Virtualization server gets more storage

An NVMe solid-state drive in a dual-Opteron server… Just ponder that for a moment. Why in the world would anyone do that?

The big reason: storage is cheap. And for 80 USD, a 2TB NVMe solid-state drive is really cheap. And given this is a much older virtualization server, there is no need to go with anything high end.


  • CPU: 2x AMD Opteron 6278
  • RAM: 64GB Registered DDR-3 1600Mhz
  • Storage: Samsung 850 EVO M.2 500GB

Recall that back in March 2018, I replaced an older dual-Xeon HP workstation with a dual-Opteron server setup for virtualization. Going away from a system made in the late 2000s to one with hardware from the early 2010s. But in doing that I was doubling the available core count. From a dual quad-core with HyperThreading, so 8 logical cores per processor, to two processors with 16 cores each. Later I upgraded the RAM to 64GB Registered ECC – after I accidentally bought registered sticks for Nasira and couldn’t sell them off.

And in building the system, I wanted to eliminate cables as best as possible. The CPU and ATX power connectors to the mainboard were unavoidable. But if a power or data cable could be avoided, I wanted to avoid it. The fans are powered off the mainboard, the GPU is onboard, so that leaves the storage.

And here, an SSD was the obvious choice. I had a 500GB Samsung 850 EVO I mistakenly bought for my wife’s upgrade to an i7-5820k for a mainboard that wouldn’t support it, and a StarTech M.2 to 2.5″ enclosure to use it in something else. But the enclosure still requires a power and data cable. So how to get around that? Thankfully I was able to buy a PCI-E adapter board that handled the power and data, so no additional cables.

Storage requirements

For most virtualization setups, 500GB is more than enough. My Plex VM sits on 32GB storage and uses about… half of it. (It runs off Fedora Server.) I have an OpenVPN instance on another VM that’s also 32GB and also running off about half of the space. And my only other virtual machine (at this moment, at least) is a mail server sitting on 64GB, but using 1/4th of that.

I’d been planning to upgrade the storage for a while as there are other projects I want to get into. And when I saw Micro Center having a sale on their Inland NVMe SSDs, and saw a 2TB NVMe SSD for only 80 USD, there was no way I could say No.

Alongside that I found an adapter board that could take one each of SATA M.2 and NVMe M.2 on the same board. It does require a SATA cable for the SATA M.2, unlike the previous adapter board, but nothing more. Both drives are powered by the PCI-E slot.

Wait, it works? But… bottleneck!

So did the system even recognize the drive? Well of course it did. And I had no reason to think it wouldn’t.

NVMe SSDs are PCI-Express devices after all, and the PCI-Express specification means that a PCI-Express 3.0 device can be used in a PCI-Express 2.0 slot. I already have that in Nasira, actually, where I’m using an NVMe drive as an SLOG.

But how well does it perform? Better than the SATA drive, I’ve definitely noticed. Plex is a lot snappier and the VMs load much faster. System updates on each VM are faster, too. And that along with the much better capacity was the point of that exercise.

It’s also a QLC drive with a rated top synchronous read speed only just a little higher than what PCI-E 2.0×4 can provide, so it was never going to saturate a PCI-E 3.0×4 connection anyway. And under this use case will never saturate a 2.0×4 connection. But it’s still be far better than a SATA SSD and doesn’t need any cables.

I was after the storage real estate, primarily. That it came in an NVMe SSD that I could install with an interface board and not have to worry about additional cables is the major bonus.

Cooling everything down

10GbE cards can run hot. Very hot, actually. So much so that I’ve actually considered watercooling the one in Mira. But as I discovered building my OPNsense router, the solution is simple: quiet 40mm fan and VHB tape to stick it to the heatsink. Problem solved. You don’t need to use a Noctua fan specifically, as there are plenty of quiet 40mm fans on the market. I just happened to have a Noctua 40mm fan that I wasn’t using for anything.

Goodbye, Proxmox!

As of the time I installed the new NVMe SSD, the server was still running Proxmox 5. And not even the latest minor version of that. Merely upgrading it to the latest 5.x version, let alone installing Proxmox 7 – the latest version as of this article – would require… a lot of work.

The easiest route would be to jettison the VMs and install Proxmox 7 clean. Trying to upgrade in-place would’ve been… “time consuming” wouldn’t adequately explain it. But that would only get me up to the latest version. Keeping it up to date is the greater chore.

Without a support subscription – €190 (€95 per CPU socket) per year for this box for the lowest tier – the only way to get minor version updates to keep Proxmox updated is through the DVD image. Then there’s the continual nagging whenever I log in that I don’t have a subscription:

So… I’m done with it. Just completely done with it.

So back to VMware, then, or what?

Hello, VirtualBox!

I was jettisoning the existing VMs regardless. Plex is easy to migrate, I no longer use the OpenVPN VM since building an OPNsense router, and the mail server was migrated to a physical box.

But for a much smoother and flexible upgrade path going forward, I moved to VirtualBox and Docker. And I went the full headless route, meaning creating and controlling the VMs through the command line. Sure it means creating VMs is a little more of a chore without a script to automate the process. Which is something that’ll be relatively easy to set up since my VMs will usually have pretty similar settings – core count, storage space, or memory will vary as needed. But the upgrade path is a LOT more flexible.

How so?

Ubuntu and Fedora (among others) allow for in-place upgrade to the next major version. My Plex VM, for example, had been getting upgraded in-place (using the dnf-plugin-system-upgrade package) since I first built this virtualization server with a fresh VM for Plex. That was Fedora 27. Didn’t need to touch it till now when I created the new VM with VirtualBox.

