Letter to the Liberal Party of Canada

I'll do anything moral, anything legal, to promote electoral reform in Canada from First Past the Post to some variety of Proportional Representation, so when the Liberal Party of Canada put up a banner ad asking for what people wanted (but it was really a front-end asking for donations) I replied, with growing disappointment as it was clear they didn't want to hear about electoral reform. Part of it (and you can say it, "you poor fool!") required proving that you were real by giving them an e-mail address. They proceeded to send me requests for more money and eventually, I "snapped" looked up the sender named in the From: line (not info at liberal.ca, the real name) on one of the socials and sent this out. I am cc-ing it here, and I will also be sending it to my newly elected Liberal member of parliament.

I place it in the commons: you are free to use it, you are free to edit it for your riding's situation, you are free to send it -- only, please use it in ways that will encourage electoral reform towards a proportional system in Canada and not in other ways. Still, I have no hoard of lawyers, so I will be unable to track you down in order to enforce my request. Letter follows:

Dear _______,

Just to let you know.... I am "relieved" not "content" that your party leader is our Prime Minister and not the former honourable member from Carleton. Mr. Carney's commitment to climate goals is thin on the ground, his willingness to supply war materials to support Israel is disappointing -- a complex situation, but "clocks don't bring tomorrow, knives don't bring good news" -- never mind Stephen Harper's two most egregious bills that Have. Not. Yet. Been. Repealed: regarding revoking naturalization based on an ill-defined terrorism finding and breaking down the wall between intelligence gathering and policing that was built up after the MacDonald Commission, after the FLQ crisis.

My catalog of desiderata is long but my number one issue -- the meta-issue on so MANY other files is electoral reform. You want your leader to be mentioned in the same breath as Gus Pearson and Tommy Douglas? Press him to bring in some kind of PR -- divvied up per province as the Canada Act prescribes that parliamentary seats MUST be divvied up, but do it. Not Alternative Vote / Instant Run-off. Not dual member ridings. Use a constituent assembly if you must -- but MANDATE THAT ITS RESULTS MUST BE ACCEPTED BY CABINET and brought into law WITHOUT a referendum, or if any referendum, as "snap-back" after two cycles, and one that requires 60% for a reversion to FPTP.

That's why I responded to an LPC "what should we do now?" query. I am not a source of funds, I am a citizen whose vote hasn't been taken seriously, ever -- only until I turned 35 or so, I was voting like a "sheeple" and only long strong consideration of my options helped me choose what I wanted instead of Manichean-voting against what I hate or fear the most.

Plunging turnouts mean that a majority mandate is a false one: 40% of even a 55% turnout is still only 22% of the voters and is effectively losing to Did Not Vote: this should be unacceptable to anyone who cares about Democracy in Canada: only a greater loyalty to "the party's" chances than to better democracy would be satisfied. Every Vote Must Count -- as Trudeau quoted ten years ago without meaning what others heard -- even the votes of those with whom I disagree.

Banish the "can-we-get-a-majority-next-time?" schemers from this question and bring in real PR-based Electoral Reform, and Carney will be on the list of the Greatest Canadians Ever the next time someone runs that contest. Fail to do so and it might not take 4 mandates before your party is once again hated as much as it was (largely unjustly) under the former leader.

Sincerely,

______

Surveys say that 68% of you all, my fellow citizens harbour some variation on these feelings yourselves. Make your voices heard so that the power structures cannot ignore us.

Okay.. Setting up MFA

(2FA is just MFA where "multiple" == "two")

Have you got your FaceBook page up?

1. Click on your profile picture -- top right in English, North America. A menu will drop down.

2. You'll want to click on "Settings & Privacy" with an angle bracket to the right. Clicking it will produce another menu.

3. You'll want to click "Settings" and that will lead to a page titled "Your Facebook Information". If you haven't been here for awhile, you may get a pop-up window telling you that account security management has been moved to a Meta page.

4. On the left, of "Your Facebook information", under "Settings" there's a "Meta Account Center" (mis-spelled because of course this is an American page, not a Canadian one -- it's called "Centre" up here) an item called "Password and security". Click on that.

