New-Era Conservatives: A Closer Look

I recently realized that there are at least two conservative-ish movements that have emerged from the same Internet communities in the past year or so. One of them has a widely-recognized name (the alt-right) and is talked about frequently. The other one has no widely-recognized name and is often incorrectly lumped in with the alt-right. My purpose here is to understand and explain the two movements.

The Alt-Right

Much has been said about the alt-right in the months leading up to and following the 2016 election. But how much of it is accurate? What exactly is the alt-right? Are all of the people who the media calls alt-right actually alt-right?

There doesn't seem to be any official definition of alt-right, and the term has been used to describe a pretty wide variety of people. I think the most useful definition is the one put forth by Sargon of Akkad. Go watch that video. I'll wait. Really, go watch it.

OK, fine. I'll give you the Cliff's Notes. According to Sargon, the alt-right is a rather diverse bunch, but they are held together by a few things that they all agree on more or less. Specifically:

  • They believe that the white race is under threat. They typically use the term "white genocide" to refer to this.
  • They promote the idea of ethnostates, and they are particularly keen on turning the USA and other Western nations into white nations, with very few or no non-white people.
  • They think of people in terms of identity groups rather than as individuals.
  • They think that race drives culture. In other words, black people and white people have different cultures in the US not as an accident of history, but because they are black and white.
  • They cling tightly to tradition and are generally against abandoning traditions.

There are few things that the alt-right is often inaccurately described as:

  • Nazis
  • White supremecists
  • Generally anti-Semitic

While there are Nazis and white supremecists under the alt-right umbrella, they are a minority. Also, the difference between white nationalism and white supremecism is in important one. The white nationalists of the alt-right do not advocate extermination of non-white people (although the Nazis probably do). Rather, they advocate sending non-white people away to non-white nations. Additionally, unlike the white supremecists, they do not believe that white people deserve to rule the world. In fact, many of them believe that east Asians (e.g. Chinese people) are more intelligent than white people (and I will acknowledge that IQ tests support this claim).

The alt-right is also often accused of being anti-Semitic, which is not entirely accurate, but there is a good bit of truth to it. The alt-right is divided on Jews, with some considering them to be white and others considering them to be non-white. Some even consider the Jews to be the enemy. I don't think there's enough agreement on the matter to say much with certainty, though.

In short, the alt-right is authoritarian, collectivist, and identitarian. They are, in many ways, the mirror image of the Social Justice movement. Their ideology has the same shape, just with "white" and "person of color" switched.


Unlike the alt-right, there is no widely-recognized name for this other group. I have chosen to call them Kekistan, since they generally claim Kekistani ethnicity or otherwise affiliate themselves with Kekistan and the Cult of Kek. They tend to have a fairly irreverent nature, not taking anything too seriously, including themselves. They are the people who take delight in pointing out that the emperor has no clothes.

The etymology of Kekistan is quite interesting. KEK is the Korean equivalent of LOL, which migrated to Western Internet culture via Starcraft. (Hence, "zerg rush kekekekekekek" is equivalent to "zerg rush lolololololol".) KEK (often rendered as "Kek" or "kek") came into common usage around the time that Pepe the Frog did (more on him later). At some point, 4chan became aware of the ancient Egyptian god Kek, who happened to have a frog's head. This lead to a satirical Cult of Kek, with Pepe as a major figure.

Meanwhile, the Social Justice movement was on the march. Many people were disturbed by this trend, and they developed a parody ethnicity and nationality to protest it: Kekistan. In short, "Kekistani" is an ethnicity that can be claimed by anyone who hates identity politics and wants to mockingly claim oppression. Oppression by who? The Normies, of course! That is, "normal" people who don't hang out on 4chan or Reddit and take a mainstream position on Social Justice (either supporting it, opposing it while supporting its basic premises, or expressing vague, unprincipled opposition to it). Pepe the Frog is a major symbol of Kekistan, as is the Kekistani flag, which is a parody of the Nazi battle flag, with green instead of red, crossed KEKs instead of the swastika, and a symbol representing 4chan in place of the Iron Cross in the corner.

(Side note: this all makes the chants of "KEK! KEK! KEK!" at 4chan-heavy free speech rallies quite hilarious. They are basically chanting "HA! HA! HA!")

(Side side note: 4chan is a growing political force. May God have mercy on us all.)

So who the hell are these people? Like the alt-right, they are a pretty diverse bunch. Their politics are scattered across the left-right spectrum. What binds them together? Primarily, they are bound by a shared loathing of identity politics and the Social Justice movement. Secondarily, they are bound by shared communities on the Internet, such as 4chan and Reddit. Like the alt-right, the movement seems to be fairly closely affiliated with the /pol/ board on 4chan.

It is their shared affiliation with these Internet communities that have lead to Kekistan getting lumped in with the alt-right. To further confuse matters, their shared birthplace has led to shared terminology and memes. The best examples are Pepe the Frog and the term "cuck".

Pepe the Frog

No, he's not a white supremecist meme. Those who claim he is are opening the door for white supremecists to take over anything and everything that the rest of us hold dear. Are you going to claim that Barack Obama is a white supremecist if people start photoshopping him into photos with Hitler? No? Then you can't claim that Pepe is a white supremecist meme. QED

(Side note: Tim Pool claims that 4chan started the "Pepe is a racist meme" meme. Why? Because they were upset that the "normies" were using Pepe memes. If this is true, it's not entirely without precedent: 4chan has previously been involved in bait-and-switch pranks where they started linking an innocuous image on various other sites, knowing that people would hotlink it all over the Internet (e.g. as Myspace backgrounds) and then replaced it with a photo of a lynching with racist text on it. Lulz ensued, although I doubt the people who suddenly had racist Myspace backgrounds were laughing.)

