Voluntary Charity

There’s a trope I’ve run across a couple of times in conservative fora, that of voluntary charity, the idea that charitable giving should be a personal decision, not something forced by the state. To quote the Encyclopediat of Conservatism:

Charity is voluntary and personal; state welfare is compulsory and bureaucratic. Conservatives argue the two differ in kind, not merely in scale.

The first argument they give in favor of this position is

First, charity is a school of virtue. Giving that is chosen forms generosity, gratitude, and mutual obligation; taxation that is extracted forms nothing, and a citizen who has outsourced compassion to the state has been morally diminished, not relieved.

A similar sentiment is echoed in this editorial by Ray Nothstine in the Carolina Journal:

The reason [for donors’ generosity]? To model the message of Christmas, which embodies the kind of love that can only be voluntarily received. “Long before there was a government welfare program, this spirit of voluntary giving was ingrained in the American character,” declared former president Ronald Reagan in a 1981 Thanksgiving Proclamation.

and that

That kind of coercive effect [of using taxes to pay for charity] to create a bureaucratic caretaker society is a misguided view of charity. It’s a view that completely eschews virtue of voluntary giving.

In other words, the purpose is to make the giver feel good, or make them a better person. It’s not to improve the lives of the recipients. This feels like a main-character worldview, where other people are NPCs whose role is to help develop your character, not full-fledged human beings who’d like to get on with their lives.

Secondly, I’ve never seen the idea that giving should be voluntary applied to, say, national defense, or law enforcement, courts, agriculture subsidies, etc, even though you could presumably make the same arguments: “A society that merely punishes people by locking them up in jail at taxpayer expense merely creates a culture of criminality. We should voluntarily rehabilitate criminals”. Or how about “When the US switched from a mandatory draft to an all-volunteer military, the quality of our troops increased. So why stop there? Even those who don’t serve can donate money to buy missiles and tanks. Think how great our military would be if everything in it were voluntarily donated!”

Call me cynical, but these two things together make it sound as though “voluntary charity” is more of an excuse not to give to charity. Or to make sure that “the wrong people” don’t get their hands on that sweet, sweet cash.

I can’t speak for anyone else, but I think it makes more sense to focus on the problems, and the people experiencing those problems. If a government program helps ensure that a thousand people have something to eat today, even if they’re people I don’t like, well, that’s still a thousand people who’ll eat today. And if a few dozen of them use their government assistance to buy junk food instead of something nutritious, well, that’s still better than going hungry.

Another aspect of this is that government is a tool for solving problems at scale. In a democracy, we the people get to decide how our country is run, and that includes things like how much money and effort to put into helping other people, and how. Not necessarily through direct election, of course, but by electing people aligned with our views, and telling our elected representatives what the country should be doing and which problems need addressing. No, not everyone in a country will agree with what the government eventually winds up doing. You can’t get a thousand people to agree on anything, let alone three hundred million people. But we can, as a group, agree to work on some problems.

The Encyclopedia of Conservatism largely agrees:

The progressive critique holds that charity, whatever its virtues, fails the test of sufficiency. Voluntary giving is unpredictable, geographically uneven, and procyclical — it collapses in depressions exactly when need peaks, which is why every industrial democracy replaced it. Entitlement, on this view, is a feature: relief that arrives as a right preserves the dignity of the recipient, who need not perform gratitude or pass a benefactor’s moral inspection, while Tocqueville’s stigmatised pauper was precisely the product of discretionary, conditional alms. Social-democratic scholars add a structural point: poverty is produced by labour markets, housing costs, and ill health, not by individual character, so person-by-person moral formation treats symptoms. Empirically, they note that child-poverty rates in high-welfare states run far below those of charity-reliant eras, and that no private network ever matched the coverage of social insurance.

A word about that “pass a benefactor’s moral inspection”: we’ve all seen Gofundmes to pay people’s medical bills. That’s the purest form of voluntary charity, and it’s full of biases. To start with, there’s plain old fashioned racism; campaigns for Black people tend to do less well than ones for other people. They’re also biased in favor of good storytellers, or people who are better at tugging at your heartstrings, not necessarily those who need the most help.

