Christmas Car Break-in

Ugh. Came out this morning to my car in my driveway to go downtown and found both right-side windows rolled down. Hmmm... I didn't do that. Go around to the driver's side and both of _those_ are rolled down too. Grrr.

Fortunately, it did not rain very hard so there was little water that got in the car. And fortunately there is no visible damage and nothing was taken (there really wasn't anything to take except some pennies)

And now I find via a Google search that there are some hacks that can cause the windows to all electronically roll down with a screwdriver in or near the keyhole. Lovely. This system does not seem to require the key with the transponder chip in it to operate. Maybe someone with a valet key or some kind of master can trick the lock into rolling down the windows.

Looks like I'll be disconnecting that wiring and maybe even replacing the keyhole cover with a blank plate like on the passenger side to cover the hole entirely. Either that or leave the car unlocked for the next guy.

ABC News poll on TSA scanners misleading

So, ABC news polled 514 people by telephone to try to find out if people support the new backscatter x-ray machines. They are reporting now that people support them "2 to 1" over those opposing them. However, if you look at their sampling methodology (available on a PDF on their site), you can see that they actually skewed the question. Their whole focus was on determining support _in lieu of the privacy issues_. They did not, however, include any questions about the support if there were _risks due to radiation_ They asked questions about how informed users were about possible risks, but only generically and treated it as if it was relegated to just opinion.

Here is the question they asked that the 2-to-1 figure is based on:

"The Transportation Security Administration is increasing its use of so-called
'full-body' digital x-ray machines to screen passengers in airport security lines.
(Supporters say these machines improve the ability to spot hidden weapons and
explosives, and reduce the need for physical searches.) (Opponents say these machines
invade privacy by producing x-ray images of a passenger's naked body that security
officials can see, and don't provide enough added security to justify this.) Which
comes closer to your own view - do you support or oppose using these scanners in airport security lines? "

Here is the question they asked about health concerns:

"As far as you're aware do you think these new scanning machines may pose a health
risk, or do you think that's not a serious concern?"

As if the health risks are just some kind of matter of opinion? Why not ask a question like,

"Researchers have shown that these machines emit X-rays in high enough doses that are concentrated at skin depth and may well increase the risk of cancer (skin, testicular, etc.), which will knowingly result in harming people each year -- more than the machines might save from terrorist attacks. Given this information, do you think that their usage is justified?"

http://abcnews.go.com/Politics/abc-news-washington-post-poll-air-travel-security/story?id=12215139

Skepticblog » Get Fed Up: Report Medical Quackery to the FDA

Medical practice quackery has to be reported to the FTC, http://www.ftc.gov/ftc/contact.shtm as I just did to a chiropractor that claimed they could help with "ADHD", "Bedwetting", "PMS", "Asthma", "Ear infections", "Colic", and even "Allergies" The FTC "wizard" is a bit cumbersome, but you eventually get 3500 characters to describe your complaint after about 50 clicks.

http://skepticblog.org/2010/01/14/get-fed-up-report-medical-quackery-to-the-fda/



Update: Forgot to link to a great paper summarizing the common false claims made and a summary of the current evidence for each claim from the New Zealand Medical Journal Chiropractic claims in the English-speaking world

Google Voice Chat QoS

I've been looking for QoS pointers for Google Voice Chat. I've found that it works great on my DSL until I also am attending a web conference over Webex at the same time. Then I can still hear fine, but upstream I'm told my voice cuts in and out.

So, I figured it's time for some QoS Settings on my router.

It appears that Google Voice Chat uses HTTPS for signaling but an XMPP extension called Jingle that uses RTP over UDP for the actual call data.

I cracked open Wireshark to analyze the traffic and see communication with servers on the 74.125 network, which is owned by google (a /16).

Destination: stun.l.google.com (74.125.155.126)

So, for now, I have enabled Expedited packet status for any UDP packets going to and from that network. Will have to run another test later to see if it helped dramatically.

One troubling thing that I noticed in the packet capture is that not all of the data is protected by confidentiality protection. I suspect there _may_ be some encryption for the RTP data because Wireshark did not detect any RTP sessions. However, one packet every once in a while revealed the phone number that I was calling. So anyone on your wireless LAN or along the wire can see who you are calling. They may even be able to intercept that packet and play MITM by routing your calls through them. Who knows.

