Test Kitchen to support Amazon Web Service (AWS) AMIs

I will keep this document updated as I move along.

Summary


Security Considerations

Under the instructions the Amazon Security Blog you need to do a few things to get started.

First, you need to create a new file called credentials in ~/.aws and set the rights to 600.

The credentials file needs to look like this:

[default]
aws_access_key_idx = "value here" <-- "This is the Access Key ID from IAM for the core user"
aws_secret_access_key = "value here" <-- "This is the secret ID from the CSV file that matches the access key"

Some things also need to be variables it seems. This is the default .bash_profile:

export AWS_ACCESS_KEY_ID="value here"
export AWS_SECRET_ACCESS_KEY="vale here"
export AWS_SSH_KEY_ID="PEM key name without the .pem"
export AWS_SSH_KEY="$HOME/.ssh/pem key with the .pem"

This is a bit of belt and suspenders, but it works and doesn’t throw irrational errors that keep you chasing your tail. Ideally you should not need the AWS_ACCESS_KEY and ID in your .bash_profile file, but some functions seem to need it.

You may want to set up a config file in ~/.ssh similar to:

# contents of $HOME/.ssh/config
Host chef
    User ubuntu
    HostName 52.91.89.20  <-- public IP address of instance
    IdentityFile ~/.ssh/awskey.pem <-- aws key

Drivers

You will need the EC2 Drivers from GitHub You will also need to install the AWS SDK for Ruby v2 gem.

To install the gems:

 $ gem install aws-sdk
 $ gem install ec2

Instantiate the kitchen:

$ kitchen init --driver=kitchen-ec2 --create-gemfile
  create  .kitchen.yml
  create  test/integration/default
  create  Gemfile
  append  Gemfile
  append  Gemfile
You must run `bundle install' to fetch any new gems.

The .kitchen.yml file

Modify/tweak your .kitchen.yml file to look like either of these or use the baseline sample:

Ubuntu Sample

---
driver:
  name: ec2 <-- Driver name
  security_group_ids: ["security group"]
  require_chef_omnibus: true
  region: us-east-1 <-- Verify
  availability_zone: d <-- Verify
  subnet_id: "subnet-x"
  associate_public_ip: true <-- If you want to connect from outside.
  interface: private <-- To connect from in AWS

transport:
  ssh_key: "/home/ubuntu/.ssh/AWSKEY.pem" <-- set to your key name
  username: ["ubuntu"] <-- Connect user name (needs quotes and brackets)

provisioner:
  name: chef_solo

platforms:
  - name: ubuntu-14.04 <-- Descriptive name
  driver:
    image_id: ami-d05e75b8 <-- Verify
    instance_type: t2.micro <-- Verify
    block_device_mappings: <-- Optional
      - ebs_device_name: /dev/sdb
        ebs_volume_type: gp2
        ebs_virtual_name: test
        ebs_volume_size: 8
        ebs_delete_on_termination: true

  suites:
    - name: default
    run_list:
    attributes:

CentOS/RHEL Sample

---
driver:
  name: ec2
  security_group_ids: ["security group"]
  require_chef_omnibus: true
  region: us-east-1 <-- zone may need verification
  availability_zone: e <-- may need verification
  subnet_id: "subnet-yoursubnet"
  associate_public_ip: true
  interface: private <-- when building from inside AWS

transport:
  ssh_key: ~/.ssh/AWS.pem <-- set to your key name
  username: ["ec2-user"] <-- may need to be root for CentOS, ubuntu for ubuntu

provisioner:
  name: chef_solo

platforms:
  - name: centos-6.4
driver:
  image_id: ami-26cc934e <-- Verify
  instance_type: t1.micro <-- Verify
  block_device_mappings:
    - ebs_device_name: /dev/sdb
      ebs_volume_type: gp2
      ebs_virtual_name: test
      ebs_volume_size: 8
      ebs_delete_on_termination: true  

suites:
  - name: default
    run_list:
    attributes:         

Baseline file sample for both Ubuntu and CentOS/RHEL

---
driver: 
  name: ec2
  require_chef_omnibus: true
  aws_ssh_key_id: AWSKEY <-- AWS Key name (no .pem)
  security_group_ids: ["sg-...f"] <-- security group
  region: us-east-1 <-- verify your region
  associate_public_ip: true <-- if you need to access the node outside AWS
  interface: private <-- set to _private_ if you are inside AWS

provisioner:
   name: chef_solo
transport:
   ssh_key: "/location/.ssh/key.pem" <-- don't know why, but this has to be here and not in the individual sections. 