Pepe has been around for a long time. As you may have heard, he originated in a web comic called Boy's Club. I never read it, but I was aware of Pepe's use as a meme around 2009 or so. The first time I can recall seeing a white supremecist version of Pepe was in a news report during the 2016 presidential campaign. Interestingly enough, I soon read that the image in question was not findable anywhere on the Internet (at least by TinEye), meaning that it either originated in some backwater forum that takes steps to prevent search engine bots from crawling it or it was invented by the reporter for that story. In the first case, they are presenting the actions of a small group of unpopular people as being mainstream, and in the second case, they are flat out lying. Either way, it doesn't reflect well on the media company that reported it (CNN, if I recall correctly).

On a personal note, I find the hysteria surronding Pepe to be nothing short of absurd. HipChat responded to the (possibly fabricated) reports by removing its Pepe "feels good, man" and "feels bad, man" emojis. Recently, somebody sent a Pepe image to a random person in an airport (via some Apple local chat program), and she tracked him down and harangued him, all because he sent her an image of a cartoon frog. It's insane.

In any case, Pepe has been strongly associated with 4chan, which is why he ended up in use by both the alt-right and Kekistan, although it's pretty clear that Kekistan has a stronger claim to him than the alt-right.


This term is more strongly associated with the alt-right than with Kekistan, but it's used in both places. It's derived from the term "cuckservative", referring to the mainstream conservatives that they see as not acting out the values they professed when campaigning. The term "cuck" has largely morphed into a general-purpose insult, at least in Kekistan. (See: Carl the Cuck)

Currently, I see two main usages of "cuck". In one usage, it means "wimp", more or less. For example, nations like Canada may be described as "cucked" due to their attitudes on immigration and generally being a doormat for globalists (or at least they are perceived as such). The other usage is a general-purpose insult; replacing it with "poophead" would preserve the meaning of the sentence.

Because it arose on 4chan, it sees use by both the alt-right and Kekistan, so use of the word is not enough to determine if the speaker is alt-right or Kekistani. However, the alt-right seems to use it more frequently than Kekistan, so a person who uses it is more likely than not to be alt-right.

The Social Justice Connection

Both of these groups are essentially by-products of the Social Justice movement and identity politics in general.

The alt-right didn't learn their white nationalist ways by reading Mein Kampf. (If they did, they'd be full-blown Nazis.) Rather, the alt-right learned identity politics from the political Left in general and the Social Justice movement in particular. They don't dispute the central tenets of identity politics; they just choose different groups as oppressors and oppressed.

Kekistan, on the other hand, rejects the tenets of identity politics entirely. They seem, at least to me, to be people who didn't really want to get so involved in politics but felt forced by the militant march of Social Justice and the steady creep of identity politics into American and Western political life.

Both groups have legitimate fears. The Social Justice movement has nothing nice to say about white people (despite being full of white people itself), and it's not unusual to hear the more ardent adherents of Social Justice call for the deaths of white people or to claim that white lives have no value. If you see yourself as white, this is obviously threatening. The alt-right responds to this threat by seeking to establish safe havens for white people, much like Israel for the Jews. Kekistan responds to the threat by mocking it and seeking to undermine the entire philosophy behind it. Honestly, I like Kekistan's approach a lot better, since it's pretty hard to go from claiming a parody racial identity to advocating genocide. Not so for the alt-right's white nationalism.

The Trump Connection

The alt-right is obviously strongly associated with Donald Trump. Many have said that the alt-right got him elected. But is that true? What role did Kekistan play? The media have repeatedly shown that they have a hard time telling the two groups apart, so might they have been mistaken?

I suspect that Kekistanis and Kekistan-sympathizers are far more common than they may appear. The media is probably quick to dismiss people who claim a ficticious identity (e.g. Jedi as a religion) as mere pranksters, so they don't present Kekistan as a real political force. In fairness, this is a totally defensible strategy, as people who claim a ficticious identity have historically been either pranksters or seriously disconnected from reality.

The alt-right, on the other hand, claims a real identity (well, to the extent that any racial identity is real). This leads the media to take them more seriously. What's more, proudly proclaiming white identity and calling for that identity to be supported fits (more or less) with an established pattern. This leads the media to think, "Oh, looks like the Klan is on the march again." Even though this is wrong (as I explained earlier), it's not immediately obvious that it's wrong, it's uncomfortably close to being right, and it fits with the leftist media's biases and expectations. Thus, they take the alt-right even more seriously and continue to either ignore Kekistan or lump it in with the alt-right.

Despite their fundamental disagreement over identity politics, support for Trump is widespread in both the alt-right and Kekistan. Why is this? I think the alt-right is less in favor of Trump as it is scared to death of people like Hillary Clinton. After all, if you have a choice between somebody who hates you and everything you stand for and somebody who might not agree with you about ethnostates but at least won't try to crush you, you're going to cheer for the latter, right?

Kekistan, on the other hand, probably sees Trump as a sort of kindred spirit. He sows chaos every time he opens his mouth, and as denizens of 4chan (or at least people who live within its sphere of influence), Kekistanis embrace that chaos. Why do they embrance chaos? Part of it, I suspect, is that they feel stifled by mainstream American and Western culture. They see it as bloodless and boring. There are a lot of things you can accuse 4chan of lacking, but liveliness isn't one of them. I think there's also a general feeling that the political establishment is failing the West and doesn't represent the people it rules over. Kekistan and the alt-right (rightly or wrongly) both see Trump as upsetting that order, or at least as a middle finger raised in its direction.

