you may delete your account at any time” clause has been removed from the terms of use at some point. Of course, the vital “responsible to up keeping the providing information” clause is still there.

Using eBird in 2016


Make eBird your New Year's Resolution for 2016!”, they said, with a picture of a Steller's Sea Eagle that looked like it meant business. So I did.

A month and a half into the year, it's become a habit to record and submit lists during the day. It's given me a reason to get out of the house for a while in the morning and evening, and to take occasional breaks from work during the day, all of which has made me fitter, happier, and more productive.

I have many complaints about the eBird interface. The "Submit observations" page needs to be a couple of orders of magnitude faster. The Android app shouldn't be so dependent on network connectivity. Both need to be much smarter about interpreting abbreviations. I can think of various features that would make reviewers' lives easier. But those are just details (I hear the eBird team is receptive to suggestions), and none of it takes away from the fact that eBird has helped me to start birding regularly and seriously again.

As new year's resolutions go, I can't think of one that's worked out better.

Debian 8 on the Lenovo Ideapad S206


I got my dad a Lenovo Yoga 300 a few days ago, and installed Debian 8 on his old Ideapad S206 before giving it to Ammu, who has been using my old (and increasingly broken) Thinkpad X120e for months now.

The Linux Laptop Wiki has a page about the Ideapad S206; the quick summary is that everything works with only a little tweaking.

Wifi worked out of the box with brcmsmac. Bluetooth worked fine after installing the firmware-atheros package. Sound input and output worked fine out of the box. The hotkeys to change the volume (and brightness, etc.) also worked. I didn't try the card reader or the webcam.

I didn't bother with the fglrx video drivers, but I had to install firmware-linux-nonfree to enable KMS (kernel mode setting) to get suspend/resume to work properly. (Hibernation worked fine anyway.)

This is a sleek and light machine, quite a step up from the earlier Ideapad models I've used. The screen is a bit shiny, but stops short of being annoying. The keypad is unfortunately very jittery—unless you are very deliberate about tapping-to-click, you'll most likely just move the pointer a bit rather than clicking. This was my father's biggest problem with the machine (and it wasn't just a matter of acceleration settings).

But it's working nicely otherwise, and I hope Ammu gets some good use out of it.

DMT DiaSharp diamond sharpening plates


A friend sent me a pair of DMT DiaSharp “bench stones”. These are steel plates surfaced with diamond particles—an alternative to old-fashioned oilstones for sharpening steel cutting edges. I have been using them for several months now, and they have lived up to their reputation as being fast, durable, and convenient. I am very happy with them.

I have the D6CX and D6EF, each of which has two continuous sharpening surfaces measuring 150mm*50mm (6"*2"). The D6CX has extra-coarse (220 grit) and coarse (325 grit) sides, while the D6EF has fine (600) and extra-fine (1200) sides.

I have used them to sharpen kitchen knives, sharpen and flatten the back of a very hard plane iron, restore the badly-damaged cutting edges of some old chisels that belonged to my grandfather, and hone some new Narex chisels and other assorted tools. I follow more or less the same process shown in this video by Paul Sellers:

The DMT plates are fast and a pleasure to work with. Flattening large steel surfaces does take a half-hour or so of extra-coarse rubbing (mind your knuckles don't scrape the plate! I learned this the hard way), but that isn't a task I would even attempt on my old Norton oilstone. Tuning up a blunted (not damaged) edge takes a couple of minutes at most, while restoring a nicked edge might take ten.

I use the plates with a bit of water sprayed from an old bottle of glass cleaner, and wipe them down afterwards with an old shirt. They are easy to maintain (but the coarse grits must be cleaned gently, because they will happily shred cloth), and do not need to be flattened periodically the way an oilstone might. The fine surface developed a few tiny black spots on the very first use, but extensive use thereafter has not made them any larger or more numerous. (DMT is reputed to have good customer support, but they didn't respond to my question about the black spots.)

(I also have the DuoBase stand. The rubber feet do keep it from moving, and the clearance makes it easy to flip the plates over. It works fine, but I could easily do without it.)

I like sharpening things, but I am not obsessive about it. I have not tried to measure how flat the surface actually is, nor have I looked at the sharpened edges under a microscope. The plates are flat enough, and the edges sharp enough for me; and it doesn't take too long to get them that way.

DMT manufactures a great variety of these plates: larger and smaller sizes, coarser and finer grits, single- and double-sided, or with “interrupted” surfaces that reduce the buildup of swarf (abraded steel particles that must be cleaned away). I might try a single-sided 8"*3" continuous surface plate someday—it should make it a little easier to sharpen my larger knives.

Vodafone India snoops on e-mail


An article about Vodafone injecting javascript into web pages reminded me of a problem I investigated last year when Hassath couldn't send mail when connected through her phone's mobile hotspot.

My first response to any network problems is to run tcpdump, and I saw the following EHLO response from my own SMTP server.
250-SIZE 307200000
250 DSN

Vodafone is transparently proxying outgoing SMTP traffic and replacing STARTTLS in the EHLO response with XXXXXXXA, so that the client doesn't try to negotiate TLS. If you issue STARTTLS anyway—which no normal SMTP client would, but openssl's s_client can do—the TLS negotiation fails. So it's not just a downgrade attack, it's actively sabotaging TLS connections too.

This was the case in mid-2014, and it's still the case at the time of writing. I wonder how many terabytes of email logs they have collected in the meantime, how they are stored, and who is reading them.

While I was tethered to my phone, I did a bit more testing. Vodafone India doesn't seem to mess with HTTPS connections, and IMAP connections are not downgraded either (i.e., the server's STARTTLS advertisement is not modified, and the TLS negotiation succeeds). Nor did it inject any Javascript into the web pages I tried (yet).

Thoughts on specimen collection


I have now lost count of the number of forwarded copies of the “A scientist found a bird that hadn’t been seen in half a century, then killed it” mail that people have sent me. The collection of a Bougainville Moustached Kingfisher specimen by an AMNH team in Guadalcanal has drawn intense criticism and reignited the debate about whether scientific collection is justified or even necessary.

Moustached Kingfisher [Illustration: J G Keulemans (1842–1912), Novitates Zoologicae]

I don't have anything new or insightful to add to this debate.

Read more…