When the Apple Watch was released, I was highly intrigued. I’m an on-again off-again watch wearer. I tend to lean to analog watches, though, something about the “liquid” display of time is very interesting to me. My last watch was a cool analog Timex chronograph. It had the capability to work as a stopwatch but the display was a little difficult to read.  So, I do like me some extra functionality.

The $349 cost of the Apple timepiece was quite a blow to my hopes, though. I had mentally prepared myself for a $300 top end. Still expensive and I can’t as easily justify it as I could an iPhone or iPad.

But I started to see the value of a smart watch.  I again looked up Pebble, the original smart watch success story.

Is it an Apple Watch replacement? Far from it. It’s plastic where the Apple is Aluminum. It has buttons instead of a digital encoder and touch screen. It’s black and white (e-paper) instead of LED or OLED color (whatever it is). But, it was only $199. At that price though, you were getting less than half of the Apple Watch, it was a hard sell.

But they read the market rather well, and boom, they lowered the price to $99.  Also, boom, I ordered one.  Smart choice on their part?  Well, they gained at least one customer they wouldn’t have otherwise, and I suspect it’s considerably more than just me.  I hope and suspect they can move a lot more volume at this “impulse” level.

So on its own merits, apart from being relatively cheap, what does it have going for it?


First of all, there are some built-in apps, like a few basic watch faces, a music control, notifications wrangler, and alarms.

The firmware development has been fast and furious.  There have been three significant updates (including notifications and emoji, quick launch, background apps, fitness tracking, auto-updates) in the last month (or few weeks?).

Third-party app development looks pretty decent.  You can even write apps in Javascript, using their SDK.  The CPU is respectable, as is the RAM, so there’s no dramatic impact to using Javascript that I can detect.  But.  The hard limitation is 8 apps and watch faces, and it doesn’t matter how big they are.  I do kinda understand in so doing they eliminated the need for their users to know anything about resource-wrangling.  But let’s be frank here, this customer base is made up of geeks.  It sounds like a future version of the firmware will remove this limitation and loosen things up a bit more.

You may notice I said apps and watch faces.  These are two categories of software you can have, apps allow access to the buttons and faces are a little more lightweight and require the accelerometer to allow you to interact.  You can scroll between faces with the right-side up and down buttons.  Apps either require a trip to the menu or assignment to long-presses on the two buttons.

There are a fair number of apps in the store, from fitness trackers (a hot category at the moment), to weather apps, to GPS displays, to Starbucks payment cards.  Oh and timekeepers of course.  Because of the 8-app limit, a few popular apps will bundle several small utility apps into the same executable, and they work fairly well.


Perhaps the biggest distinguishing feature of the watch is what they call an e-paper display. This is not to be confused with e-ink, this is really LCD. A low-power, high-reflectivity LCD, so in full daylight the screen is exceptionally visible.  Technically a higher resolution version of what was in my first eBook reader, the Aluratek Libre. Since the power draw is low, the battery life is estimated at about a week. That is very easy to live with, and the big distinguishing feature of the hardware.

There is a potential issue with this display.  If you have polarized glasses, you will especially see dark streaks in it (sometimes without polarized glasses too).  I stick to dark screen displays anyway, so I don’t mind.  When I use polarized sunglasses on my iPhone I notice big color problems anyway so I expect some weirdness anyway.

There are quite a few sensors in the little thing, including accelerometer and compass.
Communication is handled by bluetooth, Bluetooth LE most of the time (Bluetooth 2.1 is used for music control and some more data-intensive processes). This means that a phone or other partner device is required.  Ideally you want something with a data package, but you could certainly get by as long as you didn’t expect to update more connectivity from your watch than your phone will have.  The phone app acts as a proxy (or a bridge) to the Internet.


The fact that I need to add another heading here is a good sign. If the device ended at specs it would be another nice geek toy, and that’s all.

Notifications are a big deal.  It is nice not to have to dig out my phone to see what that noise was about… but sometimes it’s a bit overwhelming.  When I get notifications of email, they often come in batches of 6 or 7 (I have my phone only poll every hour or so).  That can be a little annoying to have the flood, especially when they’re triggered by opening the mail app on my phone. I don’t need any notifications when I’m right there!  I suspect this might be a limitation with the way Apple feeds notifications to the Pebble app, though.