platforms:
   - name: rhel-7.1 <-- RHEL is not officially supported but will work
     driver:
       image_id: ami-12663b7a <-- verify the image 
       instance_type: t2.micro <-- verify the instance type and size
       availability_zone: e <-- verify the zone it can run in
       transport.username: ["ec2-user"] <-- user will vary _ec2-user_ is the default for RHEL, but may need _root_
       subnet_id: "subnet-...2" <-- verify the subnet with the zone
       block_device_mappings:
         - ebs_device_name: /dev/sdb
           ebs_volume_type: gp2
           ebs_virtual_name: test
           ebs_volume_size: 8
           ebs_delete_on_termination: true

- name: ubuntu-14.04
     driver:
     image_id: ami-d05e75b8 <-- verify the image
     instance_type: t2.micro <-- verify the instance type and size
     availability_zone: d <-- verify the zone it can run in
     subnet_id: subnet-...c <-- verify the subnet with the zone
     transport.username: ["ubuntu"] <-- default name for Ubuntu
     block_device_mappings:
       - ebs_device_name: /dev/sdb
         ebs_volume_type: gp2
         ebs_virtual_name: test
         ebs_volume_size: 8
         ebs_delete_on_termination: true

suites:
  - name: default
    run_list:
    attributes:

If you want to assign a static address to the host, you have to do it at kitchen create stage. In the platforms section add:

network:
   - ["private_network", {ip: "172.31.47.69"}]

Using Kitchen

Kitchen List: Check your Instances and Actions

$ kitchen list
Instance             Driver  Provisioner  Verifier  Transport   Last Action
default-rhel-71      Ec2     ChefSolo     Busser    Ssh         <Not Created>
default-ubuntu-1404  Ec2     ChefSolo     Busser    Ssh         <Not Created>

Kitchen Create: Create an instance

$ kitchen create default-ubuntu-1404
-----> Starting Kitchen (v1.4.2)
-----> Creating <default-ubuntu-1404>...
    If you are not using an account that qualifies under the AWS free-tier, you may be charged to run these suites. 
    The charge should be minimal, but neither Test Kitchen nor its maintainers are responsible for your incurred costs.

   Instance <i-d4f71865> requested.
   EC2 instance <i-d4f71865> created.
   Waited 0/300s for instance <i-d4f71865> to become ready.
   Waited 5/300s for instance <i-d4f71865> to become ready.
   Waited 10/300s for instance <i-d4f71865> to become ready.
   Waited 15/300s for instance <i-d4f71865> to become ready.
   Waited 20/300s for instance <i-d4f71865> to become ready.
   Waited 25/300s for instance <i-d4f71865> to become ready.
   Waited 30/300s for instance <i-d4f71865> to become ready.
   Waited 35/300s for instance <i-d4f71865> to become ready.
   EC2 instance <i-d4f71865> ready.
   Waiting for SSH service on 172.31.63.224:22, retrying in 3 seconds
   Waiting for SSH service on 172.31.63.224:22, retrying in 3 seconds
   Waiting for SSH service on 172.31.63.224:22, retrying in 3 seconds
       [SSH] Established
       Finished creating <default-ubuntu-1404> (1m9.39s).
-----> Kitchen is finished. (1m9.46s)

$ kitchen list
Instance             Driver  Provisioner  Verifier  Transport   Last Action
default-rhel-71      Ec2     ChefSolo     Busser    Ssh         <Not Created>
default-ubuntu-1404  Ec2     ChefSolo     Busser    Ssh         Created

Kitchen Destroy: Destroy an Instance

$ kitchen destroy default-ubuntu-1404
-----> Starting Kitchen (v1.4.2)
-----> Destroying <default-ubuntu-1404>...
       EC2 instance <i-d4f71865> destroyed.
       Finished destroying <default-ubuntu-1404> (0m0.82s).
-----> Kitchen is finished. (0m0.87s)

Kitchen Setup: Install Chef on a node

$ kitchen setup default-rhel-71
-----> Starting Kitchen (v1.4.2)
-----> Creating <default-rhel-71>...
If you are not using an account that qualifies under the AWS free-tier, you may be charged to run these suites. 
The charge should be minimal, but neither Test Kitchen nor its maintainers are responsible for your incurred costs.

