Upgrading Windows in VirtualBox

For work, I have the occasional need to use Windows. I started out with a Windows XP virtual machine, and when that went end-of-life, I upgraded it to Windows 7. The “upgrade” process was really more of a reinstall-but-with-your-old data preserved. I had to reinstall many of the applications (including Python, though I didn’t realize it at the time).

I don’t pay much attention to the Windows ecosystem, but I had heard that a lot of unseen improvements took place in 7 and beyond which should make the upgrade process easier, so when it was time to upgrade because Windows 7 was (past, oops!) end-of-life, I wasn’t too worried.

Windows has a nice nag every time you log in saying “upgrade to Windows 10!” so I did. But it didn’t like the VirtualBox video driver. I tried reinstalling the Guest Additions, but that didn’t work. I tried uninstalling the driver, but Windows helpfully reinstalled it after a reboot. A forum post suggested I should enable 3D acceleration. Still no luck.

What eventually worked was to update to VirtualBox 5.0.12 (I had been on .10) and then install the latest Guest Additions. Instead of using the “upgrade me!” pestering, I had to download the Windows 10 media creation tool and use that to perform the upgrade.

Once I got those steps figured out, the upgrade process was pretty painless (if a little slow). Everything seemed to work fairly well, though I haven’t given it an in-depth trial yet. I do like the return to a more traditional UI, the tiles of Windows 8 work great on a phone, but I don’t like them on a desktop (and even worse on a server).

Book review: Go Set A Watchman

To Kill a Mockingbird has been one of my favorite books since the first time I read it in high school. The movie adaptation starring Gregory Peck is a favorite as well. I always thought it was a shame that Harper Lee only published the one book, but I respected her decision not to turn out uninspired works just to make money. When it was first announced that a new novel was going to be released, I was thrilled. Then I found out that the circumstances were suspect at best.

Concerned that Harper Lee was being taken advantage of, I decided not to purchase the book. But when I was at the library a few weeks ago and noticed several copies on the shelf, I couldn’t help but check it out.

Let’s be clear here: Mockingbird is a better book than Go Set A Watchman. Although Watchman was written first, I don’t think it could survive without being preceded by Mockingbird. Mockingbird is why you care about the characters in Watchman, and I found that I did care very deeply about them.

Watchman is the story of an adult Scout, who has gone off to New York and become a career woman. When she returns to her childhood home, she’s struck by the way racism pervades Maycomb. Being away from it has caused her to lose her desensitization. The frog is out of the pot. Scout, being young and wordly, is passionate about righting all the wrongs. Meanwhile, even those who largely agree with her advise moderation.

I had heard long before I read the book that Atticus, the heroic Atticus, was racist. I was expecting the stereotypical southern racist, but that wasn’t the case. Atticus’s racism is a more nuanced, almost well-intentioned racism that you can almost start to agree with until you suddenly remember that it is still racism.

There are a few plot details that would allow one to argue that Mockingbird and Watchman aren’t in the same universe, but that does a disservice to the story. The Atticus of the 1930s and the Atticus of the 1950s are the same man, but Scout has changed. I think most people can identify with the idea of seeing faults in their parents as adults that they were totally blind to as kids.

This is where Watchman shines. It’s not going to become an American classic, but it is much more thought-provoking. In Mockingbird, the line between good and bad is largely clear. Not so in Watchman, and it forces the reader to consider not only the abstract concepts of race, but how to address racism in the real world. Is it right to burn down all the injustice in a sweeping blaze of righteous indignation, or is it better to slowly work to help those who can be helped and let the rest fade away? And if it’s better to work slowly, is that a position that can only be held by the privileged while the oppressed are forced to endure more oppression?

There’s no doubt that To Kill a Mockingbird is a better book: artistically, commercially, and politically. But Go Set a Watchman is an important follow-on, and I’m glad it has seen the light of day. I only hope that Harper Lee really does feel the same way.

