The Mechanics of Rights

Lately the phrase, “I have the right to …”, comes up a lot. Living in a society where basic and human rights exist and are protected and enforced by law is a good thing. These rights represent the rise of our social beliefs from savagery to civility, and encourage all of us to treat each other humanely.

We have long since conquered are basic needs, such as food, and shelter. Aside from members of our own species we do not fear any other species invading the security of our homes and families. We live largely in peace, and we argue and debate about things that really does not impact our basic needs. Instead, the things that we bicker about largely involve with how to improve our discretionary free time, such as:

  • How to make and spend money;
  • How to protect ones ownership and assets;
  • How to punish those who do not adhere to social norms;
  • How to maintain and climb whatever progress ladder that you want to climb;
  • How to change leadership;
  • Dream up new rights so that we can all be more comfortable;

We take for granted that it is this peaceful social atmosphere that allows us to contemplate how we can improve ourselves when living, working, and generally dealing with others. Without this basic-need social security blanket, all bets are off with rights.

I therefore assert that the notion of rights, whether they are human, civil, and even corporate are luxuries afforded by peaceful societies when they have enough time and sensibilities to create and enforce these rights. They are not a right but a privilege that we as a society has decided to define and maintain so that there is a higher sense of equality (protecting the weak from the strong), and civility.

Therefore it becomes very dangerous when people who would like to pursue new or change existing rights by adopting methods that endanger or violate the basic-need social security blanket. Radicals who justify the use of violence and threaten the basic social fabric and infrastructure to achieve their desire changes are also jeopardizing all other rights, threatening the livelihoods of others.

In essence, rights cannot be had, without peace and law. This is why I find very ironic that the people of Hong Kong are fighting for new rights by risking the current livelihood that others have enjoyed for so many years. Whether they know it or not, they are pursuing a path of country building and not protesting. Country building is much harder than instituting new rights. Many country’s foundation are ladened with blood and sacrifices.

Thoughts on the Hong Kong Protests

On the Maslow hierarchy of needs scale, Hong Kong currently share many of its basic needs with the mainland, including food, fresh water, and electricity. The end game of these protests should give due consideration to these geographical dependencies. Even if a political divorce is possible in the long run, it will be really difficult to live independently when you are still forced to share the same bed.

A symbiotic existence between Hong Kong and China seems to be unavoidable, as such finding common ground seems to be a better approach than inflammatory tactics based on hate and violence. The latter dehumanizes the opposition and ironically for all people of Hong Kong, erodes the one of the core values of a democracy, basic human rights. This is the same value that the protestors are advocating for.

Observing from recent history, it is really hard to pinpoint a country involved in the Arab Spring events that are better off now than before. Perhaps conciliatory talks can give rise to more creative possibilities of coexistence, and the elixir of democracy does not have to be the only arrow in the quiver to achieve peace and prosperity.

Leviton Decora Smart Dimmer with HomeKit

I purchased these DH6HD HomeKit compatible dimmer switches from Leviton from February of 2018 (over 1 1/2 years now).

When they work, they are great. BUT! My HomeKit app frequently report these switches with “Not Responding”. The only remedy that I know of is to remove the accessory and then re-add it again.

The process of adding the accessory is extremely frustrating and time consuming. Adding the accessory to the WiFi network is a hit and miss affair. It really is a crapshoot.

Today after three tries adding the Leviton without success, I almost gave up. Finally I discovered the following process in this reddit article. Even the technique outlined by the article did not work until I restarted the avahi-daemon.service on my Linux server, figuring that it may interfere with the Bonjour discovery process when adding the accessory.

Using the WiFi setup of the iPhone to add the Leviton device to the WiFi network definitely works smoother than using the Home app. Here are the steps:

  1. Reset the light switch by pressing and holding the on position of the switch until its LED light switches rapidly from red and amber. This can take more than 10 seconds.
  2. Set the iPhone to the appropriate WiFi network.
  3. Goto the iPhone WiFi menu, and you will the Leviton switch available for adding to the WiFi network. Add this device to the network.
  4. If an error is encountered when adding to the network, then restart the avahi-daemon service (or other mDNS service that may be competing).
  5. Once the switch is added to the network, proceed to add the switch with the Home app.