   Instance <i-387a1fc1> requested.
   EC2 instance <i-387a1fc1> created.
   Waited 0/300s for instance <i-387a1fc1> to become ready.
   Waited 5/300s for instance <i-387a1fc1> to become ready.
   Waited 10/300s for instance <i-387a1fc1> to become ready.
   Waited 15/300s for instance <i-387a1fc1> to become ready.
   Waited 20/300s for instance <i-387a1fc1> to become ready.
   Waited 25/300s for instance <i-387a1fc1> to become ready.
   Waited 30/300s for instance <i-387a1fc1> to become ready.
   Waited 35/300s for instance <i-387a1fc1> to become ready.
   EC2 instance <i-387a1fc1> ready.
   Waiting for SSH service on 172.31.41.13:22, retrying in 3 seconds
   Waiting for SSH service on 172.31.41.13:22, retrying in 3 seconds
   Waiting for SSH service on 172.31.41.13:22, retrying in 3 seconds
   Waiting for SSH service on 172.31.41.13:22, retrying in 3 seconds
   Please login as the user "ec2-user" rather than the user "root".

   Please login as the user "ec2-user" rather than the user "root".

   Finished creating <default-rhel-71> (1m47.75s).
-----> Converging <default-rhel-71>...
   Preparing files for transfer
   Preparing dna.json
   Preparing current project directory as a cookbook
   Removing non-cookbook files before transfer
   Preparing solo.rb
   Please login as the user "ec2-user" rather than the user "root".

   Please login as the user "ec2-user" rather than the user "root".

-----> Starting Kitchen (v1.4.2)
-----> Converging <default-rhel-71>...
   Preparing files for transfer
   Preparing dna.json
   Preparing current project directory as a cookbook
   Removing non-cookbook files before transfer
   Preparing solo.rb
-----> Installing Chef Omnibus (install only if missing)
   Downloading https://www.chef.io/chef/install.sh to file /tmp/install.sh
   Trying curl...
   Download complete.
   Downloading Chef  for el...
   downloading https://www.chef.io/chef/metadata?v=&prerelease=false&nightlies=false&p=el&pv=7&m=x86_64
     to file /tmp/install.sh.10715/metadata.txt
   trying curl...
   url  https://opscode-omnibus-packages.s3.amazonaws.com/el/7/x86_64/chef-12.5.1-1.el7.x86_64.rpm
   md5  9333136ba8a11bd6cad6d28fcd26a2c7
   sha256   7a937d8c0ab68a1f342aba4ad33417fc4ba8cb1a71f46e4a18b5e76c363e4075
   downloaded metadata file looks valid...
   downloading https://opscode-omnibus-packages.s3.amazonaws.com/el/7/x86_64/chef-12.5.1-1.el7.x86_64.rpm
     to file /tmp/install.sh.10715/chef-12.5.1-1.el7.x86_64.rpm
   trying curl...
   Comparing checksum with sha256sum...

   WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

   You are installing an omnibus package without a version pin.  If you are installing
   on production servers via an automated process this is DANGEROUS and you will
   be upgraded without warning on new releases, even to new major releases.
   Letting the version float is only appropriate in desktop, test, development or
   CI/CD environments.

   WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

   Installing Chef 
   installing with rpm...
   warning: /tmp/install.sh.10715/chef-12.5.1-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
   Preparing...             ################################# [100%]
   Updating / installing... ################################# [100%]
   Thank you for installing Chef!
   Transferring files to <default-rhel-71>
   Starting Chef Client, version 12.5.1
   Compiling Cookbooks...
   Converging 0 resources

   Running handlers:
   Running handlers complete
   Chef Client finished, 0/0 resources updated in 00 seconds
   Finished converging <default-rhel-71> (0m39.27s).
-----> Setting up <default-rhel-71>...
   Finished setting up <default-rhel-71> (0m0.00s).
-----> Kitchen is finished. (0m39.32s)

$ kitchen list
Instance             Driver  Provisioner  Verifier  Transport   Last Action
default-rhel-71      Ec2     ChefSolo     Busser    Ssh         Set Up
default-ubuntu-1404  Ec2     ChefSolo     Busser    Ssh         <Not Created>

Kitchen Converge: Deploying a file to a node

Modify your .kitchen.yml file, and update the suites section with the recipe:

suites:
  - name: default
    run_list:
      - recipe[motd::default]
    attributes:

Then run the kitchen converge command:

$ kitchen converge default-rhel-71
-----> Starting Kitchen (v1.4.2)
-----> Creating <default-rhel-71>...
   If you are not using an account that qualifies under the AWS free-tier, you may be charged to run these suites. 
   The charge should be minimal, but neither Test Kitchen nor its maintainers are responsible for your incurred costs.