What3Words as a password generator

One of my coworkers shared an interesting site last week. What3Words assigns a three-word “address” to every 3m-by-3m square on Earth. The idea behind the site is that many areas of the world don’t have street numbers and names, and a three-word combination is much easier to remember than latitude/longitude pairs. Similar combinations are deliberately placed far apart so as to make them unambiguous.

It’s an interesting idea, but I immediately began thinking of a different use for it. What if people used it to come up with long, memorable, and hard-to-guess passwords? After all, the longer a password is (generally speaking), the better it is. And while correcthorsebatterystaple might be amusing, it’s much easier to remember a place. So you pick a memorable spot on the map and now you have a long password that you can look up if you forget it.


XKCD "Password Strength" by Randall Munroe. Used under the Creative Commons Attribution-NonCommercial 2.5 license.

This method isn’t perfect. The main problem is that with a 3x3m grid, it’s very sensitive to differences in location. But especially for the technically unsavvy, it can be a good way to enable better password habits.

Sidebar: why Randall Munroe is wrong (-ish)
There’s another reason What3Words isn’t perfect, and the XKCD cartoon above is subject to the same weakness. If a password cracker knows people are mostly using concatenated words, they’ll start guessing combinations of words instead of combinations of characters. These sorts of passwords are stronger when they’re rare. Of course, there are trivial ways to mitigate the risks (insertion of special characters, selective capitalization, etc.).

Still, given the choice between a 20-character random string and a 20-character set of words, I’ll take the random string as my password (unless the site/app disables paste, in which case I’ll cry). I use a password manager precisely so I don’t have to worry about trying to balance security and memorability. The What3Words method could be helpful as a password for my password safe, though.

Forecast Discussion Hall of Fame featured in The Atlantic

On Friday, The Atlantic published an article about National Weather Service forecast discussions and why they are…they way they are. The article prominently featured several entries in the Forecast Discussion Hall of Fame and mentioned yours truly by name. After years of carefully curating the best forecast discussions, my hard work is finally paying off. Time to quit my job and bask in the glory!

Okay, so maybe not. It’s a pretty cool thing to happen, though. If this blog has gained any new followers thanks to that article, welcome!

While snowfall records were falling over the weekend, FunnelFiasco records were falling, too. I took a look at the site stats for weather.funnelfiasco.com over the weekend. As of Saturday evening, just the weather subdomain had nearly 14,000 hits from about 2,700 unique visitors in January, almost all on Friday and Saturday. That’s over six months’ worth of traffic and about half a month’s for all of FunnelFiasco.

January traffic by day for weather.funnelfiasco.com through the evening of January 23.

January traffic by day for weather.funnelfiasco.com through the evening of January 23.

Let’s look at some meaningless statistics. The two largest hosts were both .noaa.gov addresses, which doesn’t surprise me. I have to figure that the article would have had some interest in the halls of the National Weather Service. A caltech.edu address was 18th, which surprises me. I guess my Purdue friends don’t read The Atlantic. The leading operating system was Windows, with iOS, Linux, and OS X following. iOS was 23% of January weather.funnelfiasco.com traffic and it’s normally 1.9% of total funnelfiasco.com traffic.

Star Wars: The Force Awakens


This post contains spoilers. If you’re not fortunate enough to have seen this movie in the first month after its release, please stop reading now.

I’ve loved “Star Wars” for many, many years, as I’m sure my ones of readers have as well. On New Year’s Day, my wife and I finally got the chance to go see “The Force Awakens”. I had been hearing a lot of good things about it in the first few weeks after its release, but I was nervous.

When “The Phantom Menace” was released, I wasn’t old enough to drive. My mom was gracious enough to take my friend Erik and me to the Georgetown Drive-In on opening night. We had to get there very early in order to ensure we had a spot. In the hours between our arrival and sunset, we spent a lot of time running around: Erik with a blaster and I with a light saber. Finally it was dark enough for the movie to begin. The place was packed, so it had been a little loud, but once those opening words came on the screen, everyone was quiet. We all held our breath for just a moment, and then the music started. On the first note, there was such a cheer as I’ve never heard.