Apparently there is a firmware update for these switches. However, the update from 1.4.13 to 1.4.32 fail with the Leviton iOS app.

If you are thinking of getting a light switch for your home automation project, I would steer away from these switches!

DIY Garage Stereo with DML Speakers

I wanted music in my garage when I am cleaning my bike or doing some other work. However, I did not want to spend a lot of money but I also wanted to make sure that it sounded okay.

I was couch surfing one day and came across this YouTube video.

YouTube Video:
YouTube Channel: Tech Ingredients

The video talks about joining audio exciters to extruded polystyrene boards, traditionally used for insulation. I was intrigued.

I purchased a pair of DAEX25TP-4 by Dayton Audio from They look like this:

Dayton Audio DAEX25TP-4

I joined these exciters to FOAMULAR CodeBord Extruded Polystyrene Rigid Insulation which I purchased from Home Depot. I simply purchased a 24″ x 96″ and cut them in half so that I have a pair.

FOAMULAR CodeBord Extruded Polystyrene

Last I bought a cheap Lepy LP-2020A Class-D amplifier.

Lepy LP-2020A

I had an old Airport Express lying around which I can use as my source material by piping Apple Music through it. Here is the end result in my garage.

For less than $100, the sound is loud and good! The low end can be improved with a sub, but I won’t be doing that since this will be rarely used. The next step is to install some shelving and hide the wires so it is more presentable.


This past weekend my media NAS server was intolerably slow. When I investigated, I found out that one of the RAID-1 partitions is experiencing read errors and is timing out. I decided to risk a reboot and to my surprise the RAID-1 partition did not recover with one fail drive, but mdstat recorded with an inactive status, something like this:

md2 : inactive sdc1[0](S)

After some Google search, I found that I had to do the following to resurrect the md2 device.

madam --stop /dev/md2
mdadm --assemble --force /dev/md2

This reactivated the md2 partition. I replaced the failed drive and re-added the new drive to the md2 device. The RAID-1 partition is now rebuilding.

The inactive state is a new experience for me, so this was a bit of a surprise.

During this exercise I also found out that the SATA connectors on my SATA add-on card were loose causing intermittent connections. I will have to find a way to address this in the future.

Traffic Violation?

This morning on the way to work after picking up breakfast from McDonald’s (the one on 9989 BAYVIEW), I decided that heading East bound on Major Mackenzie from Bayview to Leslie was too busy, so I decided to turn right onto Boake Trail from Major Mackenzie.

After my right turn I was stopped immediately by a police officer. He told me that I was not allowed to turn right.

Since I had a dashcam installed on my car, I replayed the footage and found that there was simply no sign indicating that a right turn is restricted. The matter was even more confusing when there is a dedicated right turn lane. See for yourself below.

Dashcam Video

Also on Google Maps, the no right turn sign is also non-existent.

I decided to contest this matter. I am providing this quick blog entry as near to a contemporaneous note as possible of the event this morning in case I need to refresh my memory three months from now in court.

Update: My sharp eye wife spotted the no-left turn sign beside the traffic lights. So even with the video and Google Map reference I missed it on multiple, post-event analysis. The dedicated right turn lane threw me off and baited me into the turn, an honest mistake.

Old Media Server with OpenVPN

I am in the process of building and configuring a media server for my parents. After my recent media server upgrade, I have extra gear lying around. By purchasing a power supply and a small case, I can cobble together another media server with my old processor and motherboard. I will call this my parent’s media server. The goal is to replace the current Raspberry PI unit that is currently running OSMC acting as their media server. Although the OSMC solution with Raspberry PI has been working really well, it is under powered to play any HEVC encoded video at full 1080p HD resolution.