   Instance <i-af402556> requested.
   EC2 instance <i-af402556> created.
   Waited 0/300s for instance <i-af402556> to become ready.
   Waited 5/300s for instance <i-af402556> to become ready.
   Waited 10/300s for instance <i-af402556> to become ready.
   Waited 15/300s for instance <i-af402556> to become ready.
   Waited 20/300s for instance <i-af402556> to become ready.
   Waited 25/300s for instance <i-af402556> to become ready.
   EC2 instance <i-af402556> ready.
   Waiting for SSH service on 172.31.45.65:22, retrying in 3 seconds
   Waiting for SSH service on 172.31.45.65:22, retrying in 3 seconds
   [SSH] Established
   Finished creating <default-rhel-71> (1m4.66s).
-----> Converging <default-rhel-71>...
   Preparing files for transfer
   Preparing dna.json
   Preparing current project directory as a cookbook
   Removing non-cookbook files before transfer
   Preparing solo.rb
-----> Installing Chef Omnibus (install only if missing)
   Downloading https://www.chef.io/chef/install.sh to file /tmp/install.sh
   Trying curl...
   Download complete.
   Downloading Chef  for el...
   downloading https://www.chef.io/chef/metadata?v=&prerelease=false&nightlies=false&p=el&pv=7&m=x86_64
     to file /tmp/install.sh.5483/metadata.txt
   trying curl...
   url  https://opscode-omnibus-packages.s3.amazonaws.com/el/7/x86_64/chef-12.5.1-1.el7.x86_64.rpm
   md5  9333136ba8a11bd6cad6d28fcd26a2c7
   sha256   7a937d8c0ab68a1f342aba4ad33417fc4ba8cb1a71f46e4a18b5e76c363e4075
   downloaded metadata file looks valid...
   downloading https://opscode-omnibus-packages.s3.amazonaws.com/el/7/x86_64/chef-12.5.1-1.el7.x86_64.rpm
     to file /tmp/install.sh.5483/chef-12.5.1-1.el7.x86_64.rpm
   trying curl...
   Comparing checksum with sha256sum...

   WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

   You are installing an omnibus package without a version pin.  If you are installing
    on production servers via an automated process this is DANGEROUS and you will be upgraded without warning on new releases, even to new major releases.
   Letting the version float is only appropriate in desktop, test, development or CI/CD environments.

   WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

   Installing Chef 
   installing with rpm...
   warning: /tmp/install.sh.5483/chef-12.5.1-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
   Preparing...             ################################# [100%]
   Updating / installing... ################################# [100%]
   Thank you for installing Chef!
   Transferring files to <default-rhel-71>
   Starting Chef Client, version 12.5.1
   Compiling Cookbooks...
   Converging 1 resources
   Recipe: motd::default
     * cookbook_file[/etc/motd] action create
       - update content in file /etc/motd from e3b0c4 to 295b84
       --- /etc/motd    2013-06-07 10:31:32.000000000 -0400
       +++ /etc/.motd20151210-10819-18peqj2 2015-12-10 14:02:01.757471882 -0500
       @@ -1 +1,10 @@
       + __________________________________
       +/ You are on a simulated Chef node \
       +\ environment                      /
       + ----------------------------------
       +        \   ^__^
       +         \  (oo)\_______
       +            (__)\       )\/\
       +                ||----w |

       - restore selinux security context

   Running handlers:
   Running handlers complete
   Chef Client finished, 1/1 resources updated in 00 seconds
   Finished converging <default-rhel-71> (0m32.21s).
-----> Kitchen is finished. (1m36.95s)

