Other writing: November 2018

What have I been writing when I haven’t been writing here?

Stuff I wrote

Red Hat/Fedora

Lafayette Eats

  • Amer’s Grill — A local Mediterannean restaurant gets subjected to my discerning palate.

Opensource.com

Stuff I curated

Red Hat/Fedora

Opensource.com

Is it time to replace the Saffir-Simpson scale?

Short answer: yes. Long answer: I’ll let Cliff Mass explain it. But as the 2018 Atlantic hurricane season draws to a close today, I’m more convinced than ever that the Saffir-Simpson scale does us no good.

The categories simply don’t mean much to the average person. Sustained wind speed is only one part of a hurricane’s power, and perhaps not even the most important. Storm surge, rainfall, and wind gusts are all significant contributors to the harm caused by hurricanes. Of course, coastal conditions, population density, and building quality factor into the end impact, too. Particularly inland, a slow-moving but weaker storm could cause more damage (due to flooding) than a stronger storm that spends less time over the area.

Ultimately, as I’ve written in the past, it’s not the meteorology that the public cares about. They want to know what the impact will be and what they should do about it. This means de-emphasizing wind speeds and focusing more on impacts. To its credit, NOAA agencies have put more emphasis on impacts in the last few years, but the weather industry as a whole needs to do a better job of embracing it. It requires a cultural change in the public, too, which may take a generation to settle in.

But there’s no time like the present to start preparing for day. And maybe it’s time to drop the distinction between tropical storm and hurricane watches and warnings, too.

So long, Google Voice

I signed up for Google Voice in about 2008 or 2009. This was back when providers actually charged you for text messages and I didn’t really use them. So I registered for an account and didn’t do a whole lot with it until I changed jobs and ended up in the basement. RIP cell phone signal. Google Voice made it possible to call one number and ring either my cell phone if I was above ground or my office phone if I was in the office.

It turns out that was pretty useful to me, so by the time I was moved to a different office, my Google Voice number was the number I told everyone to use. Being able to text and make phone calls from my web browser was a great feature. But as carriers started catching up, Google Voice sat stagnant. I braced myself for Google to decide they were going to drop the service.

Instead, they finally added the ability to send and receive pictures. In 2014. For a long time, that was only available if you used Hangouts for your Voice messages. But then the Voice app got support and all was right with the world. Unless you wanted to do videos. It’s something Google is supposedly close to rolling out.

But a few weeks ago, I bought a Samsung Galaxy Watch. That meant making phone calls or sending texts would come from my carrier number. Since I’ve been giving people my Google Voice number for nearly a decade, I figured that would just lead to confusion. So I decided to ditch Google Voice and port my number to my carrier.

It was fairly straightforward, albeit slightly slow. This is apparently due to the fact that Google Voice numbers are treated as landlines, so there’s more process involved. But not getting texts reliably for a few days was much easier than trying to get everyone to switch to using a new number for me.

I decided that the features I use are more important than the features I don’t use. I haven’t had Google Voice forward to anything except my cell phone for years. T-Mobile’s DIGITS service provides the web-based functionality I got from Google Voice (admittedly not quite as well, but I expect they’ll catch up). While I don’t often talk to my phone, the fact that Google Assistant can’t use Google Voice to send messages is a longstanding frustration.

Google had a chance to really make a great product here. Apart from search and GMail, Google Voice was the most valuable Google service for me. But the years of seeming neglect finally took its toll. Maybe some day I’ll move my number back, but for right now, I don’t really miss it.

Naming your files is important

I recently shared a Tweet about file names.

The inspiration for this was adding a new podcast to my podcatcher. For reasons that are mostly nerdy, I use bashpodder. I run it a couple of times an hour during my waking hours and stream or copy the files to whatever device I happen to be at. It’s a setup that works pretty well for me in general.

The downside is that all of the files get dumped into a directory by date. Some podcasts (e.g. Marketplace) do a good job of naming files: I know what show it is and when it’s from just by looking at the file name. Others use the network (e.g. “GLT” for Gimlet Media) and a string of numbers without any obvious meeting. The worst offender is Art19.com, from where I get “The Greatest Generation” and Akimbo. Those shows have UUIDs as filenames.

I can understand why, on the backend, that is beneficial. The files themselves are just one part of (I assume) a database of shows. No human ever has to touch it, so you might as well name it in a way that minimizes the risk of a naming collision. But it’s extremely hostile to the user.

I suspect that most podcast listeners these days use an app and don’t directly download the files. But for those that do, sane file names are important. A friend asked about using just the date as the file name, as he apparently does for recordings from his church. That’s even worse, because it assumes that the listener saves them in a unique location.

When it comes to media that you intend for others to download, it’s vitally important to not make any assumptions how they will store it. Maybe they save everything to their Downloads folder and never move it. If two separate items were produced on the same day, one of them will potentially get overwritten. That’s probably not what you want to happen.