I wanted to convert the majority of our video media to HEVC simply to save storage space. If I do this with my media library, I will not be able to share our media with them because of their under powered Raspberry PI.

To solve this issue, I installed Ubuntu 18.04 along with Kodi on my parent’s media server that I just created. I have been testing this solution for the past couple of weeks and both the hardware and media player works really well.

I also configured the box to auto mount USB disks, and installed SAMBA so that both videos and music files can be shared with other devices on the same network. The SAMBA is primarily used by my parents with their SONOS speakers.

With this media server at their location, I can also consider future upgrades such as replacing their WiFi network with a Ubiquiti solution, and even ponder on a site-to-site VPN solution with both of our networks.

Perhaps that is looking too far into the future. My immediate concern is how to remotely administer the box. With the Raspberry PI, I just had a simple SSH setup. However with the extra horse power, and a full blown Ubuntu distribution, I can now setup OpenVPN.

I followed these instructions on the DigitalOcean site, and it worked flawlessly. During the setup, I made a major error. I skipped the firewall (ufw) setup on the box, thinking that I don’t need a firewall because an external firewall already exists. However, OpenVPN will not route external traffic to the internal private network if IP masquerading (NAT) is not setup properly. Thanks to a coworker’s advice, I configured the firewall with IP forwarding NAT, but also change all default actions to ACCEPT so that the firewall only function as a NAT router. Lesson learned!

Since this VPN will only be used by me for remote management, I will not configure any HTTPS tunnelling or install and configure ObfsProxy. We will continue to use UDP and stick with the default 1194 port.

We will do some final testing before finally deploying it to my parent’s place.

NVMe SSD with LVM Cache

I have been a huge fan of Apple’s fusion drives. They are an excellent compromise for affordable mass storage while still able to give you SSD performance. The concept is simple pair a fast but small SSD drive with a large but slow and much affordable, mechanical HDD. You get good performance and have lots of storage without breaking the bank.

I have falsely assumed that this capability only existed with Apple’s macOS operating system. This week I was pleasantly surprised to have discovered that LVM Cache can do more or less the same thing on Linux. This new found knowledge along with an excellent deal on a 500GB NVMe Samsung 970 Evo Plus M.2 drive gave me the itch to experiment this weekend with my NAS media server.

The hardware was easy enough to install, but I had to move one of the existing SATA connection because the M.2 slot on the motherboard shared a PCIe bus with a pair of SATA connections. Luckily I bothered to check the motherboard manual, otherwise I would have been scratching my head while the server fail to boot.

The software configurations were a bit more involved. Before I purchased the NVMe card, I did some experimentation with two external USB drives, one SSD and one HDD. I found this article to be super helpful in configuring LVM Cache with my test drives. However, these configurations were not fully restored after a reboot. After many hours of research on the Internet, I found this article indicating that my Ubuntu Linux distribution was missing the thin-provisioning-tools package. I also had experimented between the two different cache modes that were available, writethrough and writeback. I found out that the write back mode was a bit buggy and did not sync the cache and the storage drive. Yet another article to the rescue.

lvchange --cachesettings migration_threshold=16384 vg/cacheLV

I preferred the write back mode due to its better write performance characteristics. Apparently to fix the issue, I have to increase the migration threshold to something larger than the default of 2048 because the chunk size was too large.

Here are the steps that I did to configure my existing logical volume (airvideovg2/airvideo) to be cached by the NVMe drive that I just purchased. I first have to partitioned the NVMe drive.

