Kang's Thoughts

MacBook with Windows on External SSD

All of this started with one of my neighbour whose laptop broke down. The laptop stopped recognizing its internal SATA connection, so it will not boot. My neighbour ended up booting Windows from an external SSD using a Windows to Go solution to continue to use his laptop.

**MacBook Air (13-inch, Mid 2013)** running Windows 10 Home

This somehow got me thinking whether it is possible to boot Windows from an external SSD using a Mac. I knew Bootcamp allows you to create a dual boot scenario on the Mac, but the default procedure requires you to repartition your internal drive space to do so.

With external SSD drives coming down in price, for example you can get a 500GB Samsung T5 now for less than $130 CAD, it would seem a pretty sweet deal to have Windows on the side with your MacBook.

After doing some research, it seems like others have similar ideas. I am not going to detail all the steps, since you can find YouTube videos and other forums that have already done the deed. Instead, the high level process goes something like this:

Use the Bootcamp Assistant App on the Mac to collect all the drivers on a USB stick or a local folder on your Mac. Do not use the wizard. You will need to use the Action menu. See Figure 1 below.
Download a Windows ISO and use a Virtual Machine (e.g. Parallels, VirtualBox, etc.) to install the Windows ISO onto an external SSD drive. I first tried VirtualBox but ran into Catalina permission issues that I could not circumvent. I ended up doing it with Parallels which I will go into details later.
Copy the drivers from the USB stick created in 1 into the desktop of the recently installed Windows on the SSD drive.
Reboot your Mac and hold the option key down before the Apple logo shows and boot into the EFI portion that contains Windows.
Make sure you have an external keyboard and mouse handy because the default Windows install may not recognize the native hardware yet. On my MacBook Air, I had no issues.
Once Windows come up, login and run the Bootcamp setup from the desktop that was originally copied from the USB stick.
Once this is all done, you can dual boot into Windows on the Mac as long as you have that SSD drive handy.

Figure 1: Remember to use the Action menu

So far everything works, and it is happily installing Visual Studio 2019. I even tried Cortana and the mic and speakers are working well. I did a quick Skype test call and the webcam is working well too.

I do want to document the steps that I performed with Parallels when installing Windows 10 onto the SSD. Those steps were not intuitive.

Step 1: Choose the Install Windows or another OS

Step 3: Don’t choose anything, but check the “Continue without a source” box at the bottom left hand corner

After this, stop the virtual machine and make the following custom configurations:

Step 4a: Select Hardware and configure the Hard Disk

Step 4b: Make sure your external media is plugged in, and select it in the Source. For example, Physical disk: **Kingston DataTraveler 3.0 Media (disk2)**

Step 5a: Change the boot order so that you can boot from CD, and connect the CD to your Windows ISO (not shown)

Start the Virtual Machine and it will go through the first part of the Windows installation. Once it is completed, it will reboot. Instead of booting from the external media, it will boot from the CD ISO image again. Simply shutdown the VM again and change the boot order again.

Step 5b: Change the boot order again to Hard Disk first, and restart the VM to complete its second part of the install

Once Windows 10 complete its installation, it will go through a user account setup process. If you are connected to the Internet during this stage, Windows 10 will force you to either use an existing Microsoft account or create one. This is unfortunate, but go ahead and create a temporary one. Remember to create a local administrator account and remove this temporary Microsoft account as the final step of the Windows setup.

Remember to copy the Bootcamp drivers from the USB stick to the Windows desktop before completing and shutting down the virtual machine.

Now you are ready to restart the Mac and dual boot into the external drive by holding the Option key while the machine restarts. The final step is run the Bootcamp Setup.exe program, which should be located inside the Bootcamp folder that your previously copied on the desktop. This is the last step of the Windows configuration on the SSD drive, and you can restart your Mac and dual boot into Windows one final time.

You are now running Windows natively to the Mac’s metal, without any simulators or Virtual Machines. This process is great to revitalize old MacBook’s lying around especially for students who need a Windows computer for their curriculum, but still want to retain their macOS. For more contemporary Mac’s, the small form factor and the speed of the Samsung T5 drive is a great fit for this type of situation. This is very cool!

