Wrists on with the Samsung Galaxy Watch

I’ve owned the same watch for two decades or so. It’s a Timex Expidition that I paid about $25 for. I’ve paid far more than that to replace batteries over the years. But recently I decided to get a new watch, so I popped into the T-Mobile store to get the Samsung Galaxy Watch.

The style is nice. The 42mm bidy fits my wrists well. While the strap won’t win any design awards, it’s unobtrusive. Of course, the face can be whatever you want. I have the “Analog Utility” face, but in fancier situations, I might set it to something a little more elegant. Or not.

A screen capture of the "Analog Utility" face for the Samsung Watch, including weather, barometer, and heart rate complications.
“Analog Utility” face for the Samsung Galaxy Watch

Setting up the watch was simple. I like that I can decide which apps will notify on the Watch. The Galaxy Wearable app on my phone made it simple to apply updates and install new apps to the Watch. Of course, the app selection for the Tizen operating system is pretty limited. Samsung Health and replies to incoming texts and Facebook Messenger messages are about the limit of my usage so far.

Composing those replies has been a trip. The default input method is to write the letters with a finger. That generally works pretty well, but the character set is limited. Typing on the T9 option takes some getting used to, since it isn’t the T9 you remember from your featurephone days. Speech-to-text is…underwhelming. It’s clear that Bixby is not in the same league as Google Assistant.

The battery life is pretty good. I’ve been wearing my Watch all night and charging it during the day when I’m at my desk. Even over the weekend, it doesn’t take long on the wireless charger to get enough juice. I could probably get close to two days without charging. Longer would be nice, but this is good enough for me.

I have the built-in SIM, although I haven’t used the Watch away from the phone yet. I can’t see myself doing that too often. But using it for payment instead of pulling out my phone is slightly more convenient. Samsung Pay makes it easy to quickly select which card I want to use. Still, I’m more likely to have already pulled out my wallet by the time I realize that using Samsung Pay is an option.

What’s been most interesting to me is how the Watch has changed my behavior. I’ve noticed I have my phone out less now because I can get notifications on my wrist. From there I can decide whether to pull out my phone or just wait a bit. As a parent who sometimes gets too distracted by his phone, I appreciate this. I also like that it can count my steps without having to remember to put my phone back in my pocket. Having sleep data and heart rate data is interesting, although I haven’t done much with it. I see that data as something to look at retrospectively.

In all, I’m pretty happy with the Galaxy Watch. It won’t last as long as my Timex, but if I get a few solid years out of it, I’ll probably buy a new one.

Why subscribe to a newsletter you don’t read?

Why would you subscribe to a newsletter that you don’t read? I mean, maybe you intend to. Maybe it’s sitting there in your inbox unread just waiting for you to get around to it Real Soon Now. Or maybe you filter it off to some folder where email does to die. I get that. I do that all the time.

No, what I’m thinking about is the case where an obvious spam account signs up for a newsletter. As of this writing, my newsletter has 283 subscribers — a number that has grown 27% in the past month. But only 40 people at most have ever opened it. The number of opens has stayed relatively constant even as the subscriber count has gone up.

So why do I think the accounts are spam? For one, there’s the fact that most of them haven’t opened any newsletters. Sure, maybe there’s a reason for that. But also they look…spammy. The addresses are often yahoo or other domains that have fallen out of favor. The names represented by the addresses don’t look like the names of people I know. I can’t imagine why people I do know read my newsletter, nevermind why strangers would. Taken all together, I feel safe calling many of these accounts spam.

But to what end? I understand spam accounts on Twitter liking random posts in the hopes that someone will look at the profile and click a link to whatever thing someone’s trying to peddle. Or maybe follow the account and get clicks that way. That makes sense to me. But what can a spammer do with a newsletter subscription? Is it a really crappy denial of service attack? Do they hope that after a few years my subscriber list will exceed Mailchimp’s free tier? Maybe it’s done to hide nefarious activity in a flood of confirmation emails. That seems like the most likely answer, but it doesn’t seem very efficient. Then again, I’m not a spammer, so what do I know?

What if we never used the phrase “common sense” again?