Going back to the matter of scale: the Carolina Journal above lists a few examples of noteworthy voluntary-charity success stories:

Capitol Hill Lutheran Church in Des Moines, Iowa, just announced the forgiveness of $5 million in medical debt as part of an Advent campaign. Church leaders conclude their message by offering a commitment to continue the fundraising initiative.

Financial radio figure Dave Ramsey and his organization Ramsey Solutions recently paid off $10 million in debt for 8,000 people, including a large chunk of medical debt. A simple Google search of Christian churches and medical debt provides a lengthy list of articles detailing aggressive campaigns to pay off medical debts in the amounts of millions.

That’s great, but it’s a drop in the bucket. I’m glad that people were relieved of those $15 million in medical debt. Now what about the other $219,985 million? 1 Are there 10,000 other churches doing the same as Capitol Hill Lutheran and Ramsey Solutions, and are they coordinating their efforts to make sure they’re not stepping on each other’s toes?

Take an example of a large-scale voluntary charity: the American Red Cross. In 2025, it had revenues of almost $4 billion dollars. That same year, the US government spent $8.75 billion on improving health around the world. And another $18 billion for peace, $7 billion on economic development, and $5 billion on humanitarian assistance. Show me a private organization that has that kind of reach.

Back in 2005, when hurricane Katrina devastated New Orleans, lots of people ran drives to collect canned food and blankets for the victims, and the disaster-relief folks on the ground had to explain that they didn’t have the time or manpower to sort through disparate boxes. They enlisted the help of companies like Budweiser and Wal Mart to bring pallets of drinking water and supplies. Companies that had the infrastructure and knowledge to move tons and tons of supplies from point A to point B.

Sure, it feels good to open your wallet and help someone. Or to pay for a stranger’s meal. Or to send blankets and cans of food to earthquake victims. But if we really want to help people rather than make ourselves feel better, the artisanal approach won’t cut it. We need to help on an industrial scale. If there’s a better tool than government for doing this, I don’t know of one.

Footnotes:

1

$220,000 million minus $15 million.

Ansible at Home

Some years ago, I started managing my home machines using Ansible, an effort that continues to this day.

The first thing I did, naturally, was to set up an inventory of machines, organized into various classes, like desktop vs. laptop, operating system family, and the like.

The first mistake I made, as I later found out, was to spend all that time setting up classes. That would have been very useful in a large-scale environment, or even a small company with 30 employees, where you want to say “Set up all the Linux machines this way. Set up all the back-end servers this way”. But at home? Every one of my machines is a one-off, a special snowflake, so there’s very little benefit to be had from trying to group hosts into classes. I wound up making one playbook per host, nothing fancy, and that works just fine.

The big advantage, for me, is that this system provides a record of how my machines are set up, and just as importantly, why. Why did I install Inkscape? Did I just want to noodle with drawing pictures, or was that a prerequisite for some other project I was working on? So if I nuke it, will I miss it later? By the same token, if there’s some package I don’t recognize, I can just nuke it, and Ansible will reinstall it if it turns out to be needed.

I said above that it doesn’t help to organize machines into classes, because each one is a unique snowflake. But as it turns out, there are things I want to do everywhere. Things like Emacs config, or installing the Firefox plugins I want to use.

These are the things that roles are made for. So even though each machine is a unique snowflake, there are parts of their configuration that can be copied, and then you can just use that role in each machine’s playbook.

If you wind up with a lot of common tasks that don’t seem big enough to turn into roles, you can also set up a more traditional common.yml playbook for whichever bits of configuration are shared between hosts.

And finally, the big question is: is it worth it? Well, for me it is. At least, I haven’t given up. Your mileage may vary. I find that it keeps things tidy. If I wonder why something is set up some way, I can look at the Ansible directory and its editing history in git and see what I was thinking at the time. On the down side, there’s extra work involved in making any change.