The phone app does a nice job of managing installation, removal and configuration of apps. This is important because of the app-limit. Many configurable apps have a modular chunk of code, seemingly pre-installed in the Pebble app to prevent post-review code downloads.  Some of these have obvious jQuery UI front-ends (or worse), which is unfortunate but understandable… Still, the illusion of seamlessness is gone.  As well as it works, it looks hokey. They should have written their own library, or even just an aggressive CSS makeover to enforce an “App Shop” look and feel.

There doesn’t seem to be a mechanism at this point in the Pebble App Store for paid apps, but most of the more complex apps have “companion” apps you can purchase through the respective phone App Stores.  Having to go through the Apple review process, at least, enforces a little more visual consistency.

Bottom Line

There are only so many things you need or want on your wrist.  You won’t see an explosion of apps on the App Store for these, but a few essentials will rise to the top.

But really, does this thing add to my life?  Hmm.  In a strictly first-world scenario, I’d have to say yes!  Basic apps that you want at hand are really at hand.  The Misfit app is quite good and actually helps me to keep my activity level up throughout the day.  I’m happy to tell people about the weather forecast whenever I can.

It’s not ugly.  There’s no denying it is a big rectangle on your wrist, but the design isn’t too bad.  The plastic is highly glossy and there are lots of skins available if you want to change color. The band is replaceable with any standard 22mm band so there’s a lot of visual variety available for a reasonable cost.

Speaking of that reasonable cost… yes this watch will become obsolete in a couple of years.  But, at this price, is that a big deal?  Maybe by then the Apple Watch will be more accessible.


Maglite Solitaire LED Conversion

I got a Maglite Solitaire LED flashlight this summer, but I already had two regular incandescent ones.  Once you get used to the LED one, the incandescent one is so… dim… and yellow.  It’s really really convenient, though, and I’d hate to just drawer it, or worse yet, junk it.

I got a cool little module from eBay that just plugs right in and you’re done.  About $7.  Is that as good as it gets?

I found a pretty good tutorial on YouTube about how to mod an existing one to LED, so I thought I’d try it, and what is explained below is that exact project, with some slight changes.  The main thing is that a 1.5v cell isn’t enough to drive a decent LED light, so I’d either need to build a teeny tiny booster (probably what was done in the module above) or change the source voltage.  Voltage it is!

The space is limited in the battery compartment.  So what to do?  Very small batteries with 1.5v… sounds like a watch battery.  Also sounds expensive… but, the YouTube video explained how you can get an A23 battery and peel it open to gain 8 LR932 cells!

Unleashed the power.
Unleashed the power.

I found a double-pack of these batteries for just over $5.  Shop around, the prices can vary considerably.  Make sure it’s an alkaline battery, apparently there are some carbon batteries this size but they aren’t going to have anything near as tidy inside (i.e. “gunk”).

Note, If you do this, keep the positive and negative terminal bits.

You will only need 3 cells for one light, so put aside 5 of them.  Now we need to make a spacer so that the battery reaches both terminals inside the flashlight.  Get a pen tube and cut it to approximately 30mm.  You don’t need to be laser-precise, but get as close as you can.

Next, LEDs really should have a current-limiting resistor to prevent them blowing up.  Technically these cells probably have enough internal resistance to it’s not a problem, but I wanted to add a tiny amount of extra just in case.  The video suggested a 68 ohm resistor, but I didn’t have that, so I used a 51 ohm one.  I did say a tiny amount, didn’t I?  With a hammer and nail (or screw), poke holes in the top and bottom of the disassembled terminals you saved from before.  Solder one through the hole and then fish it through the pen tube and solder on the other end, again through the hole.

Spacer Age
Spacer Age

Note that the plastic may melt as you solder this, another reason to leave a mm or two to spare on the length of the tube.  With the cells and the spacer you now have a 4.5v “battery” the same length as a AAA cell.

Pop them into the battery compartment – pay attention to the orientation of the little cells, it almost seemed backwards to me at the time.  The flat side is positive and should be facing the bulb socket.

A thumbnail
A thumbnail of, well…

Now to get the LED bulb in there.  I assumed that I needed a really tiny LED, so I went and ordered some SMT ultra-bright LEDs from Amazon.  I just got them and yup they are really tiny.  These are designed for automated pick & place production but it’s not impossible to solder them manually!  I got two small cutoff leads from a capacitor and tried to figure out how to place them on this thing… first step was to get a ball of solder on each of the LED’s solder pads.  That’s fairly simple, just blob some melted solder on the bottom, and it will congeal on each pad as it should.