$ kitchen list
Instance             Driver  Provisioner  Verifier  Transport   Last Action
default-rhel-71      Ec2     ChefSolo     Busser    Ssh         Converged
default-ubuntu-1404  Ec2     ChefSolo     Busser    Ssh         <Not Created>

$ ssh -i ~/.ssh/awskey.pem ec2-user@52.91.126.45
Last login: Thu Dec 10 14:02:00 2015 from ip-172-31-60-114.ec2.internal
 __________________________________
/ You are on a simulated Chef node \
\ environment                      /
----------------------------------
        \       ^__^
         \      (oo)\_______
                (__)\       )\/\
                    ||----w |
                    ||     ||
[ec2-user@ip-172-31-45-65 ~]$ exit
logout
Connection to 52.91.126.45 closed.

Metadata.rb modifications

When you are creating a new recipe, you need to edit the metadata.rb file. For example, in the apache cookbook example, the file will look like:

name             'apache'
maintainer       'David A. Lane'
maintainer_email 'david.lane@gmx.com'
license          'All rights reserved'
description      'Installs/Configures apache'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version          '0.1.0'

Writing a recipe: Modifying recipe/default.rb

When you want to install a package, you will need to modify the default.rb file in the recipe subdirectory. An example, for installing apache is as follows:

#
# Cookbook Name:: apache
# Recipe:: default
#
# Copyright 2015, YOUR_COMPANY_NAME
#
# All rights reserved - Do Not Redistribute
#

package "httpd" do
  action :install
end

Once you make that modificaiton run a kitchen converge [node] and it will install apache.

[ec2-user@ip-172-31-47-69 ~]$ rpm -qa httpd
httpd-2.4.6-40.el7.x86_64

Service Resource

You can take it a step further to install, and activate the package once it is installed by modifying the default.rb like this:

package "httpd" 

service "httpd" do
  action [ :enable, :start ]
end

Which should result in ouput like this:

$ kitchen converge default-rhel-71
-----> Starting Kitchen (v1.4.2)
-----> Converging <default-rhel-71>...
   Preparing files for transfer
   Preparing dna.json
   Preparing current project directory as a cookbook
   Removing non-cookbook files before transfer
   Preparing solo.rb
-----> Chef Omnibus installation detected (install only if missing)
   Transferring files to <default-rhel-71>
   Starting Chef Client, version 12.5.1
   Compiling Cookbooks...
   Converging 2 resources
   Recipe: apache::default
    (up to date)

       - enable service service[httpd]

       - start service service[httpd]

   Running handlers:
   Running handlers complete
   Chef Client finished, 2/3 resources updated in 03 seconds
   Finished converging <default-rhel-71> (0m5.05s).
-----> Kitchen is finished. (0m5.11s)

And on the server, you get:

[ec2-user@ip-172-31-47-69 ~]$ systemctl list-unit-files | grep httpd
httpd.service                               enabled 

Template Resource

Modify the default.rb to add the template line as shown:

package "httpd"

service "httpd" do
  action [ :enable, :start ]
end

template "/var/www/html/index.html" do
  source 'index.html.erb'
  mode '0644'
end

And then you need to create the index.html.erb file. Start by running chef generate template <file>:

$ chef generate template index.html

and then change into templates/default and edit the index.html.erb file with what you want to include, such as:

This site was set up by <%= node['hostname'] %>

and run another kitchen converge.

Check the output:

$ kitchen converge default-rhel-71
-----> Starting Kitchen (v1.4.2)
-----> Converging <default-rhel-71>...
   Preparing files for transfer
   Preparing dna.json
   Preparing current project directory as a cookbook
   Removing non-cookbook files before transfer
   Preparing solo.rb
-----> Chef Omnibus installation detected (install only if missing)
   Transferring files to <default-rhel-71>
   Starting Chef Client, version 12.5.1
   Compiling Cookbooks...
   Converging 3 resources
   Recipe: apache::default
    (up to date)
    (up to date)
    (up to date)

       - create new file /var/www/html/index.html
       - update content in file /var/www/html/index.html from none to b2f6ae
       --- /var/www/html/index.html 2015-12-11 12:49:17.376524243 -0500
       +++ /var/www/html/.index.html20151211-19185-1lfz25z  2015-12-11 12:49:17.376524243 -0500
       @@ -1 +1,2 @@
       +This site was set up by 