5. Annoyingly, the result will look like you're Starting All Over Again...<sigh>

6. And again, on the left, there'll be a "Password and security" item. Click it. (Didn't I click that already?)

7. And now, on the right there's a Two-factor authentication item. Click on that. With Meta, you may need to choose between a Facebook and an Instagram account. (Remember. Computers are stupid. They're the idiots here, not you)

8. If you don't already have it set up, Meta will probably ask you to do 2FA through SMS messages (text) on a cell phone first. Go ahead and follow the steps.

Choose a cellphone that you have exclusive use of, if you can. If you can't, I hope it's held by someone you can trust. Enter the cellphone and when you get the text message, enter the number in the browser.

9. Then go back into the 2FA selection and choose the app.

10. Fire up the app on your phone and choose "Scan a QR Code".

11. Back on the computer, when Meta gives you a QR code, scan it with your phone and a 6-digit number will start being generated on your phone (whenever you need it).

12. Enter the "current number" (you'll have a minute after the next time it changes) in the field on the web site.

13. Then, make sure Meta wants to use the app, not SMS to your phone going forward.

There. You're done. There were more steps there than I thought there would be (or in all honesty, more than I think there should have been) but it wasn't that hard, right?

Can you do the same thing in gmail? It'll start with the "Gear" icon and choosing "See all Settings" but I'll leave the rest for you to discover and feel accomplished for yourself.

And now it'll be just that little bit harder for someone to take over your account. You won't be able to prevent someone from choosing a name like yours on Twitter or Facebook, but your. own. account. is just that much safer than it was.

One last thing. Can you pay it forward? Maybe you know an elder or other person with practical challenges who could be helped with this?

But now this is out there and maybe when someone else does the google search, they'll find my explanation, and maybe it'll help in a more generic way than any one web site's explanation. 🧵4/4

(click older to get parts 1 to 3)

One more thing first...

Every online tool you use does MFA slightly differently -- that's the first bad news. It means I can't say "just do this", "just do that" and it'll explain for all times.

But it's not that bad. For one thing, the mechanisms are all pretty similar. Once you know one, you'll have a hint when you get to the other ones. That's good news.

Even better... as multiple services consolidate -- something I'm not really happy about but there are upsides -- there's a certain uniformity the services gain so that if you know how to do it in one service by, say, Meta, you'll know how to do it in another of their offerings. That's even better news.

And yet... online services are constantly looking for ways to "improve" their web pages, not realizing that change is a downgrade by default -- until we find the new places things have been stuck -- and that can be bad news.

All that is to preface my instructions and justify their sketchiness. What I'm describing is Summer 2023 on Facebook, on a desktop. There's a difference here between my preference and my wife's. She does everything on her phone. I do everything on a laptop/desktop. I view things on a phone but most of what I do is on a desktop.

You can do all these things on a phone, too, but maybe the first time you'll want to do this on a computer? If you have one, great.

If you don't, maybe your public library is a good option? Ask them before you try, "How sure you are that my credentials are safe if I enter them on those computers?" Librarians are cool and if you press a bit (respectfully, remember) and there is a problem, they'll crack and may suggest a better local option.

If they're firm that there's no problem, there's no problem, at least not in most western countries. Remember, these are the people who resist book bans. Let me say it again in my best Henry Winkler voice: Librarians are Cool! 👍 (Leather jacket extra, motorbike? I prefer my pedals)

When it comes to doing MFA, you'll find it easier to do on a desktop regardless. We did one MFA for my wife on her phone and switching from one app to another was a bit tricky. It was possible but took a few tries. We did the next one on a laptop and it was a lot easier, switching from one device to another instead of switching from one app on the phone to another.

Have you got your FaceBook page up? Bring it up and click newer. 🧵3/4

(click older to get parts 1 and 2)

What is MFA?

Wait a sec. What on earth is MFA? That's short for Multi-Factor Authentication and the quick answer is the entrance to Edna Mode's design studio.

Did you see? Watch it again. How many factors did Edna verify against? Watch it again and watch for these points:

1. 0'04": she entered a password
2. 0'06": she offered a handprint
3. 0'08": she offered a retinal scan
4. 0'10": she offered a voice sample
5. 0'14": she acknowledged Helen (Elastigirl) Parr's presence

That's. Too. Many. Factors. for you but it demonstrates the point, right? Especially when you remember that once she's in the door, into her studio, MFA never bothers her again.