Lining up the leads, though, was another thing.  I decided to poke them into a cork, bend them over so they were going straight into the back of the LED and then just heat the blobs just enough to melt the leads into it.  Not too hard!

With a novelty size paperclip
With a novelty size paperclip for size comparison

Next, test it in the flashlight.  Remember that these are diodes, so if you plug it in one direction it may not work, even though the connection is perfect!  Try flipping the leads around and plugging it in the other way.  You too may be pleasantly blinded by the light.  (Curiously, that song was playing on Spotify just as I was doing this, and I only realized it now). If you are using needle nose pliers as I was to push in the diodes, grasping both of the leads, remember you are shorting the connection as you push it in.  It will not light up as you are doing this… so make a connection and then let it go for a second to make sure it’s working.

IMG_1964Now to trim down the leads.  I decided that the base of the LED should be at the same spot as the base of the regular bulb. Using that comparison, I snipped off the leads and then tried to carefully push the leads again into the light… and ripped the trace right off the SMT LED.  🙁

Oh well, I had ordered 50 of the little thingies (that’s the technical term), so I did it all again.  This time I was more careful, and taped off the jaws of my needle nose pliers so I could see if it was working as I was inserting it.  It worked, and blinded me again!

Factory LED (left) my mod (right)
Factory LED (left) my mod (right)

With my good eye, I could see that the tiny little LED fits through the bulb hole in the reflector with room to spare.  I actually realized as these were on order that I could have ordered actual 3mm ultra-bright LEDs and just cut and plugged it in.  Hm.  Well, let’s just say they’re on order now.  I will at least have a point for comparison (and 48 more SMT LEDs).  The connection point from the lead to the LED (say that out loud) is probably fragile, but it may have enough shock absorption in from the case and being suspended 1/4″ away from the body of the light.  In any case, I will use the spare bulb location in the base of the battery compartment for one of the other LEDs, so I will always have one even if it does break.

The result is pretty decent.  It looks like the first-party Maglite installed version is a fair bit brighter – and has the advantage of using standard AAA cells.  However, I am curious how the battery drain compares on these two, and how much different the 3mm LED is once I get it.

All in all, not too hard of a project.  The price was reasonable and the result is definitely superior to the original incandescent light.  If you had the LED and the battery on hand, you could probably do this in about 20 minutes to half an hour.

Apps Desktop Mac

MacDVDRipper Pro 5

I was a fan of RipIt and DVDRemaster a couple of years ago, I had a nice workflow going where I could convert my DVD TV series discs into MP4s for the Apple TV  (We have a lot of discs).  I discovered MDRP since then, and I have been very happy with it, just a few clicks to rip and convert in decent quality.  I love to see an encoder max out all of my cores, too 🙂

(As a side note, it seems that DVDRemaster got purchased by the company selling MDRP, so I suppose it’s a natural upgrade path for me)

Well, v5 came out a couple of weeks ago, but I couldn’t see much that was powerfully compelling about the new features – all they said was that it was now 64-bit and embedded switchable soft-subtitles.  And something very vague about converting after the fact.  Would that matter to me?

I decided to do a face-off with a single TV season disc.  The metrics here have “buckshot accuracy” but give me an idea.  I ripped 4 episodes in v4 and the demo of v5 and compared the time-stamps… it almost appeared like v5 was twice as fast.  Yes, about 12 minutes between two episodes in v4 and 6 in v5.  WOW.  Why are they not advertising considerable speed gains?  I know the computer could have been doing a bunch more during the first encode, but surely not that much!  I ran through a couple more box sets to be sure… and yup, I can finish a disc of about 4 episodes in roughly half an hour.  Even the fans on my iMac blew at high speed for the v4 conversion and remained quiet for the v5.

This is a totally worthwhile upgrade just for that rough test.  But, I discovered the other killer feature.  Previously, you could not use .dvdmedia packages as a source – which was a drag if I wanted to distribute the ripping task to other machines using say, RipIt.  This version though, uses them just fine!  Yeah!  I didn’t find a big improvement in distributing that process though, since the convert straight from disc is so fast it’s almost not worth ripping to an image and converting from that.