Here's a redacted version of the ascii portion of the data packet contents:

0 [email protected]

Understanding Atheists/Agnostics

Came across this quote today that is more cerebral than the quip about "We're all atheists -- I just go one god further than you"

"when you understand why you reject the gods of other religions, you'll understand why I reject yours."

Favorite new Android apps

• Call Block Unlimited:  http://www.appbrain.com/app/com.mrnumber.blocker  Highly configurable app that lets you set policies for how to handle incoming calls.  I used this when on vacation to send all calls not in my contacts list to voicemail.  Shows an alert of which calls were blocked.  Very nice and free!
• App Brain App Market:  http://www.appbrain.com/app/com.appspot.swisscodemonkeys.apps  Install this and never open the lame Google Market app again.  This does everything that the Google market should do but doesn't.
• OurGroceries:  http://www.appbrain.com/app/com.headcode.ourgroceries  This app has a lot of promise for sharing grocery list ideas between my wife and myself.  Even can input recipes and then add ingredients to store lists from those.  And allows you to check off items as you buy them so you won't miss anything.  Very sweet!
• EStrongs Task Manager:  http://www.appbrain.com/app/com.estrongs.android.taskmanager  This is a very fast task manager that has the best UI of any that I've seen so far.  I rarely use one these days but when you've got to kill a task, this is a slick one for doing the job.
• Dropbox:  http://www.appbrain.com/app/com.dropbox.android  Dropbox is about the easiest way to synchronize files from your desktop to your phone wirelessly.
• Wireless Tether For Root Users:  http://www.appbrain.com/app/android.tether  This was sooo cool.  Lets you set up your phone as a wifi access point to allow Internet access to devices nearby.  Used it this weekend and got better performance than the DSL (not saying much as this place must have been on the far end of the line from the central office)
• JuiceDefender (free):  http://www.appbrain.com/app/com.latedroid.juicedefender  I have found after lots and lots of testing that the #1 killer of battery on the HTC Hero is constant use of the APN (mobile carrier data network).  The more apps you install that synchronize data, the worse this gets.  It's not so bad if you stay in one place where you have good cell coverage.  But if you are in an area of spotty coverage, your battery life will go down the toilet.  It seems as if whenever you get even the weakest data link back, all your apps that need to synchronize data light up and overwhelm the terrible connection and pretty much do this all day long.  When at work, my battery would not last long at all (22nd floor with poor coverage) but at home it would be great.  That's how I figured it out.  I stopped using task killers since they can be worse for your battery life and use JuiceDefender.  I used to have Wi-Sync plus to do the same thing, but that has apparently been abandoned.  

Rooting and Optimizing the Sprint HTC Hero (CDMA)

I have been meaning to write up instructions on how I updated my ROM and kernel on my CDMA HTC Hero to fix some annoying performance issues and overcome the internal memory limitation to be able to install more apps by installing them to the SD card.  Since this phone will not officially get 2.2 Froyo, I needed to do something to keep the phone relevant.  I had already ran into the max size of apps installed so was forced into taking some action.

1. Root your phone.  If you are running the latest 2.1 OS (version 6), the vulnerability in version 5 was patched so you cannot use that to root your phone anymore.  However, I just found a new method of rooting the phone that works like a charm and is even easier. It's called Universal Android Root http://forum.xda-developers.com/showthread.php?t=747598  Download the latest apk.  Enable USB debugging and plug your phone into your PC.  Use the ADB command from the android SDK to install the app.  

   adb install UniversalAndroot-1.6.2-beta5.apk

   Once you get it installed, find the universal root application and launch it. It was pretty intuitive. It even has an option to just root the phone temporarily until you reboot, which is nice for keeping your phone as pristine and secure as possible if you prefer.
2. Install a new recovery image.  You need this to be able to perform nandroid full system backups, flash new content, wipe content before reflashing, etc.  http://forum.xda-developers.com/showpost.php?p=4898505&postcount=1  This is the one I use on my CDMA Hero.  You may need to install the flash_image program to your phone first and make it executable if it does not exist yet.  Here is one set of instructions on this thread that will be useful:  http://forum.xda-developers.com/showthread.php?t=660396
3. Obtain the updated Sprint ROM and other files to update your phone's ROM to one that contains lots of goodies, including superuser access control, apps2sd (allows you to run and install apps to your SD card prior to Froyo), Wifi tethering, etc. but is based on the actual Sprint stock ROM package.  The thread is here with downloads and instructions:  http://forum.xda-developers.com/showthread.php?p=6825435#post6825435  You will need:
   • HeroCSprintODEX_2276516A2SDFin.zip - the actual ROM files.
   • nework.fix_signed.zip - I found that I needed this patch to fix some additional sluggishness
   • phonedialer5odex_signed.zip - I needed this to back the dialer to version 5 to fix sluggishness of the latest version. I actually put this on my wife's phone that has the stock ROM and it works great.
   Other optional updates that I recommend:
   
   • framework_update_signed.zip - this is some eye candy that is simple but slick for the UI. Does not use theming so is safe with ODEX file versions.
   • ZenKernel-HTC-08122012.zip - http://forum.xda-developers.com/showthread.php?t=750170 - with SetCPU (from the market), allows you to overclock your kernel. But, most importantly, it fixes the lock screen lag that is soooo annoying. Optionally, use one of the 691 kernels (meaning 691 mhz) but reports are that there is still lock screen lag so I don't use them.
4. The ROM comes with the HTC_IME keyboard mod that you can enable. But it has v25. I recommend updating it to v27 which fixes some bugs. http://forum.xda-developers.com/showthread.php?t=624416  The HTC_IME keyboard is a modded HTC keyboard that adds some cool features and fixes nagging bugs and performs better than the stock HTC keyboard.  It adds voice input and smileys which are also kind of handy.  No Swype keyboard that I can find yet for the Hero...  Oh, get the lo-res version for the Hero since the screen is not high res.

When installing the ROM, I did not enable JIT as I have no compelling reason to do so that I'm aware of and it sounds like it may have some downsides that I don't want to incur.  I did enable app2sd though, which requires you to reformat your SD card so that you leave a partition for a linux ext filesystem for installing the apps to.  See http://forum.xda-developers.com/showpost.php?p=7021325&postcount=2 for apps2sd generic setup instructions.  Basically, if you have your SD card partitioned for it, it will be enabled.
To install the zipped ROM images, you do NOT need to unzip them.  Just copy them to your sdcard and you can install them from the recovery boot image as-is.
Other ROM notes:

• Comes with Titanium backup for root users, which can back up _anything_ on your phone.  I have yet to try a full backup, ROM flash, then restore to see if it saves me from having to redo my apps and settings every time I reflash but plan to do that sometime shortly as I would like to try one of the unofficial Froyo 2.2 builds for my phone (i.e. this one http://forum.xda-developers.com/showthread.php?t=731659)
• OMADM force close.  I never had this problem, but watch for it and update if need be:  http://forum.xda-developers.com/showthread.php?p=7723243&highlight=adb#post7723243
• With a rooted phone, you can remove some apps that you may never use.  I did this before to avoid some apps that insisted on starting on boot that I never used like Sprint TV.  http://forum.xda-developers.com/showthread.php?p=7077498&highlight=adb+reboot#post7077498 for one way of removing them.

I'm sure that I am missing some subtle things that were not initially obvious to me (most instructions are fairly high-level and assume you know some basics about adb commands and other things).  If I missed any, I will fill them in.
Here is a good primer to get you started called "Take Control of your HTC CDMA Hero"  http://forum.xda-developers.com/showthread.php?t=717416

Taxonomy of Blue Angels Haters: What kind of hater are you?

The Blue Angels were recently in town and I couldn't believe the kinds of Facebook rants or other kinds of rants I heard from people complaining about The Blue Angels.  I've heard it every year since I was a kid, but I have noticed some different camps.

Anti-millitary

There seem to be quite a few people who use The Blue Angels to channel their disdain for all things military.  I'm not the biggest fan of the war machine myself, but we do need the military.  And from my perspective, The Blue Angels represent some pretty cool -- even if the planes are old by today's standards -- technology that is really quite amazing to watch.  And the skill that the pilots have is really something to behold.  I don't see how it glorifies war or anything like that.  Although I could see how someone who was prone to think that way beforehand would look at them through the same mental filter.  

Anti-noise

These people complain about how noisy they are.  I feel sorry for them that they don't see how _cool_ those loud engines are.  I love the roar of the engines (sidebar:  having 4 take off in formation just yards above your head is pretty freaking sweet).  But my guess is that these people might complain about any kind of thing and The Blue Angels are just a convenient thing to complain about.  Seriously, the planes are in town for 3 days and only fly for an hour each day and may only be near you for a few minutes at a time.  It's not like they built a naval air station in your neighborhood that will be loud every day forever...  Come on people!

Paranoid / Risk-averse

This camp has the people who claim they think that the planes flying basically anywhere are too dangerous.  The "what if they crashed into someone's house" crowd, if you will.  In the past 20 years, there have only been 4 incidents so they are rare events.  But you're surely free to have your opinion and you can keep yourself safe by being nowhere near them if you want to try absolute safety.  But realize that you are probably going to die in a car crash while trying to escape the highly unlikely plane incident you fear most.  Humans are terrible judges of relative risk.  We just never evolved that as an innate ability yet it is something we need to make good, sound decisions in daily life.  So, save yourself but leave the rest of us to make our risk/reward decision and enjoy the spectacle!

Stupid Android market bug STILL affects 2.1 OS

I can't believe this hasn't been fixed yet.  I was not about to reset back to factory defaults and I had been meaning to root my phone anyhow so went this route.  It was difficult to find a solution that did NOT require resetting to factory defaults.  Enjoy.

Issue 3477 - android - HTC Hero - can't sign Gmail account if user skips signing when initially using the phone. - Project Hosting on Google Code

referring to my comment 37 above, and 16 ...
(1) First you need to root the phone. I had to Google how to do this, I found the solution (for 2.0, not 2.01) on some German site (yes, careless, I know).
(2) Then, you need a a terminal app (such as "Better Terminal Emulator"). With the terminal app you can navigate in the file system of the phone. However, you need root access (above) to be able to see the folder "/data/data/[and so on]". Without root access you cannot navigate to this folder. Then you need some Unix-fu to navigate to the correct folder, and remove the correct files. Look up the commands "ls", "cd", "rm", and "rmdir" (my Unix-fu was just sufficient, thank fate). Maybe a file manager app would to for step 2, I don't know. The process is likely slightly different for each phone (mine's a Milestone).

AT&T Leaks email addresses of 114,000 iPad users

I think it is disingenuous of this article to have "Apple" in the title.  It was an AT&T server with a stupid application that used AJAX calls to obtain email addresses by ICC ID.  And since the ICC IDs are apparently sequential, the group was able to iterate through thousands of them to obtain the information.

Then AT&T decides to claim as well that the researchers who discovered the flaw did not contact them.  It sounds like AT&T is lying.

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

SurveyMonkey has crummy logon security

FYI, SurveyMonkey is a great site, but they have really crappy security. They actually store your password in the clear, or in reversibly-encrypted format. If you request your forgotten login and/or password, they actually helpfully email you both your login _and_ your cleartext password. What year is it again? That is the kind of kindergarten mistake that there is no excuse for making. How to securely handle logons to systems and applications is fairly standardized and there are lots of simple options for supporting secure one-way hashes that are immune to a variety of attacks. No excuse for security this bad...

Fortunately, they allow you now to sign in with your Google login so that might be a better option -- get them out of the authentication business that it appears they have no business being in.

Alcohol, Caffeine and Pregnancy

Sorting through the myriad information and misinformation on these topics is difficult.  And remembering what the actual conclusion is can be even more difficult "Was coffee safe or not?"

So, I figured that I would blog about two very recent posts that summarize the data about these topics.

Summary:

Caffeine bad ("Pregnant women should avoid caffeine because of potential effects on
fetal growth and spontaneous abortion."), Alcohol seems okay in moderation (i.e. no known conclusive data exists that shows a problem with low intake during pregnancy)

Science-Based Medicine » Alcohol and Pregnancy

"The scientific evidence has not identified a threshold below which
alcohol consumption during pregnancy is definitely safe, but neither has
it shown any convincing evidence of harm at low levels of intake, and
it has not ruled out the possibility that low levels might provide a
small benefit."

NeuroLogica Blog » Caffeine

Proof that iframes are not risk-free

This one loaded drive-by-malware, a popular tactic.

Malicious iFrame on US Treasury and other sites?

http://community.websense.com/blogs/securitylabs/archive/2010/05/04/treasury-websites-compromised.aspx

AAP: Against Female Genital Mutilation after they were for it

Ridiculous but glad they changed their policy.

A retraction from the American Academy of Pediatrics : Pharyngula

"We retracted the policy because it is important that the world health community understands the AAP is totally opposed to all forms of female genital cutting, both here in the U.S. and anywhere else in the world," said AAP President Judith S. Palfrey.

Every Baby Knows Science

Then, if you're a baby in Texas, Arkansas, Kansas, or related states you get reprogrammed to fear and doubt science and believe horsepucky. Glad me and my baby live in Seattle.


I may have to order this print. Lots of other goodies for geeky parents like me there too.

Weather forecasting terms explained

There is something to be said about using terms that have the most precise meaning possible.  However, in scientific circles, you may have a better understanding of the nuance in different terms than the colloquial understanding.  Weather forecasting is definitely one of those areas.  The one that I have been wanting to understand recently is showers vs. rain (because you also hear 'scattered showers' which seemed redundant to me if showers are just scattered rain in the first place):

Meteorologist Forecasting Terms: Differences Explained Between Scattered Showers and Rain at Times

• Rain - forms from stratus clouds, more widespread, steady, less intense
• Showers - forms from cumulus clouds, more isolated, short-lived, affects a smaller area, sometimes more intense

So, scattered showers does seem to be a bit redundant if they are already "isolated" and "affect a smaller area".

Deleting lines and non-matching lines with VIM

I'm always forgetting how to do this but here's how to delete matching lines:

:g/.*foo.*/d

And the more difficult thing to do that vim makes easy is deleting non-matching lines.  All you do is negate the pattern:

:g!/.*foo.*/d

Daily Vim: Text Editor Tips, Tricks, Tutorials, and HOWTOs: Delete Lines Matching Keyword

Dispute with Seattle Public Utilities over alley trash collection

We were given a big "FU" by SPU (Seattle Public Utilities) last week and told that alley trash service would stop tomorrow and we would have to somehow haul our cans up to the street level every week.  This is complete bullshit, of course, as I point out in a letter to SPU I just submitted.  All of my neighbors affected are protesting by continuing to put the cans in the alley tomorrow.  We'll see what happens.  We've all been calling to complain the past week but so far there seems to be no recourse at all.  I plan to keep escalating this until we get a reasonable response.

"All houses on my alley were given only a week's notice that alley garbage and recycling and yard waste service were to be discontinued starting 5/11/2010 and that we would have to put our bins on the street level.  We have all brought this to the attention of SPU that this is a ridiculous request for our block due to the nature of the terrain.  That is the reason that we have had alley garbage service for the over 5 years that I have lived here and beyond that.

Alley service is the only option that makes any pragmatic sense due to the terrain that our houses are built on.  The houses main floors are on a grade level _below_ the street.  The lower floors of the houses are on yet another grade lower than that but on par with the grade of the alley.

There are at least 9 houses on my block that all have alley garbage service for this reason:  [redacted 9 specific addresses] are all addresses on this street receiving alley service. 

My house alone has 8 steps to reach the street level that make it simply impractical to haul one, let alone three or four cans up and down the stairs each week.  Other houses have more stairs and many even have twisting staircases that would make it treacherous to lug the garbage up and down.

Waste Management needs to have SPU tell them "no" and to resume alley service and ensure that we continue to receive this service from now into the future.

We have been told that Waste Management's contract has the option to arbitrarily change the collection location at their decision, however I have read the contract posted online and do not see that they have that authority at all.  It says in section 135 that "collections from Residential Structures shall be made at the curbside or alley, as
determined by the City", meaning that the discretion is entirely the city's.   It goes on to say that, "Subject to special arrangements made by mutual agreement between the Contractor and the City on a case-by-case basis to accommodate extraordinary situations, Residential Structures on the same side of the street on the same block shall place all Containers on the curbside or all on the alley.  However, if a particular property does not abut the alley or have alley
access, Container placement shall be at the curb."  So, our case is already covered in this language since all of the houses who do not abut our dead-end alley do not have alley access.  Even if they did, our case would fall under the 'extraordinary situations' case anyhow due to the uneven, steep terrain that our houses have been built upon.  See http://www.seattle.gov/util/stellent/groups/public/@spu/@csb/documents/webcontent/spu01_005943.pdf

None of us are going to be putting our cans at the street level and will expect that our waste service will continue in the alley as it has been or else we will continue to report missed collections every week that goes by and will continue escalating this issue higher in the governmental chain until we get a reasonable resolution."

Notable quotable: Skeptic is not a bad word

I find myself reticent to use the word 'skeptic' to describe myself because it is often incorrectly equated to 'cynic' or some other malcontent or negative connotation.  I've used "rigorous doubt" in its stead on occasion since it takes a bit more thought to contemplate and avoids the knee-jerk emotional reaction that can accompany the term 'skeptic'.

But, I came across this quote from Eugenie Scott on Skepchick that nicely summarizes what being a skeptic is and how it is really a neutral position:

“Skepticism is a perspective that does not accept or reject claims at face value, but withholds judgment until specific evidence is available.” ~ Eugenie Scott

Excellent infographic on health care reform implementation plan

If only the government or the media reporting on this could be this clear...

Health Care Reform Infographic – Changes Coming!

Passwordcard - a low-tech wallet password manager

Visit this site and it will automatically generate a card with symbols for columns and colors for rows with randomly-generated digits on it.  You can then use this card to generate very strong passwords that you don't have to remember.  And no bad guy can guess them and even if they get a copy of your card, they won't know which subset of the random characters are your password so it provides protection against a physical attack on your wallet.

It's an alternative to writing your passwords down directly and keeping them in your wallet (which is actually not a bad thing since it allows you to have varying passwords with better quality).

Your PasswordCard

throw new DumbCodingException

I came across the dumbest code I've seen in a while at work today.

try
{
    return _Collection.Length;
}
catch (NullReferenceException)
{
    return 0;
}

I found it because when debugging an asp.net page, I had enabled thrown exception breaks and this code was causing about 5 debug breaks for every page load...  Needless to say it has now been rewritten.

Infographic on efficacy of popular supplements

The really cool thing is that the whole graphic is backed by a google doc spreadsheet that is chock full with explicit references to back up the claims.  My wife of course asked where they got the data -- and you can actually check it out (you don't have to take their word for it).  This is a graphical representation of the "Alternative" medicine trash heap I blogged about previously.

I think that skeptics need to do more and more of these things to consolidate the current state of affairs for all kinds of scientific questions that are muddied by woo proponents.

Snake Oil? The scientific evidence for health supplements

Excellent primer on tree pruning

Probably one of the most clear sites with pictures showing how to prune.  Although if you're like me and have older trees that were never properly pruned early on, you have to be more creative.

HGIC 1351 Pruning & Training Apple & Pear Trees : Extension : Clemson University : South Carolina

Virtual PC -> VMware breaks mouse

I had this intermittent problem with my mouse in a VM until I realized it had been converted from a Virtual PC image long ago.  That still left some mouse driver hooks that were breaking the VMWare mouse driver.  Thank goodness for keyboard shortcuts and thank goodness I still know them...  The fix is here:

mouse stopped working correctly after VMware tools were installed - Page 2 - Petri.co.il forums by Daniel Petri

Facebook broken in Firefox? Brought to you by the letter "s"

Actually, the lack of a letter "s".

I hadn't noticed that Firefox had opened facebook up without SSL, but sure enough, the tip from this thread got everything working correctly (now have Older Posts back and the bottom toolbar).  Sheesh.

Problems in Facebook page when using Firefox 3.5.1

NutritionData: Know what you eat

Excellent way to get data on just about anything and good graphs to visualize the balance of nutrients to fat.

Nutrition Facts and Analysis for Seeds, flaxseed