And VirtualBox can be upgraded via the official repository or – as is the case already with Plex, unless you enable the repository – manually on my own watch. Docker containers allow similar flexibility. Being able to use Windows Remote Desktop instead of the browser to interact with the VM’s terminal is also a bonus.

Now sure, updates on the bare metal system does mean shutting down all the VMs. But I’d have to do that with Proxmox or any virtualization system anyway.

Building a router

Build Log:

Amazing that it’s been… 6 years (as of this writing) since I decided to pursue 10GbE.

First trying to build a custom switch, then dropping all that when I learned that a lot of retired Quanta 10GbE switches dropped on eBay. Then dropping that switch two years later for the far quieter, lighter, and just better overall MikroTik CRS317. Even ordering it direct from Latvia. And then last year replacing the fans with the far quieter, Noctua NF-A4x20 FLX.

So why am I now talking about building a router?

Google Fiber’s buggy interface

Before Google Fiber, I was with Time Warner Cable (now Spectrum), and I used my own cable modem and router. Never had any issues as a result. With Google Fiber, though, we were given their router box from the outset. As much as I don’t like not being able to use my own hardware, I didn’t really have a choice here. (Or so I thought, actually… Apparently I could’ve used my own router from the outset, but their documentation didn’t make it look that way.)

Google Fiber has changed how their routers are configured a few times. Initially, like most every router out there, you connected to it directly via the IP address. Then they made it so everything is configured by the Google Fiber site. The latter was better, since it allowed you to handle things remotely but still securely, such as enabling or disabling any port forwarding, allowing you to enable/disable it more-or-less on demand from anywhere.

Recently this has become more frustrating and buggy. Port forwarding in particular. Plus I didn’t have nearly as much control over other aspects as I would like.

Thankfully Google Fiber has an account option allowing me to use my own router and put theirs into “bridge mode”. So I did just that and switched over to using the MikroTik CRS317 as the router.

[Insert Nuke’s Top 5 voice-over]: It did not go well.

RouterOS performance

Sure port forwarding was far easier than using Google Fiber’s buggy interface. But performance… fell off a cliff. Instead of getting 2Gb down, I was getting around 500Mb. Something my research told me was largely unavoidable. Both with RouterOS versions 6 and 7.

Hardware is the primary reason. It’s just too underpowered with a dual-core ARM 32-bit processor running at only 800Mhz. That’s more than capable as a 10GbE switch, especially if you’re not loading up all of the ports. (I’m using 7 of 16 as of this writing, one being a link to a MikroTik CSS610.) As a router, though… not so much.

So the solution then is… building my own router using spare hardware I have lying around.

Requirements and Specs

The requirements are simple: gateway between the MikroTik switch and the Google Fiber box while being able to handle 2Gb up, 1Gb down without a problem. So what level of hardware would work?

Linus Tech Tips most recent video about building a router used an old Dell Optiplex 7010 with an Intel i5-3770. And with that being just a Gigabit gateway, the CPU was barely being touched.

And the hardware for the official pfSense appliances is also very lightweight. The Netgate 4100 is the lightest that would still meet my requirements. And it has an Intel Atom C338R 1.8GHz dual-core processor with 4GB RAM and sipping only a few watts of power.

I’m going a little overkill merely because I have this lying around not being used:

CPU:AMD A8-7600 APU with Noctua NH-D9L
Mainboard:Gigabyte GA-F2A88X-D3HP
RAM:16GB DDR3-1600
Storage:Inland Professional 128GB 2.5″ SATA SSD
WAN NIC:10Gtek X540-10G-1T-X8 10GbE RJ45
LAN NIC:Mellanox ConnectX-2 10GbE SFP+
Chassis:Silverstone GD09
Operating system:OPNsense (with latest updates as of this writing)

Okay, not all of it I had lying around. The 10Gtek card I needed to acquire, along with replacing the fans in the chassis, but that was it.

Now why a 10GbE card for the WAN link when I only have 2Gb service? So I don’t need to upgrade it later.

Google Fiber is rolling out 5Gb and 8Gb full-duplex service starting early 2023, so I’m already set for either option. I don’t need to swap out any hardware to support it. And with the 10GbE switch as the backbone of my home network with a 10GbE card in mine and my wife’s desktop systems, we’re already well positioned to take full advantage of it.

And if your router needs to handle faster-than-Gigabit traffic to the Internet, pay attention to PCI-E lanes with your mainboard and processor combination, in particular with slot bandwidth when you have certain slots populated to ensure you’re not cutting off bandwidth to your card(s). 2.5GbE NICs should run in a PCI-E 2.0×1 slot without issue. 5GbE and 10GbE cards require additional consideration.

Thankfully the FM2+ board and APU have enough lanes. The PCI-Express slot with the Mellanox card is wired for full x16 while the full-length slot with the 10Gtek card is wired for x4. PCI-E 2.0×4 is more than enough to handle 10GbE.

And to keep the NICs running at peak performance and cooler temperatures while still remaining nearly silent, I used 3M VHB to attach a Noctua 60mm fan to the 10Gtek NIC, and a Noctua 40mm fan to the Mellanox.

And I went with OPNsense due to it running on the newer version of FreeBSD – pfSense still uses FreeBSD 12 as of this writing but will update to version 14 with the next major release, which isn’t slated to release until July 2023.