Update: Potential Trouble with Major Windows Update

I have been told that a major Windows Update could encounter an error and a registry setting is required to fix this. The following page has more information on this. In summary, you have to set the following registry key PortableOperatingSystem from 1 to 0. This key can be found at registry location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control. Thanks to Martin Little for this very helpful information.

Update: Mac’s with Secure Boot using the T2 Chip

To allow a Mac with the T2 chip to boot from an external drive certain settings have to be made with the Startup Security Utility. This utility can be accessed via the Mac’s recovery mode, under the Utilities menu. You want to disable secure boot and allow for external drive. Since the secure boot is disabled, set a firmware password to prevent a bad actor booting their own operating system with their own Live USB key.

Encrypted Live USB Stick

The goal is to create a USB key that contains a Linux based operating system. Any Linux compatible computer can then be booted with this USB key, temporarily borrowing the host computer. The hosted Linux OS can then access an encrypted partition that houses important private information that may be helpful in an emergency. This technique offers the maximum portability of accessible, private information such as your will, financial data, credentials, etc.

I previously had an USB key formatted with an encrypted Mac filesystem storing the same information. However, this is inconvenient because you will need to find a Mac in an emergency situation.

In the Linux community, you can create a Live USB key. The concept is to create an operating system that will run off of the USB key with any computer that you can plug the USB key to. However, many of these Live USB distributions does not remember any changes that you make while using the operating system. The next time you boot from the Live key, all your previous changes are gone, and the Linux environment reverts back to its original, pristine state. To remember the changes during uses, these changes have to be “persisted”.

I started to find the best methodology for creating a Live Linux USB that operates with an encrypted persistent partition.

All the commands in this article has been performed within the Ubuntu 18.04 LTS Desktop install. I installed this version on both VirtualBox and Parallels on the Mac. Both worked beautifully but Parallels has smoother integration with Mac.

I tried first the Kali distribution, using the instructions in this USB Persistence & Encrypted Persistence article (Article 1). However, the USB stick that I was using which was a Kingston DTSE9 G2 USB 3.0 32GB, was simply way too slow on writes causing the Live USB almost unusable.

I searched for an alternative USB stick and settled for the SanDisk 64GB Ultra Fit USB 3.1 Flash Drive. This new USB stick’s write performance was 4x faster than the Kingston.

After learning more about initramfs hooks, boot loaders, and a refresher on UEFI and BIOS booting process and partition layout strategies for USB storage devices, I decided to roll my own Live USB using the Ubuntu Desktop as a base along with the mkusb tool for the initial layout. The reason for the change is that I already have Ubuntu else where in the house so standardization is probably a better bet.

To improve performance further, I decided that it is not necessary to encrypt the persistent partition where the system configuration updates will be stored. Instead, I will create my own private encrypted partition to store only the private data that requires protection. Article 1, also provided details on how to use the LUKS technology to encrypt any Linux partition, so my exercise with Kali Linux was not a total waste of time.

Before I run mkusb, I needed to install it first by doing the following:

sudo add-apt-repository universe
sudo add-apt-repository ppa:mkusb/ppa
sudo apt-get update
sudo apt-get install mkusb mkusb-nox usb-pack-efi

I ran the mkusb tool (after sudo su - )¹, with the following options:

We also chose msdos so that more computers will be compatible for booting. Once mkusb is completed, we will need to perform some custom partition layout. We will use the gparted program for this purpose so that the completed partition layout will look something like this:

We first deleted the original usbdata partition and grew the extended partition (/dev/sdb2) to about 18 GB, approximately 6 GB for casper-rw, which the system will store any custom configurations or upgrades since this Live USB key is created. We create another logical partition called Personal that is around 12 GB in size, which will be encrypted and this is where we will store private, sensitive data for emergency use.

The remaining space will be allocated to USBDATA, a last primary partition for normal USB data sharing, the typical use case for a USB stick. We also want to make sure that the other FAT32 (usbboot) partition is not visible in Windows by setting the hidden partition flag. We did that with the gparted program as well.