If the political establishment is like a stuffy upper-class dinner party, electing Donald Trump is like taking a nervous cat, tying a noisemaker to its tail, and tossing it onto the center of the dining room table. You're not going to build a better world that way, but you can at least stop the partygoers from making things worse, and it sure is entertaining if you got invited to the dinner party, showed up, and then got the door slammed in your face.

Original Research

In the course of writing this article, I broke one of my own Internet rules and visited 4chan. I'll have you know that I did not descend into the depths of /b/. (I've skirted its periphery in the past, and the experience changed me. I've mostly recovered.) Instead, I lurked on /pol/. It was a fascinating and unsettling experience.

First off, due to the near-total lack of stable identity on 4chan, it's (usually) impossible to tell if any two posts are written by the same person. This makes it very hard to correctly interpret the posts. You might see somebody wistfully post a map where the Nazis rule all of Europe and Russia, but you can't really know if that person actually wishes the world was like that or if they're just trolling.

(I would love to know more about the thinking of the person who made that map, though. It should come as no great surprise that they gave North America to the Confederacy and made Africa a union of white colonies, but they made South America a giant anarcho-capitalist state, made Madagascar the new Israel, expanded China and India a bit, and turned Iran into a restored Persian Empire. Just what motivates that person? Is their thinking completely jumbled and random, or is there some strange principle that they follow?)

Sometimes, the trolls are obvious. One thread asked the question, "What have you done to help the white race lately?" Or something like that. One particularly on-the-nose troll indicated that he was a high-school student and, in a post that seemed carefully calibrated to give the impression of an immature kid who thinks he's edgy, stated that he was "helping the white race" by repeatedly yelling the N-word in class whenever he got the opportunity. Obvious troll is obvious. But how many of the others were also trolling, but being more subtle? I got the "try-hard edgy kid" vibe from a few others, but not all. I'm sure at least some of them were actual white nationalists or supremecists, but again, without being able to correlate a user's posts like you can on sites like Reddit, it's nearly impossible to tell how many there are.

That said, white nationalism and anti-semitism really seem to be strong themes there. Not everyone is a white nationalist/supremecist/whatever; the anarcho-capitalists put in a strong showing (hardly surprising on a web site that's just a hair's breadth away from anarchy itself), and the communists and anarcho-communists also crop up frequently. And then there's this one guy (well, presumably one guy) who posts crazy doomsday prophecies accompanied by images of pyramids. Kekistani images are suprisingly rare, but the flag of Kekistan (when you post, you can choose from an assortment of flags) is somewhat common. Sometimes, you see a thread started by somebody who either is or is pretending to be a normal person basically asking one of these crazy groups to prove that they're not crazy. That said, the white nationalists and flat-out Nazis really seemed (at least to me) to be the most prominent. The media is wrong to paint the whole group as a bunch of racists, but that accusation is not entirely unfounded.

And yet, there are a few things that seemed a bit off: practically everyone puts those silly triple parentheses around the names of Jews. Really, it seems like it's pretty much everyone. Even the anarchocapitalists do it with the names of Jews on the list of people they like. The usual racial slurs are extremely common (I don't recall ever seeing black people referred to with any term that one would use in polite company), but based on their frequency and the context, I'm not sure they're even being used as slurs in many cases. It's like they're just part of the local dialect, which is probably why the white nationalists tend to use slurs I've never even heard before.

Hanging out in such a community is a very, very strange and unsettling experience. The conversation breaks all the rules you are used to. Ideas that most people never consider (some for very good reasons) are openly debated. There are rules that are strange not because they prohibit normal things, but because they prohibit abnormal things, like the question of whether Spaniards are white. (Seriously. The recurring Nazi thread (or something similar) specifically prohibits asking that question. Yes, there is a recurring Nazi thread.)

I'm glad that such a place exists, but I won't be spending much time there, and I can't in good conscience advise my readers to do so. If you gaze long into an abyss, the abyss also gazes into you.


The alt-right and Kekistan are not the cancer that is killing America. Rather, they are the abdominal pains that tell America that maybe it should consider seeing a doctor. Neither one would exist without massive, sustained failure on the part of the political establishment. Well, maybe Kekistan would still exist, but it would be nothing more than a silly joke. America and the West in general have been on a bad path for the past few decades (probably at least 4 in America, since that's about how long wages have been stagnating). It's time to confront the failures of our political elites and fix our governments before something worse happens.

Ban Assault Knives!

How many tragedies like the horrible events at Ohio State must we allow to occur before we take action? Have we forgotten the bloodshed in Akihabara? How many more innocent, defenseless people must be injured and killed by knives? Knife violence is one of the biggest problems facing the US today, and the proper course of action is clear: we need an Assault Knives Ban.

Now, I know lots of cooking enthusiasts are going to scream bloody murder about how I'm trying to destroy their way of life, but let's face the facts here. Nobody needs knives like these:

Assault Knives

These are assault knives. They are designed to slash and stab. The one on the top has two assault features: a blade longer than 5 inches and a blade that is wider than the handle. The one on the bottom has three assault features: a blade longer than 5 inches and wider than the handle, plus a pointed tip. You do not need either of these knives to cook or eat.

A ban on assault knives would prohibit any knife with a blade longer than 5 inches and any blade that has a pointed tip or is wider than the handle. Rounded tips prevent stabbing, and short blades prevent limit the knives' effectiveness as weapons. A blade no wider than the handle forces a murderer to risk injury to himself (from his hand sliding down over the blade) when attempting to stab someone. Ideally, an Assault Knives Ban would make all schools and Universities knife-free zones, too. Food would be prepared by licensed and trained professional chefs in a high-security environment. Chefs who could demonstrate a clear need would still be able to use assault knives while at work, but these knives would be stored in secure lockers when not in use, and removing one from the food preparation facility would be a felony. The knife security measures in place at such facilities would be regularly audited by local law enforcement.