OPNsense and Mellanox

The Mellanox card wasn’t being used out of the gate. Some searching led me to an obscure article mentioning the solution. I needed to create the file /boot/loader.conf.local with this line (the file didn’t exist on a fresh install):


But that leaves the question of why OPNsense does not have support for Mellanox cards enabled by default. Given how popular Mellanox cards are with DIY and homelab setups, they really need to have that enabled by default in future distributions. TrueNAS has that support by default. And I’m pretty sure pfSense has it, too.

So why did OPNsense not do that?

Router-hosted VPN

I have been relying on OpenVPN for a while. First installing it in a Docker container, then moving to a dedicated virtual machine. Neither was optimal, but it was really the only way I could have a self-hosted VPN.

OPNsense allowed me to move the VPN service to the router, allowing me to jettison one of my VMs. This cuts out the extra steps of the router sending traffic to what is, in essence, a second router to determine where to send the traffic.

OpenVPN is installed by default with OPNsense, but I took this as a chance to change over to the lightweight and better-performing Wireguard. And the VPN performance has been much snappier as well. Moving to Wireguard was probably a lesser part of that performance jump compared to being able to have the VPN service on the router.

Going wireless

WiFi 6 is integrated into the Google Fiber router. I do have an older Tenda AC1900 wireless router, but I wanted to keep the WiFi 6 capability. Enter TP-Link and their EAP670 WiFi 6 access point. It has a 2.5Gb RJ45 port that can also be powered via POE+ or the included 12V adapter. I have it connected directly to the 10GbE switch through another RJ45 adapter.

The beauty here is not just cost – I found it for about $150 at Micro Center – but expansion. If I need greater coverage of my house, I can install a second and set up a virtual machine as an Omada controller for hand-off with all of that configuration staying local. It also has the capability for guest networks, though I haven’t used this yet.

Performance and recommendations

My network configuration is now back to what it once was but with a couple slight improvements.

First being the custom router itself. Objectively and subjectively, it’s allowing for a much better connection to the Internet. The speed test when I put the new router into service was higher than the initial speed tests when I first got the Internet service upgrade. Probably about 15% better and it was the first time I saw >2000Mbps on the downlink during a speed test.

And there are two reasons for that improvement. The custom router being one, being able to perform a lot better than the Google Fiber router. The hardware providing the physical connections being the other.

In my last article about the CRS317, I said I used a MikroTik S+RJ10 module to connect the switch to the Google Fiber router. That’s a very high latency connection. Even with a Cat7 cable. Higher still than using dedicated RJ45 hardware. It’s just the nature of the beast.

This changeover allowed me to use an optical fiber connection between the switch and router – the first time I’ve been able to do that. Optical fiber has virtually zero latency across short runs.

And the connection from the router to the Google Fiber box is going through dedicated RJ45 hardware, not an SFP+ RJ45 module that gets very hot. No, seriously. Even with a fan, it was running at over 60°C continuously while the optical fiber modules had no issue with temperature. And with this upgrade, I was able to remove the fan I had blowing down onto the SFP+ module.

So what can you take away from this if you want to build your own router?

1. Have a high-performance switch as the backbone for your network

Avoid the cheap desktop switches. Like the ones that are under $30 for 8 ports.

Two things to look for are 1. whether it supports full-duplex and 2. the switch bandwidth. The switch bandwidth should be higher than the all the ports combined at half-duplex – e.g. an 8-port GbE switch should have switch bandwidth higher than 8Gbps. If the switch specifications don’t even mention “switch bandwidth”, then don’t bother with it as your network’s backbone.

The uplink of the switch will also matter as you’ll need to make sure it’s faster than your Internet connection. So if you’re sticking with Gigabit Ethernet but have a faster-than-Gigabit Internet connection, then something like the MikroTik CSS610 will be perfect as a backbone switch. Just make sure, again, to use an optical fiber connection between that switch and your custom router.

2. Build the router with only one (1) WAN and LAN port, if possible

Don’t build your custom router to also act as a switch. Build it only as a router. This means one port for the LAN, one for the WAN. The LAN port goes to your backbone, the WAN port to your modem or, in my case, ISP-provided router configured to act as a bridge. Even if you want to segment your network so one part is isolated from another, you can generally accomplish that far better and still maintain line-speed or near line-speed performance with a managed switch – e.g., the MikroTik CSS610.

Both ports should be also faster than your Internet connection. For example, if you have a Gigabit Internet connection, buy 2.5GbE NICs. This should ensure that you are able to max out your Internet connection. And if you have less-than-Gigabit Internet, don’t rely on any onboard Ethernet controller unless it’s an Intel chip.

Your custom router will rely on software for moving packets around, so keep it relegated to just one task – moving packets into and out of your home network while blocking everything else you didn’t explicitly request. Having it also move packets between other interfaces will only degrade performance.

So if you’re acquiring hardware to make your custom router, stick with a single dual-port card. I have two separate cards only because I’m using different media – optical fiber between the router and switch, Cat7 between the router and the Google Fiber box. Just make sure the mainboard and processor combination will have enough PCI-E lanes to allow for it. Use an AMD APU or integrated Intel graphics where possible to free up slots and lanes.

3. Connect only the switch to the router. Nothing else.

Sure this kind of seems like a duplicate of #2, but I’m mentioning it in case you decide to use a card with more than two ports.