       - restore selinux security context

   Running handlers:
   Running handlers complete
   Chef Client finished, 1/4 resources updated in 03 seconds
   Finished converging <default-rhel-71> (0m5.03s).
-----> Kitchen is finished. (0m5.09s)

And then on the host, you can verify the installation:

[ec2-user@ip-172-31-47-69 ~]$ curl localhost
This site was set up by ip-172-31-47-69 

Using Knife

Creating a Knife file

$ knife cookbook create motd --cookbook-path .
WARNING: No knife configuration file found
** Creating cookbook motd in /home/ubuntu/git/motd
** Creating README for cookbook: motd
** Creating CHANGELOG for cookbook: motd
** Creating metadata for cookbook: motd

$ kitchen init --create-gemfile
conflict  .kitchen.yml
Overwrite /home/ubuntu/git/motd/.kitchen.yml? (enter "h" for help) [Ynaqdh] n
    skip  .kitchen.yml
conflict  chefignore
Overwrite /home/ubuntu/git/motd/chefignore? (enter "h" for help) [Ynaqdh] y
   force  chefignore
  create  Gemfile
  append  Gemfile
  append  Gemfile
You must run `bundle install' to fetch any new gems.

$ bundle install
Fetching gem metadata from https://rubygems.org/..........
Fetching version metadata from https://rubygems.org/...
Fetching dependency metadata from https://rubygems.org/..
Resolving dependencies...
Using mixlib-shellout 2.2.5
Using net-ssh 2.9.2
Using net-scp 1.2.1
Using safe_yaml 1.0.4
Using thor 0.19.1
Using test-kitchen 1.4.2
Using kitchen-vagrant 0.19.0
Using bundler 1.10.6
Bundle complete! 2 Gemfile dependencies, 8 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

To Dos



Rand Paul and the Patriot Act

Passed in the wake of September 11, 2001, the Patriot Act was a rush to grant law enforcement sweeping powers that they had not had prior to its passage.  Most of the act is classified, and it it rumored that just talking about it is a felony.  Over the weekend, the Patriot Act was on the chopping block, with numerous politicians scrambling to save it, and the authorizations that it grants.  The most sweeping of those being the bulk collection of meta-data by the NSA. Senator Rand Paul (R-Ky.) stood alone against its renewal. In fact, Senator John McCain (R-Az.) said:

He obviously has a higher priority for his fundraising and political ambitions than for the security of the nation.” (as heard on CBS World News Roundup – 1Jn2015).

Despite Senator McCain’s opinion, many people would disagree, both in the United States and abroad.

That being said, it is clear that Rand Paul is not naive, admitting that the bill will eventually pass and the wiretapping will go on.

What surprises me is that Senator McCain even thinks something like a filibuster could or would have any effect on the bulk collection of data. As if the expiration of a law could stop it? And before you get on your soapbox and rant that “It is a law, it is no longer in force, therefore it is illegal,” allow me to point out a few facts.

The federal bureaucracy moves with glacial inertia. It is very hard to get things moving but once you do, it is almost impossible to make them stop. This is even more so in the intelligence community with is not subject to any sort of real oversight. The bulk collection of data is a huge industry. There are building springing up like mushrooms to support the effort. Contracts worth billions of dollars have been let by the government and the companies that hold those contracts will do everything in their power to keep those contracts active.

Short of an international delegation overseeing the complete shutdown of the collection process (much like under the SALT agreements for nuclear disarmament) the bulk collection of data is here to stay.  Legally, or not.

The Corner Pharmacy

Is the corner pharmacy a relic of the past? Oh, sure, if you want a quart of milk and some baby wipes at 3AM, it might be a convenient place to drop in. But if you are in need of medications, specifically, acute medications, they have to order them, and they will be available in two to four weeks. Maybe we should let Amazon know there is an untapped market here.

I am not talking about maintenance medicines. Those medicines you order 30 at a time to keep your blood pressure or your diabetes under control. Not the medicine that you know you need and that you can plan on when you pick them up. I am talking about those medicines that are meant to stave off something and you need them now. Pain medications, antibiotics. Those medications that, if ordered, are valueless by the time they arrive two to four weeks later. At best, the infection has been fought off. At worst, you will be dead (or in hospital).