For you, when you first log into your social media with MFA on your phone or your computer, you'll have to enter one more thing. Once you're there, you'll probably have to log out in order to be challenged by it again. The other time would be when you change your password. Do you change your password now and then? My employer makes me change certain passwords regularly. Personal accounts tend not to insist on it but, if you can come up with a way to NEVER forget your new password, you may want to change passwords periodically.

Oh, and yeah... you're not using the same password for all of your social media, are you? You are? Well, there's a reason to do some password changing right away after all then. It's obvious, right? If you use the same password everywhere, an attacker who cracks your password in one place gets an entré to all your accounts, right?

If you want the background, if enough people want a background, I'll try to add that later.

Otherwise, why not arm yourself now? Click newer to find out how. 🧵2/4

(click older to get part 1)

Help! My Account Has Been Hacked!

Many too many have stood where you stand.

Too many more will stand here too.

I hear your account's been hacked,

you've had to change your name

Build your contact lists again. (with apologies to Genesis - Many Too Many, 1978)

This hasn't happened to me --- yet. But I've been doing something I thought everyone knew about and I think it's helped prevent it. And yet, when my wife mentioned the lengths a friend of hers had to go to, in order to move heaven and earth to convince some social media site that, yes, yes! I really am that person! someone stole my account and I want it back! I turned to her and said, "Did she have MFA?"

She said, "I don't think so. How do I do that, anyway?" And I realized that I'd probably let her down on this one.

"Wait a sec," I said, "You have MFA don't you?" I'm geeky enough, we've been together long enough that she knows what MFA is, but she hadn't figured out how to do it for herself. Other things got in the way before now, but today, those were put aside for about 30 minutes and I made sure she had MFA on all her accounts and understood how to use it.

It's not hard and all of you, my neighbours, deserve to have the same protection for yourselves (and it's REALLY not that hard to do).

There's a community I'm a part of, attached to a weekly youtube rant with graphics, song parodies, guests, open source intelligence deep dives (you know who you are) -- you can't "just believe" everything they say (there are a couple of points on which I disagree with them or at least have my strong doubts) but they're a tribe I don't mind hanging with (@the_five8) though I'm pretty stodgy in a bunch of ways compared to them. Recently, several of them have changed their names several times, so it's made me wonder if either:

1. this MFA thing isn't as effective as I thought (and I've been lucky) OR
2. this MFA thing isn't as widespread as I thought

Adding MFA to ALL your account is, like, so 90s or 00s, you know? Oh. You don't? Oh yeah. I'm a geek, a nerd. Worn with pride but sometimes I miss the implications.

Some of the OSInt people on the Five 8 have really angered a few people. One of them (not one of the hacking victims) has had to leave home, never to return until the local powers that be are no longer mobsters who'll cause injury or death if a return is ever attempted. No. I'm not joking. The situation's broad strokes are a matter of public record in credible press reports and other places.

Anyways... another one said, when I poked at the MFA subject, that they had no younger relatives to appeal to for help setting up MFA, so I decided to write this -- a blog thread, if you will. Oh Arthur, that is just so 90s.... and you do threads on twitter! not on a blog... (I don't care. I'll do it this way anyway).

So, what is MFA? click newer to find out. 🧵1/4

CMAKE and Windows Executables

Make no mistake about it. I LOVE cmake. CMake, git and post-2011 C++ reinvigorated my love for what I do and confirmed for me that whatever development I do, I want it to be in C++, extra marks for cross-platform, and can we be test-driven please? I'm doing all that on my own stuff, which has slowed to a crawl for a variety of reasons these days.

But this week, I bumped into a wrinkle. I needed to deploy an extension .DLL (it's called a .so in Linux, .dylib on macOS) with an installer, and it was working just fine... until I tried to test it on Windows 11, in which case my extension DLL just plain failed to load.

I speculated about what new thing on Windows 11 might be causing my problem. Was it some "property" -- no fiddling with icacls that I could do seemed to fix it. Overnight that night, I woke up thinking, "no, it's not that, it's something about the code underneath." What? I though? Like C++ and depending on the STL? So I implemented my way around that (which was fun), ran it as a test DLL and everything seemed to work. I put it the result into the build system and the DLL from there wouldn't load any more than my first attempt. Poring over the compile commands, between the Visual Studio-produced build properties and those generated from CMake exposed some odd differences but nothing that looked dispositive.