The switch will handle everything about funneling traffic to and from your router. And if you have any other services on your network, it can prevent traffic from clashing so you can still access those services (e.g., a Plex Media Server) without impacting or being impacted by anyone else’s Internet activity. Provided you aren’t relying on a cheap switch.

4. Don’t forget the UPS

Unfortunately OPNsense appears to support only APC via a plugin you can install, but that only matters if you require monitoring and auto-shutdown. Make sure to get one rated for about… double what your router requires to operate and pay attention to the half-load battery runtime.

Metamask – 2022-12-12

Another phishing attempt. The URL was set to link to a phishing site. That’s one of the ways they get you to click on these sites and enter your credentials so they can either sell the credentials or drain your account. They’ll then also change the access credentials if they sell off the account.

Metamask – 2022-12-07

It’s easy to tell for me, at least, when emails are phishing attempts. Especially when they come from companies for whom I have zero relationship. Like Metamask – since I avoid NFTs and most cryptocurrencies like the plague. (And I took the step of removing the link that would’ve been accessible by clicking “Verify My Metamask”. And, obviously, it did NOT take you to Metamask’s website.)


Verify your Metamask

Our system has shown that your Metamask has not yet been verified, this verification can be done easily via the button below. Unverified accounts will be suspended on:
Friday, 09 December, 2022.

We are sorry for any inconvenience caused by this, but please note that our intention is to keep our customers safe and happy. Safety is and remains our priority

Note: Never share your word Secret Recovery Phrase (SRP) or private keys.

Verify My Metamask

Variation – 2022-12-13:

I recently received this variation of the above message. The only significant difference is the last paragraph before the button being removed.


Verify your MetaMask Wallet

Our system has shown that your MetaMask wallet has not yet been verified, this verification can be done easily via the button below. Unverified accounts will be suspended on:
Friday, 16 December, 2022.

We are sorry for any inconvenience caused by this, but please note that our intention is to keep our customers safe and happy. Safety is and remains our priority.

Verify My MetaMask

Crypto phishing email – 2022-12-05

And, of course, the buttons for “Cancel Transaction” and “Log In” go to fake login pages. Classic phishing scam email.

Text for accessibility: Wallet

Your funds have been sent

You’ve sent 0.13506102 BTC from your Private Key Wallet. Your transaction is pending confirmation from the BTC network. You can also view this transaction in your transaction history.

If this wasn’t you, please cancel the transaction immediately by clicking the button below, then follow the steps on our website.


The Team

Extended warranties and repair plans

“Extended warranties” have a bad rep in retail. In large part because they are pushed by cashiers and sales persons who earn a commission selling them. But they do actually have a purpose. Though anymore, they aren’t called “extended warranties”, but “protection plans”.

Often what creates the bad taste in people’s mouths about these plans is the fact that taking advantage of one can be difficult. And which option you have is entirely up to the retailer selling you the item on which they’re also trying to sell the protection plan. Things have, thankfully, gotten a lot easier. But you still need to be vigilant to protect your consumer rights.

As I’ve detailed on a couple articles on this blog, I’m a photographer. And two years ago I treated myself to a new Nikon Z5 mirrorless camera as an upgrade to my D7200 DSLR. This past summer I also purchased an electric scooter to take some of the burden off my vehicle for maneuvering around to find shots to take around town.

On Sept 24, I was heading out on the scooter when I hit a bump and went down. And my Z5 went down with me. The lens, thankfully, is fine and still working. The Z5, however, showed an error on the screen: “Press shutter-release button to reset.” Except pressing the shutter release did nothing.

When I bought the Z5 from Adorama, I bought a protection plan with it. The plan went through New Leaf Service Contracts, LLC. (All plans Adorama currently sells now go through Extend.) I filed the claim online that same day, providing some basic details of what happened. In the mean time, I also looked at other repair options, including sending it directly to Nikon. (Which would’ve been $400 up front, possibly more later depending on what they found.)

New Leaf called me the following Monday to discuss the claim and get some additional details. About an hour later, I got a follow-up voice mail saying they were denying the claim because the camera was not “properly secured”.


I tried calling back the same day, but I was told the claim was denied by a manager, so I’d need to speak to a manager, but none were at the office at the time. Unfortunately I wasn’t able to call back in during the needed hours. The initial email I received when the claim was approved included a follow-up email address, so I sent this message to that email:

Good day,

I intended to call in about this to speak to a manager but didn’t have the time today, unfortunately. I received a voice mail yesterday late afternoon informing me this claim had been rejected. According to the voice mail, it was due to my camera not being “properly secured” at the time the drop occurred.

I cannot recall exactly what I said over the phone, but I do not recall being asked whether I had the camera secured in any fashion, and how it was secured if I did. Nor do I recall giving any details of such. I want to clarify that I had the camera secured on a cross-body strap. And a cross-body camera strap is a common means of carrying around a camera. Again, I do not recall ever being asked whether or how I had the camera secured, so hopefully this provides some clarification.

Please re-open this claim in light of this information.

That went on Sept 27.

There is an exception in the coverage policy for “mishandling”, which is understandable. The protection plan covers accidental damage to the camera, and I have the same protection plan over one of my lenses. So clear negligence is not covered, and that’s reasonable.

But as my email above shows, I wasn’t mishandling the camera. And I wasn’t given a chance to say that I had the camera secured let alone how I had the camera secured.

In the interim, I looked at my options for repair, even considering Best Buy’s Geek Squad. And I set up an appointment to drop off the camera body on Sept 30 for mid-afternoon. And who should call about two hours before that appointment? New Leaf.

