Every few weeks I get unsolicited blank checks in the mail from my credit card company, Capital One. "Instant cash!". Of course it's a trap; the cash is a loan at some poorly disclosed usurous rate, probably 20%. So I dutifully tear the checks in half and throw them away.

Now Capital One has gotten more aggressive and is sending me regular emails asking me to transfer balances. So convenient! "Keep in mind, you’ll pay a transaction fee of 3% of each transaction amount". Another unwanted offer. I asked them to stop emailing me.

Unfortunately, the option to be excluded from our balance transfer solicitations is not available at this time. We're sorry for any inconvenience this may cause.
I only gave them my email address so I could get emailed statements. Apparently there's no way for me to opt out of their scammy attempts to trick me into borrowing money from them at outrageous rates. Awesome.

I'd cancel the card, but they're the last US card that doesn't charge a 2-3% scammy foreign currency conversion fee .

  2011-02-26 01:51 Z
Google Chrome has a great feature, incognito mode. Press Ctrl-Shift-N or select Wrench / New incognito window and you get a browser window with no state. No cookies, no cache, no browser history, no addons, nothing loaded before the page and nothing saved after. (Firefox, Safari, and IE can do this too).

This mode is half-jokingly called "porn mode", but I find it very useful as a software developer. Some ways I use it:

  • Testing links before sending them out. Check whether the link you're about to send your friend gives them the same page you see or if the page requires a login or cookie to look as intended.
  • Debugging Javascript. Chrome extensions confuse Javascript debugging; the scripts show up in the developer console and you never can be sure whether some addon is modifying things. Incognito mode loads no extensions unless you explicitly enable one.
  • Bypassing caching. It's hard to test a webapp reliably, particularly for performance, when so many of the assets in the page may be cached. A new incognito window starts with no cache. The window seems to keep a memory cache, so you can also test your caching behaviour after the initial clean load.
Porn mode was invented for browsers to not store state after ending a session. But I find I mostly use it to not load state before starting a session.
  2011-02-25 20:01 Z
I keep seeing this icon in software: Wunderground, Google Docs, random Mac and PC apps. I can tell from context it must mean "save". But how does a line drawing of a house with a giant window above the garage mean "save"? Is that blue square my files, stored in a box in the garage? And why is a corner of the house missing?

For that matter, why am I manually saving data anyway? Maybe this icon really means "publish" and the blue square is the printing press in my garage.

See also Reddit
  2011-02-25 19:23 Z
I've started training for my instrument rating. The IR is essentially the second half of a pilot's license; it lets you fly in clouds when you can't see the ground and have no visual reference to navigate or even stay upright. It's a pretty demanding rating and takes about the same amount of training as the basic private pilot's license. More book learning than the PPL, so I'm hoping it will go relatively easily.
Half the challenge is the skill of flying blind, using the 6 (or 8) primary flight instruments to keep the plane level and flying in the right direction. It's not too difficult: use the attitude indicator to keep the plane level, center the CDI needles to keep the plane flying the right way, and cross-check your instruments to make sure nothing strange is happening. As long as you have your full concentration on the instruments it's not hard to go where you want.

The other half of the challenge is conceptually understanding where you're going, particularly when flying an instrument approach. You better fly the course right or else instead of being in a cloud in a valley you may end up inside a mountain. The extra workload of dealing with charts and radios means you can't fully concentrate on the instruments. It's amazing how quickly some mysterious force will cause your plane to drift 30° off course and lose altitude when you spend 10 seconds looking at a chart. I've got some 5 hours of simulated instrument training so far and I'm pretty overwhelmed.

The solution is practice. Basically a brain workout, training it to be able to handle the extra workload. It'll get easier to keep the plane flying the direction I want. And as I get familiar with approach and radio procedures it will require less thinking to do everything right. Maybe some day I'll even stop confusing my left from right!

It's a bit frustrating that half my instrument training is for skills that are on the way to obsolesence. In the real world I'm going to do be doing all my flying with a WAAS enabled GPS and a very capable autopilot, where flying an approach is mostly a matter of punching the right buttons on the computer. But I still have to learn the older radio navigation technologies. And, of course, learn to do it all by hand in case I don't have the fancy gear.

  2011-02-19 02:08 Z
Do you store important things at Google? Maybe private documents on Google Docs, or all your email on Gmail, or even just your search history? Do yourself a favour and enable 2-step verification for your Google account.

Two factor authentication makes passwords stronger, requiring the user prove themselves with an extra code in addition to the password. The codes are time-limited so they can't easily be stolen and reused. I've been using two factor for my bank and my Warcraft account for years now and I'm glad I can finally protect my Google account. Email accounts are particularly sensitive since so many other websites let you reset your password via email.

Google's implementation is pretty good. Most users will set it up so their second code comes from a simple program on their smartphone and enter it once a month for every new computer. If you lose your smartphone there are backup login options available; a printed code you can carry in your wallet or a backup phone number. There's a bit of extra awkwardness for some applications that don't know to ask for the second auth code; the workaround is reasonable.

The interesting thing is Google is also an OpenID provider. All the pieces are now in place to end passwords. Most web sites (like, say, Gawker) shouldn't have a user password at all, just use OpenID to authenticate via Google. And Google authentication is now quite strong, thanks to two factor. There are business and product barriers to widespread adoption of OpenID logins but it's undeniably more secure.

I'd like to end this post with a shout-out to my friends at Duo Security, a startup developing two factor authentication for easy integration into any site. Check out the demo; it's very slick and the guys running that company are some of the smartest security people I know. Google's gone and built their own system, as they always do. But if you've got a company looking to do two factor yourselves check out Duo.