Model: Samsung SSD 970 EVO Plus 500GB (nvme)
 Disk /dev/nvme0n1: 500GB
 Sector size (logical/physical): 512B/512B
 Partition Table: gpt
 Disk Flags: 

 Number  Start   End    Size   File system  Name     Flags
  1      1049kB  500GB  500GB               primary

Create an LVM physical volume with the NVMe partition that was created previously /dev/nvme0n1p1 and add it to the existing airvideovg2 volume group.

sudo pvcreate /dev/nvme0n1p1
sudo vgextend airvideovg2 /dev/nvme0n1p1

Create a cache pool logical volume and set its cache mode to write back and establish the migration threshold setting.

sudo lvcreate --type cache-pool -l 100%FREE -n lv_cache airvideovg2 /dev/nvme0n1p1

sudo lvchange --cachesettings migration_threshold=16384 airvideovg2/lv_cache

sudo lvchange --cachemode writeback airvideovg2/lv_cache

Finally link the cache pool logical volume to our original logical volume.

sudo lvconvert --type cache --cachepool airvideovg2/lv_cache airvideovg2/airvideo

Now my original logical volume is cached and I have gained SSD performance economically on my 20TB RAID setup for less than $200. Below is my final volume listing.

$ sudo lvs -a
   LV               VG          Attr       LSize   Pool       Origin           Data%  Meta%  Move Log Cpy%Sync Convert
   airvideo         airvideovg2 Cwi-aoC---  20.01t [lv_cache] [airvideo_corig] 0.01   11.78           0.00            
   [airvideo_corig] airvideovg2 owi-aoC---  20.01t                                                                    
   [lv_cache]       airvideovg2 Cwi---C--- 465.62g                             0.01   11.78           0.00            
   [lv_cache_cdata] airvideovg2 Cwi-ao---- 465.62g                                                                    
   [lv_cache_cmeta] airvideovg2 ewi-ao----  64.00m                                                                    
   [lvol0_pmspare]  airvideovg2 ewi-------  64.00m      

We can also use the command below to get a more detail listing.

sudo lvs -a -o+name,cache_mode,cache_policy,cache_settings,chunk_size,cache_used_blocks,cache_dirty_blocks

Upgrade completed. We’ll see how stable it is in the future.

Media Server Upgrade

Two and half years ago, I performed a CPU and motherboard upgrade to my media server. You can read the account here.

Although the AMD Athlon 5350 APU was energy efficient, it proved to be under power for on demand video encoding when Plex wanted to transcode video for a player on a device that is not compatible with the playing video. For example, when an Apple TV (not 4K) wants to play 4K material from Plex on my media server, the server will have to transcode the 4K material to a compatible 1080p format. Unfortunately, this is very CPU intensive and if more than one person in the house hold is trying to do the same thing, which is not unheard of, this causes stuttered playback issues.

Given the choice between saving a few dollars a year versus usability, I choose usability. Therefore I started to research what I need for the upgrade. My goal is upgrade the system so that transcoding will not be an issue and I can also use the system for future video encoding of security camera footages. We can also use the system for background video encoding of family videos as well.

I continue to prefer the AMD brand, and decided on the following combo:

  • AMD Ryzen 5 2400G Processor with Radeon RX Vega 11 Graphics (YD2400C5FBBOX)
  • GIGABYTE B450 AORUS M Motherboard
  • Corsair Vengeance LPX 16GB (2x8GB) DDR4 DRAM 2666MHz (CMK16GX4M2A2666C16)

The above were all purchased through Amazon and cost me a grand total of $473.24. The AMD CPU was the most expensive part costing almost $190.

Taking out the old motherboard and CPU combo and replacing them with the new parts went smoothly. The side SATA connectors bucked against one of my HDD chassis so I opted not to use them, and decided to connect all of my RAID SATA connectors to the SATA accessory card that I purchased and discussed in this post.

Last time I did an upgrade like this, the Ubuntu operating system had no problems and booted without any issues. Unfortunately, this time is very different. After the machine posted, Ubuntu booted into a blank, black screen. After some research, I learned to reboot the Ubuntu kernel with the nomodeset option. I learned to press and hold the shift key so that I can select the desired kernel that I wanted via the GRUB menu, and I learned to press the ‘e’ key in the GRUB menu to modify the boot options. Finally pressing F10 to boot with the custom changes (effective for only one time).