I was pretty stoked to watch the movie, but over the course of the next few days, I was less and less thrilled. What the hell is a “midichlorian”? Did we have to see so much of Jar-Jar? I saw “Attack of the Clones” in the theater not long after it came out, but I wasn’t thrilled. Mostly what I remember is rain and Hayden Christensen’s terrible acting. I never bothered to go see “Revenge of the Sith”. I still haven’t seen it all the way through.

So yeah, the prequels? I’d rather they just never existed.

Shifting gears, I’ve been a Star Trek fan even longer than I’ve been a Star Wars fan. I have a TNG hoodie with a comm badge and captain’s pips. When the Star Trek reboot came out, I went and watched it with friends. It was a very entertaining movie, but I didn’t quite feel like a Star Trek movie. There are so many stories to tell in that universe, so destroying decades of canon seemed like the wrong move.

So yeah, J.J. Abrams? Not big on his space movies.

I tell you all of this to explain why I was really apprehensive going into “The Force Awakens”. I had nothing to fear. When it ended, my first words were “holy shit that was a Star Wars movie!”

And yes, there are a lot of similar plot elements (though usually with a twist) to “A New Hope”. I’ve seen a fair amount of complaint about that. “Too much fan service,” they say. Well, yes. For one, history repeating itself is kind of A Thing™. Secondly, for the reasons above, Abrams et al had to regain the trust of the fan base. “Trust us,” the movie says. “See how we respect what you love? Let’s ease into this and the next two movies will show you what we can do together!”

Personally, I found the cast to be incredible and the story telling to be better than the originals. It has some self-awareness, which makes for some great jokes. Most of the criticism I’ve read seems to be of the “let’s hate on it because we’re cool” variety, which Matty Granger has addressed quite well.

I may try to get another viewing in before it leaves theaters, but I’m definitely excited for Episodes 8 and 9.

mPING and charging for free labor

In 2012, NOAA’s National Severe Storms Laboratory (NSSL) partnered with the Cooperative Institute for Mesoscale Meteorological Studies (CIMMS) at the University of Oklahoma to collect crowdsourced precipitation type data. The “meteorological Phenomena Identification Near the Ground” project (almost always referred to as “mPING”) allows smartphone users to easily and anonymously report precipitation type.

This information can be very valuable to operational forecasters (it is not often easy to tell if it is raining or snowing at a particular location unless someone tells you) and to researchers working to improve radar algorithms. In the slightly-more-than three years since mPING was launched, nearly a million reports have been received, which suggests the public (or at least the members of the public who know about it) find it important to contribute, too.

Which brings us to last week’s announcement that access to the data is no longer free. Apparently the discretionary funding from the NSSL has expired, so it’s moving to OU-funded infrastructure. This means that the University will try to get what money it can for the data. A variety of licenses are available, depending on what level of access is desired.

API access to submit reports will remain free, so it will not cost anyone to contribute a report. But instead of volunteering effort (however minimal) to a public project, mPING reporters are now effectively unpaid labor for the University of Oklahoma. Sources within NOAA tell me that the forecast offices and national centers will continue to receive free access to real-time data, which is good, but not the point. OU thinks this data has value, so why should people provide it for free?

I actually wonder if it has monetary value. Certainly it has utility, but I don’t see too many places being willing to pay for it. One well-known TV meteorologist has already said he will stop using mPING data on-air because purchasing a license is not an efficient use of his limited financial resources. Highway departments may be the most likely to find it worthwhile to pay for a license, as near-real-time precipitation type information could prove very useful to the dispatching of salt trucks and plows. Still, the general effect seems to be that it will put off many people from reporting, diminishing the value of what may be an unsellable product in the first place.

I get that baby’s gotta eat. I spent years working at a large research university, including supporting systems that distributed meteorological data. I understand the reality, but that doesn’t mean I have to like it. I’m pessimistic on what these changes mean for mPING, and the poor example they set for citizen science generally. I hope I’m wrong.