Now, I am not saying that they need to stock all combinations of the medications that are on the market today. But one would think that basic pain medications, antibiotics, and other acute requirement medications would be on the shelf.  You would also expect that, if you were a regular customer, they would have your needs on file and since their automated systems can call you and tell you when your prescriptions are due for a refill, they could at least have those medicines on the shelf and ready for you to pick up. Even this seems to be too much of a challenge for most local pharmacies.

I do not understand why they are taking on supermarkets. Or rather, maybe I do understand better. Since they do not seem to stock medicines, as is their primary function, they have to make their money somehow.

Pod Garbage

This year, the company expects to sell nearly three billion K-Cups, the plastic and tinfoil pods that are made to be thrown away — filter, grounds and all — after one use. (NYTimes)

Perhaps I have a different view of trash, but worrying about the various pods being thrown out, even in the quantity that are being reported, is a tempest in a tea pot. As someone that generally only drinks one cup of coffee a day, I find the convenience of the pods to be useful. I do not end up wasting coffee by throwing out coffee that has gone bad through lack of consumption. Sure, there is some plastic being thrown out, but I throw out more plastic through the various bottles that come with juice, milk and wrapped around meat. But I know that I am not the normal case. If you happen to drink a lot of coffee, or if your office uses them instead of bulk coffee, there is probably a lot more plastic involved.

But while we are worrying about plastic, there seems to be a minimum amount of concern over the heavy metal in compact florescent lights and batteries that are constantly thrown into landfills. There have been several reports about this, so it is not a surprise, but there is no hue and cry over this. In case you did not know this, compact florescent light bulbs are not to be thrown out – they have to be recycled because they are hazmat. Technically, because of the amount of mercury in them, if you break one, you are supposed to call the Hazmat team to deal with it.

But instead, we are worried about plastic cups. And we wonder why the United States is having issues…

 

 

 

The TSA is behind the curve

This will come as no surprise:

The Homeland Security Department is banning all liquids from carry-on luggage for nonstop flights from the U.S. to Russia. The ban comes after the department warned airlines that terrorists might try to smuggle explosives on board hidden in toothpaste tubes. The warning said terrorist might try to assemble explosive device in flight or upon arrival at the Olympics. (www.wtop.com)

There is very little that I hear coming out of the Department of Homeland (In)security anymore that leaves me dumbstruck, but this was one of them.  The first thing that went through my mind was who is running the Game Theory office at the TSA/DHI, and have they ever seen a James Bond movie? Plastic explosives in a toothpaste tube is de rigueur in spy craft. Open any kids book on espionage and there it is.  So for the TSA to now, thirteen odd years after the September 11, 2001 attacks, ban liquids again is pretty stunning.

And then I am taken back to the Confessions of a TSA agent that appeared only a couple of weeks ago in Politico. The United States Government (in other words, you and me) are spending $150,000 per machine for full-body scanners, that do not work, and even if they did, there is a high likelihood that no one is watching the monitor anyway. And as been discussed numerous times, the x-ray machines, both above and below the security screening area cannot tell the difference between peanut butter and C-4, or chocolate powder and explosives.

So why, exactly is the TSA banning liquids on flights to Russia?  Because if no one complains about them banning liquids in this test scenario, they will be able to ban them in general, except for those of you silly enough to shell out $80 (or more) for their Pre-Check program, where the agency will, with your permission to boot, know more about you than anyone else.  All because they cannot procure, use, or understand the equipment that we are already paying too much for.

 

 

National Handwriting Day – 23rd of January

It is that time of year again, National Handwriting Day!  From my friends at Fahrney’s:

This Thursday (January 23) is National Handwriting Day in the United States. Established in 1977 as a day to acknowledge and celebrate the handwritten word it was created by the Writing Instruments Manufacturing Association “as a chance for all of us to re-explore the purity and power of handwriting”.

On the topic of handwriting, specifically writing letters, I finished reading To the Letter: A Celebration of the Lost Art of Letter Writing and really quite enjoyed it. It was a little bit of the history of the written letter, despite Simon Garfield’s initial statements that it was not the purpose of the book. It was a bit of biography, because after all, that it what most letters, that are kept become, the basis for a biography, and a review of the evolution of the post as we know it today. It was a fascinating read. And while he did not outwardly attempt to say that this medium of electronic “mail” is bad, he certainly highlighted many of the failings of not putting pen to paper and sending a letter.