It’s particularly worth it if you regularly need to make changes, whether it’s because you set up new machines all the time (I have an Ansible config for setting up a new Raspberry Pi). Also, Apple has a habit of overwriting /etc/auto_master with every OS upgrade and breaking my automounts. So being able to just run ansible-playbook= to fix it is very handy.

On Emacs Theme Precedence

I’ve written before about themes in Emacs, and in particular about using them for something other than just colors. And naturally, you can have more than one theme active at the same time. So what happens when you have a variable set in two active themes?

The list of enabled themes is the custom-enabled-themes variable. And rather intuitively, earlier ones override later ones. Normally, (load-theme 'mytheme) prepends mytheme to custom-enabled-themes, so the settings you just loaded take effect, and last until you load some other settings on top of them, which makes sense.

There’s one twist, though: the settings you change through the “Customize Emacs” system also count as a theme, at least in some ways. If you look at the property list for a symbol defined in two themes, you might see something like

(symbol-plist 'my-var)

(theme-value
 ((user 'customized-value)
  (second-theme 'second-value)
  (first-theme 'first-value))
 saved-value 'customized-value
 ...)

This tells us that two themes, first-theme and second-theme, have both defined my-var, and set it to first-value and second-value respectively. The symbol’s value is resolved in the order in which it appears here, so second-value overrides first-value because it was loaded later.

But there’s that third user entry, which comes first, and thus overrides the other values: that comes from (customize-variable 'my-var). I find this counterintuitive, since I think of the customization variables as the defaults, to be overridden by themes.

The solution I came up with this was to define my own theme, arensb, to hold all of the settings that might be overridden by other themes, and to load it first. Actually, I already had this theme lying around to store my favorite colors and faces, but themes can hold other values, so it made sense to reuse it.

Return values from Ansible roles

Ansible roles aren’t functions, so they don’t actually return values. But what if they could?

I recently wrote a role to update a software package, which involved asking some questions:

  1. What’s the latest version?
  2. Which version, if any, is currently installed?

I wanted my role to be modular(ish), so it made sense to outsource those questions to other roles. But how would they return their results? I tried adding register: latest_version to the role invocation, but that didn’t work.

But you can set facts inside a role:

# ... Figure out installed version of Foo package...
- name: Return a value
  set_fact:
    installed_version: "1.2.3"

and if you know that this role sets installed_version, you can treat that as a return value, just as if it were a task with register: installed_version. Also, the fact that it sets, installed_version, is local to the client, so each host will have a copy in hostvars[ansible_host]. This makes sense: after all, you might want to know which of your machines are out of date.

The problem, though, is that installed_version is “global” to each client. So if you’re checking the installed version of multiple packages

- name: Upgrade if necessary
  roles:
    - role: check_version
      package: Foo
    - role: check_version
      package: Bar
    - role: check_version
      package: Baz
  tasks:
    - debug: var=installed_version

how do you know which package’s installed_version you’re dealing with?

The way to fix this is to realize that you can use string interpolation on the left side of the colon. When we invoke the role, let’s also give it the name of a fact to put the return value in:

- name: Upgrade if necessary
  roles:
    - role: check_version
      package: Foo
      return: foo_version
    - role: check_version
      package: Bar
      return: bar_version
    - role: check_version
      package: Baz
      return: baz_version

The check_version role then sees return as a role variable, and can use that in a play:

# ... Look up installed version of the given package...
- name: Return version number
  set_fact:
    "{{ return }}": "1.2.3"

And then just check the appropriate fact for each role invocation.

- debug: var=foo_version
- debug: var=bar_version
- debug: var=baz_version

Bear in mind that these variables have the same scope as other facts, so if two roles set installed_version, you’re back to the earlier problem of them stepping on each other’s feet. And yes, the whole thing feels like a hack. But it does mean you can return values from roles.

Location-Based Themes in Emacs

There are lots of Emacs themes out there. People mostly use them to change colors. That’s great, but you can do more. As the documentation says:

Custom themes are collections of settings that can be enabled or disabled as a unit.

That can be any setting, not just colors.

