Thursday, October 30, 2014

A Datsun, Really?

Been trying a few different commute options lately because the road work for the MA-2/MA-2A "Crosby's Corner" project has been causing the road to change between the morning and evening.  Seems like the risk for an accident is a little higher right now, plus it gets all clogged up as construction equipment and stupid people try to push their way through the mess.

Years ago I used to commute north via I-93 out of Somerville then all the way up to I-495 and then south to Westford.  Westford is inconvenient to all desirable places people want to live, which is an accomplishment for a town.  Now living in Medford, I've decided to give that route a try again.  The evening commute is much improved and I attribute the entirety of that to being able to completely avoid Arlington.  The morning commute is still a little jammed up because the Market Basket trucks and merges for Boston-bound traffic (see, we have these highway interchanges that cause all directions of travel to feed through the same choke point....yay?).

Yesterday as the car made its way north on I-93, I heard a car approaching.  I could tell it was moving faster than traffic speed and it had a distinct sound to it.  Then it passed me on the left before then merging all the way over to the right to take the next exit.

It was a Datsun 280ZX.

This car in particular is baffling to me.  I have seen them my entire life in this same manner.  Every now and then one zooms past you on the road.  It was sold in the United States between 1979 and 1983.  The oldest ones are my age.

Yet these things are still going!  And the one I saw yesterday looked well maintained.  You would not expect it to be that age except the body styling clearly gives it away.

By this point they have to have really high odometer readings.  And I'm not sure if these cars had 5 or 6 digit odometers.

Monday, October 6, 2014

Paperless Billing Is Annoying

I'm a computer guy.  My career involves computers and software and a lot of sitting.  I've always been doing something with computers.  I adopt new technology quickly.  I used FTP before HTTP.  I like smartphones.  I like technology.

But I hate paperless billing.  At least right now.

Paper billing costs a lot of money.  Both for those sending bills and those sending payments.  But as paperless billing exists now, I don't find it convenient or time-saving.  Why?

For all of the billers I have had and currently have, paperless billing means discontinuing the paper bill and sending me an email telling my bill is ready to view.  There is nothing actually useful in that email.  Like maybe the amount due or the due date.  Nope, just a bunch of boilerplate text and a ridiculous URL that takes me to the biller's web site where I can log in and view my bill.  OK, so I've done this before and here's how it usually goes:
  • Link in the email doesn't work or there's a browser incompatibility.
  • I hit the main page and log in from there.
  • Forgot my password or find my password has been reset for "security reasons" because the last time I logged in was 30 days ago to view the previous bill.
  • Reset my password and log in again.
  • Poke around the site looking for my bill because the site looks different than 30 days ago.  They've had a month to redesign it.
  • Continually dodge the "would you like to take a survey" popups.
  • Finally find the bill, but it won't load.  It's a redirect from a CGI script or something server-side that is generating or otherwise making available a PDF file in the datastream and the browser can't deal with this.  Stumble around trying to figure out how to save this using curl(1) or some browser trickery.
  • Open the bill using a local PDF viewer.
Now once I have it opened, I have to pay it.  I use my bank's online bill pay for that.  So log in to another site and type in the amount I'm going to pay and click pay.

All of the above could have been eliminated by receiving a paper bill in the mail.  Which is what I do.  I get paper bills and then pay them online.  By receiving a paper bill, I don't have to juggle the clumsy logins of all of my biller's web sites.

Paperless billing to me would be useful if the actual bill came to my email inbox.  I want nothing to do with the biller's web site.  I don't want an account there.  I don't want to customize it.  I don't want to have anything to do with it.

I have mentioned this to billers before and they tell me they understand but that sending the complete useful bill via email would be risky for security reasons.  I mean, my email could be hacked.  Or I could have typed in an incorrect email address.  Or any of a number of other reasons.  If only we had a mechanism to secure email without disrupting what makes email so useful.  Hmmm, does anything like that exist?  Note that it's perfectly ok for a paper bill to be delivered by an unverified carrier to an unattended unlocked box at your house.

Oh well, maybe we'll get there one day.  Until then I'll keep opening paper bills and paying them online using my bank's service.

(Oh, and my bank does offer e-Bill services for certain billers.  So you can receive your bill electronically and view it through the bank's interface.  It's clumsy and not really reliable the few times I've tried it.  Maybe that will get better.)

Friday, September 26, 2014

Shellshock, We're Really Calling It That?

This week was rough with the security vulnerabilities in GNU bash.  The what?  I'm talking about computer software, so if you don't care about that there is no need to keep reading.

What is GNU bash?