The upgrade was $10 and totally worth it.

Games iPad iPhone

Freemium Free

It began with an outright refusal to pay extra to play more of a game. Freemium games are now dead to me.

I should define more early what I mean. In this context I don’t mean a full game or app with add-ins, like extra levels or “pro” functionality. I figure each level is very usable and enjoyable, and you get to what you pay for, many times if you so choose.

What I have come to loathe is the “gems”, “crystals” (or its analog) idea, where you have to pay in virtual and also real currency continuously to enjoy the game.

Related to this are repeated notifications that draw you back into the game – clearly to maintain their revenue stream.

I kinda find the fun game experience should do that, don’t you think? For example, PvZ was really fun. I bought it on three platforms and replayed it twice on each. PvZ 2 was really, well, not fun. It was all about maintaining an economy of premium features. You could only enjoy what you could afford in the game. It has thus been deleted.


The final hanger-on was Real Racing 3. I actually did enjoy this game (when I wasn’t cursing its knife-edged grip modeling). It gave you quite a lot for free, but it still bugged me. I couldn’t repeatedly race my favorite car, because they all have an artificially imposed limit… unless, of course, you pay. Secondly, I grew annoyed at the regular (daily) notifications that “you really should be playing”. Yes I know I can turn these off, but why are they there in the first place? When I needed a few extra gig to upgrade iOS the other day, I finally unloaded it. I hadn’t played it for months anyway.

So with that, I no longer have any freemium games at all on any of my devices. When I see one on the App Store I first look at the in app purchase list and if it has a satchel or truckload or baggie of gems or crystals or whatever, I know it will not add to my fun. Instead, I will play a fantastic game like Minecraft PE or True Skate, or, who knows, maybe I’ll even start PvZ again.

Apple Shopping

Apple Pay

The third punch in the Apple show was the biggest, in my opinion.  Again, on the surface it appears to be catch-up but this is much more significant.

The competition liked to throw in an NFC antenna and then claim it was a feature, but without deep integration all it is is more hardware.  Yes you could tap to pay, but you can also do that with your credit card.  Why introduce a phone into that?  I realize there were some apps like a google Wallet that integrated with that, and that’s a good start, but missing the last step.

What’s the last step?  Security!  Apple Pay runs only on phones that have TouchID, and the Apple Watch that has a simple form of biometric security (apparently it remains unlocked only with continued skin contact on the back of the watch).

The best (and most secure) component of this whole platform is invisible to users.  The channel between banks and Apple is HUGE.  I can only guess at the infrastructure, but if you think about it, it might be something like this… the phone (I presume) generates an asymmetric key and stores the private one in an enclave on the phone and registers the public one with the bank.  When a transaction takes place, it probably creates a transaction packet with the purchase details and signs and encrypts it, passes it through to the Bank.  The credit card details are nowhere in the transaction.  No signature, no PIN, no card number or CVC.  Apple is in the loop somewhere, but they claim they never see any purchase details.  Perhaps they check the signature, match it to a user, and pass it along as an inter-bank transaction.  Since the bank is RIGHT NOW already tooled up to accept this, they likely didn’t have to make significant changes to their back ends.

Talking through my hat of course, but it has to be closer to this than any current tap-to-pay tech.

The bottom line is, Apple isn’t trying to make credit cards more convenient, they’re trying to replace them.  They’re setting themselves up as part of the infrastructure of daily commerce, which is much much bigger than selling a few technology items.  They think much bigger than “slap an NFC chip in there”, and it’s going to have a big impact in the years to come.

Apple Electronics Watch

Apple Watch

I, like others, was drooling when Apple introduced their new wearable.  They made the competition look horrendous.  (As a side note, when I first saw the Galaxy Gear S in pictures, I was excited – it too looked great, and not Android… until I saw the actual size.  It’s absurd.)

They pitched this at everyone.  It’s not a “geek watch” and another model is a “fitness watch” and another model is a “cool watch”.  They all have factors of each.  Sure, they have different versions but nothing’s stopping you from exercising with the Edition… uh… edition (that name!).  Or wearing the Sport edition with a suit.