I use Emacs in multiple situations. I use it at home, I use it in the office, I use it when I’m working from home, and so on. And there are settings that change depending on how and where I’m using Emacs, the most obvious of which being user-mail-address, which I want to set to user@home.org when I’m sending personal mail from home, and user@work.com when I’m sending professional mail from work. I have other settings that change between locations, like the directory where org files go, because reasons. Your location-dependent settings will be different.

So it seems the natural way to deal with this is to put all of the location-dependent settings in a theme, and load whichever theme is appropriate for what you’re doing. Since themes are groups of settings that can be turned on or off as a group, you can even switch themes in the middle of an Emacs session. For instance, if you’re a consultant working with two clients, you can enable theme client1 in the morning; and then, in the afternoon, disable theme client1 and enable theme client2 to update your settings.

Setting Up Location-Based Themes

To start with, let’s set up a couple of themes called personal and work, for personal and professional stuff, respectively. Check the value of custom-theme-directory. By default, Emacs looks for themes in the same directory as init.el, but I like to put them in a separate subdirectory, ~/.emacs.d/themes. Customize this to your taste. For the rest of this post, I’ll assume that you’re using ~/.emacs.d/themes.

Theme files should go in a file named <theme-name>-theme.el. So create the file ~/.emacs.d/themes/personal-theme.el to hold the personal theme:

(deftheme personal
  "Settings when working on personal projects."
  :family "location")

(custom-theme-set-variables 'personal
 '(user-mail-address "bob@home.org")
 ;; Add additional variables here.
 )

(provide-theme 'loc-personal)

You can now run M-x load-theme personal to load the theme. Theme files contain Emacs Lisp code, which can be a security risk, so the first time you load it, or any time you make any changes, Emacs will ask you to confirm whether to load the theme, and whether to mark it as safe in the future. If you say yes, the next time it’ll just load the theme asking for confirmation.

Follow the same steps to create a work theme.

Loading A Theme at Startup

Once you have something that works reasonably well, you’ll probably want something that loads the right theme when Emacs starts. For this example, we’ll assume that if the hostname is my-laptop, then you’re working on personal things and want to load the personal theme, while if the hostname is office-workstation, then you’re at work and want to load the work theme.

Add something like the following to your ~/.emacs.d/init.el:

(add-hook 'emacs-startup-hook
  (lambda nil
    ;; Figure out which theme to load, depending on which machine this
    ;; is running on, and which options were specified.
    (let ((loc-theme 'unknon)
          )
      (cond
       ;; Running on personal laptop.
       ((string= system-name "my-laptop")
        (setq loc-theme 'personal)
        )

       ;; Running on work machine.
       ((string= system-name "office-workstation")
        (setq loc-theme 'work))

       ;; Add any other locations/work modes here.
       ))

      ;; Check whether the theme exists. If it does, load it.
      (if (member loc-theme (custom-available-themes))
          (progn
            (load-theme loc-theme)
            )
        (warn "Can't find location theme \"%s\"" loc-theme)
        ))))

Here, we’re just looking at the hostname, but obviously the condition can be arbitrarily complex. You might pick different themes depending on the day of the week, or whether you’re ssh-ed in from another host, the phase of the moon, or whatever makes sense in your situation. Add or remove themes as necessary.

Further Thoughts

One advantage of doing things this way is separation of information. Maybe you want to make your Emacs setup publicly visible on github, but your work setup includes hostnames or other information that shouldn’t leave company premises. In this case, you can store your work-theme.el file on your company machine, perhaps in a separate directory. You can add an entry to custom-theme-load-path, a directory outside of ~/.emacs.d, so that your work theme doesn’t accidentally get added to the git repo that has your init.el and your publicly-visible themes.

There’s one problem that I haven’t found a good solution to: child themes. Let’s say you have your work theme, with a hundred work-related settings. But of those 100 settings, there are three that change depending on whether you’re logged in to host1 or host2.It would be nice to have a host1 theme that automatically includes everything from the work theme, plus the three settings that are specific to host1. I don’t see a good way of doing this. It might make sense to use literate programming to generate multiple *-theme.el files from one source .org file.