The link switches, though, that was another question entirely. The CMake-generated version was showing /SUBSYSTEM:CONSOLE in the link parameters; the Visual Studio created one was showing /SUBSYSTEM:WINDOWS. Google did NOT lead me to where I wanted to go easily. Instead, I found stale articles from 2008 (with no answer) and conflicting advice on StackOverflow. A co-worker pointed to an article that said to specify something in the add_executable command inside CMake. Only... I was writing a DLL (add_library) and there wasn't the same option there. I did find one article that suggested a way to do it: the resulting DLL did indeed work on Windows 11, but it struck me as clunky, so I pushed a little harder on it and produced a one-line solution.

So, just to make sure I wasn't swallowing a horse unnecessarily (the STL free code that I wrote when I thought that was the problem?), I tried the same solution on my original code -- and it worked! So I had fallen prey to two sets of red herrings, not just one.

And so. I present here a formula, in one place, for forcing any EXE or DLL to be compiled for /SUBSYSTEM:WINDOWS, because sometimes  that's just what you gotta have.

For an executable, add "WIN32" to the add_executable command where you create your target, as:

add_executable(${target_} WIN32 .... )

For a Dynamic Link Library, add the line

set_target_properties( ${target_} PROPERTIES LINK_FLAGS "/SUBSYSTEM:WINDOWS")

You may also find this useful -- to prevent your DLL from reaching out and including other DLLs on systems where they aren't already installed:

set_property(TARGET ${target_} MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")

Simple solution and now, hopefully, it'll be easier for me (a) to remember it or if not (b) to find it when I need it again... okay google?

ansak-string, ansak-lib and packaging sqlite

Six years ago, I went for a holiday with my wife, just the two of us -- pretty much the first such holiday (measured in weeks, not week-ends) we had taken since our first child was born. It wasn't off to some sun-soaked beach -- we've never been that kind of couple -- but we had a wonderful time, camping (not glamping), hotelling, time-share-condo-ing, eating out etc. Along with spending time together, we each did some of "our own" things, too, together in silent (or not so silent) companionship and not. I spent a bunch of time reading, some time biking and some time writing software. Like I do for work. Only this time, it was for me. I joked to myself that I was prepping for a "retirement project" and maybe I was. We'll have to see how that turns out but for the moment, I had a lot of fun.

When I got back, in talking about it with a colleague, I immediately got side-tracked: his response regarding one part (a simple API for re-encoding strings between wide and narrow) was, "Oh! we need that. Can you package it?" So, I made some modifications to the repository, and to the CMake script to enable that -- a lot of it was sequestering away everything but the string library so that all they got was what they really wanted. And so I discovered, that even for my own software, if you're not careful, a long line of "yaks" will show up in need of "shaving". It took over some of my free time for awhile but I was able to deliver something they could use, and then nothing more came of it. Some work-churning that followed diverted me still further and it took awhile to get back to it. But this month, I think the yak-shaving has come to something of an end.

I could spend some time describing the different yaks, but I want to point out a yak-razor-forge that I designed for myself, that took care of a bunch of them, and could be useful to others. About six months ago, I asked my brother (a network tech, not a developer) to try my stuff out. His first response was, "why can't I ./configure, make, and make install it?"

That "ancient" paradigm of "download -- ./configure -- make -- make install" has served open source projects well for deployment, at least for the consumers of the tarballs constructed to be deployed that way. For producers, especially those of us who came to it later in the game, the autoconf and automake tools that support it are bewildering. Learning to use them well, and then using them repeatedly for oneself can be daunting. And then, it's not even much good on a non-Cygwin, non-msys2 Windows environment. But the paradigm, for the end user at least, is wonderful.

The kind of code I was writing was platform-independent C++11 (and I'm loving the continuing updates) with few package dependencies on other things, so a full autoconf/automake approach was wrong-headed anyway. Yet, for deployment on Linux, MacOS, Cygwin and msys2, the result of such an approach made a lot of sense, even if one arrived at it by other means. So I wrote my own minimal configure script that determines the platform, chooses a few defaults for things and then writes them into a file that the Makefile includes.