Once the partition table is completed, we can now encrypt the Personal (/dev/sdb6) partition. For this, we went back to Article 1, which gave us the following instructions.

~# cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb6
 WARNING!
 This will overwrite data on /dev/sdb6 irrevocably.
 Are you sure? (Type uppercase yes): YES
 Enter passphrase for /dev/sdb6: 
 Verify passphrase: 
 Key slot 0 created.
 Command successful.

~# cryptsetup luksOpen /dev/sdb6 myusb
Enter passphrase for /dev/sdb6:

~# mkfs.ext4 -L Personal /dev/mapper/myusb

~# cryptsetup luksClose /dev/mapper/myusb

All Done! Now we have a bootable USB stick that can be booted from any Ubuntu compatible computer. I can store my own personal data in a very safe and private way within the encrypted Personal partition, while any changes I make to the system will be preserved in between the uses of the USB stick. On top of it all, the USB still has 40+ GB (~37.5 GiB) of storage for normal USB transfer usage.

I spent sometime copying some confidential information which I think I will need in an emergency into the Personal partition. I want to duplicate the finished Live USB key, so that both my wife and I will have a copy always available to us on our physical keychain.

I did this on my Mac, and the command to duplicate the USB drive is:

sudo dd if=/dev/rdisk2 of=/dev/rdisk3 bs=4m conv=notrunc

If the USB key ended up to be lost, then whoever picks it up will need to:

Recognize that this is a bootable USB, otherwise it will just seem like 40GB USB Flash Drive;
Get the password needed to login to Linux; I thought about installing two factor authentication but decided not to, because any good hacker can simply access the partition from another Live Key;
If they do mount the partition manually, then they still need to obtain the LUKS key to decrypt the partition; I made the LUKS key to be different than the OS password and is twice as long.

I think the risk is worth the benefit of having critical info around in case of an emergency.

Update: WiFi on MacBooks

It looks like MacBooks uses Broadcom WiFi chips and most Linux distributions do not ship with these drivers. This can be easily solved by loading the following software:

sudo apt update
sudo apt install bcmwl-kernel-source

Even with the above software installed, there is still a little ritual:

Launch the “Software and Updates” application;
Select the “Additional Drivers” tab;
Select “do not use this driver” and allow the process to go through and reboot the system;
Re-enter the system and repeat steps 1 & 2, and then select the Broadcom drivers;
Without rebooting, WiFi networks should be available for use

Unfortunately the above ritual will have to be performed every time the Live USB stick is powered off.

Update: Tried Linux Live Kit

I wanted to further customize my Live USB key. Instead of keeping a persistent partition, I thought I would keep a Linux VM at home and ensure that it is up to date and customized. At certain intervals, I would then create a Live USB key from the VM install.

I tried Linux Live Kit, but the results were disappointing. I was able to create a bootable USB key that worked, but the OS did not recognize the MacBook’s keyboard or trackpad. For some reasons, the drivers required did not get bundled during the process. I’ll have to read up on how I can create a Live USB key from scratch rather than depending on these tools, but it is more complicated than I thought, so for now this idea will have to be shelved until I have more time.

¹For some reason mkusb will not work with the live persistence if I simply do a sudo mkusb or under a non-root account. The only way that I can get it to work is to run it within a root login session.

Custom Counter

This all started when my wife started to use a circular knitting machine that she purchased recently. These machines can be used to quickly knit hats, scarfs, slippers, etc. I have seen her creating yarn goodness within a matter of minutes. The machine certainly decreases the time to produce goods when compared to traditional hand knitting by several folds. As a toy, literally, it has proven its worth several times over.

While using the machine, she has found that keeping count on the number of times the machine has revolved can be somewhat challenging. Of course this situation created a need for an electronic counter.

The idea is to use a microswitch to detect the notches on the machine, and use an ATMEGA328P microcontroller (MCU), running at 16MHz, to keep track of the count. The MCU is the same used by the famous Arduino hobby board.

Installing the Boot Loader to an ATMEGA328P

I setup a Raspberry Pi workstation and installed the Arduino IDE on Raspbian. Using a simple circuit described here. I was able to install the boot loader and program a generic ATMEGA328P chip using an Arduino Uno board.