The digital crown is one of those obvious things that nobody thought to use.  Why did it take Apple to think of this?  Because they’re never in a panic to release something.  They don’t iterate like Microsoft (used to) or in the extreme, Samsung.  Can you believe Samsung is (as of publication) on their sixth generation of smart watches?  Have you seen anyone wearing one?  Wanna know why?

Of course I want one, but the price is high.  They “start at” $350US.  Is that the Sport one with a basic rubber(ish) band?  What if you want the Sapphire crystal version?  How much will bands cost?  This is pretty much the definition of a luxury item.  You can get a pretty awesome regular watch for $350.  Are the digital additions worth the premium over a decent analog watch – one that, remember, will still be worth a respectable percentage of that amount (if not all of it) 5 years from now?

I won’t be getting one, but not because I disagree with them in any shape or form.  I’ll see what the next product cycle or two brings around.

Now, was that a working model that Tim Cook was wearing?  If so, I’m sure Apple execs can wear them in public now as test cases and get some real-life issues resolved even before release.

If you read this far, are you wondering what I think about Android Wear?  I won’t have Google touching my person or knowing my physical status or location at all times, thanks.  The “Ok Google” thing on the Android watches creeps me out.

Android Apple iPhone


Apple’s done it.  “They’ve kneeled to the pressure from Android”.  Haven’t they?  Let me think.

One day to a few hours before the event I saw a fair number of tweets where people expressed that they didn’t really want a bigger phone.  The iPhone 5 size is wonderfully compact and ideal for daily use (but lets talk about that later).  I am content with mine.

However, when I got my 5s, I immediately wished it was a tiny bit wider to make landscape use more viable.  Typing any document in landscape only left me with about half an inch of displayed space.  I adapted, and found that typing in portrait orientation was clearly the way to go.

The average iPhone 6 Plus user

So now they’re bigger.  If you haven’t downloaded the template from Ars Technica to see how big they are in person, you should really do so now.  I found the Plus at first glance in my hand didn’t seem too bad, until I pretended to use it.  Forget that noise.  I don’t have thumbs like Hound Dog Taylor.  It loses the magic of convenience that is so important to me in the iPhone.

The regular-sized 6… now I could work with that.  I think toleration would give away to preference the more I used it.  Does that make the 4″ screen of the 5 “too small”?  Absolutely not!  I am still very content with this for daily use.

That leads me to my thoughts on “daily use”.  It goes without saying that the typical use has changed from the introduction of the first iPhone (and yet I said it).  People don’t talk on their smart phones that much any more.  But I think the new generation of smartphones have gone one further.  Site-specific apps are starting to give way to responsive web sites.  The push to demonstrate that the iPad is a “content creation device” led not only to spectacular apps that do so on the iPad, but a desire to continue that work on the iPhone.  I ran GarageBand on my iPhone 4 (well, I “walked” it) but the 5s made it much nicer – primarily for speed but the screen space did help.  Parallels Access works on the 5s, but it would be nice if… and so it goes.

So did Apple kneel to the Android push in doing this?  I don’t think so, if they did then maybe it was in a very very small way.  I actually think Android did a big favour to Apple in working out the kinks first.  Who needs your own R&D and customer metrics when another company does it all for you?  I think big phones were just big phones until very recently.

I also don’t think that the simultaneous introduction of the Apple Watch and the big phone was an accident either.  With a large phone you immediately lose a small measure of convenience, but you gain that back – and more – with an Apple Watch immediately at hand (yes I know).  So Apple was working on the watch for 3 years, and big phones have been out for how long now?

If you still don’t understand Apple’s philosophy in all of this, watch the “Perspective” video again, and read the words and not just look at the great camerawork.

Will it sell?  Dumb question, of course it will.  Will it sell because it’s bigger?  Well there’s no more new 4″ iPhone so it’s hard to say.  The twitters seem to indicate to me that many are going to get the Plus because of its assumed scarcity and “see how they like it”.  I presume the Plus will sell ridiculous amounts.  What we don’t know at this point is how many will be returned in a couple weeks for the 6.  (I also wonder how Apple will count this as sales figures?)

So, bottom line for me… I’m in no rush for the 6 but I will envy those that have it.

Desktop Linux Networking

WD MyBook Live

I discovered the other day that my WD MyBook Live is a lot more capable than I realized. It is actually running some flavour of Debian and has a fair suite of default unix commands.