They re-opened and approved the claim and forwarded everything off to Photo Tech Repair Services. They reached out to me on October 3rd, and I had a shipping label the next day. It went out via FedEx on October 6th and arrived at the repair center the following Monday. Their email said to expect the repairs to take about 2 to 3 weeks, depending on whether they needed to order in parts.

My only complaint with the process was never getting any kind of status update during the repair. No ETA. If they had a page where I could log in and see the repair progress, I was never informed of it. The only indication the repairs were complete came in the form of a FedEx shipping alert the camera was being sent back to me.

So are extended warranties worth it? That really depends on what you’re buying one against and how much it’ll cost to repair versus replace. I say No to a lot of inquiries to purchase repair/replacement plans simply because the device in question is inexpensive to replace.

For expensive electronics, like my aforementioned camera, and major home appliances, they make sense. The repair plan will cost less than the repair cost, especially looking at the quote from Nikon, and it’s certainly far less than the replacement cost.

So in my instance, I definitely came out ahead – once I told the insurance company I wasn’t being cavalier with the camera.

Insurrection, the Fourteenth Amendment, and the President of the United States

The Fourteenth Amendment at Section 3 says this:

No person shall be a Senator or Representative in Congress, or elector of President and Vice-President, or hold any office, civil or military, under the United States, or under any State, who, having previously taken an oath, as a member of Congress, or as an officer of the United States, or as a member of any State legislature, or as an executive or judicial officer of any State, to support the Constitution of the United States, shall have engaged in insurrection or rebellion against the same, or given aid or comfort to the enemies thereof. But Congress may by a vote of two-thirds of each House, remove such disability.

And Section 5 gives Congress the power to “enforce, by appropriate legislation, the provisions of this article”.

The United States Code declares such at 18 USC §2383:

Whoever incites, sets on foot, assists, or engages in any rebellion or insurrection against the authority of the United States or the laws thereof, or gives aid or comfort thereto, shall be fined under this title or imprisoned not more than ten years, or both; and shall be incapable of holding any office under the United States.

Since all the discussion on this is about Donald Trump, the question comes down to this and the presumption that January 6, 2021, was an “insurrection”: could he be disqualified under the Fourteenth Amendment from holding Federal office?

Not letting him campaign

If you’re looking to disqualify him before the fact, your only option is to indict him with violating the Federal insurrection statute – 18 USC §2383 – and winning a conviction that is not then overturned on appeal. There is no other option available.

Congress can pass a resolution declaring Trump ineligible, citing what happened on January 6, 2021, as justification. But resolutions have no force of law.

Bills do have the force of law, but only if properly passed by Congress and signed by the President. So let’s say that Rep. Davide Cicilline (D-RI) gets his wish and gets a bill through the ringer declaring Trump specifically to be ineligible under the Fourteenth Amendment. What then?

It’ll die in the Court the moment Trump challenges it because it’d be a bill of attainder.

So, then, let’s say he gets on the ballot and wins reelection in 2024. What now? Is there no remedy?

Impeach him… yet again

The House always has the power to impeach the President, Vice President, or any civil officer for really… any reason they want. This means if Trump is reelected in 2024 and is sworn into office in 2025, the House could bring impeachment articles against him the moment he is sworn in.

They tried to do that in 2017, so why not? Only this time it’d be on allegation he’s disqualified under the Fourteenth Amendment. He’s already been tried twice, acquitted both times, so.. third time’s a charm?

Writ of quo warranto

There is another option. This could be exercised if the House does not impeach him or the Senate fails to convict or decides against holding a trial. It’s called a writ of quo warranto. I should elaborate first that the writ itself doesn’t remove the person from public office. It leads to a Court trial to determine, by a preponderance of the evidence, whether they should be removed.

Not long after the Fourteenth Amendment was ratified came the Enforcement Act of 1870. Section 14 of that Act required a United States District Attorney to initiate a writ of quo warranto action against any person suspected of holding an office in violation of Section 3, excluding “a member of Congress or of some State legislature”.1“That whenever any person shall hold office, except as a member of Congress or of some State legislature, contrary to the provisions of the third section of the fourteenth article of amendment of the Constitution of the United States, it shall be the duty of the district attorney of the United States for the district in which such person shall hold office, as aforesaid, to proceed against such person, by writ of quo warranto, returnable to the circuit or district court of the United States in such district, and to prosecute the same to the removal of such person from office;”

Why that exclusion? Under the Constitution of the United States, only the House and Senate has the power to remove its own members.2Article I, Section 5: “Each House shall be the Judge of the Elections, Returns and Qualifications of its own Members… Each House may determine the Rules of its Proceedings, punish its Members for disorderly Behavior, and, with the Concurrence of two thirds, expel a member.” And excluding members of a State legislature is about preserving the separation of sovereignty between the Federal and State governments.

That section was repealed in 1948 as being obsolete. Which it actually was by that time. The political landscape even then was far different from 1870 when the Enforcement Act was enacted. Congress chose the writ was an option to remove quickly any Confederates who may have been elected or appointed to Federal office in contradiction of the Fourteenth Amendment. The statute even provided that any writs requested by a United States District Attorney be given priority over all other entries on the docket at a Circuit or District Court.3“and any writ of quo warranto so brought, as aforesaid, shall take precedence of all other cases on the docket of the court to which it is made returnable”

The repeal left behind the existing insurrection statute enacted as part of the Confiscation Act of 1862. That Act also declared that someone guilty of those crimes is “forever incapable and disqualified to hold any office under the United States”. But Congress realized that statutes cannot expand upon the qualifications laid out in the Constitution. Meaning Congress cannot then declare their own where the Constitution is silent. Further the Act was passed in 1862, meaning under the prohibition of ex post facto laws, it couldn’t apply to anyone already engaged in insurrection before the statute was signed into law.