But don't worry, cooking enthusiasts! Nobody is going to confiscate your existing assault knives. You will have to register them, and you will not be able to transfer them (no, not even as inheritance), but you will be able to keep them for the rest of your life.

The following knives are not assault knives:

"Featureless" Knives

The knife at the top is not an assault knife because it has a rounded tip and a 5 inch blade. Although the middle knife has a pointed tip, it is not an assault knife because its blade is less than 5 inches long. The bottom knife is not an assault knife because it does not have a sharpened blade but instead has an "abrasive ridge".

Cooking enthusiasts can still do everything they want to with these knives. They can cut a pepper or a tomato. They can spread butter. They can carve a turkey.

What they can't do is attack our children at school.

I think we can all agree that now is the time for common-sense knife laws. Let's put an end to the epidemic of knife violence. Tell your Congressional representatives to support an Assault Knives Ban!

Lucid Dreaming

I generally haven't looked forward to dreaming. My dreams tend to be weird, disturbing, frightening, or just plain annoying. However, hoping not to dream is an exercise in futility. So, a few months ago, I decided to tackle the problem in a different way. I started making a habit of attempting to determine (while awake) if I was dreaming. The idea is that if I get in the habit of doing this while I am awake, I will also do it while dreaming. Hopefully, this would then allow me to take control of the dream, or at least wake myself up. I had a few minor successes (e.g. rewinding and altering a dream that had gone in a direction I didn't like), but nothing really substantial. Until now.

Last night, I had a very common type of dream: staying in a house somewhere with relatives. It was more interesting than usual; the house was built into the side of a rocky hill near the sea, with trails around it. Aside from the location, though, the dream was fairly boring, with a bit of weird mixed in. Eventually, though, I found myself in a room I had been in before, but it had changed! The room was some kind of bathroom, with a curious circular shower in the center. The second time around, the shower was still there, but there was a stove next to it! In addition, there was a portable tabletop range sitting on top of the stove. That doesn't make any sense at all! At that point, I realized I was dreaming.

So, I loudly announced that this was a dream. A nearby relative challenged my assertion by picking up a knife and suggesting that if it's really a dream, she could stab me and nothing bad would happen. I said something to the effect of "Sure, go right ahead!" So, she stabbed me in the head. Nothing of note happened. She then put down the knife and wandered off, presumably to wrestle with the horror of her existence as a figment of my imagination. I then picked up the knife and tried to push it through my hand. It didn't go through or even hurt. Yep, definitely a dream!

At this point, I decided that I wanted a more exciting dream. So, I went down to the beach, lept into the air, and flew away. I was quite happy (and a bit surprised) to see that this worked, given that I had failed to transform objects in a previous dream. My flight was a bit floaty at first (I careened into some tree branches at one point), but I eventually tightened it up and flew around for a while. It was fun.

Apparently this world I had dreamed up had some kind of evil authoritarian government, and they didn't like me flying around. So, they sent the police to stop me. Just like a fantasy/action TV show! Seriously, why do they always send the police or the military to stop the demi-god who's ruining their day? Do they really think that's going to work? Well, they sure didn't stop me. I blasted them with Dragonball Z style energy blasts from my hands. I then decided that I was going to go full-on Frieza on these idiots. In retrospect, my choice of "I'm going to deal with this like an evil alien tyrant/real estate speculator" in the face of an evil authoritarian government was pretty ironic.

I eventually found myself in a house somewhere with a relative I had encountered in the first part (who doesn't correspond to anyone in the real world) sitting in a chair. She bragged that she was going to stop me. I figured she had been collaborating with the government and had gotten some kind of super soldier treatment. I guess that other relative didn't tell her that she was in a dream and that I was the dreamer. Oh, well. So, I challenged her assertion. She reiterated, pointing her finger directly at me, saying, "I'm going to stop YOU!" So, I pointed my finger right back at her. And then fired a Frieza-style finger beam right through her chest. Yep, the whole "send the military to deal with the demi-god" thing is working out as well as always!

I then flew away, past a large pool of glowing yellow liquid, which I decided was radioactive waste. I guess in addition to being evil authoritarian bastards, they're also irresponsible. As I continued flying, I spotted a group of detectives on the ground with guns drawn. And by "detectives" I mean they looked like they came straight out of a 30's or 40's crime drama. Well, aside from the fact that they weren't human. They had the coloration and configuration of the Minions from Despicable Me and the body shape of Patrick from Spongebob Squarepants. They were clearly looking for me, but they weren't doing a very good job of it, since they were looking around on the ground, and I was up in the air. So, I grabbed one of them telekinetically, tossed him into the air, and detonated him, just like Frieza did to Krillin. "Behold my terrible power, you pathetic...whatever the hell you are!" I'm starting to think that maybe I was the bad guy in this dream, but then again, I had been content to just fly around until they sent the cops after me.

Shortly after dispatching the bizarro detective, I found myself pulling a blanket over my head, because it was cold in my bedroom and I was awake. It was about 15 minutes before my alarm goes off, so I lay there for a while in a state between wakefulness and dreaming, then got up after my alarm went off.

This experience was fascinating and shed some light on the nature of dreams. The appearance of the police without my explicit desire indicates that my conscious mind was not in full control of the direction the dream took. Yet, I could choose to enable myself to fly. Just how much can I control? Is it a matter of concentration? Maybe the dream started reasserting itself once I stopped focusing on controlling it. Maybe I could have redirected it again after the police showed up, if I had tried to. I'll have to experiment more with this in the future.