On Tuesday night, I heard my local NPR station interviewing a newly-elected representative. At one point, he made some reference to “common sense” policies. I don’t even remember what they were talking about, but it doesn’t matter. When someone says “common sense”, what I hear is “I don’t have any substantive arguments in favor of my position.”

This is not unique to one political party, or even to politics as a whole. In any field, “common sense” is a shorthand for “this is the only reasonable position and you’re unreasonable if you disagree with it because I said so.”  In most situations where “common sense” is deployed, reasonable people can disagree on what the sensible approach is.

In addition to silencing dissent, the phrase “common sense” also oversimplifies most issues. What seems like an obvious solution on the surface may not fit the underlying complexity. Life is rarely as simple as it seems.

If it’s really common sense, it should be easy for you to explain why. So let’s all agree to never use “common sense” again.

If everyone followed good password advice, we’d be less secure

Passwords are hard. To be useful, they must be hard to guess. But the rules we put in place to make them hard to guess also make them hard to remember. So people do the minimum they can get away with.

Earlier this week, security company Webroot took a look at the unintended consequences of password constraints. The rules organizations set in order to ensure passwords are sufficiently complex reduce the total number of possible passwords. This can make automated password guessing more

Good passwords are easy for the user to remember and hard for computers and other humans to guess. Let’s say I wanted to use a password like 2Clippy2Furious!! Various password checking sites rate it highly. It’s 18 characters long and contains upper- and lower-case letters, digits, and special characters. But because it contains consecutive repeating letters, some companies won’t allow it.

Writing for Webroot, Randy Abrams says “it’s length, not complexity that matters.” And he’s right. That’s the point behind the “correct horse battery staple” password in XKCD #936. So let’s all do that, right?

Well…it’s not so simple. If I were trying to brute force passwords, and I knew everyone was using four (or five or six) words, suddenly instead of “CorrectHorseBatteryStaple” being 26 characters, it’s four. Granted, the character set goes from 95 to (using /usr/share/dict/words on my laptop) 479,828. “CorrectHorseBatteryStaple” is many powers of 10 more secure if the attacker doesn’t know you’re using words.

And let’s be real: they don’t. This hypothetical weakness has a long time before it becomes a real concern. Don’t believe me? Just look at the password dumps when a site gets hacked. There are a lot of really bad passwords out there. If we took all the constraints off (except for minimum length), people would just use really dumb, easily-guessed passwords again. But it amuses me that if everyone followed good password advice, we’d actually make it worse for ourselves. Passwords are hard.

Sidebar: Yes, I know

The savvier among you probably read this and thought “it’s better to use a random string that you never have to memorize because your password manager handles it for you. Just set a very long and memorable password on that and you’re good to go.” Yes, you’re right. But people, even those who use password managers, will often go to memorable passwords for low-risk sites or passwords they have to use often (e.g. to log in to their computer so they can access the password manager). 

The future is browseable

Browsing and searching are not the same thing. Anyone who has sat on the couch trying to figure out what to watch on Netflix knows this. With so many choices available, there’s bound to be something

Seth Godin wrote a blog post about this recently. How do we find what we didn’t know we wanted to find? We’re pretty bad at this in the digital world, but truth be told, we’re not that great at it in the offline world, either. At least, I don’t think we are.

I love going to my local library. Books smell amazing and even though I have this annoying tendency to buy a book that I know I’ll only read once, the public library’s collection dwarfs my own. But when I don’t really know what I want to read, I just sort of wander the shelves and judge books by their covers. Or their spines, in most cases.

Amazon is one of the few sites that seems to tackle this really well. Their recommendations aren’t always on the ball, but I’d rate them well overall. Having enough data to tell me what people who bought one item also bought is a huge part of making good recommendations.

I would have loved a similar recommendation engine was when I was putting together my plan of study for graduate school. I essentially had the entire University course catalog at my disposal. If I could make the case to my committee that it was a good course for me to take, it was all mine. But with so many courses to choose from, how would I know what to pick? I was forced to browse manually, but a recommendation engine would have really helped.

That’s one reason I like traditional radio stations and services like Pandora: I don’t have to search. I can start with a general genre of music I want to listen to and then I get to browse. I credit Pandora with the tremendous broadening of my musical tastes that happened in the late ‘aughts.

