Eidac.de, the home of smcFanControl (essential for keeping hot-running MacBook Pros at a reasonable tempoerature), has an interesting post. It’s actually two months old, but some of us are slow.

He questions, “Is Big Brother listening in on my iPhone Apps?” after discovering a third-party tool for iPhone developers that will send information like the application’s time started/stopped, UUID (globally-unique identifier for your phone), and the latitude/longitude. Based on his analysis, nearly a third of the applications he’s installed are making use of it.

An interesting debate started in the comments section, though, ranging from the application being dubbed spyware to a comparison with Google Analytics. I buy both arguments, really. But mostly, it’s yet another reminder that the iPhone is a black box unless you jailbreak it: you can’t even tell if this library is there without a jailbroken iPhone. Nor can you bulk-delete thousands of text messages. The temptation is growing.

Now that Google Analytics has been running, I thought I’d post some updated statistics.

Firefox on Windows is the most popular browser/OS combination, with almost 43% of visits. IE on Windows comes in second at just shy of 22%. Firefox on Mac and Linux comes in third and fourth, respectively, with 14.6% and 9% each. Looking just as operating systems, Windows rakes in 67%, Mac 19%, and Linux 13%, with the remaining 1% being split between blank values and ‘iPhone’. There are two visits from Safari on Linux, which has me somewhat puzzled. Firefox on Linux is nearly seven times more popular than Google Chrome on Windows.

Traffic is broken down three ways: search engines, direct traffic, and referring sites. Search engines and direct traffic are split, each with 44%. The remaining 12% comes from a handful of sites, though I can’t match many of them up. A few are just trackback links. There’ve been a lot of search terms, but most were for a handful of things. My blog post on Firefox’s browser.history_expire_days.mirror and on disassembling a Thinkpad T60 get a lot of hits, as does Kyle’s Lenovo X200 review. There’ve been a total of 115 keywords as of today, but these are the ones that have gotten many hits. It seems like there’s quite a technical focus to results.

If anyone with a Google account wants access to the stats, let me know.

Here’s a really neat trick that saves me a lot of time. It’s nothing new, but I don’t think it’s widely-known.

Let’s say that you have a tool you often use that just changes the URL. For example, using Trac for storing bugs. I might want to look up Trac #1234, and the URL is something like /ticket/view/1234. Rather than searching through the system, I can just hack the URL to change the number. But that’s a pain.

So you can set up a keyword. Instead of typing http://trac.lan/tickets/view/1234, I can just type “trac 1234” and it’ll construct the URL. That’s the magic of Firefox bookmarks. Simply bookmark a link, change the variable portion of the bookmarked to “%s”, and define a unique “keyword” field. Then visit them by typing in “keyword variable” in the location bar; if “trac” was your keyword, you’d type in “trac 1234” and hit enter. Viola! Set them for Trac, SANS port lookup, dictionaries, or all sorts of secret internal tools you might have. This obviously won’t work for things that don’t have hackable URLs, but an awful lot do.

I found myself sitting in the back seat of a car today, toying with Chess on the Mac. (And being defeated in ways I didn’t even understand. Quite discouraging.)

Tired of the endless losses, I started up KisMAC to show the wireless APs that I passed. Between Margarita’s in Nashua and my home, I found 232 access points.

As if doing that wasn’t enough to make me a nerdy loser, I went on to generate some statistics. 32% of the access points were open. (No encryption.) The remaining two-thirds were encrypted; 48% of the access points used WEP, and 21% used WPA. WEP is old an insecure; someone with some targeted utilities can spend about 15 minutes watching network traffic and crack the key to gain entry to your network.

It’s probably not surprising that the majority of the unsecured networks had names like “linksys” and “belkin54g.”

“Wireless Nashua” is an open access point in downtown Nashua. Stopped at a light I connected, and was taken to a captive portal splash page explaining that it’s free wifi for people at local businesses. Neat. A handful of other businesses had open access, too.

A few access points were named “hpsetup.” I’m not sure what this is; this is the only access point that was at the car dealership when I brought my car in for service. Connecting gave me a generic “not actually connected” fake IP, and there was no gateway, and a quick scan of the netblock suggested that there was nothing on it. I have no idea why this is my theory, but I think it might be connected to HP printers that have WiFi capability.