I hope to take control of a dream again but hopefully take it in a less violent direction. I'd like to go to space next time, although I'm not sure how to get there, since I have never had a dream that started in space. Can I just forcibly dream up a spaceship and fly away? What are the limits? How far can I bend the rules of "reality"? Will my knowledge of the vast distances and (relatively) low speeds involved in space travel be an impediment when trying to get into space in my dream? How far can I depart from my everyday experiences? Flying around DBZ-style is pretty far from the everyday, but I was still fairly close to the ground, not flying out into space. Can I actually conjure up items? Buildings? So far, I haven't been able to conjure up anything, but I have been able to find new things by moving around. Maybe I just have to decide that I can find the things I want somewhere and then go there instead of trying to conjure them. At the very least, I now have some hope that I can disrupt weird/disturbing/annoying dreams. I'm not so confident that I can disrupt a nightmare, but I feel like I now have a fighting chance.

The Dark Side of AWS

I use AWS to host this blog. I also use it at work. Using AWS for real work has exposed some rather annoying aspects of the service, with one standing head and shoulders above the rest: service limits.

Service limits certainly play an important role, both in helping Amazon plan capacity increases and in helping limit the damage of accidental or malicious provisioning. However, Amazon does not manage limits well at all. How so? Let me explain:

For some resources in some services, you can query your current limits via the API. For some other resources in some other services, you can query your current limits via Trusted Advisor, which costs $100/month and presents the limits in a somewhat awkward manner. In either case, it is not overly onerous to set up some kind of automated monitoring (e.g. Nagios) to alert you before you hit the limit.

For all other resources, the only way to query your current limits is to slam into them full force (i.e. you try to create something and fail because you've reached the limit). At this point, you contact Amazon Support and request a limit increase. To their credit, this generally goes pretty quickly, but when you need a new whatever right now, it's not quick enough.

(Aside: yes, you can put together a list of all default service limits (by hand, since there's no single comprehensive list) and then diligently maintain the list (again, by hand) whenever you get a limit increase. That is not a solution.)

Even this, on its own, would not be enough to piss me off enough to write publicly about it. No, the thing that really PISSES ME RIGHT THE FUCK OFF is Amazon's attitude about it. Simply put, they don't care. At all.

I have on more than one occasion asked Amazon for guidance on monitoring our limits. In short, I want our Nagios instance to alert us when we get close to a limit. This is a reasonable thing to want, right? Isn't it better if I can make a low-priority request for additional whatevers before I run into the limit instead of a panicked request after I've hit the limit?

During my most recent interaction with Amazon Support on this topic, they suggested the following:

This page and all related pages are INCREDIBLY light on details. Basically, it amounts to "Pay us a bunch of money for a product that might help you." The demo linked from that page makes ZERO mention of AWS, so I can't evaluate the functionality from there.

I believe that should address your concern with Nagios Monitoring

What is the basis for that belief?

This search returns two results. Two. Both of them are security bulletins.

...and here it is: the reason why they are so reluctant to provide ANY means to proactively deal with AWS service limits! They want to upsell you on a support plan! In our case, the only support plan above the one we currently have is $15000/month. Assuming that this plan would, in fact, get us a person at Amazon to watch our limits for us (the description of the plan does not explicitly say that), this would be a great plan...except for the fact that I would probably be put on some kind of "Idiot List" by the accountants if I even suggested it. And for good reason, too: $15000/month is a significant fraction of our total AWS monthly bill, which is higher than we'd like as it is.

(Oh, and before you tell me to just use Trusted Advisor: I'm not going to manually check Trusted Advisor every so often and hope that it's telling me about all of the limits I might need to know about. I want something AUTOMATED.)

This is, frankly, shameful. AWS is an incredibly useful and comprehensive service, but once you start growing, you repeatedly bump into limits with little to no advance warning. That is, unless you are willing and able to pay $15K per month. I guess if you're running a VC-backed startup with regular infusions of cash, then it's not a big deal. However, if you're running a more modest enterprise or a bootstrapped startup, service limits will be an ever-present thorn in your side.

Caveat emptor.

Hosting a static site with S3 and CloudFront

Trying to get on the SSL bandwagon with a static site on S3? Getting random nonsensical 403s? Here's what you need to do: set the origin for the CloudFront distribution to the static hosting domain for your S3 bucket, NOT the bucket itself! Many thanks to what a n00b! for saving my hair.

Oh, and don't even think about using a 4096-bit key for your SSL certificate. CloudFront only accepts 2048. (And maybe 1024, but don't use that.)

Looking for the place in the AWS Console to upload your certificate? Stop looking. It's not there. Instead, you need to do this:

alex@talos:~# aws iam upload-server-certificate --server-certificate-name some_meaningful_name       \
                                                --certificate-body file://path/to/certificate        \
                                                --private-key file://path/to/key                     \
                                                --certificate-chain file://path/to/bundled/cert/file \
                                                --path /cloudfront/whatever_you_want/

That's a doozy, isn't it? Depending on who you got the SSL certificate from, you might not need to specify the certificate chain.

Defanging the ubuntu user on EC2

If you use standard Ubuntu images on EC2 but don't use the ubuntu user, you may have tried to revoke its sudo permissions by removing it from the sudo group. Have you tested that, though? You may be surprised to learn that it doesn't work. Why not? Simple: the cloud-init package adds a file in /etc/sudoers.d that explicitly gives the ubuntu user sudo access. You probably don't need cloud-init after booting the instance for the first time (unless you plan on making an AMI out of it), so you can fully defang the ubuntu user by purging cloud-init.

UPDATE: You will also need to delete the file in /etc/sudoers.d. Apparently, purging cloud-init doesn't get rid of it, even though dpkg identifies it as belonging to the cloud-init package. WTF?