The Makefile is very simple, mostly a cmake dispatcher, as that was one of my early choices. By the way, if I am missing out on a better cross-platform meta-build system, somebody please tell me? So far cmake is making my life very easy and making me feel smarter than I really am every time I poke at it.

But on Windows, not even a marginally good GNU make is available by default, or where it is, it doesn't interoperate well with other parts of Windows, to my knowledge. As for the end result, there really isn't a "standard place" to put 3rd party headers and libraries -- at least to my knowledge and in wide-spread use. So, I decided to use a default prefix (and allow it to be over-ridden) of C:\ProgramData -- it seemed an easy call to me, and I have seen some feints in that direction. Sub-directories from there of include\, lib\ and bin\ seemed logical, too. And as for a "make" stand-in, remembering Dave Beazley's "Discovering Python" video, the choice there was obvious, too: python. I did give PowerShell a shot on the way there but at the end of the day? No comparison.

Once I'd decided to use python, the choice between python 2 and python 3 was also obvious (for feature-set if not for the Jan 2020 sunset of python 2) but how to make sure of that? And how to run things as, "download -- .\configure -- make -- make install"? So I wrote a configure.cmd that looks for python, makes sure it's python 3 (in a python-version-independent way) and calls configure.py. Before that script completes, it writes a make.cmd file that uses the python 3 that was found for configure.py to run a make.py. That script imports the configvars just produced to influence how it should do what it wants to do -- in the same way as the Makefile does.

On the non-Windows side, by this time, with help from a good friend, I had been using CPack inside cmake to produce tarballs, RPMs, Debian packages and arch ZST files. CPack will also produce NSIS installers automatically, but it struck me that they were aimed at applications, not libraries (and so far, I'm writing libraries). So I wrote my own NSIS installer scripts, too. make package on Windows produces one of those.

After completing the work for ansak-string, I extended it to ansak-lib as well. When I got around to doing the Windows work I ran into another dependency issue. I intend to use sqlite3 (props to D. Richard Hipp for this excellent resource) for my back-end storage and I have some C++ classes wrapping it. Checking for SQLite3's existence at build time is too late. Downloading and "installing it" to where I want it during configure for ansak-lib wasn't hard manually, but the more I tried to accomplish it automatically, the messier it looked. I hit on a cleaner solution, alongside ansak-string (the original shave-off I did for my mates at work) ansak-lib (includes the sqlite3 C++ classes). I produced a sqlite_msvc_packager that uses the same "download -- .\configure -- make -- make install" cycle.

So there it is: a packaging solution for Sqlite3 and a couple of libraries you might find useful (especially this means of reading files of lines of text -- any width, any ordering -- as though they were lines of UTF-8 text). But even more useful, perhaps is the meta-facility I developed and described above: a flexible way of deploying libraries, either directly (make install) or through install sets -- and Python3 helped me bring it all to Windows, too.

It's time to turn away from the "Masters" this year

I appeal to all (Canadian sports fans) who think that voting should be easy for all citizens of all backgrounds, ethnicities, identities and back-stories, of all countries, everywhere... Please follow my example and post something like this to: https://www.tsn.ca/help/contact-us form (Click through. I promise it Just Works™)

In solidarity with Georgia (US)'s newly re-suppressed voters, I appeal to your network to black out Masters coverage this year. Remembering the history of the Confederacy, the resonance of "Masters" where slaves once worked around it, where the first re-suppression legislation (of over 300 pieces in over 40 states) was passed, the optics are horrible and as a voice against suppression of freedom, for conscience' sake, TSN should black it out this year.

There's a 500 character limit so this doesn't say everything I would want, but it'll be enough to get the message across. Will you join me? (like the 50 people a day coming in singing Alice's Restaurant) Can we effect this change? I've gotten four "likes" so far on FaceBook but I'll bet that hasn't resulted in more than maybe one or two further posts to TSN.

It's incomprehensible to us as Canadians that any political party would EVER want to keep anyone from voting, but that's what this bill in Georgia was written to do. The governor took it inside a private office with six or eight white men and a cameraman to sign it. He sat at one end of a table with these guys in masks staring him down, beneath a picture of an antebellum plantation.