Mass-replacing patterns in Emacs

Some people have project cars—cars that don’t work, that they put up on blocks or in the garage, and then lovingly restore to working order. I have some project books: e-texts that I got on a compilation CD in the 1990s, and finally decided to convert to EPUBs.

I’m using the Standard Ebooks style manual, since they seem to know what they’re doing. And these style guidelines can get pretty specific. For instance, if you have a numeric or date range, you should use an en dash surrounded by Unicode word joiner glyphs.

None of this is a problem if you’re using Emacs, of course. You can enter weird characters with M-x insert-char, which allows you to search for specific Unicode characters. And of course M-x query-replace-regex will find two numbers separated by an ASCII hyphen.

The clever part, though, was the realization that even though I have about 900 source xhtml files, they only come to about 35Mb, and in the 2020s, that’s not a lot (though it would have been science fiction back when I got that CD). So why not just load them all?

Once we do that, we can use occur-mode to look for patterns. It’s like grep for Emacs. In this case, we want to search for patterns in all of the source buffers, so we’ll use multi-occur-in-matching-buffers, which requires us to specify one pattern for the buffers to search (\.xhtml$) and another for the string or pattern to search in those buffers ([[:digit:]]-[[:digit:]]).

That brings up a buffer called *Occur* with all of the matching lines. And here’s the next cool bit: you can press e to switch to occur-edit mode: if you make a change to the *Occur* buffer, those changes propagate back to the source buffers. Which means that I can use standard tools like replace-string, query-replace-string, replace-regexp, and query-replace-regexp to either make changes in bulk if I’m sure of what I’m doing, or one at a time if I’m not.

One difficulty: what if some lines match what you want, and some don’t, but the “bad” lines match some other pattern? For instance, in my case, the CD publishers used an ASCII dash followed by a space for what should have been an em dash. But searching for “- ” (a dash followed by space) cluttered up my *Occur* buffer with a lot of HTML comments.

No problem: *Occur* is just another Emacs buffer, so all I had to do was use replace-regexp to delete the lines with HTML comments, which cleared away a lot of distracting noise. (And no, deleting whole lines in *Occur* doesn’t delete the corresponding lines in the source buffers.)

Literate Lists

I’ve written before about literate programming, and how one of its most attractive features is that you can write code with the primary goal of conveying information to a person, and only secondarily of telling a computer what to do. So there’s a bit in my .bashrc that adds directories to $PATH that isn’t as reader-friendly as I’d like:

for dir in \
    /usr/sbin \
    /opt/sbin \
    /usr/local/sbin \
    /some/very/specific/directory \
    ; do
    PATH="$dir:$PATH"
done

I’d like to be add a comment to each directory entry, explaining why I want it in $PATH, but sh syntax won’t let me: there’s just no way to interleave strings and comments this way. So far, I’ve documented these directories in a comment above the for loop, but that’s not exactly what I’d like to do. In fact, I’d like to do something like:

$PATH components

  • /usr/sbin
  • /usr/local/bin
for dir in \
    {{path-components}} \
    ; do
    PATH="$dir:$PATH"
done

Or even:

$PATH components

DirectoryComments
/usr/sbinsbin directories contain sysadminny stuff, and should go before bin directories.
/usr/local/binLocally-installed utilities take precedence over vendor-installed ones.
for dir in \
    {{path-components}} \
    ; do
    PATH="$dir:$PATH"
done

Spoiler alert: both are possible with org-mode.

Lists

The key is to use Library of Babel code blocks: these allow you to execute org-mode code blocks and use the results elsewhere. Let’s start by writing the code that we want to be able to write:

#+name: path-list
- /usr/bin
- /opt/bin
- /usr/local/bin
- /sbin
- /opt/sbin
- /usr/local/sbin

#+begin_src bash :noweb no-export :tangle list.sh
  for l in \
      <<org-list-to-sh(l=path-list)>> \
      ; do
      PATH="$l:$PATH"
  done
#+end_src

Note the :noweb argument to the bash code block, and the <<org-list-to-sh()>> call in noweb brackets. This is a function we need to write. It’ll (somehow) take an org list as input and convert it into a string that can be inserted in this fragment of bash code.