The repeal, though, does not mean quo warranto is not a remedy. Only that no officer of the United States is specifically charged with the “duty” of pursuing one.

The existing quo warranto statute4Chapter 35 of the Code of the District of Columbia says the Attorney General “may” bring action against a person who “unlawfully holds or exercises… a public office of the United States”.

But Trump would easily have a… trump card: insurrection is a specifically-defined crime under the United States Code. As the Fourteenth Amendment grants only Congress the power to enforce Section 3, the argument could easily be made that Congress chose the Federal criminal code as the means of enforcing it, nullifying the writ of quo warranto as an option.

That Congress previously had enacted quo warranto specifically as an option for enforcing Section 3, then later repealed it, supports that argument. That the insurrection criminal statute specifically declares disqualification from office as part of the penalty for conviction also supports it.

Congress intends for a criminal conviction to invoke the Fourteenth Amendment, not mere assertion exercised via a quo warranto action that someone engaged in an insurrection.

This means quo warranto doesn’t become an option unless the person has been previously convicted of insurrection or removed from office via impeachment.

That is, unless Congress makes it one again.

Does Section 3 even apply to Trump?

But then there’s this question: does Section 3 of the Fourteenth Amendment apply to the Office of the President of the United States? This debate is arising out of this clause: “having previously taken an oath, as a member of Congress, or as an officer of the United States”.

The President is not an “officer of the United States”. He commissions them. We see this in Article II of the Constitution at Section 2:

[The President] shall nominate, and by and with the Advice and Consent of the Senate, shall appoint Ambassadors, other public Ministers and Consuls, Judges of the supreme Court, and all other Officers of the United States…

And in the same at Section 4:

The President, Vice President and all civil Officers of the United States, shall be removed from Office on Impeachment for, and Conviction of, Treason, Bribery, or other high Crimes and Misdemeanors.

The President is separately listed from “officers of the United States”. As such the President is exempt from Section 3 of the Fourteenth Amendment. That is a plain reading of the Constitution.

This also means no person who served as President who is then convicted of insurrection under 18 USC §2383 for acts undertaken while that person was President cannot be disqualified from office. The provision of 18 USC §2383 could not apply. To apply it would mean a statute enacting an additional qualification for office beyond that stated in the Constitution.

Amending the Constitution is the only way to make it stick.

State legislatures and the Electors

No one has so far described this as another remedy, so I just wanted to put it out there to get ahead of it: State legislatures declaring that the Electors they appoint cannot cast a vote for Donald Trump.

I’ve said before that the State legislatures have the sole power to determine how the Electoral Votes are cast. That they put that question before the people of that State is a mere courtesy and one that can be revoked at any time.

But I’ve also said this in arguing that the National Popular Vote Interstate Compact is unconstitutional: “If a State turns to the People therein to determine how to award the Electoral Votes, then they must not award them in such fashion that is obviously contrary to how those people vote.”

So could the State legislatures pass a binding resolution forbidding Electors from casting votes for Donald Trump? No. Not only would such be unconstitutional since it would amount to casting votes in contradiction to how the people of that State voted, it could also be construed as a bill of attainder.


In short, absent an amendment to the Constitution enacting otherwise, impeachment by the House and conviction by the Senate is the only way Donald Trump can be deemed ineligible by the Constitution of the United States from ever again holding any office under the United States.


Everything will be used against you

I’ve said before that we need to make it clearer than crystal that rape victims (male or female) absolutely must cooperate with law enforcement with collecting evidence to ensure the perpetrator is prosecuted.

As part of that collection, they’ll also collect a DNA sample from the victim so they can identify it within a collected evidence sample. So if the lab, for example, identifies three unique individuals within the sample, having the victim’s DNA readily available means one of those three unique DNA profiles is identified, leaving the other two – likely the perpetrators.

But what happens to the DNA profile that is collected from the victim? Is it retained only for the investigation or can the police retain it for future use?

A woman in California learned the hard way that the police will retain it for future investigations. As the DNA profile generated from a sample she provided as part of a rape kit was retained by law enforcement and later used to identify her as a perpetrator in another crime.

So is that a Fifth Amendment violation? No.

Unless there is a statute saying otherwise, when you submit fingerprints or DNA to the police, the police will record that evidence in their databases. This includes DNA evidence submitted as part of a “rape kit”.

One of the core messages in the Miranda warning is simply this: anything you give to the police will be used against you. Anything you give the police voluntarily they will retain until the police feel it is no longer useful.

DNA and fingerprints, however, are never not useful to law enforcement.

Let me repeat this for the people in the back: “Anything you say CAN and WILL be used AGAINST you!” Anything you voluntarily give to the police will also be used against you. There is nothing in the Constitution protecting you from that happening because anything you turn over to law enforcement voluntarily is pretty much fair game.

As I’ve said before, the Constitution protects you from being compelled to testify against yourself. It doesn’t protect you when you willingly (even if unwittingly) do so. And handing anything over to the police is a form of testimony. And doing so willingly exempts that from the Fifth Amendment.

