Recently in Outstanding! Category

 

November 8, 2011

The MacBook (Air, Pro, etc.) are great computers, but the sealed battery is a real limitation if you want to travel with it. My Air gets about 5-6 hours of life if I'm careful, which is fine for a transcontinental flight, but not a transatlantic one. The fix, of course, is to buy a HyperMac external battery, which plugs into the laptop at the only real point of access, the magsafe connector. Unfortunately, in 2010 Apple sued HyperMac for patent infringement and HyperMac stopped selling the relevant cable (which, as I understand it, was actually a modified version of an official Apple cable). Without the cable, of course, the battery is pretty useless.

I'm lucky enough to have one of the pre-lawsuit battery/cable combinations but recently a friend wanted one, so I looked again. It seems that HyperMac is back in business, but they've resorted to a do-it-yourself kind of ethos. Basically, you have two choices:

  1. HyperMac will sell you a connector that impersonates a 12V air/auto power connector. You then buy the Apple air/auto to MagSafe adaptor and plug it into your Mac.
  2. They sell you a pair of jacks that you splice into the cable for a legitimate Apple power supply. The way that this works is you take a standard Apple power supply and cut the magsafe half of the cable in two. You strip the wires and attach them to the jack; repeat for the other side.

Without taking a position on the merits of Apple's legal claims, this seems like a pretty lame state of affairs. First, the original HyperMac design was better because you could charge your battery at the same time as you powered your Mac with it. This works with the air/auto version but not with the DIY jack version. Second, while it's not exactly microsurgery to splice the cables, it's still something you could mess up.

Moreover, it's not like Apple has some super-expensive power expansion solution that HyperMac is competing with and the patent is protecting them from. Rather, they're just making life harder for people who want to use Apple's products in situations which are just more extreme versions of the situations which motivated the device having a battery in the first place. I just don't see how this makes anyone's life better.

 

June 25, 2011

I recently started biking again and in the interest of being able to more accurately measure my workouts, I moved my SigmaSport BC1100 bike computer from my race bike onto my training bike. Like basically all bicycle computers from the pre-GPS era, the BC1100 is of the wheel magnet/sensor loop variety: you mount a magnet to one of the spokes and and a sensor to the fork. Every time the magnet passes by it induces a current which is transmitted to the computer.1 Of course, this mechanism just measures rotational velocity (rotations per second). In order to measure road speed you need to know the circumference of the wheel and as, the battery had run out so whatever calibration I used to have was long gone.

If you read the manual for a typical bike computer you'll discover not just one but many calibration techniques arranged in a hierarchy of both accuracy in inconvenience that goes something like this:

  • Look up your wheel size in a table.
  • Measure the diameter and multiply by 3.14.
  • Roll the bike one wheel rotation and measure the distance traveled.
  • Roll the bike one wheel while sitting on it (to compress the front tire the way it would be if you were riding it) and measure the distance.
  • Roll the bike N rotations (plus sitting in it, etc.), measure the distance and divide by N.

Regardless of the technique, the basic principle is that perform the above procedure, get the circumference, and enter it into the computer. In the specific case of the SigmaSport, you want the circumference in millimeters, so for a typical 700C-sized road wheel, you want something around 2100mm. Anyway, I dutifully performed the procedure as specified (see instructions here) and entered the desired number (2037) into the computer. So far so good, except that once I actually got on the bike, it reported that I was going about 25 miles an hour on average and 30 mph on the flat. Seeing as typical time trial pace for amateur athletes is around 25 mph and I wasn't even breathing hard, either I was ready to sign up for the Tour de France or something was screwed up with the calibration. The second of these seemed more likely.

A little searching around the InterWebs quickly revealed the problem: this model doesn't have an internal adjustment for English versus Metric, so you need to divide by 1.6ish to convert to miles/hour. I guess it was cheaper to just have the units setting change the labels than to actually include a circuit that divided by 1.6. Turns out that this actually is on the SigmaSport web site, though not in the owner's manual. Unfortunately, it's labelled "Attention BASELINE 400, BASELINE 700, BASELINE 1200 & BASELINE 1200+ owners!". which doesn't really help, since I have a BC1100. Outstanding!

1. The really cool Jobst Brandt-designed Avocet cyclometers instead used a ring of alternating polarity magnets mounted around the hub, allegedly for better precision. They don't seem to be available any more.

 

April 4, 2011

Dear Twitter people,

It's not good when your site gets wedged so not only do I just get the title bar with no content, but I can't even log out to reset. Had to delete all my Twitter cookies to restore state. Outstanding!

Love,
EKR

 

February 5, 2011

I recently installed a brand-new Windows 7 machine (no fear, readers, it was in a VM for extra safety...) and captured the following screen shots. On the left is the screen you see when Chrome starts up, asking you which search engine you want to use. On the right is IE's search engine selection screen:

This contrast is sort of revealing. First, Chrome offers you choices up front. By contrast, IE just assumes you want to use Bing; to access this menu you need to pull down a dialog next to the search box, which isn't exactly obvious. Second, Chrome features Google's main competitors: Yahoo and Bing (anyone know if it offers Baidu in China?), whereas Bing seems to think you're more likely to want New York Times visual search than Google. If you look at the scroll bar, you'll see that I had to scroll down to even reveal Google. Outstanding!

 

October 15, 2010

In a previous post, I trashed the stick-on badges that companies like to issue visitors. This doesn't mean I'm any more fond of the plastic RFID badges that get issued to employees. For those of you who haven't had a chance to see these, your typical employee ID is a plastic card with your picture, your name, and an embedded RFID device. For instance, this. In many (most?) companies, the door locks don't use keys but rather are RFID receivers activated by your badge.

I don't mean to give you the impression that I'm inherently against proximity-card activated locks. On the contrary, if you've ever tried to lean a 20 pound box against the door while you figured out which of the four near-identical Schlage-style keys on your key ring matches your office door, you can easily appreciate the virtues of remote door lock activation (side note: one of the coolest features about the Prius when it first came out). However, the actual implementation leaves something to be desired.

Let's start with the combination of the proximity key (a good idea) with the photo badge (a less good idea). As with visitor badges, the security offered by a plastic card with your name and photo on it is relatively minimal. First, my experience is that employees don't do a very good job of checking badges ever. As I said before, I routinely float around other people's companies without any badge at all and nobody ever stops me. Even if employees did check badges, at most this would be a cursory visual inspection and it's trivial to make a plastic badge that looks like that of any random company you choose, as long as you know what it looks like. Sure enough, a little image searching quickly turned up images of badges for Google, Cisco, and Apple. So, badges are next to useless for verifying people inside the security perimeter. (One exception: if you see someone doing something suspicious, you might ask for their badge and they might have been lame enough not to have forged one.)

Badges are potentially of some use at the security perimeter, where they can be processed by machines rather than fallible humans. Potentially, that is, except for two problems. First, RFID proximity cards are laughably easy to clone. As I understand it, you can even do this remotely so you just hang out somewhere that employees go by and you can make as many cloned badges as you want. Second, it's trivial to enter the building without being badged in: despite corporate policies prohibiting it, at nearly every company I've ever visited people with legitimate badges (or at least ones that the reader accepted!) have let me follow them into the building, even though I wasn't displaying any ID at all. Think how easy it would be if I was wearing a plausible looking but nonfunctional piece of plastic.

This isn't to say you couldn't make a badge system work: you'd need a system where the badges really couldn't be copied and where there was strong enforcement against any kind of tailgating. That's not impossible but it's very different from current environment in many of not most organizations.

 

February 8, 2010

I recently had occasion to rent a car from Enterprise (long story). As I picked up the car and prepared to drive away, I noticed that the tank was only half full. I pointed this out to the customer service guy and he informed me that this was part of their new "half full/half empty policy", i.e., ordinarily you get the car full and you bring it back full. Here, they give it to you half full and you bring it back half full. I couldn't quite tell if this was what Enterprise always does now or just something they sometimes do, but while it seems superficially the same as the original policy, it's actually quite a bit worse for the renter.

With the old policy, life was simple: you found a gas station close to the car return, filled up the tank, maybe grabbed a receipt, and dropped the car off. By contrast, what happens here is that you drive around, filling up the tank if necessary, and at some point you need to return the car. If you're over 1/2 full then you just end up gifting the remainder to Enterprise (who can just fill up the tank completely and require the next customer to return it full). (What, you were going to drive the car around until you had burned up the gas? Or maybe you were going to siphon it out into some empty Gatorade bottles...) You could, of course, never fill the tank above 1/2 way, but this is a huge pain. Even if you're lucky enough to be at less than 1/2 full when you need to return the car, you're unlikely to be exactly at 1/2, in which case you need to put some gas in. You're reasonably likely to overshoot (again, taking gas out of the tank isn't easy.), in which case Enterprise again gets some free gas.

Either way, this is likely to be a win for Enterprise and a lose for you.

 

November 7, 2009

I happened to be leafing through Stroustrup and noticed that you can overload <code>< and >. This motivated me to write the following program:
#include <iostream>
#include <vector>
typedef int UINT4;

using namespace std; 

class Hack 
{
};

Hack & operator< (Hack &a , Hack &b)
{
 std::cerr << "LT operator\n";

 return a;
}

Hack & operator> (Hack &a, Hack &b)
{
 std::cerr << "RT operator\n";

 return a;
}


int main(int argc, char ** argv)
{
 Hack vector;
 Hack UINT4;
 Hack foo;
 
 vector<UINT4> foo;
 
 return(0);
}

Ask yourself what this code does.

The answer is that it outputs:

LT operator
RT operator

If you focus just on the line vector<UINT4> foo; this looks like a relatively ordinary template instantiation of a vector of type UINT4. This is perfectly normal C++ stuff. However if we expand the scope, it becomes clear that something different is going on: we've defined a new class called Hack and vector, UINT4, and foo are actually objects of type Hack. We've also overloaded the < and > operators. So, what's actually happening here is that we are doing function chaining: We perform operator > on the pair of objects UINT4 and foo. This returns a temporary object of type Hack (in this case the first argument but it doesn't matter). We then perform operator < on set and the temporary variable. And of course since these operators are just function calls, we can do any work we want in them. The examples print stuff to stderr, but that's just an example; you could do anything. And of course this code was written to be moderately transparent while making the point. You could obfuscate it much further with a little effort.

Outstanding!

 

Acknowledgment: Steve Checkoway pointed out to me that whatever crazy type resolution rules C++ follows here make the code work even with the definition of vendor and UINT4 at the top of file. My original version didn't have these and so alleged vector declaration in main wasn't really valid without the definition of Hack

UPDATE Oh great. HTML screws up anything with <foo>. Fixed now.

 

August 2, 2009

Mrs. Guesswork is flying in from Stockholm today, scheduled to arrive tonight around 10. You can't trust the schedules on transcon flights, so I check things out on the Delta site, which tells me it's an hour late, currently over Colorado and due in at 11:09. No problem, I'll watch Anthony Bourdain for a while and then head over. Around 9:15 I check again and (gulp!) it's now on time. Planes don't fly that fast, but it's not at all out of the question that Delta just screwed up here, so I'll just head over.

Right before I leave for SFO, I check again. The flights still on time, but then I notice something screwy: the flight is dated August 3rd, not August 2nd. I go back to the main page where you enter the flight #, and here's what it offers me:

  • Yesterday Aug 02
  • Today Aug 03
  • Tomorrow Aug 04

At this point it should be obvious what happened: Delta is based in Georgia, and in Georgia it's tomorrow, so naturally the site decided that's what I was interested in, despite the fact that that flight takes off something like 19 hours and today's flight is actually in the freaking air. Outstanding!

 

April 1, 2009

I'm experimentally trying using a task management app—not planning to do any sort of GTD thing, just looking for a little technical help with keeping track of all the crap I have to do. The general consensus seems to be for either Things or OmniFocus. and somewhat arbitrarily I selected Things: it's cheaper and seems a bit simpler to use. So far it's working fine, and I figured it was time to buy the iPhone app that goes along with it (OF has this as well).

Here's where things start to go off the rails. Once you have the iPhone app, you want it to sync up with the app on your computer: otherwise you have two disjoint systems, which is pretty useless. Unfortunately, it seemms that third party apps apparently can't sync with your computer the way that Apple apps sync, so the vendors need to come up with some hacky network-based scheme. Things' version seems to rely on Bonjour discovery and OF uses a WebDAV server. I don't really want to set up a WebDAV server somewhere and I'm way too paranoid to want to have random apps on my machine talking to random other computers on my network; that's why I have a firewall, after all. So, the bottom line is I'm hosed. A little bit of web searching quickly reveals hordes of people complaining about this (indeed, at least one of the early hits is about Things).

As far as I can tell, this is a basic limitation of the iPhone, but it's not clear to me if it's something Apple really doesn't want you to do or they just haven't gotten around to offering it yet. In either case, it's not very convenient.

 

March 19, 2009

Can someone explain to me why when when I go to download Firefox, Xcode, or a bunch of other software for that matter, it happens over HTTP and not HTTPS? Remember, I'm about to install and run this software on my computer: if an attacker has managed to hijack my connection, they can get me to run anything they want. But nooo.... Even if you connect to the site with HTTPS, it redirects you to HTTP to download your file. There are obvious reasons to favor HTTP over HTTPS, namely performance and allowing mirrors. On the other hand, that makes the need for publication of the digest even more critical, since it sucks to have to trust the mirror.

If you're going to use mirrors, the right thing to do here is to public a digest of the file on an HTTPS-accessible page (remember: these sites already will let you access them over HTTPS, so this doesn't make the situation worse). This would let users download the file from a mirror and then check the digest against the master site. I don't see digests on either site, though. It could just be that I'm missing it, but then surely lots of others are as well.