So what did I do with it? I didn’t go too wild… Due to the death of a previous MyBook (capacitor problems on the interface board, I think), I decided I wanted some mirroring capability on it with another drive attached to my server Linux machine. Fortunately, on the Live, I found rsync, ssh and cron, which seems like the power trio I needed.

First step, enable SSH. That was too easy, go to http://address/UI/ssh and check a box. Done! The instructions for logging in are there.

Next, log in by ssh and create a ssh key pair… Something like

ssh-keygen -t rsa

Use no password on this one, and store the keys in /root/.ssh – it seemed reasonable enough (do I need to tell you that you need to guard this key carefully, as it leaves the door wide open to your server?). Next, copy the public key over to the other machine…

scp /root/.ssh/ username@servername:/home/username

And on the server

cat >> .ssh/authorized_keys

Test it out on the MyBook again…

ssh -i ~/.ssh/id_rsa username@servername

Boom. In.

Next, test out rsyncing. I found out that the directories created through the GUI and through file sharing are on /DataVolume/shares, so…

rsync -e ssh -avz --dry-run --delete /DataVolume/shares/storage/ username@servername:/path/on/the/server/storage/

It should pull in the key and do a dry run of the sync. If it works, try without the –dry-run switch and run the real sync. This will take some time depending on the amount to sync.

The switches are -e to execute ssh, -a to sync recursively and preserve permissions and symlinks, -v to be verbose, and -z to use compression. You can remove the -v portion before putting it in cron.

Speaking of which put the above successful command line into a shell script and copy it into /etc/cron.daily. Don’t forget to make it executable.

Very cool! The Live series of drives is now called the MyCloud, and is more powerful yet, including a stronger CPU and a USB host. It’s probably worth having at least one of these devices on a local network for part of a comprehensive backup strategy.

Linux Networking Security Server

More hack attempts

After my last experience, I checked my logs and noticed quite a load of failed attempts on my mail server.  It looks like a brute force script kiddie attack, which I’m pretty sure will fail on my machine.

Still, I want to kick out these morons.  So after some research, I found fail2ban.  The installation was simple enough, and with a little bit of configuration (in jail.local, not jail.conf!) I had it up and running… but the attacks continued.

I wrote a simple perl one-liner to parse out all of the failed login attempts, run them through sort and uniq to get the repeat offenders (twice is enough, kids) and append that to the hosts.deny.  That worked, but not ideal.  I’d rather have iptables-level blocking (using DROP instead of REJECT to waste as much of their time as possible).  But fail2ban wasn’t catching them for some reason.

I set up a secondary rule and it still failed – until I discovered fail2ban-regex! With that command you can test your rules at any time instead of waiting for the next attempt to come in.  Great!  It turns out the regex wasn’t quite right for the messages I was getting.  I simplified the regex until it caught the failures.  But it still wasn’t working live.  Grr.

fail2ban works on log files.  It scans for repeated attempts to determine if there’s an attack going on.  This would work great unless the logging daemon compresses the messages with something like “last message repeated x times”.  And this happens a lot, especially when under attack and you actually need it!  You can not turn this feature off with sysklogd.  The last key was to replace sysklogd with syslog-ng and POW, the banstick came out to play.

Debugging wasn’t very easy, because the failures are silent.  Until I found fail2ban-regex I had about 4-8 hours between tweaks to the regex to see if it worked.

At least now I have a self-setting ban trap that uses iptables-level blocking.

If you’re reading this and you’re learning to be a script kiddie,  you are learning to be a loser.  You are creating nothing of value.  You could vanish from the Internet and not only would it become a better place, but the situation would improve.  Is that really what you want?  Instead, why not keep on learning about security but do this the right way, on your own machine or a VM and learn to strengthen the Internet, not ruin it.  You might actually be actually appreciated and valued by others on the net.

Linux Networking Security Server Uncategorized

Hack Attack

Someone mentioned they got a bounce from my domain’s email. I went to take a look at the error and discovered a couple of hosts trying to brute force login to my SMTP server. Some quick config changes to create a blacklist, and a fail2ban install and it has stopped now.

Lesson 1: check your logs often
Lesson 2: use SASL
Lesson 3: use complex and random passwords
Lesson 4: install and configure fail2ban or blacklist the bozos with iptables or hosts.deny or something.

I got most of these right the first try, especially the middle two.

Eternal vigilance, they say…