Month: December 2015

Petty Little Tyrants

Do you know who amuses me? People who complain about government control only when it’s not working for their interests. In other words, almost everybody. Case in point, one of my socialist friends (believe it or not, I have those) posted this article that complains about the San Francisco Planning Commission’s plot to bulldoze a bunch of existing property in order to replace it with more expensive property:

For the good of the City, your old apartment building could be torn down! You’ll be figuring out the next few years living elsewhere, while some developer builds a new “affordable” unit for you. You will have to wait a few years to move back, if the new building even gets built.

Don’t worry, though. This isn’t just about you. It’s your neighbor’s place too. And your whole neighborhood. In fact, the San Francisco Planning Department has placed a developer “incentive” bullseye on nearly 31,000 parcels in every corner of the City. Colored blue on their maps, these vast areas also include your neighborhood corner store, produce market, pub, and restaurant. These homes and businesses are standing selfishly in the way of progress according to the proposed Affordable Housing Density Bonus Program.

I agree that this is pretty shitty. And the article correctly points out that a bait and switch similar to this proposal has been done in the city before:

Remember that Redevelopment of the ‘50s, ‘60s and ‘70s promised “one for one” replacement. People who were displaced from their Victorian style homes in the Fillmore were told they could return after the Redevelopment Agency built new co-op and other BMR housing. The new housing was promised to be modern and price controlled– an upgrade from the aging Victorians considered by the Agency to be blight. However, in reality, this was the demise of the thriving African-American communities in San Francisco.

This is exactly the same rationale being applied in 2015. At the latest presentation to the Planning Commission on December 3, Planning staff told them that displaced tenants would be given priority to return, and that the new housing would be more affordable than the rent controlled units they currently live in.

Obviously the Planning Commission can’t be trusted and should be disbanded, right? Not so much. Although the author correctly points out that this proposal is little more than a land grab he concludes that the problem isn’t the existence of the Planning Committee, but that they aren’t using their powers the way he wants them to:

What can we do instead? […] There are surface parking lots, large and small, that could be developed as affordable housing. The parking would not be lost because it could be incorporated into the new building.

The City should be using its Housing Bond and Housing Trust Fund dollars to buy as many of these sites as it possibly can– or purchase the air rights like what Bernal Heights Neighborhood Center and Bridge Housing did to create affordable senior housing over existing retail with parking. The only way to achieve the Housing Balance is to stop the loss of rent controlled units and to build 100% new affordable housing. This is true development without displacement which is what San Francisco desperately needs!

He’s such a petty little tyrant that somehow knows what everybody in San Francisco needs. This guy is a prime example of somebody just smart enough to identify a symptom of a problem but too stupid to identify the problem itself. The problem isn’t the proposal itself, it’s the existence of a body that can make and enforce such a proposal. Theft shouldn’t be legal just because some government body approves it.

What needs to be done? Abolish the San Francisco government, including the Planning Committee. People need to get over their petty desires for power and work together. If you don’t like how your neighbor is utilizing their property then try to work out a deal with them. Propose another idea and see if they’ll take you up on it. If all else fails make them an offer for their property. I know, that’s not as easy as siccing a government agency on them to force them to do what you want. But government agencies are funny things. One moment they’re doing what you want and the next moment they’re doing what you don’t want. Unless you want guns pointed at your head in the future you should abandon your petty tyrannical ways and try to work with your neighbors instead of against them.

Government: Where Customer Service Is Nonexistent

Here in Minnesota we’re required to renew our driver’s license every four years. What should, at most, involve submitting a simple online form requires one to physically go to a licensing center, wait in line, fill out a form, and receive an absurdly large piece of paper that you have to carry around for the next month until your new license arrives by snail mail. What makes this process even more miserable is that the only criteria that seems to be on a licensing center’s application is “Are you a miserable fuck who will take out your misery on our customers?”

I had to visit two licensing centers. The first one I visited is a licensing center I had visiting a few years ago to get a passport. While its website claimed it did passports when I finally got to talk to an employee, after waiting for half an hour in line, I was told that the center no longer does passports. This time I decided I would ask the information desk before waiting in line. Instead of answering my simple question the lady working the information desk simply kept repeating, “Sir, you’ll have to take a number.” It would have taken no time to say either “Yes” or “No”. But she’s a government employee and has no motivation to provide customer service since I am legally required to do business with her employer. Needless to say I wasn’t going to wait for half an hour to ask a question just so I could wait for another half an hour to get my stupid license so I went elsewhere.