This function is a Babel code block that we will evaluate, and which will return a string. We can write it in any supported language we like, such as R or Python, but for the sake of simplicity and portability, let’s stick with Emacs lisp.

Next, we’ll want a test rig to actually write the org-list-to-sh function. Let’s start with:

#+name: org-list-to-sh
#+begin_src emacs-lisp :var l='nil
  l
#+end_src

#+name: test-list
- First
- Second
- Third

#+CALL: org-list-to-sh(l=test-list) :results value raw

The begin_src block at the top defines our function. For now, it simply takes one parameter, l, which defaults to nil, and returns l. Then there’s a list, to provide test data, and finally a #+CALL: line, which contains a call to org-list-to-sh and some header arguments, which we’ll get to in a moment.

If you press C-c C-c on the #+CALL line, Emacs will evaluate the call and write the result to a #+RESULTS block underneath. Go ahead and experiment with the Lisp code and any parameters you might be curious about.

The possible values for the :results header are listed under “Results of Evaluation” in the Org-Mode manual. There are a lot of them, but the one we care the most about is value: we’re going to execute code and take its return value, not its printed output. But this is the default, so it can be omitted.

If you tangle this file with C-c C-v C-t, you’ll see the following in list.sh:

for l in \
    ((/usr/bin) (/opt/bin) (/usr/local/bin) (/sbin) (/opt/sbin) (/usr/local/sbin)) \
    ; do
    PATH="$l:$PATH"
done

    It looks as though our org-mode list got turned into a Lisp list. As it turns out, yes, but not really. Let’s change the source of the org-list-to-sh() function to illustrate what’s going on:

    #+name: org-list-to-sh
    #+begin_src emacs-lisp :var l='nil :results raw
      (format "aaa %s zzz" l)
    #+end_src

    Now, when we tangle list.sh, it contains

        aaa ((/usr/bin) (/opt/bin) (/usr/local/bin) (/sbin) (/opt/sbin) (/usr/local/sbin)) zzz \

    So the return value from org-list-to-sh was turned into a string, and that string was inserted into the tangled file. This is because we chose :results raw in the definition of org-list-to-sh. If you play around with other values, you’ll see why they don’t work: vector wraps the result in extraneous parentheses, scalar adds extraneous quotation marks, and so on.

    Really, what we want is a plain string, generated from Lisp code and inserted in our sh code as-is. So we’ll need to change the org-list-to-sh code to return a string, and use :results raw to insert that string unchanged in the tangled file.

    We saw above that org-list-to-sh sees its parameter as a list of lists of strings, so let’s concatenate those strings, with space between them:

    #+name: org-list-to-sh
    #+begin_src emacs-lisp :var l='nil :results raw
      (mapconcat 'identity
    	     (mapcar
    	      (lambda (elt)
    		(car elt)
    		)
    	      l)
    	     " ")
    #+end_src

    This yields, in list.sh:

    for l in \
        /usr/bin /opt/bin /usr/local/bin /sbin /opt/sbin /usr/local/sbin \
        ; do
        PATH="$l:$PATH"
    done

    which looks pretty nice. It would be nice to break that list of strings across multiple lines, and also quote them (in case there are directories with spaces in them), but I’ll leave that as an exercise for the reader.

    Tables

    That takes care of converting an org-mode list to a sh string. But earlier I said it would be even better to define the $PATH components in an org-mode table, with directories in the first column and comments in the second. This is easy, with what we’ve already done with strings. Let’s add a test table to our org-mode code, and some code to just return its input:

    #+name: echo-input
    #+begin_src emacs-lisp :var l='nil :results raw
      l
    #+end_src
    
    #+name: test-table
    | *Name*   | *Comment*        |
    |----------+------------------|
    | /bin     | First directory  |
    | /sbin    | Second directory |
    | /opt/bin | Third directory  |
    
    #+CALL: echo-input(l=test-table) :results value code
    
    #+RESULTS:

    Press C-c C-c on the #+CALL line to evaluate it, and you’ll see the results:

    #+RESULTS:
    #+begin_src emacs-lisp
    (("/bin" "First directory")
     ("/sbin" "Second directory")
     ("/opt/bin" "Third directory"))
    #+end_src

    First of all, note that, just as with lists, the table is converted to a list of lists of strings, where the first string in each list is the name of the directory. So we can just reuse our existing org-list-to-sh code. Secondly, org has helpfully stripped the header line and the horizontal rule underneath it, giving us a clean set of data to work with (this seems a bit fragile, however, so in your own code, be sure to sanitize your inputs). Just convert the list of directories to a table of directories, and you’re done.