Meanwhile, a black woman member of the lower house in Georgia knocked politely but firmly on the door calling for the signature to be done in public. It went down like this:

Assemblywoman: Knock! Knock!

Georgia Capitol Police: You're under arrest.

And she was arrested and dragged out, charged with felony obstruction and disrupting assembly business. Think of an opposition MP / MLA / MPP / MNA from YOUR province being dragged away by the cops-on-duty from the Governor General or Lieutenant Governor's residence and charged with similar "crimes". If you don't feel outraged, I question if you understand what representative, responsible government, democratically elected means, or if you believe in it at all.

Three time zones, the whole continental US and an international border away, there isn't much I can do about this, but I can't become comfortably numb about this, and neither should anyone with democratic scruples of good conscience.

So, I'm not asking for money. I'm only asking that you click here and copy-paste the 2nd paragraph of this blog post and hit send. I won't encourage you to do it multiple times, but maybe this is a time to relinquish default Canadian "politeness". Their phone number is 1-833-TSN-HELP or 1-833-876-4357. For me, maybe it's time to try to figure out this Twitter thing and send a haiku to @TSNGolf.

I AM going to cc this to audience.relations@bellmedia.ca, too.

Here's hoping that, it's still true that... you can get anything you want at Alice's Restaurant ... even without 8x10 colour glossy pictures ... This is the colour I've found to try to start a small change. The crayons are free. If I toss you one, will you catch it and add your scribbling to it?

Strong Encryption with Backdoors: An Oxymoron for Authoritarians

What follows is a model letter for Canadian citizens to send to the Honourable Bill Blair, your MP and the Prime Minister:

Dear Sir:

Regarding Strong Encryption with Backdoors

Once again, a push has been put out there for the development of strong encryption with backdoors, and to our collective national shame, you have signed it.

Do you understand how moronic that makes you appear? You just asked for something more impossible than rain falling from a blue sky, than deriving significant heat from a full moon, than wanting (with conscious reference to 1984) 2 plus 2 to equal 5.

The math. does. not. support. the concept of Strong Encryption with Backdoors. One of the words, "Strong" or "Backdoors" must be removed from the phrase for it to refer to something real. I and others more competent than me have repeatedly told this and previous governments, yet the request keeps coming back. And every time it does, the governments that request it make themselves look foolish and naïve -- or worse. We elect you to be wise and informed, competent and, where your competence does not extend, humble  enough to ask for wisdom from those who have such competence. So requesting this again (and again, and again) is undermining the faith of Canadian citizens in the competence and capability of our government. Do you need me to outline how this undermines our faith in democratically elected government? Not that we would turn toward autocracy but that we would give up and dis-engage, which in the longer term would result in the same thing.

Please, I urge you, to retract your signature from the recent "International Statement: End-To-End Encryption and Public Safety" published at

https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety

The presence of your signature there is a signal to all and sundry of your incompetence to speak about encryption at all and it shames all Canadians whether they understand the issues or not.

Only governments aspiring to totalitarian powers would insist on this kind of a policy after being informed by mathematicians and cryptographers of its impossibility. I want to believe that my government's security apparatus does not aspire to totalitarian powers. Please restore my faith on both issues (competence and trustworthiness) that this is the case and rescind your signature.

Sincerely,

make use of it as you will...

Snap BC election right now? A real leader would say "no"

Posted to FaceBook, by me, via greenparty.ca:

It's Mr. Horgan's option. That's the way parliamentary democracy works.

But this is not the time. Despite the foolish result FPTP delivered in the last election, it's been reasonably stable and is only preventing things widely opposed by most of the voters from occurring. Maybe FPTP would deliver a majority to Mr. Horgan if he were to call an election, but maybe it wouldn't.

Run out your term, Mr. Horgan. Introduce sensible electoral reform, like my own "Regionalized Proportionality", so that future governments look more like the will of the people, where politicians MUST collaborate, co-operate, and submit to mutual accountability -- rather than the Manichean roulette wheel which is the only kind of electoral world that I have ever known in BC.

Then and only then call an election. That's what a real leader would do.