The second licensing center wasn’t a whole lot better. Fortunately the lady working at the information desk wasn’t a total dipshit and handed me a driver’s license renewal form to fill out. Why I have to fill out a physical form when they could simply pull up my information and ask if there are any changes that need to be made is beyond me. But I filled it out and was given a number. From there I proceeded to wait… and wait… and wait. When my number was finally called I had the fun of forking over the renewal fee (licenses only exist to extract wealth from people so there’s always a fee attached), waiting for five minutes while the clerk entered the information I wrote on the form into the computer, doing an absurd vision test, and getting my picture taken all so I could receive my new license in two to four weeks.

Licensing centers are perfect examples of government idiocy. Customer service is nonexistent and their technology is never updated to improve the process. Any sane place would have simply brought up the data that’s already in the database, asked if anything has changed, made any needed changes, and printed out a new license on the spot. Instead you’re subjected to the same process that has been used since driver’s licenses became a thing, which doesn’t scale with population growth. Physical forms have to be filled out, even though your data is already in their database, only so a clerk can reenter that data into their database. Instead of receiving your new license on the spot you have to carry around a giant carbon copy of the form you filled out, complete with your social security number printed on it, for a few weeks while somebody somewhere prints your license and mail it to you. But the worst part is the rude employees who seem to enjoy their tiny bit of power far too much. If you’re lucky you might find a licensing center that employs a decent human being or two. However, since you’re required to do business with them, there’s no motivation by the State to reprimand or fire rude employees so they become the norm.

Licensing centers truly are some of the vilest places on Earth.

Lightbulbs With DRM Are Here

There’s a lot of love about this crazy future we live in but there are also some downright bizarre things. For example, how many of you thought your lightbulbs need some kind of mechanism to lock you into a particular manufacturer’s bulbs? Through the wonderful world of ZigBee-enabled bulbs Philips has made your dream a reality:

Philips just released firmware for the Philips Hue bridge that may permanently sever access to any “non-approved” ZigBee bulbs. We previously covered third party support in January 2015, when Philips indicated it was not blocked – and have since benefited.

The recent change seems to suggest any non-Philips bulbs from manufacturers such as Cree, GE, and Osram will not be supported in many situations, whereas “Friends of Hue” branded product are. At the time of publication, it’s unclear whether 3rd party bulbs will stop working immediately after the firmware update or if they may only become inaccessible after the bridge is reset. We’re also not sure if being “reset” means rebooted or factory reset. This appears to apply to both the round v1 bridge and square v2 HomeKit-compatible bridge after the latest firmware update is applied.

I’m not going to be a cranky curmudgeon and bitch about lightbulbs with new functionality. But I will bitch about how companies utilize new technology as a means of baiting and switching. Philips originally stated it would support third-party bulbs. I’m guessing the reason behind that was so it didn’t have to foot the entire bill to encourage adoption of ZigBee-enabled bulbs. Now it has changed the rules and locked out third-party manufacturers. In all likelihood this is because ZibBee-enabled bulbs are now sufficiently popular that Philips wants to enjoy all of the profits. It wouldn’t surprise me if somebody at Philips also assumed owners of third-party bulbs would rather purchase Philips’ hardware than lose the functionality offered by ZigBee-enabled bulbs.

There is an important lesson here. Never be entirely reliant on a third-party for your business. If, for example, you are utilizing a third-party’s software package for your hardware you should have an alternative standing buy in case you’re locked out. Were I one of these third-party manufacturers I would release an open source client on GitHub that works with any ZigBee-enabled bulb.

Why Magnetic Strips On Credit And Debit Cards Need To Die

I’ve been harping on backwards compatibility as it relates to computer security for a while but that’s not the only place backwards compatibility bites us in the ass. Let’s consider credit and debit cards.

Chip and pin cards have been the standard in Europe for ages now. The United States is finally thinking about getting onboard. But in true American tradition the move to improve credit and debit card security is being done in the dumbest way possible. First of all the United States is adopting chip and signature, not chip and pin. Second, and this is even worse, the old legacy system of magnetic strips is still being supported. Because of this constantly improving card skimmers are still a viable means of stealing credit and debit card information:

Virtually all European banks issue chip-and-PIN cards (also called Europay, Mastercard and Visa or EMV), which make it far more expensive for thieves to duplicate and profit from counterfeit cards. Even still, ATM skimming remains a problem for European banks mainly because several parts of the world — most notably the United States and countries in Asia and South America — have not yet adopted this standard.

For reasons of backward compatibility with ATMs that aren’t yet in line with EMV, many EMV-compliant cards issued by European banks also include a plain old magnetic stripe. The weakness here, of course, is that thieves can still steal card data from Europeans using skimmers on European ATMs, but they need not fabricate chip-and-PIN cards to withdrawal cash from the stolen accounts: They simply send the card data to co-conspirators in the United States who use it to fabricate new cards and to pull cash out of ATMs here, where the EMV standard is not yet in force.

This is another example of where a hard cutoff where all backwards compatibility is dropped should be implemented. So long as magnetic strips are still supported it’s trivial to steal credit and debit card numbers and use them to steal cash from people’s accounts.

Security, in general, does not lend itself well to backwards compatibility. Once a system is broken is should be dumped entirely. The credit card companies here in the United States should have required all banks to issue chip cards and all retailers to use readers that only support chip and PIN, Apple Pay, Android Pay, and other such modern payment methods. Instead everybody decided that the average American is too stupid to adapt to a new system and rewarded this perceived stupidity by continuing to support a completely broken standard. Because of that we’re all being put at unnecessary risk.

Bigotry By Any Other Name

To the cheers of neocon everywhere Donald Trump said he wanted to prohibit all Muslims from entering the United States. Those of us who would rather not see a future where we have to hide Muslims under our floorboards to prevent the Gestapo from finding them Trump’s announcement was much reviled. Hoping to capitalize on those of us who found Trump’s announcement disgusting, the Rand Rapid Response Rangers quickly moved in to promote their messiah. There’s just one problem though. Rand Paul also wants to use his collectivist beliefs to discriminate against an entire group:

Republican presidential candidate Sen. Rand Paul (R-KY) said Tuesday that rival Donald Trump’s call to ban Muslims from entering the country was a “mistake,” even though it was similar to a plan Paul already proposed to halt immigration from the Middle East.

Trump had said Monday that he wanted to implement a “total and complete shutdown” of Muslims entering the U.S. Paul was asked to respond to Trump’s statement during an interview with New Hampshire radio station WGIR.

“I think it’s a mistake to base immigration or moratoriums based on religion,” Paul said. “But you know, I’ve called for something similar, which is a moratorium based on high risk.”

When somebody proposes to discriminate against people based on religion everybody loses their head. But when somebody proposes to discriminate against people based on imaginary lines on a map everybody seems totally fine with it. Imaginary lines, like religion, tell us nothing about specific individuals. Prohibiting people from a specific country is no different than prohibiting people of a specific religion. Flags are no better indicators of a individual’s character than holy books.

The Plague Of Backwards Compatibility Continues

SHA1 is a cryptographic hashing algorithm the Internet has relied on for quite some time. As things tend to go in the technology field, the old workhorse is showing its age. Attacks against it are quickly becoming more feasible so it needs to be put out to pasture.

Because of this certificates issued after 2016 will use SHA256. Although all modern browsers support SHA256 older browsers do not. Unfortunately this has convinced Facebook and CloudFlare to create a jerry rigged process to allow people running out of date browsers to access their services:

Facebook said as many as seven percent of the world’s browsers are unable to support the SHA256 function that serves as the new minimum requirement starting at the beginning of 2016. That translates into tens of millions of end users, and a disproportionate number of them are from developing countries still struggling to get online or protect themselves against repressive governments. CloudFlare, meanwhile, estimated that more than 37 million people won’t be able to access encrypted sites that rely on certificates signed with the new algorithm.

Both companies went on to unveil a controversial fallback mechanism that uses SHA1-based certificates to deliver HTTPS-encrypted webpages to people who still rely on outdated browsers. The remaining, much larger percentage of end users with modern browsers would be served HTTPS pages secured with SHA256 or an even stronger function. The mechanisms, which both companies are making available as open-source software, will allow websites to provide weaker HTTPS protection to older browsers while giving newer ones the added benefits of SHA256. Facebook is deploying the plan on most or all of the sites it operates, while CloudFlare will enable it by default for all of its customers. CloudFlare said other sites, including those run by Chinese portal Alibaba, are also implementing it.

I’m of the opinion that there needs to be a cutoff date for software. That is to say there needs to be a date where people agree that supporting it is no longer happening. After that cutoff date anybody who refuses to upgrade will just have to suffer the consequences. The reason I believe this is because continuing to support legacy software puts both users and service providers at risk.

Just this year we were all bitten in the ass by legacy support. The FREAK and Logjam exploits were the result of continued support for the old export grade cryptographic algorithms once mandated under United States law. Both exploits allowed downgrading the encryption algorithms used by clients and servers to communicate securely with one another. By downgrading the algorithms being use the communications, although encrypted, could be feasible broken.

By supporting older browsers Facebook and CloudFlare are giving users another excuse to continue using vulnerable software instead of finally upgrading to something safe. In addition to not supporting effective cryptographic algorithms, out of date browsers also contain numerous unpatched security holes that are actively exploited. Using out of date browsers is unsafe and shouldn’t be encouraged in my opinion.

Work Of Art

When it comes to watches my taste tend to be more on the simple and practical sides. I like simple watch faces and cases and prefer a watch that can take a bit of a beating without breaking down. Adoring a case with a bunch of fancy designs doesn’t usually sit well with me. But sometimes somebody engraves a watch that turns out stunning even to my simple tastes.

Art like this isn’t something I’d ever spend $16,000.00 on. But I do appreciate somebody spending the $16,000 so I can admire it.

Turn It Off And On Again

A small update to my initial thoughts on the Apple Watch. The abysmal battery life and crashing apps problem appears to have been corrected after I rebooted the watch. After that it notified me that an update to WatchOS was available. I’m not sure if rebooting or the firmware update ultimately fixed the problem but things are working much better than they were.

Apply firmware updates to watches? The future is weird. But it’ll get a lot weirder when we have to apply firmware updates to our batteries.

Initial Thoughts On The Apple Watch

Best Buy is selling the Apple Watch at $100.00 discount, which brings the price of the cheapest model down to $250.00. $250.00 happens to be the price range I think is fair for the Apple Watch so yesterday I decided to pick one up. I opted for the cheapest model, the 38mm (I have small wrists) Sports Edition in Space Gray.

Before I start with my initial thoughts lets me be up front and say that I’m a watch guy. By that I mean I’m a huge fan of watches, specifically the mechanical kind. They are to me what paintings are to other fans of art. Up front I will admit that it’s unlikely the Apple Watch will ever replace my mechanical watches for more than a few days at a time. So why did I want one? Because it makes a good fitness tracker that many of the apps I use, such as Cyclemeter, can interface with. In addition to having interfaces for a lot of my apps it also manages not to look completely like ass.

With that out of the way, let me give my initial thoughts. Having owned a Pebble (until the down button broke) and looked at most other popular smartwatches currently on the market I can say that the Apple Watch is probably the closest to being a watch. This is both good and bad. The bad is that the mentality is probably responsible for the high cost of the device. The good is that it is a very well designed product for a smartwatch. Everything from the packaging to the watch itself has a level of detail not found on any of the competing devices I’ve looked at. When you pick up and hold the watch it feels sturdy, the crappy rubber strap is less crappy than most other rubber straps (that is to say it’s softer and more flexible), and the controls feel very tight (as opposed to my Pebble, which had very mushy buttons).

Although the display is tiny it is nice. It’s a Retina display so it has a very high resolution and good color definition. Showing an attention to detail, and to get around the fact the battery in the watch is tiny, the display turns on automatically when you bring your wrist up to look at it. When you put your arm back down the display turns off. I have already developed a love-hate relationship with the touchscreen. On the upside it gives you a lot of options for controls. On the downside many of the buttons are very small. The home screen is a downright mess in my opinion and you really have to use the crown to zoom in quite a bit if you have any hopes of bringing up the app you want. With that said, controls are a problem on every smartwatch and will likely remain less than optimal until somebody thinks up a completely new way of doing things.

Speaking of controls, there are two dedicated hardware controls. One is a crown that can be rotated and pressed like a button and the other is a nearly useless button that serves only to bring up your contacts list (a feature I don’t need). I like the crown control for the most part. The only thing I run into trouble with is it doesn’t act like the back button on the Pebble. Pressing the crown returns you to the home screen, it doesn’t move you back a screen in an app. That’s probably something I just need to adjust to.

Most of the included apps don’t show the same attention to detail as the hardware. Overall I’m not really thrilled with the included apps. They all feel haphazardly put together and I have had a lot of issues with them crashing when they first open.

The battery life is shit. It’ll get you through the day, so long as you don’t use it too heavily, but that’s about it.

I still need time to use it before making any final conclusions. Right now I feel that it is a good buy at $250.00 but really does show a lot of problems, primarily on the software side, typical of a 1.0 release. It is a very nicely presented product and I think the next release will be much better. For what I want, a fitness tracker with some additional functionality, it appears to fit the bill. If you’re already tied in the Apple ecosystem it’s probably the best smartwatch available (although most models of the Pebble will give you actual battery life but at the cost of functionality).