    Conclusion

    We’ve seen how to convert org-mode lists and tables to code that can be inserted into a sh (or other language) source file when it’s tangled. This means that when our code includes data best represented by a list or table, we can, in the spirit of literate programming, use org-mode formatting to present that data to the user as a good-looking list or table, rather than just list it as code.

    One final homework assignment: in the list or table that describes the path elements, it would be nice to use org-mode formatting for the directory name itself: =/bin= rather than /bin. Update org-list-to-sh to strip the formatting before converting to sh code.

    Renewing an Overdue Docker Cert in QNAP

    Writing this down before I forget, somewhere where I won’t think to look for it the next time I need it.

    So you’re running Container Station (i.e., Docker) on a QNAP NAS, and naturally you’ve created a cert for it, because why wouldn’t you?, except that it expired a few days ago and you forgot to renew it, because apparently you didn’t have calendar technology when you originally created the cert, and now Container Station won’t renew the cert because it’s expired, and it won’t tell you that: it just passively-aggressively lets you click the Renew Certificate button, but nothing changes and the Docker port continues using the old, expired cert. What to do?

    1. Stop Container Station
    2. Log in to the NAS and delete /etc/docker/tls (or just rename it).
    3. Restart Container Station. Open it, and note the dialog box saying that the cert needs to be renewed.
    4. Under Preferences → Docker Certificate, download the new certificate.
    5. Restart Container Station to make it pick up the new cert.
    6. Unzip the cert in your local Docker certificate directory: either ~/.docker or whatever you’ve set $DOCKER_CERT_PATH to.
    7. Check that you have the right cert: the cert.pem that you just unzipped should be from the same keypair that’s being served by the Docker server:
      openssl x509 -noout -modulus -in cert.pem | openssl md5
      and
      openssl s_client -connect $DOCKER_HOST:$DOCKER_PORT | openssl x509 -noout -modulus | openssl md5
      should return the same string.
    8. Check the expiration date on the new cert. Subtract 7 days, open a calendar at that date and write down “Renew Docker certificate” this time.
    ActivityPub Test

    In theory, this post should show up in the Fediverse as a thing you can read and/or interact with.

    Hard to Argue With Vagueness

    In Iowa’s Gazette, one John Hendrickson has an editorial on the importance of preserving the Electoral College, as opposed to electing the president by popular vote. So let’s see what his reasons are.

    He starts out with a few paragraphs that use words like “attack”, “elimination”, “undermine” to create a vague feeling that something bad will happen if the Electoral College is eliminated, without actually making anything that could be considered an argument.

    He eventually gets to

    When the Founding Fathers met in Philadelphia in 1787, our Constitution created a republican form of governance that limited the powers of the federal government. In Federalist Paper 45 James Madison wrote: “The powers delegated by the proposed Constitution to the federal government are few and defined. Those which are to remain in the State governments are numerous and indefinite.” The 10th Amendment further solidified what Madison wrote in Federalist 45. Historian Allen Guelzo correctly points out that the “Constitution never set out to create a streamlined national government.”

    Hearkening back to the founding of the nation is very much on-brand. The revolutionary period is seen by many as a golden age, when a perfect constitution leapt, Athena-like, from the founders’ collective brow. Even a cursory glance at American history will belie this simplistic story, or even the first ten amendments: a bunch of states wouldn’t join the union unless the constitution were first amended.