If you have ever watched me use a computer or any nerdy type person use a computer, you might see them frantically typing away and entering commands as the screen scrolls information by.  Us nerdy types prefer a command line user interface as opposed to a graphical user interface.  Words instead of pictures.  A command line interface lets us directly tell the computer what to do.  We find graphical user interfaces tedious and time consuming.  That said, both interfaces have their place in the computer world.

GNU bash is one such command line interface.  It is what we call a shell.  It interfaces us with the computer and allows us to issue commands.  GNU bash is arguably the most popular open source shell in the world and is the default shell on nearly every Linux operating system and MacOS X.  Other Unix and Unix-like systems can have GNU bash installed if you find yourself missing bash when using one of those systems.

What is GNU?

It's the Free Software Foundation and the name of their overarching open source platform project.  It's an organization that you can donate to and they promote and support development of open source software like bash.  But that's not important right now.

Hold up, did you say MacOS X?

I did.  MacOS X is a weird platform.  It's like a Unix (and any diehard will drag me in to an argument about technicalities, but I don't care.  I have hacked on xnu, userspace code, and the C library on Darwin, so I have my own thoughts and opinions about OS X), but it's clearly a Mac.  Underneath all the icons and iTunes and stuff is a core Unix platform that includes a handful of basic command line tools.  A command line environment needs a shell and Apple ships GNU bash with MacOS X to fill that need.

NOTE:  The first versions of MacOS X shipped tcsh as the default shell, then they moved to zsh, then they moved to bash as the default.

I just use Windows and have my development work in the cloud.

You're probably still vulnerable!  If you use Amazon EC2, for instance, your host is likely running a Linux of some sort and if so you have bash on it which is then vulnerable.  The cloud doesn't make this problem go away, it just moves it all to a single point of failure for a large portion of the Internet.

What does this vulnerability allow?

Arbitrary code execution through the use of environment variables passed to child processes.


Remember I said bash and shells in general are how we tell the computer what commands to run?  OK, so this vulnerability uses that very basic functionality of the shell to execute other software that would not normally be allowed to run.  That other code could be written to read passwords from your system, wipe your hard disk, or  replace all your MP3s with hamster dance videos.

Because the shell is such a core tool, nearly every other tool relies on it to do some work.  For example, web servers.  And email programs.  And so on.

Are fixes available?

Yes, patches are out and your Linux distribution has most likely already posted updates.

Where can I find more information?

Everywhere, but specifically:
What about SELinux?

SELinux is default on Fedora Linux and Red Hat Enterprise Linux.  It's a very complicated and confusing security layer that many people still don't bother learning.  Most disable it at the first sign of frustration.  But, if you have it set to enforcing mode, you gain a little more protection from this vulnerability.  See Dan Walsh's post about it:  Got SELinux?

And now it's Friday in my time zone and I've updated all of the systems under my control that I care about.  I do want to point out that the vulnerability does not exist in AT&T ksh93, pdksh, The Almquist Shell, or zsh.  Linux systems tend to have bash installed as /bin/sh and /bin/bash.  I personally like having a simple /bin/sh (like The Almquist Shell) and leaving bash either off the system or as /bin/bash.  Maybe that's worth considering now.

Wednesday, July 23, 2014

Making Robots Harder To Kill

In researching robotics for the eventual War With The Machines, a team of scientists have successfully built a robot that can learn how to walk after losing one of its legs.  Click here for the story.

We're already going to have zombies to deal with, now zombie robots.

Wednesday, June 25, 2014

Sometimes You Just Want To Type Ředkvička

With the release of Red Hat Enterprise Linux 7.0, I decided it was time to do a clean install on my workstation at the office.  This system started life with RHEL-5 of some variety and has received manual updates over the years eventually resulting in something that claims to be RHEL-6, but it's really not.  I can't install any standard RHEL packages.  I have to install everything by hand.  And /usr/local was getting a bit crowded.

So it was time for a reinstall.

After backing up data and rearranging where /home sits (wanted it on the largest physical disk), I started up the familiar installation program.  In a short amount of time, I was up and running with a new RHEL-7 system.  Now to configure it.

I am trying to run as much of a stock RHEL-7 configuration as possible so I can get daily usage out of the product we ship to customers.  It came as no surprise that I only needed to make minimal configuration changes.  Basically everything worked out of the box and I only needed to configure some internal repos we have for yum and site-specific things.  But that doesn't mean I found some things difficult or just not the way I like them.  With Ryan Lerch's help, I was able to get around the most annoying problems:
  1. The desktop I saw when I logged in was littered with everything in my home directory.  That's my own doing, but I miss the days where we had a separate Desktop/ subdirectory for the things you wanted to see on your desktop vs. in your command line environment.  Minor gripe, but it served as a good excuse to clean house.

  2. I do not like the default terminal color scheme.  I do not like the white background.  Easy enough to change.

  3. I absolutely cannot work without sloppy focus for windows.  Ryan Lerch helped here.  Got Tweak Tool up and the right extension installed and was able to toggle sloppy focus on.  This setting is a bit too buried for my liking, but that's ok I guess.  In terms of functionality, it's not quite right.  There is a brief pause between windows gaining focus.  It has taken some getting used to.

  4. I wanted a different window decoration theme but couldn't figure out how to easily change that.  Gave up.

  5. Failed to install a GNOME extension to display weather information.  Tracked down to not having the gnome-shell-browser-plugin installed.  The site could suggest that as something to check on your system rather than just saying it doesn't know what you're running.

  6. I'm not a big fan of the default Cantarell font.  The name is way too similar to my last name and it's not a great font.  Ryan Lerch suggested the Droid Sans fonts, which I switched over to with his help.  This was a direct css hack that will no doubt be lost when I upgrade this system.  I made a backup copy of the original and left a note for myself, but that still doesn't mean I won't lose it during an upgrade.

  7. The window title of the application in focus is displayed on the menu/status/whatever bar at the top of the screen.  The default mode shows an oversized watermark of an icon behind the title in the bar.  The image extends to the edges of the bar and looks incomplete and makes the window title difficult to read.  I've seen this for a while and to me it just looks like a display error.  Example:
    The image appearing behind the word Calculator is hard to read.  For me anyway.  Ryan Lerch helped me modify the CSS file directly to disable this.  Might be nice to have an extension to turn off the image more easily.
But my biggest gripe has been with the keyboard layout configuration.  I have tried numerous ways to configure the US International AltGr variant layout and nothing sticks.  I used to just run setxkbmap as part of my session init script, but that does not work.  Through trial and error, I learned that GNOME uses ibus for input settings.  Once I disabled that, my Xkb settings were honored.  Here's what I did:
  • As root, run something like this:
    localectl set-x11-keymap us pc104 altgr-intl lv3:ralt_switch,compose:caps
  • Run localectl again to verify the settings.
  • Now run this as your normal user account (I assume you are logged in to GNOME):
    gsettings set org.gnome.settings-daemon.plugins.keyboard active false
  • Log out and log back in.
  • Verify you can type characters using the us altgr-intl layout.
Searching online showed multiple recommendations for leaving ibus in place and just disabling it.  So I did that.

And so far my keyboard settings have survived logouts and reboots.  If there is a better way to get this configuration layout, let me know.  I did try using the control center Input Sources thing to change the settings, but it does not offer this level of configuration.

Monday, May 19, 2014

What Is It Like to Have Some Form of Colorblindness

I've been colorblind my entire life and it's not really a severe problem, it just means some things will be more annoying to you than to other people.  Coloring assignments in elementary school were annoying, as were really anything that required coloring.  I read the labels on crayons and markers.

Color-coded systems are also frustrating, which is why color should always supplement some other system whenever possible.  It's not always possible and sometimes color just makes sense.  Airports are marked with rotating green lights.  Ships mark their port and starboard sides using colored lights.  And of course, the question I get most often, we have red and green traffic lights.  So how can I see those?  I don't know, I didn't make my eyes, but I do know that I can pass the vision test at the RMV and that I've never caused a wreck and I've been driving for 19 years.

It is extremely difficult for me to drive at night because stale green traffic lights look exactly like sodium vapor street lamps and oncoming vehicle headlamps.  Local roads at night are most frustrating.  If I have to drive at night, I prefer controlled access roads.  But then again, I just avoid driving long distances at night.

I dislike those high intensity discharge headlamps that BMW and other manufacturers started using.  I also dislike it when people remove tail light lenses and replace them with clear lenses.  You start making everything look the same.  At least give me a fighting chance!

This is a really common image that shows up to describe to people what it's like to have forms of colorblindness.  It's ok, but not great.  People need a better example with a wider range of colors.  And I found site that does a good demonstration.

Colour Blindness Simulator

Upload a JPEG image not larger than 100k and 1000x1000 or lower in resolution and it can convert it to provide a reasonable demonstration for protanopia, dueteranopia, or tritanopia.  I tested it using a recent picture of our daughter.

Original Image

How I See It

And there it is.  I asked Karen to look at it and see if it looked different.  She said it did, so hopefully I saved the right images here because they look the same to me.

Friday, May 16, 2014

Road Has Been Removed

What happens immediately after you buy a new car?  Of course it rains, but in my case the city comes by and removes your road.  Our street was removed this week so they could grade and resurface.  This was planned and we knew about it, but when exactly it was going to happen was unknown.

Supposedly today they are repaving and it will be done at 4pm.  I don't know.  Right now it's raining.