The next step is to create a simple Arduino sketch that keeps count on the number of times the microswitch has been pressed. I also enhanced the sketch to track each press as a “tick” and have the ability to remember how many ticks make a single revolution of the knitting machine. In this fashion, the counter can be used on different sizes of circular knitting machines. The goal is to count both the number of ticks and the number of revolutions knitted so far.

The circuit is then prototyped on a breadboard with an LCD display (LCD 1602). This was the easy part. The hardest part is to solder everything on a perfboard and then design a suitable 3D printed case.

It took many tries on the 3D printer to get certain tolerance right. Finally, putting everything together we get this:

Working counter integrated with the knitting machine!

I have to say that this work was super satisfying. As a bonus, the counter can work with any type of sensors or switches that act as Normally Open (NO) and closes when it detects or closed respectively.

As a learning process and an experiment, I would like to create a simple PCB with JCLPCB. However, I have yet to start on that yet.

PlexConnect with Apache 2

To get Plex working on my old Apple TV 3, I had to setup a PlexConnect server that bridges the Apple TV 3 to the Plex Media Server. Previously I discussed about hosting the PlexConnect server on a virtual machine (VM) because the host that PlexConnect is running on must be listening to port 80 and 443. Having a virtual machine is a big nuisance, because the VM may not be up and running. I even try to host PlexConnect on a dedicate Raspberry Pi so that I can leave it on, but that proved to be too slow.

I do have a Network Attached Storage (NAS) server so it will be ideal to run PlexConnect on that, but the NAS server is running Apache 2 which is already using port 80 and 443. Eureka! How about running a reverse proxy that points to an instance of PlexConnect running on the NAS that is running on a separate port. A quick Google search for the term “PlexConnect and Apache 2” found this page on GitHub. The article turned out to be extremely helpful.

I downloaded PlexConnect as before and created the certificates.

cd /home/kang

wget https://github.com/iBaa/PlexConnect/archive/V0.6.tar.gz

tar zxvf V0.6.tar.gz 

mv PlexConnect-0.6 PlexConnect

rm V0.6.tar.gz

cd PlexConnect/assets/certificates

openssl req -new -nodes -newkey rsa:2048 -out trailers.pem -keyout trailers.key -x509 -days 365 -subj "/C=US/CN=trailers.apple.com"

openssl x509 -in trailers.pem -outform der -out trailers.cer && cat trailers.key >> trailers.pem

I then have to tell PlexConnect the following:

Do not enable DNS since we already have a DNS server running;
Do not enable automatic IP detection because it will get the wrong VPN client IP, instead I hard coded the 192.168.168.198 IP;
Disable SSL server because this will be handled by Apache 2;
Change the port number from 80 to 18080

The final Settings.cfg configuration file looks like this with the changed values highlighted in bold:

[PlexConnect]
enable_plexgdm = True
ip_pms = 192.168.178.10
port_pms = 32400
enable_dnsserver = False
port_dnsserver = 53
ip_dnsmaster = 8.8.8.8
prevent_atv_update = True
intercept_atv_icon = True
icon = movie-trailers
enable_plexconnect_autodetect = False
ip_plexconnect = 192.168.168.198
hosttointercept = trailers.apple.com
port_webserver = 18080
enable_webserver_ssl = False
port_ssl = 18443
certfile = ./assets/certificates/trailers.pem
allow_gzip_atv = False
allow_gzip_pmslocal = False
allow_gzip_pmsremote = True
loglevel = Normal
logpath = .

I had to configure my firewall’s local DNS to resolve trailers.apple.com to my NAS server, which is 192.168.168.198. This was pretty simple on my UniFi Universal Secure Gateway (USG).

The Apache 2 configuration files needed to be setup with the reverse proxy for both port 80 and 443. To do this I added the following VirtualHost settings.