  2011-02-19 01:13 Z
Twitter is a lot of fun while watching a sports game. You can tweet your witty comments to your absent friends. And Twitter lets you participate in a global zeitgeist. Twitter has been around for five Super Bowls now and has published statistics from three of them: 2008, 2010, and 2011. Each graph is roughly similar; a sustained increase in activity and tweet spikes around the big plays.

One fascinating difference is 2011 is the first year when Twitter activity went up during the halftime show. In 2008 and 2010 twits took a relative break during halftime. In 2011 halftime is the biggest sustained tweet activity for the whole game.

Why more tweets this halftime? One guess is it's because the Black Eyed Peas were completely awesome. Despite the terrible sound the show was fantastic. Or maybe it's demographic. The Black Eyed Peas presumably skew to a younger, more connected audience than Tom Petty in 2008 or The Who in 2010. Also Twitter is now more an integral part of American entertainment, all the way up to will.i.am planning to tweet during the half-time show (foiled by #attfail).

Another interesting datum is the impact of the Super Bowl on Twitter traffic. In 2008 tweet traffic during the game was sustaining 1.25x a typical day with spikes up to 2.5x for big plays. 2011 is the same: 1.25x sustained increase with spike of 2.5x for the ending of the game. Surprisingly consistent pattern.

This year Twitter also released absolute numbers: sustained 2000 tweets / second, up to 4000 at spikes. That's a hell of a lot of traffic for a real time distributed system. A lot of database updates, cache invalidations, message propagations, and message deliveries. Compared to the fail whale months Twitter has been doing awfully well recently. If that kind of systems problem interests you, Twitter is hiring.

  2011-02-09 21:21 Z
Ken's birthday present was a day's flying in a Cessna Chancellor. The 414 is a pretty big small airplane: twin turbocharged engines, 6750 pounds, comfortable seating for seven people. It's a small plane compared to commercial aircraft, but it's big and fast enough that it can be used for charters. And Ken and I got to fly it. Well, our CFI flew it, but we got to play along. It's a lot of airplane.

The FAA requirement for me to be legal in the Chancellor is laughably small, 10 hours of flying time to learn how to recover if one of the engines fails. That's a crucial and difficult operation but apparently it doesn't take long to pass the required skill checks. But the MEL is the least problem; I'd need a lot more time and experience before I'd feel safe. And the insurance companies want some 100 hours in a similar plane before insuring a pilot.

The main challenge of flying a bigger plane is it has more energy. It's heavier, it's faster, it flies higher. It takes experience, planning, and fine control to go from 200kts at 18,000' to stopped at sea level on a 2450' long runway. More energy is more fun, of course, particularly being able to climb at 1000 feet per minute or more above the Sierras. But everything goes faster, and heavier, and you have to know your plane.

The other big challenge is systems complexity. Bigger planes have more stuff: cabin pressurization, de-icing, turbochargers and intercoolers, complex fuel distribution, etc. It all has to be managed by the pilot, mostly manually. Every new task adds pilot workload. The only way to develop that extra bandwidth is experience.

The fact that there are two engines out front seems the least of the challenges. There's a bit of extra work tuning the RPMs so they run harmonically but other than that a twin is all gravy. More power. More lift from the prop-wash over the wings. And a great view out the nose with no engine or prop in the way. Babysitting the turbocharger temperatures was more work than worrying about having two engines. As long as both of them are working.

I'm not in a hurry to move up to a twin. I just started my instrument rating, that's the next big task. Then more experience flying, only then maybe something bigger and faster.

  2011-02-06 17:34 Z
I'm a happy Briggs & Riley customer. They make suitcases. Well made and functional cases, but heavy, expensive, and not particularly attractive. What makes them worth the price is a true, no bullshit, lifetime warranty. "If your Briggs & Riley bag is ever broken or damaged, even if it was caused by an airline, we will repair it free of charge."

We own two of their smaller size suitcases. Both have had to have significant repairs, one several times (a flawed wheel design, since re-engineered). Each time the repair has been completely stress free. Ship or bring them the case, get the case back in a week or two. Done. I'll be a loyal customer for life.

PS: luggage is one of the most heavily spammed Google searches. I wonder what will come of this ad-free, commerce-free, genuine customer testimonial?

  2011-02-04 00:15 Z
Minecraft has been a huge indie game success, some $12M in sales. There's an enormous modding community for the game: new creatures, a complete magic system, better lighting, server management frameworks, etc. All sorts of creative mods. Here's the crazy thing: all these fans are studying and modifying obfuscated code.

Minecraft is Java, obfuscated with ProGuard. In response the Minecraft developer community has created the Minecraft Coder Pack. MCP decompiles the code, maps symbol names to something meaningful, and spits out editable source. It even has a handy re-obfuscator so your compiled code is symbol compatible with the official release. It's a remarkable piece of work to enable fans to modify a game they love.

The mod community is clearly good for Minecraft. The game is notoriously buggy and the development team is small, so the community fills in gaps. For example, server management: hMod and its successor Bukkit are essential for public servers to protect from griefers. The various game enhancement mods serve as a testbed for new gameplay ideas. The developer team is even taking patches from modders, for instance fixing a ridiculous variable swap bug. I can't think of another example of obfuscated software being so heavily and publically modified.

So what benefit does the obfuscation give? It clearly doesn't keep the code secret and I doubt it helps stop people from avoiding paying the 15€. What obfuscation does do is set a very clear legal barrier to anyone legitimately modifying the code. The mod community is kept off balance, in a sort of unstable detente where they're officially discouraged but also productive and vital.

  2011-02-01 17:45 Z