Rust: Basic Syntax

So, I've been playing with Rust lately, and I've noticed that some really basic things just aren't explained in the docs (or at least not anywhere that's easy to find). This is my attempt to make up for this shortcoming.

Borrowed Parameters

So, you've got a borrowed parameter (perhaps a mutable one for a somewhat C-style API?). Now you want to work with the actual value. How do you do that? If you want to call a function on a struct, that's pretty straightforward: it's the same regardless of borrowing or not. But what if it's something simpler, like an f32? Well, borrowed things are more like C pointers than C++ references. So, you do it like this:

fn foo(t: &mut f32) {
    *t += 3.14;

Yep, it's a dereference operator, just like in C.

Non-Borrowed, Mutable Parameters

fn foo(mut t: f32) {
    t += 2.0;

Yes, this can actually be useful on occasion, typically when dealing with a struct that gets moved. That said, the one time so far that I used this construct, I ended up changing it to something less weird.

Types of Borrowed Parameters

Wondering what the difference between mut foo: &f32 and foo: &mut f32 is? Here you go:

fn foo<'a>(mut t: &'a i32, v: &'a i32) {
    t = v;
    println!("In foo, t = {}", t);

fn bar(t: &mut i32) {
    *t += 1;
    println!("In bar, t = {}", t);

fn main() {
    let mut t = 0;
    let v = 42;
    foo(&t, &v);
    bar(&mut t);
    println!("In main, t = {}", t);

What's that? That didn't help at all? You're even more confused now? OK, let's dissect that a bit. First off, if you're unfamiliar with the &'somerandomthing syntax, that's a lifetime specification. Essentially, if you have &'a var1 and &'a var2, then var1 and var2 will have the same lifetime. You usually don't need to specify this, but sometimes the compiler needs a little help.

So, foo takes a mutable, borrowed reference to an i32 called t and an immutable, borrowed reference to an i32 called v. It then sets t to point to whatever v points to. Thus, foo prints In foo, t = 42.

bar takes a borrowed reference to a mutable i32 called t. It then increments the value that t points to. Thus, bar prints In bar, t = 1.

Since bar took a reference to a mutable value, t has changed in main. Thus, main prints In main, t = 1.

Does mut t: &i32 seem useless to you? It does to me, but I haven't been writing Rust code for very long.

IPv6 on Comcast via Debian

My Internet router at home is low-power computer running Debian. I recently moved, and I now have Comcast as my ISP. (I know, I know. The only alternative here is appallingly slow.) I had heard that Comcast supports IPv6, so I decided to give it a try. It took most of the afternoon and part of th evening, so I thought I would write down what I did here for the benefit of others walking the same path.

Also, on my router, eth0 is the interface on my network, and eth1 is the interface on the Internet.

The Pieces

We need the following:

  • a few settings in sysctl
  • radvd (IPv6 router advertisement daemon; helps clients configure themselves)
  • DHCPv6 client (I use wide-dhcpv6-client)
  • /etc/network/interfaces entry
  • iptables rules (Not strictly necessary, but it's good to lock things down a bit.)


In order for this to work, we need a few sysctl parameters.


# For IPv4 forwarding

# For IPv6 forwarding

# This is needed because a router "shouldn't" accept
# router advertisements in theory, but in practice,
# this kind of router should.
# 0 = Don't accept (we don't want this)
# 1 = Accept if we're not a router (i.e. forwarding is disabled; we don't want this)
# 2 = Accept even if we're a router (we DO want this)
# Without this parameter being 2, we don't get a default route.


I needed to run dhcp6c -d -D -f eth1 &> /root/dhcp6c.log (the DHCPv6 client, with output redirected to a logfile) in order to determine my prefix. I saw two different prefixes; I had to guess which one was correct. I will admit that I still don't fully understand this.


interface eth0
   AdvSendAdvert on;
   prefix YOUR:PREFIX:HERE::/64

This should probably be automated in some way at some point; my setup will break if Comcast ever gives me a different prefix.


This actually works, despite having sla-len of 4. However, radvd needs to advertise /64. I suspect the sla-len is just getting (somewhat) harmlessly ignored.


interface eth1
  send ia-na 1;
  send ia-pd 0;

  request domain-name-servers;
  request domain-name;

  script "/etc/wide-dhcpv6/dhcp6c-script";

id-assoc pd {
  prefix-interface eth0 {
    sla-id 0;
    ifid 1;
    sla-len 4; # This should actually be 0 right now since I couldn't figure out how to get a /60 from Comcast and thus have a /64 for my delegated prefix

id-assoc na 1 {



# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
# dhcp6c handles IPv6 configuration for this interface.
auto eth0
iface eth0 inet static

# dhcp6c probably also handles all the IPv6 configuration for this interface,
# but this doesn't hurt.
auto eth1
iface eth1 inet dhcp
iface eth1 inet6 auto

I'm not 100% certain that this is actually needed, given the use of wide-dhcpv6-client, but it doesn't hurt.


First off, bit of basic iptables info. iptables defines INPUT, OUTPUT, and FORWARD chains; a packet will only ever hit one of these. If the current machine is the destination, then it hits INPUT. If the current machine is the source, it hits OUTPUT. If the source or destination is a different machine, it hits FORWARD. See this StackOverflow question for more information.

I did not know this going in, and I was a bit confused. Also, the first version of these rules that I saw used the state module, while my existing IPv4 rules used conntrack. As it turns out, conntrack is a replacement for state, so I just converted the IPv6 rules to use conntrack.