<VirtualHost *:443>
        ServerName trailers.apple.com

        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile "/home/kang/PlexConnect/assets/certificates/trailers.pem"
        SSLCertificateKeyFile "/home/kang/PlexConnect/assets/certificates/trailers.key"

	<Proxy *>
		Require ip 192.168.168.0/255.255.255.0
	</Proxy>

        RequestHeader set User-Agent AppleTV
        ProxyRequests Off
        ProxyPass / http://avs.localdomain:18080/ nocanon
        ProxyPassReverse / http://avs.localdomain:18080/
</VirtualHost>
<VirtualHost *:80>
        ServerName trailers.apple.com
        SSLEngine off

	<Proxy *>
		Require ip 192.168.168.0/255.255.255.0
	</Proxy>

        RequestHeader set User-Agent AppleTV
        ProxyRequests Off
        ProxyPass / http://avs.localdomain:18080/ nocanon
        ProxyPassReverse / http://avs.localdomain:18080/
</VirtualHost>

I also needed to enable the headers module.

sudo a2enmod headers

We then needed to create a new systemctl service for PlexConnect. I had to create a plexconnect.service file in /etc/systemd/system with the following contents.

[Unit]
 Description=Plexconnect
 After=plexmediaserver.service
 
 [Service]
 Type=simple
 ExecStart=/usr/bin/python /home/kang/PlexConnect/PlexConnect.py
 User=root
 Group=root
 Restart=on-failure
 RestartSec=15
 StartLimitInterval=10s
 StartLimitBurst=3
 
 [Install]
 WantedBy=multi-user.target

The final steps are:

Check the Apache configuration file
Restart Apache
Start PlexConnect

sudo apache2ctl configtest

sudo systemctl restart apache2

sudo systemctl start plexconnect.service

Went to the Apple TV 3, and reconfigure the DNS to auto, removed the old profile and re-add http://trailers.apple.com/trailers.cer as the new profile. I discussed in my previous blog.

After signing into my Plex account, and testing various Plex media sources with the Trailers app, as well as trying out YouTube and the Prime Video app, everything is good! The VM is no longer required and we declare victory!

Plex on Apple TV 3

In my previous post, I talked about adding the Apple TV 3 to a value projector that I purchased on Black Friday. I was pretty satisfied with that solution, but then my ambition kicked in. Wouldn’t it be nice if the ATV3 can access my local Plex Media Server instead of streaming it from my iOS device using the Plex App via AirPlay?

A quick Google search yielded the discovery of the PlexConnect project. This is a very cool project. It allows the old ATV3, which does not support the native Apple TV Plex App, to act as a Plex client by spoofing the Trailers app that came with the box. To do this, the ATV3 needs to point its DNS network setting to a PlexConnect server, which performs the magic of bridging ATV3 requests to the Plex Media Server and handles the rendering.

PlexConnect was very easy to setup. I reused an existing Windows 10 virtual machine on my MacBook Pro for this purpose. My other servers in the house cannot be used because the required ports needed by PlexConnect are already in use. We cannot run PlexConnect on another port other than 80 and 443.

Changing the DNS settings on the ATV3 was straight forward, but adding the required profile of http://trailers.apple.com/trailers.cer was interesting. The instructions for the profile were:

Go to the AppleTV settings menu.
Select “General” then scroll the cursor down to highlight “Send Data To Apple” and set to “No”.
With “Send Data To Apple” highlighted, press “Play” (not the normal “Select” button) and you will be prompted to add a profile.
Enter (without the quotes): “http://trailers.apple.com/trailers.cer”

Once the above is done, all apps on the ATV3 including Prime, YouTube, etc. will not work without having the PlexConnect server up and running. Another note is that I had to run PlexConnect using administration privileges on Windows, otherwise it will not be able to listen to the secure ports.

Having the virtual machine up and running to service Plex was a bit bothersome. I setup another PlexConnect server on a Raspberry Pi to see if this can be an alternative solution, but it was just too slow with its 100Mbps network connection and its slow processor. It worked but the user experience was simply not good.

Perhaps the simplest thing is just to buy another Apple TV 4 during Boxing Day sale, and be done with it.

My ambition is still not fully met. My next step is to install a projector mount on the ceiling, so the projector is not taking up precious little desk space.