Wrists on with the Samsung Galaxy Watch

I’ve owned the same watch for two decades or so. It’s a Timex Expedition that I paid about $25 for. I’ve paid far more than that to replace batteries over the years. But recently I decided to get a new watch, so I popped into the T-Mobile store to get the Samsung Galaxy Watch.

The style is nice. The 42mm bidy fits my wrists well. While the strap won’t win any design awards, it’s unobtrusive. Of course, the face can be whatever you want. I have the “Analog Utility” face, but in fancier situations, I might set it to something a little more elegant. Or not.

Setting up the watch was simple. I like that I can decide which apps will notify on the Watch. The Galaxy Wearable app on my phone made it simple to apply updates and install new apps to the Watch. Of course, the app selection for the Tizen operating system is pretty limited. Samsung Health and replies to incoming texts and Facebook Messenger messages are about the limit of my usage so far.

Composing those replies has been a trip. The default input method is to write the letters with a finger. That generally works pretty well, but the character set is limited. Typing on the T9 option takes some getting used to, since it isn’t the T9 you remember from your featurephone days. Speech-to-text is…underwhelming. It’s clear that Bixby is not in the same league as Google Assistant.

The battery life is pretty good. I’ve been wearing my Watch all night and charging it during the day when I’m at my desk. Even over the weekend, it doesn’t take long on the wireless charger to get enough juice. I could probably get close to two days without charging. Longer would be nice, but this is good enough for me.

I have the built-in SIM, although I haven’t used the Watch away from the phone yet. I can’t see myself doing that too often. But using it for payment instead of pulling out my phone is slightly more convenient. Samsung Pay makes it easy to quickly select which card I want to use. Still, I’m more likely to have already pulled out my wallet by the time I realize that using Samsung Pay is an option.

What’s been most interesting to me is how the Watch has changed my behavior. I’ve noticed I have my phone out less now because I can get notifications on my wrist. From there I can decide whether to pull out my phone or just wait a bit. As a parent who sometimes gets too distracted by his phone, I appreciate this. I also like that it can count my steps without having to remember to put my phone back in my pocket. Having sleep data and heart rate data is interesting, although I haven’t done much with it. I see that data as something to look at retrospectively.

In all, I’m pretty happy with the Galaxy Watch. It won’t last as long as my Timex, but if I get a few solid years out of it, I’ll probably buy a new one.

Why subscribe to a newsletter you don’t read?

Why would you subscribe to a newsletter that you don’t read? I mean, maybe you intend to. Maybe it’s sitting there in your inbox unread just waiting for you to get around to it Real Soon Now. Or maybe you filter it off to some folder where email does to die. I get that. I do that all the time.

No, what I’m thinking about is the case where an obvious spam account signs up for a newsletter. As of this writing, my newsletter has 283 subscribers — a number that has grown 27% in the past month. But only 40 people at most have ever opened it. The number of opens has stayed relatively constant even as the subscriber count has gone up.

So why do I think the accounts are spam? For one, there’s the fact that most of them haven’t opened any newsletters. Sure, maybe there’s a reason for that. But also they look…spammy. The addresses are often yahoo or other domains that have fallen out of favor. The names represented by the addresses don’t look like the names of people I know. I can’t imagine why people I do know read my newsletter, nevermind why strangers would. Taken all together, I feel safe calling many of these accounts spam.

But to what end? I understand spam accounts on Twitter liking random posts in the hopes that someone will look at the profile and click a link to whatever thing someone’s trying to peddle. Or maybe follow the account and get clicks that way. That makes sense to me. But what can a spammer do with a newsletter subscription? Is it a really crappy denial of service attack? Do they hope that after a few years my subscriber list will exceed Mailchimp’s free tier? Maybe it’s done to hide nefarious activity in a flood of confirmation emails. That seems like the most likely answer, but it doesn’t seem very efficient. Then again, I’m not a spammer, so what do I know?

What if we never used the phrase “common sense” again?

On Tuesday night, I heard my local NPR station interviewing a newly-elected representative. At one point, he made some reference to “common sense” policies. I don’t even remember what they were talking about, but it doesn’t matter. When someone says “common sense”, what I hear is “I don’t have any substantive arguments in favor of my position.”

This is not unique to one political party, or even to politics as a whole. In any field, “common sense” is a shorthand for “this is the only reasonable position and you’re unreasonable if you disagree with it because I said so.”  In most situations where “common sense” is deployed, reasonable people can disagree on what the sensible approach is.

In addition to silencing dissent, the phrase “common sense” also oversimplifies most issues. What seems like an obvious solution on the surface may not fit the underlying complexity. Life is rarely as simple as it seems.

If it’s really common sense, it should be easy for you to explain why. So let’s all agree to never use “common sense” again.

If everyone followed good password advice, we’d be less secure

Passwords are hard. To be useful, they must be hard to guess. But the rules we put in place to make them hard to guess also make them hard to remember. So people do the minimum they can get away with.