That doesn’t mean this situation isn’t problematic. It absolutely is because it has the potential to dissuade sex assault victims – especially victims who are poor or a minority – from cooperating with law enforcement to avoid being the target of an in-progress or future investigation. But can anything be done about this? Absolutely. And it’s pretty simple, too.

It’ll take a statute by the State legislatures to exempt any victim DNA provided for a sex crime investigation from being retained in any database or used for any investigation beyond the one for which it was submitted. Instead the victim DNA profile should be tagged with a specific case number and not used for any other investigation – unless, by some stroke of bad luck, the victim is victimized again. Congress would need to pass a similar statute for the Federal and military jurisdiction.

And hopefully California and other States will move on making this exemption. Since the DNA evidence was turned over likely with the idea in mind of identifying her DNA in the collected sample, just so they know which is hers and which is the assailant. That they retained that DNA profile and used it against her later is… troubling for the aforementioned reasons, but perfectly allowable under the Constitution. Again only a statute can prevent that from happening in the future.

At the same time, if you know the police have your DNA or fingerprints, how does that not dissuade you from committing any crimes in the future?

Kansas remains purple

Four years ago, back in November 2018, two Democrats were elected in Kansas. Sharice Davids was elected to represent my district, ousting Kevin Yoder. And Laura Kelly was elected Governor, flipping the seat after being in Republican hands for two terms. Around that time, I said this in a comment on YouTube on a video by Canadian games journalist and commentator Liana Kerzner:

I really wish people would stop acting like a Democrat winning in Kansas is an earth-shaking event. I’m in the House district in Kansas that flipped. It is not anything to write home about. It’s a rather centrist district, encompassing much of the Kansas side of the Kansas City metro, and if Kevin Yoder wasn’t being a tremendous dick on the campaign trail, he probably would’ve won. But given some of the sh** he said about Sharice Davids…

Same with the governor’s mansion. Sam Brownback’s predecessor was a Democrat: Kathleen Sebelius, who famously joined the Obama administration, so another Democrat, Mark Parkinson, was chosen to replace her. We’ve actually alternated between Democrat and Republican as the Governor since… looking at Wikipedia… 1966 when Robert Docking was elected to replace William Avery. [Source:] As in, literally just straight alternating. If the incumbent Governor isn’t re-elected, the candidate for the opposing party is elected instead. Kansas isn’t as red a State as many like to make it out to be.

And 2022 was pretty much a repeat of that.

August presented Kansans with a choice on whether we were going to grant the Kansas legislature the power to ban abortion in the State. And by a near 60/40 margin, Kansas overwhelmingly rejected that amendment to our Constitution. Queue the celebration from Democrats.

But was Kansas going blue? As we saw on November 8, that answer is an overwhelming No.

Laura Kelly is the incumbent governor, and she’s a Democrat. Our Attorney General was running against her this year and lost by under 18,000 votes. Under our Constitution, she can only be elected twice in a row. So since she won re-election, she’s out in 2026 regardless. And if prior pattern continues, a Republican will be elected to replace her.

Sharice Davids (KS-3) is the incumbent member of the House of Representatives for my district. She’s a Democrat as well, and won by a slightly greater margin than 2020, defeating Amanda Adkins both times.

Both of our Senators are Republicans, though. And Jerry Moran was the one up for re-election this year. And he won. By a near 60/40 margin. His challenger, Mark Holland, won in only 3 counties in the State: Wyandotte, Douglass, and Johnson. And he barely won Johnson County, too. Which shows that the Kansas side of the KC metro isn’t solid blue either.

The other three Republican members of the House of Representatives also won re-election: Tracy Mann (KS-1), Jake LaTurner (KS-2), and Ron Estes (KS-4). And all of them by larger margins than Sharice Davids.

Which is interesting when you look at the Estes and LaTurner’s wins since their districts include Wichita and Topeka, respectively. Both helped re-elect Laura Kelly. So those counties – Sedgwick (Wichita) and Shawnee (Topeka) – went blue for the Governor (Shawnee more so than Sedgwick) but red for the House and Senate.

So despite an overwhelming rejection of the Kansas abortion amendment in August, voters otherwise re-elected our existing slate of incumbents. A mix of Democrats and Republicans. So while people thought Kansas was going blue, we proved on November 8 that we’re still a fairly purple State.

Revisiting “Gadgets you can keep”

Back over 10 years ago, I wrote a couple articles responding to various technology “predictions” wherein authors made an attempt to predict what technology would be gone… pretty much by now.

Back in 2011 I wrote the first such response called “Gadgets you can keep” wherein I responded to Sam Grobart of the New York Times. So let’s revisit that one first and whether my recommendations still hold up today given how much things have changed over the last 11 years.

1. Desktop computer

I said then: Wait a second…

I say now: Wait a second…

This really depends on your requirements. Most can work fine off a laptop, possibly even a tablet.

Laptops have really come along in terms of performance and power requirements over the last 10 years. Laptops can even power 4K displays without breaking a sweat. But they still cannot keep pace with desktops merely because desktops offer a LOT more flexibility in terms of parts and the performance that can offer.

So the question really comes down to what you need.

Many gamers will probably be fine as well with a laptop, depending on what games you are playing. eSports titles are also developed in a way to allow as many people as possible to play them, so they target much looser hardware requirements compared to trying to play a triple-A title at moderate settings, let alone at 4K 60Hz at maxed out settings.

So if eSports titles is all you play – Rocket League, Valorant, League of Legends, etc. – a laptop should easily meet your requirements. Your peripherals will matter more here.