Without further ado, here are my IPv6 rules:


# Adapted from
:in-new - [0:0]

### INPUT chain

# allow all loopback traffic
-A INPUT -i lo -j ACCEPT

# allow all ICMP traffic (see link above for discussion of security implications)
-A INPUT -p icmpv6 -j ACCEPT

# allow packets belonging to an established connection or related to one
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# packets that are out-of-sequence are silently dropped
-A INPUT -m conntrack --ctstate INVALID -j DROP
# new connections unknown to the kernel are handled in a separate chain
-A INPUT -m conntrack --ctstate NEW -j in-new

# ...and here's that separate chain:

# allow SYN packets for SSH and HTTPS (RELATED,ESTABLISHED above handles it from there)
-A in-new -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A in-new -p tcp -m tcp --dport 443 --syn -j ACCEPT
# allow DHCPv6 traffic
-A in-new -p udp -m udp --dport 546 -j ACCEPT

# log and reject everything else
-A INPUT -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[INPUT6]: "

### OUTPUT chain

# allow outgoing traffic, explicitly (despite chain policy)

### FORWARD chain

# for fowarded traffic, allow outgoing and related incoming
-A FORWARD -i eth0 -o eth1 -j ACCEPT


I applied these like so:

root@aetherius:~# ip6tables-restore < ip6tables
root@aetherius:~# ip6tables-save > /etc/iptables/rules.v6

That last bit saves the rules to a standard location so that they will be applied automatically during boot.

It Works!

At this point, everything seemed to be working! When I replaced that last iptables rule with -A FORWARD -i eth1 -o eth0 -j ACCEPT, I was able to establish a connection from an outside machine directly to my laptop. After setting it back to the one in the listing above, I was no longer able to do so, but I could still establish a connection in the other direction, indicating that my inbound rules are correct.

I hope this helps other people trying to do the same.

Dieting: It Doesn't Have To Suck

If you want to lose weight, you must consume fewer calories than you expend. There is no getting around it. Thinking about exercising harder? That helps, but it won't save you from bad eating habits. The unfortunate fact of the matter is that you have to get your diet in order. Fortunately, it doesn't have to suck.

I'll say it again: you need to eat fewer calories than you expend (on average). Any diet that ever works for anybody does so because it gets them to do this and keep doing it. No special food, eating schedule, or exercise (aside from Olympic-level, full-time-job levels of exercise) will let you avoid this. You really do have to eat less. Sorry. Let me take a moment to expand on the subject of exercise.

I originally dedicated three paragraphs to food in my last post, and there's a reason for that. While exercise is very helpful for weight loss and essential for general health, diet has a far greater effect. Take a look at a 10.3 oz can of mixed nuts. I can eat one of these in a single sitting. It's not even that hard. That's 1700 calories right there. According to a fairly well-regarded calculator, I need to eat 2582 calories per day to maintain my weight. So, that can of nuts is about 65% of my calories for one day. By contrast, if I spend an hour on an exercise bike at pretty high intensity, I will burn about 700 calories. They say you can't outrun your fork, and it's true. Unless you're an Olympic-level athlete in active training (i.e. exercise is your full-time job), you cannot out-exercise a bad diet.

When you think "diet", do you think "eating bland, boring salads all the time"? Well, that's a perfectly valid diet for weight loss, but it's not your only option. In fact, if you want to eat nothing but Twinkies, multi-vitamins (scurvy and rickets are bad), and green beans (inadequate fiber is not a pleasant experience), you can lose weight that way. (Yes, somebody actually did that.) You just have to eat a sufficiently small quantity that your total calorie intake is low enough. That probably won't be very satisfying if done with Twinkies, though. It's much better to reduce your meat and processed food intake and increase your vegetable intake. Why? Well, vegetables are not very calorie-dense compared to meat and processed food. Thus, you can eat a satisfyingly large volume of food without going overboard on calories.

If you think you don't like vegetables, it may be that you just haven't had them prepared to your liking, or you haven't tried the right ones. Try a few different ways of preparing them. Personally, I avoid steaming vegetables; I find that it tends to make them unappetizingly mushy. I prefer to saute my vegetables in olive oil (substitute other oils as desired, and don't use a ridiculous amount), but I also like them lightly coated in oil and herbs and baked. A slow cooker may be a wise investment: it's easy to make a large amount of healthy stew or chili on Sunday and not have to cook again until Saturday (depending on how many people you have to feed, of course).

As for which vegetables, my go-to veggies are carrots, onions, celery, and spinach (or collard greens). With the occasional exception of spinach and onions, I never eat these raw. Especially celery. It just tastes awful to me raw. Carrots aren't much better. I suspect this is due to alkaloids in these vegetables and my personal sensitivity to alkaloids. Fortunately, it doesn't take much cooking to destroy these unpleasant substances, and a bit of oil and a generous helping of herbs will cover up whatever's left. I also like to add beans to my dishes. They add fiber and protein, and they're tasty. Which beans I use depends on what I'm making; different kinds of beans go better with different types of food. For example, I tend to use black beans with poultry and red beans with red meat, but sometimes I also go with edamame or lima beans instead. Edamame have a particularly good carbohydrate-to-protein ratio, if that's important to you.

Also, oils (olive oil is a good one) are not the enemy (but don't go overboard with them), and herbs are your best friends. I honestly cannot emphasize the value of herbs enough. A bit (or a bunch) of oregano, basil, and sage can turn an uninspiring dish into a delicious one, and the amount of calories added is too low to even think about. Add just enough oil to make them stick to whatever you're cooking, and you're good to go! Unless you have high blood pressure, don't shy away from salt, either. Generally avoid sugar, but if a recipe calls for a fairly small amount (e.g. tomato sauce), don't sweat it. I recommend avoiding non-fruit carbohydrates in general, but the composition of your diet really isn't as important as the total amount of calories and whether you can stick with it. It may take weeks, months, or years to reach your goal weight (depending on where you start and where you want to go), and any diet that relies on food that isn't delicious is not going to last.