Apple TV with Projector

During the Black Friday / Cyber Monday weekend I performed an impulse buy and acquired a Vankyo V600 native 1080p projector for $280.49. The regular price for this unit is usually $399.99. I was curious what a big picture experience would be like on the flat wall of my curved staircase, which connects our main and second floors.

Projecting a Korean Variety Show (during Daylight)

The above end result was pretty impressive for the amount of dollars invested. I had an old Apple TV 3rd generation that was lying around not doing anything, and thought this would be a perfect media source for the projector.

For good sound, a pair of Edifier 1850DB speakers, connected to an Airport Express, already existed upstairs. All I had to do was connect the Apple TV to the projector and set the Apple TV to AirPlay to the Edifier speakers. All of this worked as expected. However, I did run into a snag. The volume signals from the Apple TV was quite low. Even when I cranked up the Edifier volume, it was still barely audible. It took me a long time to figure out how to change the volume on the Apple TV.

Apparently when a video is being played on the Apple TV, you have to press and hold the select (centre) button on the remote until a menu shows up pertaining to subtitles, audio, and speakers. You have to select the speakers and find the AirPlay speakers that the Apple TV is using. In my case, the Edifier speakers were labeled as “Upstairs Speakers”. The volume controls are presented by the blue slider bar.

Now everything works as expected on my private Local Area Network (LAN). We can play YouTube, or any iOS apps that does video. However, it would be nice for guests to be able to AirPlay to the projector. With the holiday season fast approaching, our dinner parties could be spiced up with this idea.

After fudging around with my firewall setup, the old Apple TV is now accessible from our guest WiFi. Now anyone can literally and figuratively project a video source from their mobile device on to my huge wall upstairs.

I am super happy how this turned out. We’ll have to wait for the final verdict from our guests this holiday season.

Plug-in Economics for Prius Prime

According to Toyota, our new 2020 Prius Prime PHEV gets around 4.3L / 100km of city driving. We will use this number since it is not too far off of the combine driving number of 4.4L / 100km. This means at the time of writing this post, the current fuel price at our neighbourhood pump is at $1.15 / L. If you do some fancy math, the Prime will yield us 20.2km per dollar invested at the pump (20.2 km/$).

Ontario Electricity Costs (Fall of 2019)

As depicted by the chart on the right, in Ontario we have three tiers of charging rates. The Prime in the winter can do about 35km with a 9kWh battery. The exact numbers are 40km / 8.8kWh, but this is perfect condition, and we use some battery for heating the vehicle. This will yield us the following:

Tier	Yield
On-Peak	18.7km/$
Mid-Peak	27.0km/$
Off-Peak	38.5km/$

So by comparing the above numbers, it makes perfect sense to charge the vehicle during Off and Mid Peak hours, and not so much during On-Peak hours. However the On-Peak comparison is so close that if the mileage rating was at 4.5L/100km then it is a wash.

With a bit more fancy math, you can actually calculate how much does gas have to cost per Litre before On-Peak charges make sense. This turns out to be around $1.24/L.

Hopefully you find this information helpful.

Let’s Plug-In

On October 30th, 2019, we purchased a Toyota Prius Prime 2020, choosing the Upgrade trim without the technology package. We traded in our 2012 Toyota Sienna 8 passenger Minivan with approx. 90,000km for $11,000. After all the government incentives, fees, taxes, and dealer’s rebates, we ended up forking out less than $27,000 for the vehicle. The only thing we opted for was the rust protection device.

We now have this plug-in hybrid electrical vehicle (PHEV) for almost a week. The vehicle is very comfortable to drive, and much more refined than my 2013 Subaru Impreza. The Prius comes in three drive modes, Eco, Normal and Power. I find the Eco mode to be too slow and has too much accelerator latency. I prefer the Normal mode. The Power mode can be pretty fun especially when you have a fully charged battery.

There are plenty of YouTube videos and written articles already talking about how the car drives, and I agree with their positive take on the Prius Prime. Therefore, I won’t repeat what has already been said. I will focus on what impact the ownership of a Prius Prime has on our residential electrical consumption.