But you cannot ignore the limitations laptops have. Photographers (such as yours truly) and videographers will be much better served with a dedicated desktop over a laptop. That isn’t to say a laptop isn’t capable of handling photo editing and video editing. But you’ll fast run into a ceiling of what a laptop can handle compared to the upgrade and expansion options you get with a dedicated desktop system.

And tablets and cell phones have significant limitations on top of that. And I know over the last decade a lot of people expected tablets to eventually replace desktops and laptops, and that just will never happen.

2. High speed Internet at home

I said then: Keep it

I say now: Keep it

While wireless and cellular Internet service for home has certainly become much more available and capable over the last 10 years, it will never match what a dedicated, wired home Internet connection can bring.

At the time of the original article, I was on Time Warner (now Spectrum) with, I think, 20Mb service. In 2015 I would be one of Google Fiber’s early adopters with their Gigabit home Internet, never looking back. And today I have Google Fiber’s 2Gb service (it’s 2Gb down, 1Gb up). Wireless isn’t even close to that, and likely will never be able to match it.

And with video streaming and video conferencing happening a lot more now than it did 10 years ago and the bandwidth requirements that go with it, again, wired home Internet service is the way to go if you have the option.

3. Cable TV

I said then: Depends

I say now: Lose it

Just don’t bother with cable home TV anymore. Virtually everything is available for streaming anymore, even to mobile devices, at a much better value compared to cable. For years being able to select channels a la carte was the most demanded feature for cable TV. And they never gave it to us. I fully understand why it never happened. But if we had that option, on-demand streaming services probably wouldn’t have gained the dominance they did when they did.

Sure on-demand streaming will still eventually replaced cable TV and DVR set-top boxes the way it is today. And they’d probably still have the dominance they enjoy today. But it likely would not have come about nearly as soon as it did.

Unless you live in an area where your Internet connection does not allow for video streaming, don’t bother with cable or satellite TV service.

4. Point-and-shoot cameras

I said then: Wait a sec…

I say now: Wait a sec…

The point and shoot market has virtually disappeared. Photographers are the only ones buying them because they make great cameras for scouting locations and for quick photos when taking photos on the go. And they’re indispensable when it comes to street photography.

I can’t ignore how good cell phones have become. But a cell phone still has two significant limitations: tiny sensors compared to even the cheapest point and shoots, and they’re entirely software controlled. Sure dedicated cameras are still firmware controlled, but it’s a dedicated firmware instead of an app running on top of a general-purpose mobile operating system.

The question really comes down to how much you care about your photos. Note: if you’re taking photos for Instagram or social media with the intent to build a following, you’ll get much better results with a dedicated point and shoot compared to your cell phone.

5. Camcorder

I said then: Not so fast…

I say now: Don’t bother

Dedicated camcorders like what existed 10 years ago are no longer around. Point and shoots cameras, DSLRs, and mirrorless cameras have pretty much taken over here and allow generally for a lot more flexibility compared to what home camcorders could ever give.

6. USB thumb drive

I said then: Keep plenty of them

I say now: Keep plenty of them

As I write this, 512GB thumb drives are available for around $50 or less, depending on brand and where you buy them. Meaning 256GB and smaller drives are going for much less. Need I say more? They’re great options for backing up files from your desktop or laptop. And with a compatible cable, they can be plugged into your cell phone for dumping photos or viewing files.

7. Digital music player

I said then: Lose it

I say now: Lose it

My entire FLAC-encoded music library will fit onto a 128GB storage medium without a problem. This means having a dedicated music player, even one with expandable storage, is largely not necessary. And I can stream my music from my NAS over the Plex app on my cell phone using a VPN connection.

And for those times where I won’t have a cell or WiFi connection to tap into my home VPN, I can plan ahead by dumping the music library to a USB drive and connecting it to my phone using an OTG cable.

8. Alarm clock

I said then: Keep it

I say now: Don’t bother

Unless you’re always getting rid of your old cell phones, this one is a tough sell anymore. Since your old cell phone can still double as an alarm clock with your current cell phone being used as a backup. And the travelers who actually use the dedicated alarm clocks in hotel rooms are likely very few in number anymore.

9. GPS Unit

I said then: Not so fast

I say now: It depends

This really depends on where you’re going. Dedicated GPS units have the benefit of not needing a constant Internet connection. But even Google Maps caches your most frequently-used maps to your phone in case you lose your Internet connection. And you can cache maps ahead of time based on where you’re going.

10. Books

I said then: Keep them (no exceptions)

I say now: Keep them (no exceptions)

My wife has a Kindle Unlimited subscription, but even she’ll tell you that nothing beats a physical book. For the simple fact that physical books don’t need batteries or an Internet connection.

And with cookbooks, I still stand by this sentiment:

Plus would you rather walk into a kitchen with shelves lined with cookbooks and other assorted recipe books, or one with an iPad or e-reader and few, if any, cookbooks? The cookbooks tell you you’re walking into the kitchen of someone who loves to cook, and that’s the kind of kitchen I’d like to walk into.

Conclusions and verdict

So a few of my my conclusions have changed over the years. Technology has improved significantly over the last 11 years since I wrote the original response article, no doubt.

But technology will never get to the point that desktop computers, dedicated cameras, and wired Internet connections become obsolete. And physical storage media like USB thumb drives and optical media can never go away either since it’s never a good idea to put full reliance in your Internet connection for… anything mission critical.