So for National Handwriting Day, I encourage everyone to pick up their pen and write someone they know a letter. Put a stamp on it and mail it! And once you have done that, it is also time for the Annual Handwriting Contest! And like last year, I am going to put my mind to it and my pen and see what I can come up with. You should too!  Deadline is the end of January.

So let’s get writing!

If you wondered, is the US a Police State? The answer is – yes.

Over the last few months, the citizens, residents, and visitors to the United States have been regaled with stories of how the Government of the United States has been invading their privacy, opening their mail, listening to their phone calls, and generally monitoring their daily lives.  Of course, this is all in the name of security and to protect the public from the bad guys.

Up to this point in time, the revelations have been about how the National Security Administration are capturing your metadata, but not actually listening to your calls or reading your mail in real-time – they claim. But we have always suspected that other aspects of our life were under scrutiny.

Today, we got our answer:

The Transportation Security Administration is expanding its screening of passengers before they arrive at the airport by searching a wide array of government and private databases that can include records like car registrations and employment information. (New York Times)

What starches my socks is not that the TSA is doing this.  We pretty much knew they were doing this, even if we did not know they were doing this. No, what really galls me is that the TSA has a new program, called TSA Pre, which:

…allows select frequent flyers of participating airlines and members of U.S. Customs and Border Protection (CBP) Trusted Traveler programs who are flying on participating airlines, to receive expedited screening benefits. Eligible participants use dedicated screening lanes for screening benefits which include leaving on shoes, light outerwear and belts, as well as leaving laptops and 3-1-1 compliant liquids in carry-on bags.

And to get this benefit, you have to fill out an on-line application, have an in-person interview and, most importantly, pay the TSA for the privilege every five years!  Currently the fee is $85.  Now some frequent flyer programs include this in the ticket price, but for the average Joe Flyer, you are on the hook.  Yet the TSA is already doing a complete scan before you board for free!  OK, so it is not really free.  I have already paid for it with my taxes, fees, and other departure costs rolled into the ticket.

So what is the point?  Already, the United States has more secure screening processes in place, compared to the rest of the world.  I can leave my shoes and belt on in Europe and Canada.  The x-ray machines can already pick out my laptop.  And frankly the screening outside the US is much better than what the TSA is doing.  So why should I be paying the TSA?  They already know more about me than I do.  I have already paid the fee, several times over, and they already have done the in-person interview, every single time I fly.

I am opposed to the police state the United States has become.  There are a number of reasons for this. But to charge the flying public to go through security is really taking the cake. As the saying goes: There’s a sucker born every minute. Clearly the American public is the sucker, and their own government is taking advantage.

“Requires Facebook” is a recipe for an automatic fail

For the better part of the last four years, I have managed, quite well I might add, to do without a Facebook account.  Yet, despite this, more an more applications seem to be depending or relying on you having a Facebook account in order to use them.  This is true of a wide range of things from comment boards to business applications.  What baffles me is why anyone would tie their application to Facebook.

Sure, I get the idea that the general public is stupid when it comes to technology.  They cannot remember their passwords (which is why Apple put a fingerprint scanner on the new iPhone), they cannot manage to understand what a URI is or why it matters, and basic interfaces confuse them, but Facebook is hardly the panacea, and worse, it opens the end user up to even more insecurities and potential application and privacy leakage.

So from this point forward, if your application, chat room, or comment board requires a Facebook account to use, I will give it an automatic fail and one star rating.  Real application development does not rely on some other application for its security model. And the general public should not accept any application or solution that does.

Srsly?

If you have been following along with me for any period of time, you know that I have a thing about language.  And not only language but formal use of language. And a few people will tell you that I cannot spell to save my life (thank goodness for the red wavy line).  That being said, when I get an email like this, I cringe:

BABE… i guess your not getting any of my email huh? ive been tryign to email u so many times but this dam laptop is such a piece of garbage and keeps freezing.. anyways how u been?

Of course, it is a spam message. At the bottom of a very long, almost unreadable, 1000 word message is a come on link that I assure you, you do not want to click. It is a typical example of this sort of thing, but what really surprises me is how bad the language is.  Not just the random capitalization (and lack there of) and the slang shortcuts but just bad English. It concerns me that someone thinks this is the right way to to send mail. And since they have sent it, that people might actually write and talk this way!  If this is the future of the English language, I have a very dim view of the next generation.
Not to mention the spammers.