The above trick got me a login prompt. After I gained access to the command prompt, I noticed that the kernel did not recognize any ethernet devices. I now have a machine that is not connected to the network. After some more Internet research I found out that the current 4.15 Linux Kernel that I have is insufficient to run on the Raven Ridge architecture, the AMD code name for the Zen CPU and Vega GPU combination on a single chip. I have to upgrade to the 4.18 Linux Kernel.

However I cannot upgrade through the Internet, because the machine is not on the Internet. I have to download the Debian packages on a USB stick with another machine and manually install them. At this point, I learned that you cannot simply download a single package for this. I had to decide whether to go with the Linux Mainline Kernel packages or go with the Ubuntu HWE (Hardware Enablement) packages. After reading through Ubuntu’s LTS Enablement Stack article, I decided to HWE packages. I found the linux-generic-hwe packages and their prerequisites on This took several iterations as I did not get all the dependent packages on the first try.

Once all the packages were installed, the machine booted without the need for the nomodeset option. However, the internet interface device was still not there. I had to run the command netpath, to find out that new motherboard’s ethernet device’s logical name was em1. To register the new logical name, I had to edit /etc/network/interfaces file.

Finally, the machine booted with an active ethernet connection. As a sanity check, I executed:

sudo apt-get install --install-recommends linux-generic-hwe-18.04 

Ensuring that my new media server has all the required kernel packages. We are still not done. The IP address of the server has changed, because we now have a different MAC address, so the DHCP server provisioned a different IP. I tried to change the Unifi Controller to provision a static IP address to this new server but I was unsuccessful. I suspect that the new server is also running the Unifi Controller may have something to do with it. Since the IP address has changed, I needed to update the following configurations:

  • Firewall rules
  • Unifi Controller name space configurations
  • Samba configurations because we only allow for local machines to share

All of this took from 4:30pm to 11:00pm last night, 6.5 hours worth of hardware assembly, research with Google, trial and error, and finally success. I cannot imagine if Google and the super helpful community forums did not existed. Fingers crossed that the new media server will run smoothly.

More Home IT Upgrades

This past weekend I continued to upgrade our NAS server. Last weekend, I upgraded my raid array with an additional 8TB of mirrored storage. This yielded two old 4TB WD Blue HDD. I noticed that my case has a total of 9 internal storage bays. One was used by my 500GB SSD Boot Drive, and 6 were populated by HDD drives making up the current raid array. This means I have 2 more storage bays left. However these remaining bays were meant for 5.25″ storage devices like Optical Disc Players. For me to place my old 4TB WD Blue HDD into these bays, I will need a 5.25″ to 3.5″ bay converter. I had one, and purchased the other one on Amazon. I ended up buying the ORICO Aluminum 5.25 inch to 2.5 or 3.5 Inch Internal Hard Disk Drive Mounting Kit.

I also did not have enough SATA slots and purchased the IOCrest SI-PEX40071 SATA III 8 Port Controller Card. This card along with the 4 builtin SATA slots on the motherboard gave me enough SATA connections for my 9 drives.

Once I installed the old 4TB drives, I proceeded to create another md raid level 1 device and created a matching physical volume which I used to extend the current logical volume group. When the setup is completed, I ended up with a 20TB+ fully mirrored NAS server. I love LVM in combination of mdadm.

I figured while everything is fresh on my mind, I minus well proceed with the dreaded 16.04 to 18.04 Linux Ubuntu upgrade.

The upgrade was surprisingly very smooth. However the new version of OpenVPN caused some troubles. The new OpenVPN no longer works with my old PureVPN configuration files, because the certificate files that came from PureVPN used an outdated and deprecated hash algorithm. After getting the new configuration files from PureVPN, everything worked like a charm.

I also have to reinstall the Unifi Controller along with Let’s Encrypt certbot utility.

Super happy with the outcome and the upgrades should last another 2 to 3 years.