Lastly, bear in mind that there's no diet that works for everyone, either. The fact that a particular diet worked for me does not mean that the same diet will work for you, simply because you are not me. Therefore, experiment! As long as you are burning more calories than you are eating, you are making progress, so don't be afraid to change your tactics! I've changed my approach a few times for various reasons. It's fine. Figure out what works for you and isn't so onerous that you abandon it immediately. Do make sure you give any new diet a fair shake, though. I'd say that if a diet seems good at first, stick with it for a month or two, then reevaluate. Don't ditch it as soon as the novelty wears off.

Weight Loss: There Is No Magic

I spent the weekend in the company of relatives I don't see very often, and I found myself answering a particular set of questions over and over again. Specifically, people noticed that I had lost a considerable amount of weight since they had seen me last. This is true: over the past three years or so, I have lost about 90 pounds. Many of them wanted to know how I had done it, and I found myself telling the same story again and again. So, I'm going to tell that story here so that more people can see it.

I guess I should start with a bit of background. I was never a particularly fit child, but I wasn't obscenely fat, either. I steadily gained weight through my adolescence, reaching 200 pounds in high school. (Or maybe early college. I don't quite remember.) I didn't gain a tremendous amount of weight in college, though (no "freshman 15" for me), but I certainly didn't lose any, either. Things really started to go off the rails after I graduated. With a decent salary to pay for food, I stuffed myself. I thought nothing of buying a medium bag of peanut M&Ms and devouring it in a single sitting. I usually only did that once a week, but even so, that's a considerable amount of calories. At the same time, I lied to myself. I told myself that I "wasn't that fat" and similar nonsense. I reassured myself with my "not really bad" cholesterol levels and "not going to be diabetic soon" blood sugar when I went to the doctor.

The turning point came after a vacation in Colorado. Nothing dramatic happened. There was no health scare or injury or any such thing. I just looked down at the scale, and it read 235 pounds. For some reason, seeing that number on the scale lead me to decide that I simply couldn't go on like that. I had to change. Somehow, the delusion of health just shattered in that moment. This is the closest you're going to get to magic in this story.

(Well, there was another thing at the back of my mind: a rather planetary friend from high school had become trim and fit. If he could do it, why couldn't I?)

In those days, I would have a beer with supper every night, and also with lunch on the weekends. That was the first thing to go. Next up: junk food. I didn't cut it out entirely, but I only bought it in quantities that would be OK to eat in a single sitting, since that's exactly what I would (and still will) do if I bought it. So, instead of buying a medium bag of peanut M&Ms, I would buy a one of those small 1 or 2 serving bags at the checkout. I also increased the amount of vegetables in my diet, since vegetables are fairly non-calorie-dense. A heaping bowl full of fresh spinach is around 40 calories, for example. That's nothing. Adding more vegetables added satisfying bulk to my meals without adding too many calories. This was enough to get me started.

Within a year or so, I was down some 40 pounds, and I was feeling a bit better. Over the next two years, I lost an additional 50 or so pounds. As of today (August 24, 2015), I'm still going, although my goals have changed. I'm no longer trying to be non-fat; I'm now trying to get my body fat low enough to see my abdominal muscles. The healthier I've gotten, the harder it has been to lose more weight, as it should be. If you're embarking on a similar journey, know that it will get harder as you make progress, but know also that as you see yourself change, you will get more motivated. After I lost the 40-some pounds, I didn't really see all that much of a difference. After losing about 20 more, I could scarcely believe what I saw in the mirror. So, keep track of your weight. Take joy in watching the numbers get smaller, and before long, you'll see the difference.

If you think restricting your calories like that will be less fun than continuing to eat whatever you want, whenever you want, well, you're right. It will be less fun in the short term. (And "short" is relative: this process could take months or years.) So, you need to keep your eyes on the prize and not give up. When you're tempted to eat the wrong foods, remind yourself that you can eat less-healthy food later, after you've lost the weight. Plan a feast to celebrate when you finally reach your goal. (Mine is a big bowl of fried rice with sesame chicken and a pint of Ben and Jerry's. And maybe some cake, too.) Think about how delicious that feast will be, and remember that "cheating" on your diet won't make it come any sooner. If you're tempted to just have that feast anyway, without meeting your goal, think about how much more enjoyable it will be when you can look in the mirror afterward and say, "Oh, yeah. I look GOOD." Oh, and a reasonably-sized treat (e.g. one non-giant cookie or a Snickers bar) once a week won't sink you.

Of course, at some point (well, probably several points), you will slip up. You will go to a party or on a vacation or something, and your weight loss will pause and possibly even reverse a bit. Yes, you can (and probably should) feel angry at yourself for this. You messed up. Go ahead, be angry. After all, if you just let yourself off the hook for it, what's to stop you from just "slipping up a bit" every day? After giving yourself a thorough thrashing, let it go. Yes, that's right. Let it go. If you thrash yourself too much, despair will set in, and you'll go off the rails just as surely as if you had let yourself off the hook. Remember: you lost that weight before, and you can do it again. Just get back on track, and in a week or two, your slip-up will be nothing but an unpleasant memory.

So, what do you do once you've lost the weight and want to keep it from coming back? Simple: calories in = calories out. On average. You can run a calorie deficit during the week and overeat a bit on the weekend. Or you can have a cookie with lunch every day. It's your life. You choose! Just remember: you're in it for the long haul, so make sure you can enjoy it.

Next time: how to eat right without hating your life.