Earlier this week, security company Webroot took a look at the unintended consequences of password constraints. The rules organizations set in order to ensure passwords are sufficiently complex reduce the total number of possible passwords. This can make automated password guessing more

Good passwords are easy for the user to remember and hard for computers and other humans to guess. Let’s say I wanted to use a password like 2Clippy2Furious!! Various password checking sites rate it highly. It’s 18 characters long and contains upper- and lower-case letters, digits, and special characters. But because it contains consecutive repeating letters, some companies won’t allow it.

Writing for Webroot, Randy Abrams says “it’s length, not complexity that matters.” And he’s right. That’s the point behind the “correct horse battery staple” password in XKCD #936. So let’s all do that, right?

Well…it’s not so simple. If I were trying to brute force passwords, and I knew everyone was using four (or five or six) words, suddenly instead of “CorrectHorseBatteryStaple” being 26 characters, it’s four. Granted, the character set goes from 95 to (using /usr/share/dict/words on my laptop) 479,828. “CorrectHorseBatteryStaple” is many powers of 10 more secure if the attacker doesn’t know you’re using words.

And let’s be real: they don’t. This hypothetical weakness has a long time before it becomes a real concern. Don’t believe me? Just look at the password dumps when a site gets hacked. There are a lot of really bad passwords out there. If we took all the constraints off (except for minimum length), people would just use really dumb, easily-guessed passwords again. But it amuses me that if everyone followed good password advice, we’d actually make it worse for ourselves. Passwords are hard.

Sidebar: Yes, I know

The savvier among you probably read this and thought “it’s better to use a random string that you never have to memorize because your password manager handles it for you. Just set a very long and memorable password on that and you’re good to go.” Yes, you’re right. But people, even those who use password managers, will often go to memorable passwords for low-risk sites or passwords they have to use often (e.g. to log in to their computer so they can access the password manager). 

The future is browseable

Browsing and searching are not the same thing. Anyone who has sat on the couch trying to figure out what to watch on Netflix knows this. With so many choices available, there’s bound to be something

Seth Godin wrote a blog post about this recently. How do we find what we didn’t know we wanted to find? We’re pretty bad at this in the digital world, but truth be told, we’re not that great at it in the offline world, either. At least, I don’t think we are.

I love going to my local library. Books smell amazing and even though I have this annoying tendency to buy a book that I know I’ll only read once, the public library’s collection dwarfs my own. But when I don’t really know what I want to read, I just sort of wander the shelves and judge books by their covers. Or their spines, in most cases.

Amazon is one of the few sites that seems to tackle this really well. Their recommendations aren’t always on the ball, but I’d rate them well overall. Having enough data to tell me what people who bought one item also bought is a huge part of making good recommendations.

I would have loved a similar recommendation engine was when I was putting together my plan of study for graduate school. I essentially had the entire University course catalog at my disposal. If I could make the case to my committee that it was a good course for me to take, it was all mine. But with so many courses to choose from, how would I know what to pick? I was forced to browse manually, but a recommendation engine would have really helped.

That’s one reason I like traditional radio stations and services like Pandora: I don’t have to search. I can start with a general genre of music I want to listen to and then I get to browse. I credit Pandora with the tremendous broadening of my musical tastes that happened in the late ‘aughts.

I look forward to a time when browsing is easier. Just think of the undiscovered gems we’ll find.

I (will, pending approval) have a new employer (again)

Note: this is an entirely personal post and does not represent Red Hat or the Fedora Project in any way.

This is not a repeat from August 2017: my employer is about to be acquired. The news that IBM is spending $34 billion to acquire Red Hat came as a surprise to just about everyone. As you might expect, the reaction among my colleagues is widely varied. I’m still trying to come to terms with my own emotions about this.

Red Hat is not just an employer to me. I’ve been applying for various jobs at Red Hat over the last eight years or so. When I got hired earlier this year, I felt like I had finally obtained a significant professional goal. I’ve long admired the company and the people I know that worked there. I saw Red Hat as a place that I could be happy for a very long time.

But I don’t have a crystal ball. So sometime in the second half of next year, I’ll be an IBM employee. Leadership at IBM and Red Hat have said the right things, and the stated plan is that Red Hat will continue to operate as an independent subsidiary. I have no reason to doubt that, but the specifics of the reality are still unknown. It’s a little bit scary.

It makes sense that we don’t have any specifics yet. The plans can’t really be formed until the folks who would work on them can be told. So almost everyone is just coming up to speed, and the next few months will start bringing some clarity. And even more has to wait until the deal actually closes.

My first reaction was “oh no, my health insurance is going to change again.” After having roughly five insurance plans in the last five years, the idea of updating my information with all of my providers yet again is — while not particularly difficult — kind of annoying. My second reaction was “couldn’t they have waited a few years so I could accumulate more stock?”

So what does this all mean? I really don’t know. Ben Thompson is not optimistic. John “maddog” Hall is taking a positive approach. But most importantly, my friend and patronus Robyn Bergeron is reassuring:

So for now, I’ll go about my day-to-day work. Fedora 29 released on Tuesday. We’re hard at work on Fedora 30. In a few months, I’ll know more about what the future holds. In the meantime, I’m proud to be a Red Hatter and a member of the Fedora and Opensource.com communities. Here we go!