Driving by the hotel between the Bud Plant and the old McDonald’s in Merrimack, I noticed a network called Marriott (open), plus five GoldenTree open APs. I wasn’t aware that the hotel was a Marriott, nor do I know what GoldenTree means. (Ah-ha: GoldenTree is also known as Guest Tek, and provides tech solutions to hotels.)

The highlight, though, was an access point named “Cisco Sys. Security.” It sounds like something that would be set up by a CCNA, and you’d think it’d be locked down with WPA and pass through an ASA firewall before connecting to the rest of the network. All I know is that it was an actually an open AP.

Throughout the ages, people have forecasted the end of days in various ways. In some distant corners of the globe, oracles smoked opium and foretold of the end of the world. Contemporary scholars count the number of letters in the Bible and divined when the world would cease to exist. They’ve all been wrong.

If my weather station is to be trusted, though, we’re in big trouble after Tuesday:

title=”The End of Days by n1zyy, on Flickr”>

I’ve posted before about how I got sick of how much our Linksys router (for our home cable modem) stunk, so I ended up taking an old machine with dual NICs and building an OpenBSD firewall. It worked pretty well, but had a few flaws. Perhaps the biggest is something that’s not technically a flaw: it was a royal pain to configure. I don’t think ease of use was ever (or should ever be?) a design consideration with OpenBSD, but it was sufficiently painful to get it running, and sufficiently complex that I never quite had the amazing ruleset I wanted. Another problem was that it was, at times, too archaically strict. A “default deny” policy is, hands-down, the best way to do things, but ours never spoke the silly little LAN protocols like UPnP, which allow applications (e.g., direct file transfers over AIM) to request a port be opened and temporarily forwarded. Some would argue this is insecure, and, on some level, I’d agree. On the other hand, it was enough of a pain that it became tempting to poke holes all over the place so that these things worked. Plus it was just old: when OpenBSD 4.5 came out, I decided it was time for our OpenBSD 4.2 machine to see some changes, and a simple upgrade wasn’t going to cut it.

I downloaded the pfSense 1.2.3-RC1 beta. I think pfSense has a lot in common with why I love MacOS X so much: it’s a really slick user interface, super-easy-to-use, and yet it sits in front of what’s arguably one of the most rock-solid, full-featured platforms. pfSense is based on FreeBSD, which, while arguably not as “paranoidly” secure as OpenBSD, is still plenty solid and a little more mainstream.

So I said I’d give a mini-review. The installation was terrible. I think I drew the short straw here, as most people don’t seem to complain about the miserable experience I had. The installer was meant to be quick and helpful, but it auto-detected information about the cylinders, heads, and sectors of my hard drive and told me that the information was wrong and that the system wouldn’t boot. After a brief, “Are you serious? Is this 1994?” exchange with the computer, I let FreeBSD use the random values it wanted, and the install continued. Until fdisk blew up with an error that you can’t have 255 sectors; 63 is the max. So then use what the hard drive reported in the first place, which was 63? Oh, right, that won’t boot. After several rounds of this, I ended up just making up numbers to appease the process, and my 60GB hard drive has about 13GB of space visible to the operating system, with the rest vanishing due to the information being completely wrong. 13GB is enormous for a firewall anyway; pfSense can be installed on an SD/CF card.

It also includes a handy auto-detect tool, where you plug in your LAN and WAN and it will set them up. This was problematic for me, since I wanted to set the thing up by hand and then drop it in place. You can set it up manually, which I ended up doing, but I first tried the auto-detect, letting it think our “WAN” was my Ethernet drop, and my “LAN” was a crossover cable to my laptop. This never really worked; it wouldn’t detect a link on the NIC even though the NIC showed that the link was up. So I set the things manually and all was well. This, too, seems fairly atypical, and may have to do with the fact that we’re running two who-knows-what budget NICs.

After the hellish introduction to FreeBSD, though, pfSense suddenly became pleasurable. Almost as soon as it was installed, it was routing LAN over the WAN via NAT. I didn’t have to add rules to pf to make it do this manually. I hurriedly tried to figure out how to add a default deny policy, only to find out that this, too, was the default. It pretty much does what I wanted out of the box, and it does it well. I set up QoS-based packet queues, so that BitTorrent can’t take up more than 2 Mbps down and 1 Mbps up, and so that ssh and Remote Desktop (along with some other latency-sensitive stuff, e.g. IRC) get priority queueing. This took extensive research under OpenBSD and still didn’t ever seem to work right. I had a neat little wizard on pfSense that a 4th grader could have used. It creates “real” pf rules that I can go edit if I wanted to, except that I don’t have any reason to backend it because it just works as it should.

It also does all sorts of graphs, including RRDTool graphs of things like CPU load, but also traffic (kbps/Mbps) both ways per link, latency and packet loss (not entirely sure yet what the latency is to?), packets per second, and the breakdown of traffic in each of the queues. They went the extra mile and has a streaming graph drawn in-browser via Adobe SVG showing real-time bandwidth usage. I’d like a feature that tracked monthly (per calendar-month) bandwidth usage, but the month-wide bandwidth graphs do keep a running total. (And we’ve apparently downloaded 13GB since I set this up over the weekend???)

Port forwarding is dead-simple. It’s actually problematic, because I tried to make it hard going through the firewall setup, but it turns out that I just need to click “Port Forward” and plug in the details. Setting up real firewall rules are done via a pretty easy wizard, too.

The machine is being vastly underutilized. I’m not running a VPN server, though I have multiple options if I want to. I’m not using it as a proxy server (with a transparent proxy server being an option), much less one that scans incoming content for viruses and aborts the transfer of anything malicious.

In short: if you can get past the awful FreeBSD installation (which doesn’t seem to happen to everyone?), pfSense is pretty awesome, and turns an old dual-NIC PC into an enterprise-grade firewall/router/gateway. It’s designed for lower-end or embedded machines, too!

One of the tricky issues in terms of political correctness has been discrimination and when things aren’t discrimination. There was a student group called “Black United Body” at my college, definitely not racist. But if someone had started its logical complement, “Whites United,” it would have seemed horrifyingly racist.

After a bit of banter, I came to the conclusion that “discrimination” in its non-loaded definition (grouping people into buckets, with no hint of prejudice or value judgment) is generally considered okay when it’s “pro-something” (e.g., a “pro-African-American” group), and generally not okay when it’s anti-something (e.g., anti-gay).

A bit of a wrinkle is that a “pro-something” when that something has a sizable majority or innate perceived advantage can be construed as anti-something-else: a group to celebrate the culture of white people is not offensive in and of itself, but it seems to conspicuously exclude an oft-belittled minority, so pro-white comes across as anti-black, whereas a pro-black group may not have anti-white sentiments. I think this is kind of like how the SEC has rules that only kick in when you control an overwhelming majority of your industry: Alcoa and Microsoft have run into trouble, whereas if I forced you to buy a brownie if you wanted lemonade at my lemonade stand, the law isn’t applicable. Microsoft bundling IE was consdered to unfairly shut out Netscape, but me forcing brownies with lemonade doesn’t really shut anyone out, since no one would come to my lemonade stand anyway. Thus Caucasians, heterosexuals, and males have some “near-monopoly” special rules, and “monopoly” isn’t always clear. (Men and women are equal in percentage, yet a movement for women’s rights is a good cause, while a movement for men’s rights is nonsensical.)

Let’s say I start a company with some legitimate reason to consider religion. Let’s call it a Muslim dating site. All’s well and good. After a while, we say that only Muslims can sign up on our site for Muslims. Fair and not discriminatory, even if you say it as “all non-Muslims are banned.” It’s pro-Muslim, not anti-non-Muslim. But now say that the Muslim site decides to welcome their Christian and Hindu brethren, and just changes the rule to “No Jews allowed.” Suddenly, it’s shockingly offensive, because it’s gone from pro-Muslim to anti-Judaism.

A gay dating site makes sense, but a whites-only dating site would not. A lesbian-only site that precluded gay men and heterosexuals is okay, because you’re not anti-gay-male, but pro-lesbian. Pro-British is okay, because it leaves non-British, a giant category, whereas pro-white excludes only racial minorities. It’s about ensuring that the only group not included in your “pro-something” doesn’t happen to be a minority. Pro-female is okay, but pro-male may get into murky waters… In some cases, at least. A clothing store for men isn’t anti-female, but a male-only supermarket is suspect, since it appears to arbitrarily exclude females. (Plus it makes no sense, but you get the idea.)

I’m curious if this theory holds up. Some things around this sort of topic are controversial (consider gay rights or affirmative action), but I think there’s a lot of “I’ll know it when I see it,” so I like the idea of reducing it to two rules of thumb that seem to cover most situations. But does it work?

When you’ve been a computer geek for a long time, you get to a point where you feel comfortable rushing to conclusions about technologies. The thing that fascinates me is that the majority of people I speak with hold the same prejudices. Even more curious, the more I’m forced to learn about the technologies, the more I realize how accurate my initial snap judgment was.

Java is the prime example. Without knowing a lot, I formed the impression that it wasn’t well-suited for small applications, both because everything was treated like it was a giant enterprise project, and because it gobbled up RAM like a crack addict. As I entered the world of professional web development, I’ve found that a lot of my peers hate it more than I do.

I hate Perl for the same reason. It was actually among the first “real” languages I learned. If you know it, it’s handy. But if you kind of knew it a few years ago, it’s a GIANT pain to work with. My prejudiced opinion? Perl is intentionally obfuscated and confusing to write, and the people who know Perl well take pride in writing enigmatic code. A Perl script by a veteran developer has more symbols than comprehensible phrases, and it has a lot of variables (like $_) that are used all over the place for all sorts of things.

JavaScript is another. Part of why I hate it is because it’s vaguely like Java, which is a bad start. But it’s more a two-fold thing: the stuff that can be done easily is really obnoxious (open a window and move it around my screen, or pop up multiple alert boxes). The stuff that’s useful always seems unreasonably different and counter-intuitive. I may hate it less as I get better at it, but as it is, I’m yet to work with it and not get a headache trying to figure out why the simplest thing that 4936 tutorials all mention doesn’t actually work.

XML. I like the concept. In reality, it’s extremely bloated, extremely dense, and rarely lends itself to being something I can sit down and understand as a schema. There are much more “readable” technologies. That said, XML does win points over the “some format I dreamt up while I was high that turns out to not even be consistent” configuration schema that some utilities used to be infamous for.

JPG. It’s good for photographs. If you’re not using it for a photograph, you probably shouldn’t be using it. If you have (rasterized) ‘vector’ graphics or text, use a PNG unless you like your stuff looking really crappy.

BMP. Seriously, I have never, ever seen a good use for it. It’s usually ridiculously bad graphics done in MS Paint, which shouldn’t even be saved, much less saved in a format that defines the values for every pixel sans compression. The good news is that it could be worse: a Java application that saves each pixel’s value as an entry in an XML file.

GIF. If you need transparency, use a PNG. If you need animation… Please reconsider using animation. 😉 And if you don’t need animation, there’s no reason to use a GIF.

Java applets, Silverlight, and proprietary codecs. Here’s the thing: your Java applet gives me some cool functionality, your Silverlight app is really neat, and your Ogg audio stream with weird compression sounds better and is more efficient. But you see, you’re probably not important enough to me that I’d be willing to take the time to install something special for your silly site. If you make a five-figure hardware device with a web GUI that requires I install a Java applet that’s slow and prone to crashing, you’ve got me! But Brocade, you should know that I curse under my breath when I click “Install,” and that I have dreams about redoing our architecture with iSCSI over commodity Ethernet. Never mind that your equipment is rock-solid and probably vastly superior. The Java applet is the only time I “use” your equipment, and it’s like pulling teeth.

SNMP. I’m a stats freak. We must graph 500 stats at work. It’s an integral part of any IT monitoring setup. But it’s one of those technologies that never works as it should. I try to monitor something simple and it just doesn’t work. I do an snmpwalk and get literally thousands of lines back. And MIBs, meant to give SNMP pretty names, somehow make managing SNMP an even bigger headache.

IPv6. Here’s the thing: I used to be a big fan of the idea. But now it’s just useless crap that networks try to set up, and it gets in the way. I need to change my mind on this, but it’d be a lot easier if I knew a single person that actually uses IPv6.

Twitter. I use it. It’s neat. But I mention it to a non-user, who invariably replies, “I just don’t GET Twitter.” And I’m forced to admit that I don’t. It takes information I don’t care about and assaults me with it all day long. And that’s really the best description of Twitter I’ve ever heard.

Captcha. A good technology, but for two things. The first is that spammers have been able to defeat it for quite some time. The second is that captchas are getting to the point that I can’t figure out what the heck they’re supposed to say. It’s like a Rorscharc test.

Usenet. I experimented with it a while back. It’s nothing but viruses pretending to be warez and lots and lots of spam. It may have been great once, but these days it’s a festering wasteland accessible over the equivalent of Gopher.

Strict validation. It’s good to write syntactically valid HTML and CSS. I don’t mean to imply that I should be able to cobble out utter garbage and act offended when a validator complains. But when I look at a well-formed page that works well in all browsers, and see that it has over a thousand validation errors, I can’t help but reach the conclusion that getting truly valid HTML is literally impossible.

Bad errors. Don’t tell me that error 7604 happened. Don’t tell me that my 2,000-line controller can’t be used because of an unexpected kEND. Tell me what’s wrong, where, and what I can do to fix it. And Java, giving me a stack trace and hundreds of debug lines doesn’t make up for the fact that errors always fail to convey what actually went wrong.

Calendar standards. We have more calendar standards than I can name. And I haven’t met anyone who’s achieved “calendar zen.” I can sync my desktop app to Exchange (kind of), and my iPhone to Google Calendar, but what if I want to use my work calendar and my personal calendar together, and treat them like they’re one? I’ve looked at dozens of solutions, and not a single one really supports having read-write-modify access to multiple calendars in multiple places. Lots kind of do it, but have gotchas that render them useless. Stop inventing new calendar standards, please. No, seriously. Just make yours work with theirs.

I know a few people who drive hybrids, and who’ve been quite happy with them. It’s less of a big deal today than it was a year or so ago when gas cost twice what it does now, but I’ve estimated that I spend $10 a day in gas on my commute, so I’m still pretty sensitive to gas mileage. (Doubling my mileage, from 20 to 40 mpg, would save me $5 a day, or $100/month.)

True or not, there’s a perception that hybrids are a new, untested technology, and thus a fear that they might not last long. I’ve noticed a few taxis in Boston that are hybrids, which is probably the ideal use case, since they’re on the road all the time. And now there’s this article about a California taxi fleet that’s starting to have hybrids hit 300,000 miles. (That number alone is impressive?) They mention that they’ve had to replace two hybrid batteries: one was “operator error” (which raises more questions than it answers), and the other was under warranty… This is out of a fleet of almost 200. They also mention that, because of the way the braking works, the brakes tend to last about three times longer than on non-hybrids. (Which means that I’d have surprise thousand-dollar brake jobs one-third as often!)

The durability is really reassuring, and the savings are impressive: assuming gas was an average of $1.75/gallon over the 300,000 life of some of these hybrids, and that a hybrid doubles the mileage of a non-hybrid, I’m calculating that they’ve saved $262,500 in gasoline costs per hybrid. That probably offsets the $5-10,000 extra upfront cost. Though for me, about $27,000 for a Camry Hybrid is still a bit too much….

One giant pet peeve of mine is when Internet news sources mention things happening online and yet never provide any links. So here’s a link-rich summary:

Anyone who’s really explored Craiglist knows that it sometimes has a seedy underbelly. There are sometimes-flagrant ads for prostitutes, and sometimes-flagrant posts about people in the marijuana market. Craigslist seems to do the best it can in taking down egregious violations, but it’s not capable of having a human review every post. The Philip Markoff case surely brought this to a head, and Craiglist made some changes, like changing is “Adult Services” category to be more heavily-moderated.

South Carolina’s Attorney General, Henry McMaster, has been grandstanding by threatening to hold Craigslist criminally liable for the illicit postings on the site. (McMaster just so happens to be positioning himself for a gubernatorial race.)

Today, Craiglist’s CEO, Jim Buckmaster, fired back, pointing out that the charges are completely baseless, and that McMaster (the SC AG) himself praised Craiglist’s earlier policies on cracking down on illicit material. I’m not doing the post justice; it’s really a must-read for anyone interested, because it really hammers home the point.