    Beyond that, Hendrickson still isn’t making much of an argument: he implies that the National Popular Vote movement somehow wants to give to the federal government powers that were properly given to the states, but doesn’t spell out what these powers are, or how they would be taken away. If the National Popular Vote Interstate Compact passes, elections will still be conducted by the states, the same way as before. In fact, the compact relies on the fact that each state can conduct elections however it wants to, including taking into account the way other states vote, if it wants to.

    Hendrickson continues:

    The American Founders did not wish the states to have a diminished role under the Constitution. The late constitutional scholar James McClellan wrote that the “entire Constitution is actually honeycombed with provisions designed to protect the residual sovereignty and interests of the states and to give them influence in the decision-making process at the national level.”

    This certainly includes the Electoral College. In considering the election of the executive, the Founders rejected outright a direct, national election. In designing the Electoral College, the Founders wanted to ensure that the selection of the executive was independent of Congress and included the states; the Electoral College was designed to protect the interests of the states and the people.

    Again, there’s lots of handwaving, but very little by way of actual argument. “[T]he Founders rejected outright a direct, national election.” Well, yes; the Electoral College was a compromise toget states like Virginia to join the union: Virginia hada lot of slaves, but comparatively few voters, and the Electoral College gave itmore influence in presidential elections than it would otherwise have.

    But the mere fact that the founders set things up a certain way is no reason to keep them that way. Back in 1789, different states might as well have been different countries. Today, you can easily send money from a bank in Maryland to order something from a company in Connecticut (whose headquarters are in Delaware), and have it shipped from Georgia. Heck, Oklahoma currently has the same population as the entire country did in 1789. Times are different. If we’re going to quote the founders, how about Thomas Jefferson?

    “I am not an advocate for frequent changes in laws and constitutions, but laws and institutions must go hand in hand with the progress of the human mind. As that becomes more developed, more enlightened, as new discoveries are made, new truths discovered and manners and opinions change, with the change of circumstances, institutions must advance also to keep pace with the times. We might as well require a man to wear still the coat which fitted him when a boy as civilized society to remain ever under the regimen of their barbarous ancestors.”

    Hendrickson also writes, “the Founders wanted to ensure that the selection of the executive was independent of Congress and included the states”. Again, this is just vague threats. He doesn’t say how Congress would be involved in presidential elections, or how states would be excluded; he just throws that out as a vague threat.

    Americans need to understand the importance of federalism to our constitutional republic. Federalism is as essential as separation of powers and checks and balances, allowing the states to maintain a level of sovereignty from the federal government. The Electoral College is the final “Rock of Gibraltar defense of federalism. “Federalism is in the bones of our nation and abolishing the Electoral College would point toward doing away with the entire federal system,” argues Guelzo.

    Here, Hendrickson seems to be making some kind of slippery-slope argument, that electing the president by popular vote will somehow erode the separation of powers and, I don’t know, lead to autocratic rule or something. I’d like to avoid autocratic rule, and I’d be interested in how Hendrickson thinks this slow erosion might happen, if it weren’t for the fact that our Capitol was attacked a year and a half ago by a mob trying to undermine democracy and install an autocrat.

    If the Electoral College was eliminated, Iowa would be ignored by presidential candidates and the voices of Iowans would be drowned out as elections would be decided by large urban centers.

    Finally, we get to an actual pair of arguments. They’re stupid, but they’re still arguments: 1) if it weren’t for the Electoral College, candidates would ignore Iowa and Iowans’ concerns, and 2) the outcome of the election would be decided solely by big cities.

    I’ve dispensed with (2) elsewhere. As for (1), the reason political campaigns pay attention to Iowa isn’t the Electoral College; it’s the fact that it has the first presidential caucuses. So there’s symbolism in winning the Iowa caucuses. It gives the winning candidates a morale boost. Beyond that, once the candidates are finally chosen, no one gives a shit. Iowa is a red state, one of those that the networks call on election night as soon as they’re legally allowed to. The Democrats write it off, and Republicans take it for granted. Getting rid of the Electoral College might actually help with that.

    The fact that supporters of the Electoral College feel the need to write this sort of column is telling. If they had any solid arguments, they’d trot them out. Instead, we get this wishy-washy appeal to tradition and fear of change.