GitHub as a community management platform?

GitHub is the dominant platform for hosting open source code. It’s hardly ubiquitous, there are other hosting services and many projects self-host. Nonetheless, it’s the go-to place for many FLOSS projects and has lowered the barrier to contribution. Arguably, it’s brought the barrier too low.

At least, that’s my interpretation of an open letter to GitHub published on Thursday. Signed by dozens of project maintainers, the letter identifies troubles that often arise on the GitHub platform and offer suggestions for fixes.

The issues raised in the letter are legitimate, and they’re expressed quite reasonably for something published on the Internet, but they highlight what GitHub is and isn’t. GitHub is a source code management platform, it is not a community management platform.

That’s not to say it can’t be. GitHub is great for what it does, but it could be even better. Managing code is easy; managing contributors and other community members is not. For GitHub to take the next step in promoting open source software development, it needs to provide tools that aid in community. That includes bug and issue tracking, communication (mailing lists?), and other features that turn a project’s users into community members.

Further defense of 140 characters

Last fall, when rumors began swirling that Twitter was looking at increasing the 140 character limit on tweets, I wrote a defense of the 140 character constraint. Last week, Re/Code and others reported that the limit change may come in March and that it could be as large as 10,000 characters.

Everything I wrote back in October still holds true. 140 characters, now that SMS is no longer a primary method of interacting with Twitter, is probably to small. But 10,000 is too large. The first four paragraphs of this post are 1,244 characters. Can you imagine a timeline full of that (or more)?

It’s not just “oh noes! They are changing a thing!”, which is a common reaction whenever Facebook changes anything. Twitter has made a lot of changes that I think are great: retweets (yes, kids, retweets used to be a manual process that often required editing the tweet in order to be able to fit “MT @name” in front of it), quoted tweets, embedded images, polls (even though there’s a lot to be improved on there), and 10k character direct messages.

In this case, the short limit is what makes Twitter. As my friend Zachary Baiel said “The medium is the message. The character limit of Twitter defines itself. Otherwise, it’s a stream of blogs.”

Twitter emphasized four characteristics in its IPO filing (thanks to Karen Demerly for bringing this to my attention):

  • Public
  • Real Time
  • Conversational
  • Distributed

10,000 characters does not seem very real time (it takes a while to type that out and longer to read a lot of them) and certainly not conversational (perhaps more a series of short speeches). There’s been some talk of the UI presenting a “read more” kind of option, and as a co-maintainer of a Twitter client, I’m inclined to resist having to make changes to my application.

But more than just laziness, I think 10k is actively harmful. Whenever a new feature is announced, the biggest complaint I see is “why aren’t you addressing abuse instead?” I get it, abuse is a hard subject to deal with, particularly on an unmoderated medium such as Twitter. One way that abuse happens is that abusers get their followers to dogpile the mentions of the target. Imagine how many targets you could include in 10,000 characters.

More innocuously (even though I find it super annoying), is the phenomenon of “I took a picture of some weather, let me tag all of the meteorologists in my market so that they’ll see it any maybe retweet me or put it on the news broadcast.” Those people will certainly make use of the extra characters, but it will add nothing to the conversation, only make it worse.

I get it, Twitter stock is plummeting. (Full disclosure: I own a few shares and expect to get quite the tax write-off from them.) There’s a lot of pressure to improve revenue, user engagement, and (most importantly to the people applying the pressure) the stock price. But this change will just make the user experience worse, and that doesn’t seem to be a reasonable way for Twitter to turn itself around.

I’m hoping that 10,000 is just a trial balloon. Nobody seems committed to making that the final number, so hopefully when the feature lands, it’s more reasonable. Or not. Will I stop using Twitter if the character limit changes to 10,000? Not right away. Maybe I will at some point, though.

By the way, this entire post (including this line), checks in at 3,398 characters.

December Opensource.com articles

Here are the articles I wrote for Opensource.com in December: