Saturday, December 4, 2010

BSD in the cloud

For almost 20 years now, I've had static IP addressing at home. It makes me a bit of a throwback to when the Internet was young and September only had 30 days.

I had a static address because I had a server, and servers generally need to have their addresses be well known and stable. Yes, there are dynamic DNS tricks you can use to make do, but they demand that you at least have a stable address for your DNS server, and I've never really been comfortable with the proposition.

So for a while I've had the very best DSL that PacBell/SBC/AT&T would offer, because they also offered static IP addresses for residential service. Comcast, alas, does not. And it sort of makes some sense that they wouldn't. Cable modems are optimized for relatively light upstream demands. And their terms of service discourage the sorts of uses that imply it. Comcast does offer business class services, and they do include static addresses, but that means having a separate business account for service, and they don't actually offer the fastest speeds like they do for their residential customers, and you can't take advantage of bundle pricing and on and on.

I considered getting Comcast and keeping the DSL just for the server, but that winds up being expensive, and the tiny uplink channel for the DSL complicates things like backups.

With all of the advancement in virtualization technologies, however, I decided it was finally time to set up a VPS node and retire the machine in the garage.

I decided to go with RootBSD. They support FreeBSD, and had a reasonably good setup to let you perform your own installation. This let me perform a rather advanced ZFS based configuration that is not actually supported by the current FreeBSD installer. They went the extra mile and connected up the FreeBSD installation/Live DVD image on the virtual optical drive, though normally they install via PXE booting and installing the packages via FTP.

I made a couple of missteps in my attempt at installing, but worked around it by NFS exporting my own live CD across the Internet to fix my errors and everything was fine.

If you're wondering at this point how you get to the console of the virtual machine, they provide you with a VNC based console that you can connect to. The result is no different than if you were seated in front of a physical machine. You also get a web based power switch and reset button. They set your machine up with the amount of RAM and hard disk space you're paying for and they give you graphs so you can see how much network and disk I/O and CPU your VM is using over time. If you decide to upgrade, they can attach more RAM to your VM with just a reboot, and can add extra disk space as additional disk devices.

If you have multiple machines, another feature they offer is a 2nd (virtual, of course) Ethernet interface that connects to a private network connecting all of the machines to each other, and to a SAN where they host backup storage space. Bandwidth used on this private network between your machines (and your machines and the SAN) don't count towards your monthly allowed bandwidth.

All in all, 24 hours in, it's working well. I am using ZFS snapshots for most of the backup needs, and downloading a weekly snapshot as a disaster recovery mechanism. I'll probably retain the physical hardware for a while, just in case, and should be able to recover from a disaster by using the downloaded snapshots. With the Comcast 50/10 service, the weekly backup only takes a couple hours (in the wee hours of the morning).

So far, so good.

Tuesday, November 23, 2010

How the TSA kills americans

There's a big to-do this week with a big passenger backlash to the perceived excesses of airport passenger screenings. There are those with luddite attitudes towards the new backscatter X-ray scanners, but it's fairly easy to see how the machines themselves are safe. But facing the Hobson's choice of either a virtual strip-search or a pat-down not dissimilar to what happens when suspected criminals are arrested just because you choose to use an airplane to exercise your constitutional right to free (as in speech) travel is unreasonable.

But we can go a step further. There is a web campaign calling on travelers to "opt-out" of the X-ray, forcing the TSA to give all of those passengers pat-downs instead, in an act of civil disobedience. And the TSA has vowed not to give in. And so, the prospect looms of air travel becoming, at least for a day, even more unpleasant.

The more air travel becomes more expensive, unpleasant or otherwise untenable, the more people forego it for their cars. And while individually they don't make headlines, people die on a daily basis on America's roads, to the tune of more than 30,000 per year (as of 2009). That compares to a fatality rate for domestic commercial aviation of approximately 100 per year. So the TSA is doing everything they can to funnel people to a transportation system that has a fatality rate 300 times higher. They should be proud of themselves.

The attacks of September 11, 2001 were only possible because of the "rules of engagement" that were in place at the time. Those rules said that passengers and flight crew should cooperate with hijackers and let them go where they wanted and let the police handle matters when the plane lands (as it inevitably must). When Al Queda demonstrated that aircraft could be turned into weapons, those rules changed. In actual fact, Al Queda's plan stopped working even before it was complete - the plane that crashed in Pennsylvania did so because the passengers revolted when they figured out what the plan was. No terrorist since then has been able to take control of or destroy an aircraft while on board because of the vigilance of the passengers.

Really, the only thing the TSA needs to do, given this state of affairs, to make air travel sufficiently safe, is to insure that the cockpits remain secure during flight, that each piece of luggage in the cargo hold belongs to a passenger, and perform the level of passenger screening that was commonplace for the 3 decades between DB Cooper and 9/11.

Monday, November 15, 2010

Who does Nancy Grace remind you of?

Every time I see her on The Soup, I can't help but think of Roland Freisler.

So what does health care cost?

Scarlet was in the hospital a few weeks ago. Fortunately, she's all better, but we got some paperwork from our health insurance today. The long and short of it: Her one week hospital stay had a retail price of $87,000. But the "network" price was $18,000, and the patient responsibility (that is, what we have to pay) is $0.

So the last of those numbers - the $0 - is fine with me. I can't complain. It is, after all, what health coverage is for. But I'm reminded of my last visit to Safeway where I bought a box of crackers for $1.99 at the "club" price, instead of the "regular" price of $3.99.

Sunday, November 14, 2010

Taiwanese animated news: Snooki

I've been loving the NMA animated news "reenactments" that have been featured on The Soup and elsewhere, but googling around for it, I found perhaps the best one of all, centered around Jersey Shore inmate, Snooki:



Best of all is the last few seconds of the video boldly predicting the coming end of her 15 minutes.

There really is an "I" in team

You just have to use the correct font.

Sunday, November 7, 2010

The Mehserle mess

In honor of the sentencing this week, I thought it long overdue to pontificate on the shooting of Oscar Grant.

I think we can take at face value the supposition that Grant did nothing that evening that warranted the use of deadly force. But at the same time I think we also can take at face value Mehserle's assertions that he meant to use his Taser rather than his gun. After all, to believe otherwise would be to ascribe some motive that Mehserle had to kill Grant - a man whom we have no evidence Mehserle had ever met before (and, no, we have no evidence that Mehserle harbored any racist leanings that might explain his actions).

If anyone thinks Mehserle got off lightly, let's just put some things into perspective: he is going to spend another year of his life in prison, having already spent the better part of a year there. He will have a felony conviction on his record, which will make him utterly unemployable in any career even remotely related to what he is trained to do (since he is a felon, he will no longer have legal access to firearms, so he can't work as a security guard, and I don't believe felons can get a private investigator's license). And then, there's all the baggage that goes along with being an ex-con - having to check the "yes" box on all of his future employment applications that ask about felony convictions. All of this because he committed an error.

That said, we can, and I believe should hold police officers to a higher standard. But at the same time, I believe at least some of the blame should be attributed squarely to where it belongs. This was, fundamentally, a failure of ergonomic engineering.

Policemen and soldiers train themselves so that in times of stress they can rely on their instincts to carry out actions quickly and without thinking about them. They need to do so in order to stay alive, given that they are in situations where they are in contact with other people bent on doing them bodily harm. They need to act in the amount of time that the rest of us would mentally say, "Oh shit!" and soil ourselves.

I'm sure Mehserle trained for hours to pull a gun, raise it up to a target and pull the trigger.

Now go back to the picture of the actual model of Taser that Mehserle carried.

I'm sure the Taser folks were thinking that if they shaped their weapon that way that they could leverage the training that the users already would have in operating similar, but more deadly weapons.

Mehserle had time for exactly one thought that night, and his brain said, "Quick! Tase him!" Everything that followed from that decision was instinct and training. He reached for and grabbed his weapon. At that instant, had his Taser training been with a weapon that had a different shaped grip, or that you operated with a thumb trigger rather than an index finger trigger, then the reptilian portion of the brain that was following along the script would have said, "wait, this doesn't feel right." And that probably would have been enough to change the outcome. But the fact that the gripping action for the Taser X-26 was the same as his service revolver didn't give him a chance to recognize his error before it was too late.

It's too bad the book has already been written about technology failures like this. The story of Johann Mehserle and Oscar Grant absolutely deserves to be written alongside those of the Bhopal disaster and the Therac 25.

Wednesday, October 27, 2010

What's Hollywood-speak for Deja vú?

Remember when SkyLine used to be Independence Day?

Or perhaps you remember when it was called War of the Worlds?

Come on, Hollywood. Please.

New MacBook Air

I've decided to trade in my old MacBook Pro for an Air. I used to think that a big screen was what I wanted, but I've had a change of heart and now light weight is key, since I'm taking it with me on the train most mornings.

For a little while I had appropriated Scarlet's (original model) Air, and it was nice, though that machine only had 2 GB of RAM and was a little sluggish. It also was a little awkward only having a single USB port that was recessed inside that little door gizmo. Basically, it didn't work with anything except a cable, for the most part.

The new Air is a worthy successor. Not only can you get it with 4 GB of RAM, but they addressed just about all of the issues the original Air had (2 USB ports, and both them and the magsafe connector are mounted on a vertical, rather than a canted surface).

As we speak, I'm writing this post on CalTrain with the new Air. With the MiFi for connectivity, it's an excellent experience. Time will tell how the battery stacks up, but I may be able to leave the power adapter at home from now on if Apple's claims are justified. And leaving that behind makes my load about a third lighter, it turns out (the power adapter weighs almost as much as the Air. The rest is my tote).

Most remarkable is that the restore media for the Air is in the form of a USB ROM drive. It's slightly longer and narrower than a postage stamp, yet it contains all of the pre-loaded software and is bootable. The first announcements of third-party replacement flash drives for the Air have come out today, so this would be how you'd get your machine back up and running after swapping the drive out. Of course, that presumes you can find one of those pesky pentacle security Torx screwdrivers to get the bottom case off (really, Apple? What's the purpose of keeping me out of my own machine?).

I haven't tried the USB SuperDrive we bought for the old Air, though I assume it works just the same way with the new one. Of course, with USB ports on both sides of the machine, you no longer are forced to keep the drive on the right, if that's not what you like.

Once again, I was struck with how easy the transition to a new mac is with the migration tool. But at the same time, I was also struck with how bloody long the process takes. And I had to do it twice, since I was migrating two machines down into one. The second time, however, I used a USB Ethernet interface and connected the Air directly to the target machine, which improved the speed (instead of using WiFi) markedly.

Monday, October 25, 2010

Why don't they stock the good stuff?

Scarlet wants a speakerphone for the van. I did some research and I found the exact right one. Which is unusual. It's the Kensington LiquidAUX Bluetooth car kit. It's the most promising product pitch I've had: It's a speakerphone that does A2DP and has an auxiliary output (instead of an FM transmitter - we went to great trouble to get an aux port for the stereo to avoid FM transmitters). It plugs into the power port (formerly known as cigarette lighter) and has a USB power outlet.

So it's wonderful. I'm sold. I want one.

So why isn't there any in any stores nearby? I swear, it's supernatural. The one thing you want to buy is the one thing nobody ever stocks.

We'll actually have to see whether it lives up to the hype or not, but we won't know for a week because I had to buy one through the internet.

Grumble.

Thursday, October 14, 2010

No more POTS wiring

Well, this evening I decided we were done with POTS wiring in the house. Everywhere CAT-5 wire goes now, it goes to a T568B jack. The whole house is thusly set up for gigabit Ethernet.

We still have a couple of uses for analog phone lines, but they don't need to go over the house wiring.

I went to Fry's and bought a wall mount set of punchdown CAT5 8P8C jacks and just punched down the whole house onto it. We have an 8 port gigabit switch in the front of the garage, and it's all lit up for gigabit now.

So... w00t.

Sunday, October 10, 2010

Are you have problems with the 3G Microcell?

So, I know I'm not the only one having a terrible experience with AT&T's 3G Microcell. If you're one of the unfortunate folks who have one of these boat anchors and it's not working, I'd suggest you join me in my campaign to spread the word.

Here's a YouTube video posted by a guy in the marketing department of Cisco, the folks who built the Microcell for AT&T.

Here's a YouTube video posted by AT&T demonstrating the setup procedure for the Microcell.

Go leave a comment on these videos. Tell them your Microcell story of pain. Maybe if enough people do this we can shame them into some kind of public response.

Thursday, October 7, 2010

It's official, the 3G Microcell sucks

It's been 6 months now. It's time to take it to the streets.

Sunday, September 19, 2010

NFL Red Zone

We've just recently switched to Comcast from DirecTV. Having done so, I've gotten my first taste of the NFL Red Zone channel. I'm not sure if it's an introductory thing (and will be turned off at some point), or if it's something that comes with the package I've signed up for. All I know is that on DirecTV, you had to pay for the NFL Sunday Ticket package ($300 a year) to get it.

It's the ultimate in short-attention-span football coverage. They put up whatever game happens to have a team in the best scoring position at that moment. No commercials, no bullshit.

It's a wonderful alternative to being stuck watching nothing but the Raiders or 49ers most Sundays around here.

Update It turns out it was a free preview for this weekend. Bummer.

Wednesday, September 8, 2010

VTA, CalTrain and Clipper, part 2

I heard back from VTA.

Clipper will not be accepted on VTA before Spring of 2011.

So in the meantime, everyone who is a monthly pass holder on Caltrain starting in October is going to get screwed out of their local fare credit on VTA.

Ausgezeichtnet!

Never mind that I have yet to ride on a VTA bus that doesn't have a clipper terminal at the front covered in a garbage bag.

Really now. How much training does it really take for the driver to recognize the correct form of "beep" noise when a card gets tagged? Yes, I understand that for VTA to actually switch over in a big way to Clipper is going to be a much bigger deal than that. But how about a fucking baby step? How about turning on the terminals that are already installed?

Damnit, why must it always be that government employees forget who they really work for?

Tuesday, September 7, 2010

pyTivoX... FTW!!!

So we have a TiVo Premiere in the living room connected up to our TV. Since we have only the one DVR now, our TV in the bedroom would ostensibly be useless, so I moved the mac mini from the living room in there. We can use iTivo to watch shows on it.

But that means that we now have no way of watching dvds in the living room, since the mini was the only DVD drive out there.

Turns out, there's a good solution.

PyTiVoX is a program that acts as a server that does the opposite of TiVoToGo - a sort of TiVoComeFrom, as it were. It will take a directory full of video files and put up a server that looks just like a TiVo. If you ask a real TiVo to transfer a file, it will convert it to MPEG2/AC3 on the fly and transfer it over. Alternatively, if you have a TiVoHD or Premiere, you can stream the stuff instead of transferring it (it shows up in the Showcases menu rather than in Now Playing).

So you can rip a DVD with Handbrake, toss the resulting video file into a pyTivoX share directory and then watch it on the TiVo. It takes a little extra time for Handbrake to do its work, but even with that, it's a good solution.

The only pity is that it doesn't work for DRMed content you can't break, such as iTunes video purchases or amazon movies or the like. But as long as they keep either making DVDs or making the stuff available on Netflix watch now, I'll be happy.

Saturday, September 4, 2010

Watch for fraudsters!

We had a yard sale this afternoon, and a fellow came up and bought a pile of DSL equipment. He asked us if we could break a $100. We said 'sure' and I went inside (we keep most of the money inside) to make change.

I came back out with 5 $20s and we did the transaction, him taking the modems and his change.

My wife Scarlet, said just after he left, "Check that bill." She just had a feeling.

Sure enough, the watermark on the bill was the one for a $5 (it wasn't Ben Franklin, like the other $100 bills we got today). I ran after him and confronted him about it and we reversed the whole transaction (yes, the $20s he gave back were legit).

Beware!

Thursday, September 2, 2010

Lies, damn lies and marketing

I cancelled our DirecTV service this evening after being a customer for more than 15 years.

As is always the case, my cancellation was handled by the "save" department. This is the bunch of phone reps whose job it is to do whatever it takes to prevent you from canceling your service. Every subscription service oriented company has them. Some are more pernicious than others. It should be no surprise at all that companies are working harder than ever to make their web sites handle every possible customer need conceivable.

Except that one.

No, AOL never had a "cancel my service" button. Neither did XM.

Netflix, to their credit, does. And they don't hide it. It's the third link down from the top of the page on the "Your account" screen. They ask you why you're leaving, but otherwise they don't make a fuss. Even if I didn't have them on my resume, I'd admire that attitude.

The DirecTV guy I had on the phone tried to drag Comcast through the mud in a couple of ways - comparing the customer satisfaction ratings of the two companies. He even said, and I am quoting him directly here, "Did you know Comcast has no HD?"

After a moment of stunned silence, I told him I was looking at an HD picture as we speak. He then said, "no, that's 720p. Comcast has no true HD."

Oh. My. God.

Let's look at the situation here.

Comcast's goal is to deliver as much video as they can with as little bandwidth as possible. Ironically, that's also DirecTV's goal - a goal that DirecTV has achieved by switching over to MPEG4 as their main HD codec, which raises the cost of their receivers. But never mind that for now.

720p and 1080i actually take about the same amount of bandwidth. So if you were of the mistaken opinion that 720p was somehow not "true" HD (which it is, by the way.480i is SD, 480p is ED and anything above that is HD), what benefit would it be for Comcast to somehow transcode all 1080i programming to 720p?

No. 720p and 1080i are equal alternatives. 720p is good for high action programming, like sports, and 1080i is better for mostly static programming. But there's never any need or justification for anyone to spend the money to convert one to the other.

Far more likely that that DirecTV rep was lying. Go figure.

The one disappointment I am left with in this whole thing is that we somehow wound up with one of our DVRs being leased. We had an HR21 die on us and it was replaced, and we didn't own the replacement. Go figure that out. So they're going to ship is an empty box to mail it back. Whatever. Even without that, we should wind up getting about half of what we paid for the TiVo out of our old DirecTV gear on eBay.

And with TiVo, we get TiVo to go, so we can liberate our programming from the confines of what The Man says we can do with it. And that, more than anything, is what pissed me off about DirecTV. They went so far out of their way to lock down their programming that they made their service unusable, and/or used that draconian lock to squeeze extra nickels out of us.

No thanks.

The new Apple TV

Oh, Steve, you could have really revolutionized the living room if you'd just have tried a little bit harder.

Where is the iTunes app store for the Apple TV?

Yes, fine, you added Netflix streaming. But what about Pandora? What about XM/Sirius? What about Hulu? What about all of the other streaming media sources on the Internet that want to get onto the TV?

Maybe that's what AirPlay will wind up being. If AirPlay is an API feature that will be available universally to all app store developers, then the AppleTV will wind up being nothing more than a remote display for iOS. That would be ok, I suppose, but if AirPlay is limited to the iPod app, then, again, it's the same opportunity lost.

I see from the AirPlay page that they're going to make AirPlay available to third parties. Please, TiVo, please add AirPlay receiving. Please.

TiVo + Comcast begins

DirecTV is fired.

The TiVo Premiere arrived Tuesday night and Comcast came yesterday.

We'd been using DirecTV for 15+ years, so when we moved into our house we never hooked up the cable. A month or so later comcast physically disconnected our cable and left it dangling in the wind. So when we called them up for new service, I assumed they might need to cut off the last few inches of that cable, put a new connector on it and plug it in.

I was a little surprised that the tech instead actually replaced the entire drop. But he did a solid, professional job, and he arrived on time in the middle of the two hour window. All in all, I now have as high an opinion of Comcast's field service techs as I do of PacBell/SBC/AT&T.

Installing the CableCard took way too long and was way too much trouble, but this may simply be a self fulfilling prophecy. We stuck the card in and he made a phone call to give two series of numbers to the mothership. That done, the TiVo went into a mode where it was trying to acquire the channel list. That went on for too long, so we started doing stuff. What finally worked was repeating guided setup. Either doing that fixed... something... or it simply took so long to do that in the meantime the card got whatever it needed from the mothership and turned on. The problem is that both I and the tech had heard so many horror stories about TiVos and CableCards that we expected the worst from the start.

The biggest problem we face right now is that the TiVo has four copies of our local stations. Not kidding. We have our antenna plugged into the TiVo along with Comcast so that we can get some of the out-of-market stations that come in for us. So, for example, for KTVU, we get it on 2-1 (antenna), plus a copy of the signal on the analog portion of the cable, an SD digital channel and an HD digital cable channel. This is ok, except that I caught the TiVo taping a suggestion from the analog cable channel! Bad TiVo! If you're going to tape a suggestion, at LEAST tape an HD version if it's available (or at least include some sort of option to let me pick which to prefer)! So now I need to go through the channel list in the TiVo and remove all of the SD versions of channels for which we get an HD version.

The only other complaint I have about the TiVo is that it refuses to use the 1TB eSATA hard disk I plugged into it. Instead, they insist that I buy a particular one. Grumble. I can only assume that they've run into support issues and have taken this extra step to cut down on the number of support calls they get related to low quality eSATA drives. Fortunately, the eSATA drive they want you to use doesn't cost more than the same drive does otherwise - that is, they're not charging a premium for it being TiVo compatible. I'm probably not going to go out and get one, however, since the whole idea behind having a TiVo is being able to offload the shows from it onto the computers using iTiVo.

Monday, August 30, 2010

Hypocrites amuse me

Saw a guy getting ready to board the train this morning. His bike had a sticker on it that said "People powered - no oil (wars) required."

Uh huh.

What do you think they use to fill the tank of that locomotive at the front of the train you're about to board? Last I heard, CalTrain hasn't switched to biodiesel.

And even if he were so principled that he decided he would bike all the way to where he was going... Did they use canola oil to grease the chain on that bike?

You want to say that you're taking the train to cut down on our dependence on foreign oil, that's fine. Me? I take the train because I can sit here and blog or watch a movie or whatever instead of having to deal with traffic.

But it's ludicrous to self-righteously claim to be opting completely out of our petroleum-diven lifestyle. Even more so when you do it while boarding a train.

Sunday, August 29, 2010

Power Supplies - The latest irritating technology stumbling block

For the third time in a week, an electronic gizmo in our house has failed in the same way: its low-bid Chinese wall-wart power supply has failed.

A power supply simply needs to take household power and turn it (usually) into either 12 volts or 5 volts DC with somewhere between 500 and, oh, say, 2000 mA of current.

This is a problem that has been solved for well over 50 years now. It's not complicated. It really, really isn't. Even if you throw in the safety requirements of UL it shouldn't cost more than a couple of dollars (when you're talking about buying in bulk). Of course, for the consumer to go out and buy a replacement, it's more like $10-$20 every time one of these damn things blows out. And they seem to last about 2 years.

Really?

Have we become that disposable a society?

The big problem is that when a device dies, the majority of consumers aren't going to be equipped or technically savvy to diagnose the problem and realize that simply replacing the wall-wart is enough. No, they'll run out to the store and buy a new device. And guess what it'll come with!

So I'll start off the hall of shame right now. Here are the devices that I've had to replace the power supply well, well prior to the end of the device's useful life:

HDHomeRun - This is now actually the second time in about 5 years that the wall wart has died. The first time, Silicon Dust had a recall program and replaced it at no cost. Apparently, they replaced it with one that was just as shitty. UPDATE: Silicon Dust says that they switched vendors a couple years ago, and that the first replacement was sent before they did so. They are going to replace the power supply free of charge, and this time using the new vendor's supply that has not been quite so problematic.

Roku - The wall wart for the Netflix player died on us this week. According to the searching I've done, this is something fairly frequent. Roku's FAQ has suggestions for diagnosing power supply failure, and their store has a replacement supply for $10 - both of which suggest that this issue has come up frequently enough for them to prepare a response.

Apple - I bought an AirPort Express from my nephew. It tested fine at his apartment, but when I plugged it in at home, it had failed. And, again, the Internet is alive with reports of these dying and suggested repair strategies. This is a much worse failure, because the power supply is internal to the unit, and it is impossible to non-destructively open the case.

TrendNet - I bought two Gigabit Ethernet switches at Fry's. Both of them experienced power supply failure within a year of purchase.

All of these companies should be ashamed of themselves. There's just no excuse for selling a device with a power supply that doesn't outlive the device by a factor of at least 5.

Thursday, August 26, 2010

Key Wrapping with HSMs

Using PKCS11 with JCE means that you can use HSMs to house your private keys, which protects them from theft or misappropriation. And that's a very good thing.

With JCE, you use instances of subclasses of Key to perform cryptographic operations. Keys can be PublicKey, PrivateKey or SecretKey objects. SecretKey objects represent keys to use with a symmetric algorithm, like AES. PublicKey and PrivateKey objects comprise a key pair used for asymmetric algorithms, like RSA.

What PKCS11 does is replace SecretKey and PrivateKey objects with sham objects that represent index numbers into the HSM. When you ask JCE to perform a cryptographic operation with those keys, it instead actually delegates the task to the HSM. The HSM will look up the keys, use them internally, and return the result to you. When done that way, the secret material never leaves the HSM.

But what happens when you have to manage potentially thousands of keys? That's too many to store in the limited storage space of an HSM, and having the HSM root through its storage to find the key you want isn't what it was designed best to do.

No, instead you should use a database to store all of the keys. But the problem is that the database isn't cryptographically protected the same way an HSM is.

The solution is in the Cipher class wrap() and unwrap() methods.

What you do is you establish a SecretKey in your HSM. Give it an alias of "WrappingKey" or something of that sort. If you ask your HSM to generate such a key internally, then it will never be allowed to leave the HSM. That's a good thing. You then generate whatever keys you need and use the Cipher wrap() method to turn the private key material into an encrypted byte array. You can write that byte array to the database with confidence, since there's no use you can make of that byte array without the secret key that was used to encrypt it, which is safely encased in the HSM.

Now what if you want to use it?

You fetch the bytes from the database again and use the same Cipher object to unwrap the key. What you'll get is a PrivateKey. But as we've seen, PrivateKeys that you get from an HSM are just sham objects. You don't actually get to see that PrivateKey - it is merely a reference to the key in the HSM. You then can use the HSM to perform whatever crypto operation you need to do on that key. The HSM doesn't permanently store the unwrapped key - as soon as the sham object gets dereferenced, the PKCS11 module will tell the HSM to throw it away. But done in this way, the unencrypted form of the private key never leaves the HSM, nor does the encryption key that wraps and unwraps it. Your database can be used to keep track of the potentially millions of private keys you need to keep track of, but no human eyes will ever get to see even one of them.

Think ahead, people!

Folks, really now.

If you're in a line for a ticket machine, and there are people behind you, you should take the opportunity you have while waiting to go digging through the Bag of Holding you call a purse to pull out your credit card and have it handy for when you get to the front of the line.

I mean, it can't be a surprise that you're going to use it. Yes, I can see that if you're unfamiliar with the machine, you won't know exactly when or how it will demand your card or cash, but what else is it going to do? Ask for a retinal scan or a DNA sample?

Wednesday, August 25, 2010

Safety reminder

While I was waiting for the train this morning, I observed a situation which could easily have resulted in someone being killed.

The Northbound #231 train was approaching the Santa Clara station. Because of its design, passengers for Northbound trains must cross the Southbound track in order to board the train. To mitigate this, Caltrain has a "hold-out" rule that forbids more than one train from passing through the station at one time, plus they tell the passengers to always wait on the far platform until the train they intend to board has arrived.

There is a southbound express train that rolls through Santa Clara shortly before the 231 is scheduled to arrive. This morning, it was running late.

So looking to the right from the platform, everyone could plainly see the 231 train approaching to arrival. If you didn't also look to the left, you would not, however, have seen that Southbound express also approaching.

Now, only one train can come through at a time, so the two trains get on the radio and decide who's going to go first. This morning, the 231 decided they would hold-out, probably because the other train was late and wasn't going to stop in any event.

So if you weren't careful, you'd have looked to the right, seen the 231 train approaching, not noticed it was actually stopping short of the station. You then might have stepped onto the Southbound track to cross over to the other platform and disappeared in a puff of pink fog as the Southbound express roared through at 79 mi/hr.

Now, to be fair, CalTrain is actually as we speak retrofitting the station with a tunnel so that no passenger will ever need to set foot on an active railroad track ever again. And 6 or so months from now when they're done, that'll be a good thing. And the construction has actually improved the sight-lines to the North, which is the predominant danger.

But in the meantime, if you use that station, please, please be careful. The rest of us don't need to have our morning commute fouled up by having to wait for the coroner to mop you up. I get to make that joke, because it nearly happened to me.

Tuesday, August 24, 2010

On grey water duming

Environmentalists are often amusing in the contradictory positions they're willing to take. The latest example is the ban on cruise ships dumping grey water within 3 miles of shore.

At first, that sounds like something that you'd sort of expect to be a bad thing. But then how do you reconcile that with cities being incentivised to use grey water for irrigating parks and other public places? If it's illegal to dump it in Monterey Bay, how ought it to be a good idea to spray it on the lawn at the local public park?

Just to be clear, grey water is not sewage (that is, toilet output). Grey water is water that has been used, but other than for septic reasons. Think water from showers. So if shower water shouldn't be dumped in the bay, then should people be allowed to swim in it?

And is making the cruise ship wait until it's 3 miles offshore significant? If it's dumping while the tide is going in, the tide will carry it right into shore.

Norman, coordinate.

VTA, CalTrain and Clipper

We're quickly running up against a situation here.

Caltrain has said that we should switch from paper monthly passes to Clipper monthly passes starting in October.

A 2+ zone CalTrain monthly pass gives you local fare credit on VTA busses and light rail. I use this every once in a while to take the #60 bus home from the Santa Clara CalTrain station.

VTA does not yet take Clipper. VTA has yet to issue any statement of any kind as to when they might. There are Clipper terminals installed on every VTA bus I have ridden on this year, so far as I can remember, but they're covered over by plastic "out of order" bags.

I'd be happy if VTA would just come out and say when they expect to remedy this situation.

Monday, August 23, 2010

Microcell report

The latest rumors about the microcell are that AT&T and Cisco are working on what sounds like a fairly major overhaul. The rumor mill is talking about a hardware upgrade, which would mean AT&T would swap out all of the units deployed so far.

That the problems that we are having with the microcell couldn't be fixed with a simple software update would be astonishing to me. From what I've read from people who have analyzed the pictures of the microcell motherboard in FCC filings, the chipsets being used certainly seem like they'd be capable of handling the workload without any trouble. The only possible problem I could imagine would be that they maybe didn't give the thing enough RAM, since the speculation is that the board is running some sort of Linux variant (specifically, BusyBox) at least at the higher levels.

A lot of the speculation has centered around the upload cap, but that doesn't quite ring true, at least for us, since the problems have always been that we got garbling on the calling party's audio, which has nothing to do with the upload data channel.

But, perhaps, the CPU gets maxed out trying to deal with audio and data at the same time. But then, wouldn't we get bidirectional garbling?

And shame on AT&T for not being more forthcoming about the problem, their plan for fixing it, and the timing of that plan. They've had plenty of time to figure out what's going on. It's one thing to sell an opaque appliance device to your customers and tell them nothing about how it works so long as it actually works. But you can't just sell a box that doesn't work and then just refuse to say anything out loud about what you're going to do.

Apple's "death touch" iPhone 4 antenna problem and the response is a stark contrast. Apple responded in less than a month with their analysis of the problem and their action plan for working around the problem. Their analysis, by their claim at least, is that the problem was/is much less widespread than has been made out, and they've said that anyone who wants one can have a free case.

AT&T, by contrast, has remained silent for months (at least) about this problem, that from all appearances is a show-stopper for huge numbers of people who have bought the device.

Oh, and they tested this thing for almost two years prior to rolling it out.

AT&T, you're making it real, real hard to stay loyal. You really are.

Tuesday, August 17, 2010

Teachable moment

In all of the fussing I've been doing over our Internet connection and the microcell lately, I came to discover that the latency on our connection had suddenly become about 40 ms, where it used to be much, much lower than that.

This happened after I had swapped out the Netopia modem/router combo for a separate Speedstream 5100 modem and a Linksys E1000 router.

I just couldn't believe that a separate PPPoE router would add that sort of latency to the connection. In trying to figure it out, I put an Ethernet switch in between the modem and router so I could conveniently connect a laptop simultaneously up to that segment to talk to the modem to get its current line quality metrics and such.

Well, long story short, over the weekend, our link not only had the high latency but started dropping 3-5% of the packets. That's enough packet loss to make the connection seem like EDGE. It was horrible.

Well, we had AT&T come out to check the line, and the technician reported that when he plugged his own laptop in, he saw the latency (as I did), but the packet loss went away.

Turns out the home-made Ethernet cable I had made to go between the modem and router was bad.

That's the one piece of equipment in the mix that I never tested and assumed was good.

Oops.

The latency, it turns out, was caused by the DSLAM putting us in interleaved mode rather than fast-path. So the tech changed that up. Our first-hop latency when the connection is not being used is now an astonishing 7 milliseconds (from quack).

So big ups to AT&T - at least the part of AT&T that runs our DSL line. The Microcell folks... well, the jury is still out...

Sunday, August 1, 2010

Apple Wireless Keyboard and Magic Trackpad - Together At Last

Why Apple didn't design this in as an option I'll never understand.

As I explained in my last post, using a Mac Mini as an HTPC hasn't been quite ideal until now. The Magic Trackpad plus the Wireless Keyboard make ideal bedfellows for the mini in the living room... If only they were joined at the hip.....



Achieving this isn't too difficult. The most desirable factor for this is that the two should be as rigidly attached as possible, yet the bond can't be permanent, since you wind up with the power button of the keyboard jammed right against the battery door of the trackpad (or vice versa if you're left-handed). So some sort of Velcro attachment is the best mechanism I could think of. The only trouble is that velcro can shift laterally to some extent. So I went with a 3M product called Dual-Lock. It's like velcro, except that it's genderless and since both sides of it are made of stiff plastic, it tends to be much better at holding still.

I found the stuff at Orchard Supply (Home Depot didn't carry it), in a two-pack of 3"x1" pieces (it's actually a 4-pack - there are four pieces, which makes two complete fasteners). I also bought an 8x10 sheet of .Lexan. I used a hacksaw to make a 6"x3" sheet and attached one strip to each end and two about a half inch apart straddling the middle. I then stuck the mating pieces on, peeled back the adhesive and stuck the keyboard and trackpad on.



So, There! I fixed it!

It's not absolute perfection. With the whole thing in your lap, you notice that there's really nowhere to rest your palms, like there would be on a real laptop. And you have to watch out that your left pinky doesn't accidentally contact the trackpad and skitter your mouse pointer off on a tangent. Also, because of the thickness of the whole thing and its proximity to the bottom of the trackpad, the rubber feet won't ever touch the desk if you set it down. This makes the mechanical buttons in the trackpad useless, unfortunately. But if you don't provide a stiff support for the bottom half of the connection, it won't be as stable as this solution allows.

Friday, July 30, 2010

Magic Trackpad - the missing feature

The Magic Trackpad is the product I've been waiting for Apple to release since the first Mac Mini came out lo those many moons ago.

I bought a mini almost immediately after they came out to use as an HTPC, and it's served that role very well indeed. The only drawback is that we've had to use a wireless mouse to use the thing. That's less than a couch-friendly solution. We have a table between our two chairs in the living room, but that means that if you're in the right seat, you have to mouse with your left hand. Not very convenient.

The Magic Trackpad solves all of that, since it doesn't need to sit on an actual surface in order to work (unless you want to actually make the internal button click - then you must push the pad downwards on its feet. But the trackpad can work just fine without ever having to be clicked physically).

But now the only problem is that the trackpad is a separate unit from the keyboard.

If you set the trackpad next to the Apple Bluetooth Keyboard, it's obvious that they were designed to sit next to each other. It's only natural that you'd want to actually attach them together so that you could pass them back and forth on the couch as a single unit.

So why didn't Apple include some sort of mechanism to do exactly that?

There are some objections that need to be overcome. First, when the two are side by side, the battery door of one of them will sit right on the power button of the other one. So the two would need to be able to be routinely separated in case you needed to push the power button and to change the batteries.

So duct tape and rulers aren't going to be a 100% solution.

No, this is going to require some sort of rail and groove setup to allow the trackpad to slide into place, yet still be able to be slid off to change the batteries.

I look forward to multiple postings on There, I Fixed It covering this topic.

Friday, July 23, 2010

Microcell: Light at the end of the tunnel

It turns out that, thanks to the 3G Microcell support forum, we might have discovered an explanation for the problems we've been having with the microcell.

If, while the phone is connected up to the microcell, you have the cellular data switched on, that can cause the audio of the call to get garbled.

To test this out, I called my parents' house several times and had them recite poetry. Those calls where the cellular data was enabled suffered periods of choppy audio, and those calls where the cellular data was turned off did not.

Furthermore, while the cellular data was turned on, I turned off wifi and ran a speed test. That, however, did not induce the problem. So it's not all data use during a call that causes this problem, but only certain data. My speculation is that it has something to do with either location services or push notification.

The workaround for now is to disable cellular data while at home connected up to the microcell. This is not really a very good workaround, however, since the steps to go turn it on and off are 3 levels deep in the Settings app, and without cellular data turned on lots of capabilities of the phone are unavailable.

Hopefully, AT&T will figure out what's going on and fix it sooner rather than later.

Friday, July 16, 2010

Microcell: You're Fired!

We've had the 3G Microcell since they became available in April, and since then we've suffered three particular symptoms that have made using the phone aggravating:

1. There's an extra third to half second of latency.

2. About every fifth call or so the calling party will, at some point, vein to sound like they're speaking in tongues. This will clear up after a few seconds, or the call will drop, one of the two.

3. Sometimes when you place a call it will just immediately say "call failed" and you have to retry.

We've had a support ticket open all that time, and it just never got any better. But the very last straw was when it started shunting incoming calls straight to voicemail without ringing.

Enough is enough. I went to Fry's and bought another YX510. With that, at least the phones work properly in the house.

I really want the unlimited calling plan from home. That plan dovetails nicely with how Scarlet and I use the phones. But the device simply doesn't work. All the more surprising given that the spent almost two years in field trials.

And, apparently I'm not alone. A lot of forum posts I see make the same complaints.

Our microcell is currently exiled at a friend's house. He says it's working ok for him, for now. We'll see. But if it does wind up being a success, then it's likely because the macro network at his house is weaker than at our house. That too would dovetail with the reports I've read. So maybe the microcell works well at filling in coverage where no coverage exists, which is arguably it's purpose, but not merely as a means to offload AT&Ts macro network (and get unlimited calls in the bargain).

Thursday, July 8, 2010

Solving electric cars

People moan about electric cars having poor range and long recharge times. Those are, basically, the two issues stopping every driver in America from having an electric car right now. Take those two issues off the table, and electric cars are superior in every way. Namely, a far superior torque curve which allows them to have a much simpler design, resulting in less weight. They're not only quiet, they're almost entirely silent (only a downside if you're a blind pedestrian), and, of course, they are emission-free (which really means that their emissions are coming from the electric power plant that's charging their batteries, but that's still better given that that plant will have much better emissions controls).

I don't have a solution to the range issue, but the time-of-charge issue can be tackled fairly straightforwardly.

Lots of devices we use on a daily basis are battery operated, and most of them take batteries that are field-replaceable consumables. It's so common to replace a pair of AA batteries in a device we don't hardly think about it anymore.

It used to be that backyard gas grills that run on propane tanks required you to take the empty tank to a propane filling station. But in the last few years, this has been replaced with propane tank swapping stations at many grocery stores and pharmacies.

By now, I think most of you can see where I'm going. Electric cars could be designed to have their battery packs quickly exchanged instead of field-recharged. You'd go to a battery exchange and swap your drained battery for a fully charged one. You'd pay for the cost of charging, plus perhaps a small amortization of the cost of replacing packs once their useful service life has elapsed.

Swapping out a battery module, if the process is properly designed, could be done in about the same amount of time as filling up a tank of petroleum distillate, and the danger of fire and explosion would be markedly reduced.

The downside is the design engineering involved in coming up with an industry standard battery pack and getting the entire industry to agree on it. Additionally, like all alternative fuel arrangements, it creates a chicken-egg problem where you won't have the fueling infrastructure in advance of the ubiquity of the vehicle and vice-versa.

Monday, June 28, 2010

What happened to our country?

I had an occasion this morning before work to visit the San Mateo County (Southern) traffic court administration building.

This is where you go if you get a ticket in San Mateo county to pay the bail, turn in paperwork, what not. This is not the courthouse. This is the place where there's a velvet-rope line leading to a bunch of bank-teller-like windows with pasty faced bureaucrats that work computers. There are, oh, I don't know, 5 windows, and the building inside is maybe 10'x20'. Relatively small. I've never seen a DMV that wasn't huge by comparison.

They had a metal detector and an X-ray machine. I had to take off my belt to go hand my paperwork to the aforementioned pasty-faced bureaucrat.

Really?

Let's say I decided that my speeding ticket was the last straw and I was going to take the bastards out. If I walked in the front door with an uzi I could hose down the whole room from right there. Hell, the metal detector makes a good aiming point, actually.

In other words, the purpose of security screening is that it takes place far enough away from the thing you're trying to protect that if any funny business goes on, it has no impact on the sensitive stuff.

And what sensitive stuff? This is not the courthouse. Even if it were the courthouse, there aren't any real judges at traffic court, just administrators. Why are they wasting everybody's time (and the taxpayers' money) protecting this stupid little shack of clerks like it was a fucking airport?

Friday, June 25, 2010

Apple store funnies

I was at the Apple store today and happened to pick up an iPad that was sitting there. When I woke it up, this is the image that greeted me:



I thought I was the only one that trolled at retail stores... :)

iPhone 4: FaceTime over 3G

So my nephew and I waited in line at the Valley Fair Apple store yesterday and got the new Jesus Phone. For the most part, it has been reviewed to death all over the web and I don't have a lot to add to what has already been written. Except for one thing.

FaceTime is the new video chat feature, and it works every bit as well as advertised. As was noted, the feature has been limited to WiFi only for the moment. This means that it won't work over 3G. This raises the question as to whether or not this limitation is an artificial one, or that maybe there are problems with it working over 3G.

Well, I am one of the few who can answer that categorically. I have a MiFi 2372 on AT&T. With it, and with my iPhone connected to it, I am still using the exact same HSUPA networking as the phone would have by itself, but the phone is "fooled" into dropping 3G restrictions.

I've made a few FaceTime calls this way now, and I can report that it works just as perfectly over 3G as it does when a pair of phones are in the same room sharing a wifi hotspot. Clearly the wifi only restriction has more to do with AT&T figuring out how to price the feature rather than any sort of technological limitation.

Unless AT&T is going to attempt some sort of equally artificial pricing for FaceTime, I'm not sure why they simply wouldn't price it like any other data. I mean, mobile-to-mobile calls (to other AT&T phones) are already free. So the mere switching of those calls over to data won't impact anyone's minute count.

I suppose AT&T may have wanted to avoid swamping their network with FaceTime activity on day one, but if that's true, then we should see the feature opened up for 3G sooner rather than later.

Wednesday, June 16, 2010

What Apple and AT&T can learn from Saudi Arabia

I've never been to Saudi Arabia, but if I ever go, there's one thing in particular that would be interesting to see on my way in and out.

Saudi Arabia, in particular, is the country where Mecca is located. Mecca is the site of a shrine that is the center of the universe for the Muslim faith. Muslims are instructed, once in their lifetime, to go on the Hajj, which is a pilgrimage to Mecca. There is a Hajj season every year, during which Saudi Arabia hosts millions of pilgrims who trace the Hajj route and do whatever it is that they do. I apologize to Muslims for any and all details I might be missing or getting wrong.

The King Abduliaziz airport in Jeddah is where a lot of these pilgrims first step foot in the Kingdom. And to accommodate them, they built a special Hajj terminal at the airport capable of handling 80,000 passengers at once. This terminal is entirely separate from the ordinary terminal, and travelers bound to and from Jeddah for business other than the Hajj presumably use the other terminals to conduct their business likely with little or no impact from the crowds of pilgrims beginning their pilgrimage.

Meanwhile, here in the U.S., another year has brought us another annual pilgrimage of a different sort, as Apple released a new version of the iPhone. And even though they've run out of the phones and delivery estimates are now well past mid July, AT&T's website has still not fully recovered.

I got a replacement 3G Microcell this evening from them in the hopes that it might fix the problems we've been experiencing. Whether it will or not remains a mystery, since I need to get on AT&T's website to swap out the serial number. But I can't. Because the hordes of iPhone customers are preventing any other business on the AT&T wireless website.

Ausgezeichnet!

So now I am going to spend all night long pressing "reload" on 10 windows on AT&T's website until one goes through.

Tuesday, June 15, 2010

Note to Steve

Hey Steve, how's this for a "Think Different" idea:

Next time you set a pre-order date for something everybody in the goddamn world is going to want, you set it up so that for the first 24 hours the website just logs all of the order details and then processes them offline?

P.s. Isn't it just a little embarrassing when https://buyiphone.apple.com/WebObjects/IPACustomer.woa/wa/error (which is the FAIL page) can't be loaded because the server is too busy?

Wednesday, June 9, 2010

Mythbusters - myth... exaggerated?

Mythbusters just aired an episode that included the myth that a sneeze goes 100 mi/hr and can travel 30 feet. The experimental results: just under 40 mi/hr and a maximum of 17 feet. They called it "busted."

So yes, at a literal level, they got somewhere around 50% of what the myth says, and 50% ain't 100%, so yes. But I think the literal numbers as stated in the myth are much less important than the message of the myth, which is that a sneeze goes faster and further than you probably expect. 17 feet is across a whole room, after all. A waiter sneezing in the corner of a restaurant could conceivably hit every diner in the place.

And this isn't the first time a myth had such a result. So I think I'd call this myth exaggerated rather than busted. I think if a sneeze went 10 mi/hr and only went 5 feet you'd be able to say it's definitely busted. But in this case, I think busted is just too harsh.

Monday, June 7, 2010

iPhone 4 and Arthur C. Clark

The story line in 2001: A Space Odyssey contains a moment where mankind discovers a large magnetic anomaly on the moon. This anomaly is centered on a large object that had been deliberately buried millions of years in the past. When the sun strikes the monolith, for the first time in ages, it suddenly transmits an intense radio signal. The monolith was a solar powered alarm, designed to notify its inventors when (if) the inhabitants of the Earth gained the technological ability and intellectual curiosity to find the device and dig it up.

In the story, the monolith, and the others that appear, all share the same physical description, though with varying sizes. All of them are featureless, black and have sides whose dimensions form a ratio of 1:4:9 - the squares of the first three integers.

A few posts ago, I ruminated on the iPad and how it was very similar to the pad-looking thing that Bowman and Poole watched TV on aboard the Discovery.

Now that we've all gotten a good look at the iPhone 4, I'm struck by how it too bears similarity to something in the movie - in this case, the monolith itself.

It's only a superficial similarity. The dimensions of the phone are not really 1x4x9. In fact, the phone is slightly too thin compared to the monolith. At it's 4.5 inch height, it should be half an inch thick instead of 0.37 inches. And at 2.31 inches wide it is slightly wider than the 2 inches that would make it like the monolith. That's leaving aside the stainless steel strip running around the thin edge full of buttons and ports, and the big home button on the front.

Still, I think anyone who is a fan of the movie who gets an iPhone 4 should for sure get a black one...

Saturday, June 5, 2010

AT&T Microcell - work in progress

It's been a while now, and I have to admit that the Microcell has not gone as well as I would like.

You'll recall that the idea was that we could get rid of Vonage by going with the unlimited Microcell calling. By doing that, we could change the $25 we spend on the Vonage line into the $20 for the Microcell plan.

It turns out, that the potential savings is even better - we've already been able to down-shift our cell plan from the 700 minute to the 550 minute plan, saving us another $10. It turns out that between us, we only make about 200 minutes of calls per month that aren't to each other or from home.

But unfortunately, the microcell isn't yet functioning well enough to make me comfortable with shutting off Vonage.

1. Every once in a while you attempt to place a call and it just fails immediately. So you have to redial a couple times before it works.

2. Every, I'd say, 3rd or 4th phone call includes periods of time when the calling party sounds all garbled. You can recognize who they are, but it's as if they're speaking in tongues.

3. The microcell, even when it's working, introduces a good quarter second or so of latency. Much more than Vonage, and enough to cause conversational collisions that are awkward.

I've been in more or less weekly contact with an AT&T engineer for about the last month now. They're earnest and nice, but they're not really telling me that they've figured out what the problem is and how to make it better.

Now, let me just spend a moment to explain to anyone who might suggest that our Internet connection might have any impact on how well (or not) this gizmo is working: The Microcell's internet connectivity is truly the best possible scenario possible in a residential setting. Really. I'm not exaggerating in the slightest. We have AT&T's best DSL offering - 6M/768K (yes, there are higher bandwidth connections you can get, but their latency and jitter are not as good. And once you have more than about 64 kbps in bandwidth in each direction, the needs of a VoIP connection are met anyway). I've programmed our DSL router to use traffic shaping to give ports 1 and 2 priority over ports 3 and 4. Ports 1 and 2 have the Microcell and Vonage boxes plugged in, and 3 and 4 have quack.kfu.com and our Airport Extreme. If I create a very large uplink load, like a speed test, I can observe the latency on ports 3 and 4 rise into the hundreds of msec, but the latency on ports 1 and 2 only go up by 10 msec or so. So the traffic shaping is working. In addition, we have a block of static IP addresses, and both the vonage box and the Microcell have public IPs without any sort of firewall in front of them. There really cannot possibly be any better scenario unless you plugged in a Microcell in at a datacenter.

And I'm not alone, apparently. These same symptoms have been spoken of by other folks out there on the Internet and in AT&T's own customer forum.

This is the problem with being an early adopter - one winds up effectively being a guinea pig. It was like this with the DirecTV DVRs too - it took them almost a year before they were reasonably usable - and we weren't even the first folks to get them.

I am still holding out hope that they might fix it. Of course, hoping is all I can really do.

Wednesday, May 26, 2010

Recruiters... ARGH!!!

What's the difference between a recruiter and a telemarketer? Apparently nothing.

About once a week I get a call from a recruiter (at my desk) asking if we're hiring. They know I am a software engineer, which rather implies that I'm not a hiring manager, and yet it's me they call. It's fairly obvious that they're doing it because they want to try and end-run around the standard procedure. Because they're special. Like everybody else.

Now, I don't want to tar all recruiters with the same brush. I've worked with ethical, responsible recruiters. One, in fact, got me my current job. Not so coincidently, I've never heard from my fellow engineers that they've gotten phone calls from them.

I don't know if I'm ever going to be in a position to hire anyone. But if I am, I'm going to put a bounty on cold-call recruiters. I'll tell my reports that if any of them gets a call from a recruiter, they'll get a cookie. Two if it's a recruiter trying to poach talent. I'll get all of the info and put that recruiter and their organization on a blacklist.

Networking pi(e)

This is a speed test through the MiFi I did while waiting for the train home at Redwood City:



Tee hee.

Friday, May 21, 2010

This is how you lose a loyal customer

For about 4 months now, we've been enjoying the multi-room viewing beta with our DirecTV DVRs. This morning, it was summarily turned off. I went to the DirecTV website and discovered that they now want to charge $3/mo for it.

Offense number one: nickel-and-diming your customers.

Fine. I clicked on the button to activate it. The response? "Sorry, your account is ineligible. Please call yadda yadda." So I call, and get someone who says we need to change our plan or something. So we have free Showtime and Starz for 3 months..... but we must remember to call them back and turn it off or they'll start charging for it. Grumble.

Offense number two: sneaky customer lock-in "special offers."

After 20 minutes on hold, I got to the right person... who said that this feature was no longer available on the model of DVR we have. Instead, I would need to upgrade to the latest one.

Offense number three: Oh, there's just too many to count.

I've had it.

I've been a loyal DirecTV customer for 15 years now. First, they gave us substandard TiVos and didn't keep up with the new features. Then they replaced them with their own DVRs that we effectively had to beta test for them. Then, when they finally catch up with features that TiVo has had for years now, they shit on us and call it pudding.

We're going to save up for TiVos, and we'll be switching to Comcast. The really sad part is that I don't expect that they'll shit on us any less. But at least with real TiVos they'll have one less avenue with which they can do it.

Data cards and SMS

This is sort of interesting. I got a 3G data modem back at the end of last year. These devices have phone numbers, though they can't make or receive traditional voice calls. They can, however, send and receive SMS messages. I don't have any use for this, so I've ignored it, but last month a text message from the Philippines, of all places, showed up. I called up AT&T and they took it off the bill (it was 42¢ for one text!) and opted-out of SMS. And that was the end of it.

Last night, just as an experiment, I loaded up the Novatel Mobilink software to use the modem in the USB mode on a Windows XP virtual machine, just to see how it would work. And after some fiddling, I did get it working.

The interesting part is that in the Mobilink UI, there was a little mailbox icon. Clicking on that took me to an SMS management UI, which showed not one but 5 text messages waiting. The other four were free texts from AT&T warning me that in January and April I was approaching, and then exceeded the usage limit of my plan (back then I was on the 200 MB/mo plan).

The interesting part is that I didn't have the MiFi back then. That means that incoming SMS messages must either be stored in the network somewhere or on the SIM.

It's sort of too bad that the MiFi can't share the unlimited text messaging we have on our two iPhones. Alas, to properly make use of it, Novatel would need to add SMS support either into the MiFi SDK (so that you could write an app or a widget to use it), or - better yet - into the MiFi's web UI (preferably behind the admin password somewhere).

Thursday, May 20, 2010

3G speed testing - HSUPA

The big difference between an iPhone and the MiFi - or any other AT&T data device, for that matter - is a protocol called HSUPA. In a nutshell, HSUPA means fast uplink bandwidth. It's counterpart is HSDPA, which gives fast downloads. The iPhone has HSDPA, but lacks HSUPA. If I perform a speed test with the iPhone over 3G, then connect the iPhone up to the MiFi and repeat the exact same test, the result is that the download speed is the same for both. But in the upload direction, the difference is marked. Usually the MiFi can get an upload bandwidth of about 1-2 MB/sec, but the best I've been able to see on the iPhone is about 256 kB/sec.

Interestingly, when operating over the microcell, the uplink bandwidth is further constricted - you can only get about 64 kB/sec. That's a small enough uplink channel that it starts impinging on the acknowledgements on the downlink side, limiting how much bandwidth you can really get in that direction. But, of course, if you're near the microcell, you're within WiFi coverage anyway.

I've been taking my laptop to work and using the MiFi while on the train. It works well, but there is one AT&T dead spot between the San Antonio and California Ave stations that is troublesome. I don't particularly take this, as many would, as evidence of systemic deficiency in AT&T's network. In my view, all of the cell networks suck. They all have dead spots and none of them are in a giant hurry to fix them, it seems. But every time the phone or data card drops out, I faithfully use the "Mark the Spot" app to tell them. For what that's worth.

Saturday, May 15, 2010

GPS stupidity

I had to go pick up my nephew at the MacArthur BART station today. I was in Oakland, but I didn't know exactly how to get there. So I asked the TomTom iPhone app to get me there. Now, the MacArthur BART station is located in the middle of highway 24, between the Northbound and Southbound lanes just north of I-580. That freeway is elevated, so access to the station is from ground level, underneath the freeway. Well, TomTom routed me directly past it on highway 24 and then announced "you have arrived at your destination!"

Note to the TomTom folks: "arriving" someplace doesn't count when you shoot past it at 70 mi/hr.

Friday, May 14, 2010

Astound your friends!

I'll pick a number (an integer, to be specific) between 0 and 255. You can ask me 8 yes-or-no questions, and then you should be able to tell me which number I picked.

Solution below (highlight with your mouse):


First question: "Is the number greater than or equal to 128?"
Second question: "Is the number greater than or equal to either 192 (if question 1's answer was "yes") or 64 (if question 1's answer was "no")?

And so on. Each question give you an opportunity to throw away half of the remaining field. Dividing by two progressively, you start with 256, then 128, 64, 32, 16, 8, 4, 2 and then 1.

Actually, the last question can be "Is the number odd?" since at that point you'll have narrowed the field to two adjacent numbers.

Note also that if you write down the answers with "yes" being a 1 and "no" being a 0, from left to right, you'll have written down the number in binary.

This works for any number range. The number of questions required is the log2 of the size of the range rounded up to the next highest whole number.

Anyone whoever gets the "clock" game on TPiR should be able to nail each prize in about 10 seconds. Start at 1000. If higher, go to 2000. Cut the range in half each guess until you get inside of a $10 range, then just roll through all 10 remaining prices starting at $xx9 and counting down. Let's say a prize is $667. $1000, $500, $750, $650 (not half way, but easier under pressure), $700 (again, a compromise), $675, $660, $670, $669, $668, $667. Boom.


Friday, May 7, 2010

Progress...

1990:

1 GB SCSI hard disk
$1000
5.25" full-height form factor
2+ lbs

2010:

4 GB microSD card
$12
15x11x1 mm
about 1 gram

Thursday, May 6, 2010

Whoosh!

I'm not a big fan of the iPad, but even I can see that whoever designed this device absolutely missed the point.

Sunday, May 2, 2010

Bluetooth for the car

When I bought my car, I had them install the iPod integration (it was a dealer-installed option). Well, it turns out that the stupid thing emulates a CD changer, so you get no track names, you only get forward-back control, it can only deal with 6 playlists... It was substandard in every way imaginable.

Meanwhile, I was pretty happy with XM anyway. But XM is really expensive, and it's been annoying in various ways lately, so it's time for a change.

Well, I've discovered Pandora. The Pandora app works far, far better than the XM streaming app (which they charge $3 extra per month for), and has the advantage that if you don't like the song playing you can thumb it down and move to the next one immediately.

So, XM is fired.

Now, how to get Pandora everywhere I want...

Well, for the alarm clock, it's pretty easy. Just use osascript to launch the URL of the channel displayed on the channel's page. But it is a little silly using a laptop as an alarm clock. But it turns out that the Chumby supports Pandora, and it's an alarm clock. Done.

Next, the car. Well, I took my car to the local car stereo place and got them to change out the iPod integration gizmo for one that has a aux input jack. It turns out that the new gizmo also emulates a CD changer, so it's really not any better than it used to be, but with the aux input, and a Bluetooth A2DP receiver, it doesn't really matter.

For this application, the best A2DP receiver is actually the Belkin Bluetooth Music Receiver. It's a good choice because it doesn't require any button pushes to turn on. As long as it is powered from the accessory bus of the car, there's nothing to do to get it working other than tell the phone to connect to it. Finally, this device supports A2DP only - it doesn't support the handsfree or headset profile, so in principle, you can still use a headset to take any phone calls that come in while still listening to music through the car.

The only problem now is that the Belkin device is designed for home audio. So it comes with a AC power supply. Even if it had a car cord available, plugging that into the power port in the dash would be ugly. I had the car stereo folks wire in a set of Anderson PowerPole connectors in the glove box where the new Aux input plug was. So now, I just needed to go from 12 volts to 5 with the tiny coaxial power connector that mates with the jack on the device.

Radio Shack actually came through for me. The had the correct connector set up to mate with a universal power supply jack, and the related universal power supply jack on the end of a pigtail, ready to be wired to your own power supply! They also had an LM7805 5 volt regulator, and I also bought a small electrolytic capacitor to put on the input to smooth the power.

To house the whole thing, I bought a small tin of Altoids, cut a couple of slots in each end for the power input and output wires (using some electrical tape as a makeshift grommet), and a hole in the bottom to screw down the regulator (making the whole tin into a heatsink). I soldered all of the leads together and closed the tin on the wires (with knots tied in them as a strain relief) and taped it shut with electrical tape. After verifying that it worked on the bench, I installed it in the glove box. With everything hooked up, turning the volume on the stereo almost all the way up results in a little bit of alternator whine and some other distortion, but playing music at that volume would be way, way too loud. At normal volume levels, you can't hear anything bad.

MiFi status dashboard widget

I've created my first Dashboard Widget. It's a MiFi signal strength / battery state widget. Whenever the mac is connected to the MiFi, this widget will display the signal strength and battery state. It's marginally easier than opening up a web browser.

I'm not a graphics wizard. All of the graphics in here I stole off the net using Google. Mea culpa.

You can download the widget here. Just unzip it and double click to install.

Enjoy!

Saturday, May 1, 2010

MiFi 2372.... FTW!

While the old portable hotspot solution I had was nice, it wasn't very portable. The idea of taking that rig with me on the train just wasn't going to be an option. So when I heard that Novatel Wireless had an AT&T friendly HSUPA network quad-band MiFi available, I decided to look into it.

AT&T doesn't offer the 2372. The only reason I can think of why they wouldn't is that perhaps Verizon negotiated some sort of exclusivity with Novatel. You CAN get the 2372 from either Bell Canada or Rogers... if you don't mind moving to Canada.

But that doesn't really matter. Because I already bought the Quicksilver card, I'm on a subsidized contract with AT&T anyway. Even if AT&T sold them, I'd have to buy one at full price.

So Google to the rescue. You can find places on the Internet that sell the 2372, and if you don't mind having the device airmailed to you from the Ukraine, you can get a reasonably good price.

The device itself is slightly smaller than an iPhone 3G/3GS. It has one button on the front that turns it on and off. It has a micro USB connector on the back for charging and for use with a single device without WiFi. In this mode, the device appears exactly like a standard USB 3G modem. It even can be used in Snow Leopard as a standard wireless WAN device.

There's only one problem I have had with the device so far. Its built-in DHCP server refuses to respond if you have a DHCP Client ID configured:



You have to leave the DHCP client ID space blank or you won't get an address configured. The other minor issue is that the router doesn't support uPNP or NAT-PMP, so the Back-to-my-Mac pane of the MobileMe control panel complains that it can't be reached by your other registered machines. This might mean other issues as well for apps as well if they require setting up port maps and stuff like that. Of course, IPv6 would be the perfect fix... someday.

When you're connected to the device, you can connect to http://www.mifi/ to get status on or reconfigure the device. This is also the place where you can talk to the file sharing component that serves up the files on a card in the microSD slot. I haven't tried that feature of the device, however.

Lastly, the device purports to have a GPS receiver built-in that allows you to query for location information. Unfortunately, it requires cooperation from the carrier to allow it to be turned on, and only the Sprint MiFi currently has this feature enabled.

Sunday, April 18, 2010

And away we go!

I like the FTP Steps Tournaments. I like to play Super Turbos, which are incredibly high variance. But the steps tournaments generally pay something to at least 2/3 of the field. So I bought into a total of 8 of the Step 2 tournaments ($8.30 + $0.40) over the course of today, and turned one of those buy-ins into a Step 6 ticket, which I've used to buy in to the FTOPS main event



Another one currently is a Step 5 ticket ($216).

Anyway, generally, the top two finishers advance to the next step, 3rd and 4th place tread water, 5th and 6th move down one level, and depending on the step 7th or 8th either get a boobie prize, or go down two levels or something like that. At the bottom 2 levels, the payouts start at 6th, but higher up, all you have to do is not come in dead last.

There is a 7th step. It is a $2100 buy-in tournament. 7-9 get nothing, 4-6 move down a notch, 2-3 tread water and 1st place gets a $18,000 WSOP tournament buy-in package.

UPDATE! I finished in 223rd place out of 4534, for a payout of $1500.

Playing around with microcell data

I have an AT&T Quicksilver card and the cheap, limited data plan for it. I don't use it much, but since it is a 3G device, I thought I'd play with it and the microcell, just to see how it compares to the iPhone data throughput.

To recap, the microcell, unlike the Verizon one, supports both data and voice. If you do a speed test with an iPhone (via the speedtest.net app) through the microcell (this is with the microcell hooked up to 6 MB / 768 kB DSL), you wind up getting about 2 MB down and 50 kbps up. With WiFi, it's 4.5 MB down and 610 kb up.

Data only devices, like the Quicksilver USB "card" still have phone numbers, despite the fact that they can't place or receive actual phone calls. They can send and receive SMS messages, in theory, but unless you buy an SMS messaging plan, it would be expensive, and if you're using the thing, you're on the Internet anyway. It's this phone number that you register with the microcell so that it can connect.

Sure enough, registering the device with the microcell and powercycling it (that is, removing and reinserting it into my laptop) worked. When I hooked up using the GlobeTrotter connect software, the network had changed from "AT&T" to "AT&T MicroCell".

Of course, the unlimited calling plan I have on the microcell does nothing for data. This is something I think AT&T really ought to address - if I'm using a microcell, why shouldn't I get unlimited data for free? This is why I don't normally have the card registered with the microcell - it doesn't do me any good, and frankly, I'd expect to do better just using my own wifi anyway.

And the speed tests seem to back that up. Running the speedtest on my laptop with wifi, I get 5.1 MB down and 610 kb up. This alone suggests that the phone is actually doing pretty well with its own use of wifi. The laptop has a bit of an edge over the phone given that it's got 802.11n and the phone only has g.

Well, the laptop going through the microcell has almost exactly the same results as the iPhone - 2.1 MB down and 60 kbps up.

I'm not sure why data uploads through the microcell are so heavily capped, compared to the native bandwidth available through the DSL connection.

There is a trade-off at work here - albeit only for the iPhone. If you use WiFi, it's a little faster, but if you use 3G, you get a publicly routable address - even with the microcell. For the data card, since the data counter still runs, there's much less incentive to use the Quicksilver through the microcell, however.

Sunday, April 11, 2010

3G Microcell launches in bay area proper

And, sure enough, if you put a Bay Area zip code in, the list of AT&T stores carrying the microcell is now at least twice as long as it was before, and includes stores in Fremont, Santa Clara, San Francisco... basically all over the bay area.

It's now somewhat annoying that if you put in 95050, you get listings in Hanford, Sacramento and the like when there are a half a dozen stores within a 20 mile radius. Never mind that, as has always been the case, it's incredible that one of the primary audiences for the Microcell are iPhone owners... and the whole page is one gigantic Flash app, which is useless on the phone.

Thursday, April 8, 2010

3G Microcell + PoE

I've blogged before about my attempts to get a PoE solution set up for the Microcell. The idea is that all of the network infrastructure in the garage is on a UPS, so it would be good to have the Microcell get its power that way as well. I tried making my own PoE breakout cable. It gave the appearance of working, but when the Microcell got to the point where it normally would start working, it just never came up all the way. There was no error indication on the front panel, it just wouldn't work. My guess is that somehow the transmitter caused enough voltage drop to screw it up. But I wasn't actually using the OEM power supply.

Well, long story short, I bought a passive PoE injector/splitter block off eBay, and it arrived today. Unlike my solution, it had the correct connector on it to use the OEM power supply out in the garage. I'm not sure if that made the difference, or maybe their wiring is somehow better, but it works perfectly. You can buy them here.

I didn't have much hope for the passive solution, so while I was at it, I bought a used DLink DWL-P200 PoE injector/splitter kit. Unlike the passive solution, this one is 802.3af compliant, which may give it more margin against voltage drop (since 802.3af uses a 48 volt supply voltage instead of just passing along the OEM supply's 12 volts).

UPDATE The DLink DWL-P200 arrived today, and it too works perfectly with the Microcell. My guess is that the DLink is the better solution, since it uses a higher voltage down the Ethernet wiring, with signaling between the two ends to enable the supply voltage, which offers some protection to all the devices involved. It also means that the supply voltage going to the device is better regulated than when the power supply was on the other end of 50 feet of twisted pair. The downside, of course, is that the DLink DWL-P200 is much more expensive than the passive solution. Though I was able to get a used set on eBay for cheap. Oh, and it turns out the DWL-P200 is not 802.3af compliant, since it actually pre-dates the 802.3af spec. Still, the higher voltage feeding into a low voltage regulator is likely to work better over long lines.

Tuesday, April 6, 2010

Microcell is back

4 months later, and the 3G Microcell is back.

Nothing really changed between then and now, except that now the activation web site flow doesn't reject our home address.

As I noted yesterday, punching in a Bay Area zip code gives you a list of AT&T stores in the Central Valley from Sacramento to Fresno. The rep in the store in Tracy said that they'd be available in the Bay Area for real on Sunday.

One thing I've discovered is that my "There, I fixed it" PoE cabling doesn't work. The device never starts working properly. I want to get it working with remote power supplied from the UPS in the garage, if possible, so that we won't lose our coverage during power outages. Now it looks like a real PoE solution will be required. The good news is that I got a really good deal on a used D-Link DWL P200 on eBay this morning. More on that once it arrives.

In the meantime, we're trying the great experiment once again - seeing if the combination of unlimited cell phone calls while at home, plus the Cell2Tel and our cordless phones >= Vonage. Fingers crossed.

Monday, April 5, 2010

Microcells come closer



The microcells are now available for purchase in the Central Valley. Tracy appears to be the closest store.

Gentlemen, start your engines!

Sunday, April 4, 2010

Concrete anchors - lessons learned

Scarlet bought us a 10' x 10' gazebo for the patio. It replaced our patio umbrella, and is nicer in that it's bigger, anchored down (and so, permanent), and has mosquito netting that can be zipped shut, if desired.

As for that "permanent" part of the equation, the disclaimers on the packaging actually don't imply that at all. They warn against leaving it up during extreme weather, and it comes with 6" long spikes that are intended to be driven into the ground. Well, we want to set ours up on our concrete patio, so we decided to permanently affix it with concrete anchors.

So, I've learned a thing or two having done it now.

The basic procedure is that you use a hammer drill to drill a hole in the concrete, then you hammer the bolt in and then put whatever it is you're attaching over the bolt and then tighten the nut hard so that you pull the expansion wedge through the sleeve to lock the bolt in permanently. If you ever change your mind, your only option is to cut the bolt off flush with the surface of the concrete.

So the first bit of advice I've learned is that before you start bashing away at the head of the bolt with a hammer, thread a couple of the nuts on and lock them together. This will protect the threads from the hammer and insure that you'll have no trouble threading the nuts on later. This is particularly important if you need to bash on the side of the bolts to 'adjust' them a little to line up with whatever you're trying to attach. I wound up having to cut the top 1/8 of an inch off one of the bolts with a hacksaw to get past the bit I damaged a little too much. And some of the other bolts were a little hard to thread.

Another bit of advice was that if you happen to drive one a little bit too far, don't worry too much - they are designed to pull back out a little bit as you're tightening them. Just thread the washer and nut on without the thing you're attaching and tighten. You'll get maybe 3/16 or 1/4 inch that way, which hopefully will be enough to let you thread the nut on properly with the attached object back in place.

Lastly, if you're using these things with a tensioned load, you'll want to periodically check to make sure they're still tight, since a varying tension load (like the wind acting on our gazebo) may make them pull out slightly as they wedge themselves in harder. I'll be visiting them periodically to make sure they're tight for the first few months at least.

Friday, March 26, 2010

Netflix WatchNow for Wii

We got our Netflix WatchNow disk for Wii today in the mail.

Surprisingly enough, it was in the form of an actual disk. I suspect that Netflix would have preferred to make the app available for downloading as WiiWare. But my guess is that Nintendo would have insisted on charging too much for the privilege. So a disk it is. And sure enough, you pop the disk in and select it from the "Disk channel" and fire it up.

The first time it phoned home and presumably noticed that it wasn't activated, so, like all Netflix devices, it put up an activation code and directed you to type that code into the Netflix website. It then immediately displayed the Instant queue, just like on the Roku.

The first surprise was that, though it wasn't obvious, it is possible to see other lists besides the instant queue. In fact, there are multiple lists, some genre based, others of various suggested titles... It was a nice surprise.

The navigation is fairly natural too. All in all, the whole solution is very Roku-like (as opposed to how TiVo works).