I look forward to a time when browsing is easier. Just think of the undiscovered gems we’ll find.

I (will, pending approval) have a new employer (again)

Note: this is an entirely personal post and does not represent Red Hat or the Fedora Project in any way.

This is not a repeat from August 2017: my employer is about to be acquired. The news that IBM is spending $34 billion to acquire Red Hat came as a surprise to just about everyone. As you might expect, the reaction among my colleagues is widely varied. I’m still trying to come to terms with my own emotions about this.

Red Hat is not just an employer to me. I’ve been applying for various jobs at Red Hat over the last eight years or so. When I got hired earlier this year, I felt like I had finally obtained a significant professional goal. I’ve long admired the company and the people I know that worked there. I saw Red Hat as a place that I could be happy for a very long time.

But I don’t have a crystal ball. So sometime in the second half of next year, I’ll be an IBM employee. Leadership at IBM and Red Hat have said the right things, and the stated plan is that Red Hat will continue to operate as an independent subsidiary. I have no reason to doubt that, but the specifics of the reality are still unknown. It’s a little bit scary.

It makes sense that we don’t have any specifics yet. The plans can’t really be formed until the folks who would work on them can be told. So almost everyone is just coming up to speed, and the next few months will start bringing some clarity. And even more has to wait until the deal actually closes.

My first reaction was “oh no, my health insurance is going to change again.” After having roughly five insurance plans in the last five years, the idea of updating my information with all of my providers yet again is — while not particularly difficult — kind of annoying. My second reaction was “couldn’t they have waited a few years so I could accumulate more stock?”

So what does this all mean? I really don’t know. Ben Thompson is not optimistic. John “maddog” Hall is taking a positive approach. But most importantly, my friend and patronus Robyn Bergeron is reassuring:

So for now, I’ll go about my day-to-day work. Fedora 29 released on Tuesday. We’re hard at work on Fedora 30. In a few months, I’ll know more about what the future holds. In the meantime, I’m proud to be a Red Hatter and a member of the Fedora and Opensource.com communities. Here we go!

Other writing: October 2018

Where was I writing when I wasn’t writing here?

Stuff I wrote

Red Hat/Fedora

Stuff I curated

  • Forge Your Future With Open Source — VM Brasseur’s excellent book on becoming an open source contributor is done. I reviewed this book and I can tell you it is absolutely worth a read, even if you’re an experienced contributor. Buy it on Amazon (affiliate link) or directly from the publisher.

Opensource.com

A new triple constraint

The idea of a triple constraint is well-known, even if people don’t think of it by that name. “Fast, easy, and cheap: choose two. In project management, the relationship between scope, cost, and schedule is sometimes called the “iron triangle”. But recently Seth Godin published a blog post that got me thinking about a new triple constraint.

Profitable, difficult, or important?” Godin asks.

Profitable, difficult, or important—each is an option. A choice we get to make every day. ‘None of the above’ is also available, but I’m confident we can seek to do better than that.

Godin never says this, but success generally means sacrificing one of those three for the other two. Of course, you can be successful with one or none, but not more than three.

Where’s your evidence, Ben? I have none; this is a hunch. In an ideal world, your work would be all three. But the reality is that doing all three of them is exceedingly difficult. Sometimes the best way to win is knowing what you can lose.

The role of privatized weather warnings

Last week, the Washington Post‘s Capital Weather Gang blog ran an article titled “U-Md. used a private company for a tornado warning. That can be problematic.” They’re right, but the point gets lost in the article. By presenting a laundry list of the times AccuWeather got a forecast wrong and ignoring missed warnings from the National Weather Service, the post ends up reading like a hit piece.

I am unabashedly a National Weather Service fanboy, but I see an important role for the private sector in the weather ecosystem. Despite my general dislike for AccuWeather, I have no problem with universities working with them. They can provide a degree of hands-on service that the NWS is not equipped to provide. This includes warning-like products to augment the NWS products.

My only objection is to the use of “watch” and “warning”. It’s hard enough to get the public to understand these terms. Adding similarly-named products from other sources will not help. A Weather-Ready Nation requires a cooperative effort between public and private sector meteorologists. Private companies are free to give their customer severe weather warnings, I just wish they’d use a different name.