We have yet to invest in a level 2 charger (240V – 16A) for the house yet, so we are just using our regular 120V plug to charge the 8.8kWh battery for the vehicle. So instead of charging the vehicle in 2 hours with the level 2 charger, we find that it takes around 5 hours to fully charge the vehicle. Toyota’s charging specification is pretty dead on and accurate here.

I raided our utility company’s web site and was able to extract the following graphs. Either click on the image or this link to open the graphs.

The consumption graphs above points to a day with no electrical vehicle as a baseline, followed by three days of charging the Prius Prime in the evenings. It looks like charging the Prius only amounts to an average of 1.5 kWh increase from baseline per hour of charge. The graph shows about four hours of heavy charging follow by a lower power charge during the last hour and a half.

At the current off-peak rate of ~$0.10 per kWh, we are looking at about an increase of less than a $1 per day, and this gives you about a realistic 36km of pure EV mode (all electric) of range per charge. So for a month, $30 will give you around 1,000km of range!

We have driven the car for about 5.5 days, and racked up in excess of 300km. We still have 7/8 of a gas tank left, and the only reason why we used the gas is due to a test drive to the Toronto Premium Outlet mall in Milton. Otherwise our daily usage pattern, which consists of largely local errands, would allow us to just keep on using the battery.

Now the game is up. How long do you have to wait for me to update this blog entry when I fuel up our new Prius Prime for the first time? Watch and see, any wagers?

The Mechanics of Rights

Lately the phrase, “I have the right to …”, comes up a lot. Living in a society where basic and human rights exist and are protected and enforced by law is a good thing. These rights represent the rise of our social beliefs from savagery to civility, and encourage all of us to treat each other humanely.

We have long since conquered are basic needs, such as food, and shelter. Aside from members of our own species we do not fear any other species invading the security of our homes and families. We live largely in peace, and we argue and debate about things that really does not impact our basic needs. Instead, the things that we bicker about largely involve with how to improve our discretionary free time, such as:

How to make and spend money;
How to protect ones ownership and assets;
How to punish those who do not adhere to social norms;
How to maintain and climb whatever progress ladder that you want to climb;
How to change leadership;
Dream up new rights so that we can all be more comfortable;

We take for granted that it is this peaceful social atmosphere that allows us to contemplate how we can improve ourselves when living, working, and generally dealing with others. Without this basic-need social security blanket, all bets are off with rights.

I therefore assert that the notion of rights, whether they are human, civil, and even corporate are luxuries afforded by peaceful societies when they have enough time and sensibilities to create and enforce these rights. They are not a right but a privilege that we as a society has decided to define and maintain so that there is a higher sense of equality (protecting the weak from the strong), and civility.

Therefore it becomes very dangerous when people who would like to pursue new or change existing rights by adopting methods that endanger or violate the basic-need social security blanket. Radicals who justify the use of violence and threaten the basic social fabric and infrastructure to achieve their desire changes are also jeopardizing all other rights, threatening the livelihoods of others.

In essence, rights cannot be had, without peace and law. This is why I find very ironic that the people of Hong Kong are fighting for new rights by risking the current livelihood that others have enjoyed for so many years. Whether they know it or not, they are pursuing a path of country building and not protesting. Country building is much harder than instituting new rights. Many country’s foundation are ladened with blood and sacrifices.

Thoughts on the Hong Kong Protests

On the Maslow hierarchy of needs scale, Hong Kong currently share many of its basic needs with the mainland, including food, fresh water, and electricity. The end game of these protests should give due consideration to these geographical dependencies. Even if a political divorce is possible in the long run, it will be really difficult to live independently when you are still forced to share the same bed.

A symbiotic existence between Hong Kong and China seems to be unavoidable, as such finding common ground seems to be a better approach than inflammatory tactics based on hate and violence. The latter dehumanizes the opposition and ironically for all people of Hong Kong, erodes the one of the core values of a democracy, basic human rights. This is the same value that the protestors are advocating for.

Observing from recent history, it is really hard to pinpoint a country involved in the Arab Spring events that are better off now than before. Perhaps conciliatory talks can give rise to more creative possibilities of coexistence, and the elixir of democracy does not have to be the only arrow in the quiver to achieve peace and prosperity.