Chris X Edwards


Shifting Gears

2016-05-19 05:51

Sunday I got an extremely rare treat as the first stage of the Amgen Tour Of California brought the world’s top professional cyclists right to my exact neighborhood. I biked down to the bay to watch the depart and I also rode the final finishing kms which I know quite well having ridden it hundreds of times. There was some kind of vendor/sponsor fair at the finish area and I noticed this company that seems to make car racks that attach to the vechicle with suction cups.

Batman can design bat-themed gadgets, Spiderman can make strings shoot out of his wrist, the Incredible Hulk can turn green and double in size faster than typical steroid users, etc. My two main super powers are as follows. First, if you give me a pen and I start to write with it, the ink will stop flowing. It is a gift I can’t explain. Second, and almost back on topic, my mighty superpowers release all suction cups anywhere near me.

I have lived long enough that even with this superpower I have attempted to use products that incorporate suction cups dozens of times. My success rate is 0%. Maybe it’s my ability to withstand a combination of extreme temperature and weather fluctuations, harsh impacts and vibrations, extreme duty cycles, and almost obnoxious parsimony, but suction cups do not work for me. Imagine my terror at discovering people who believe that suction cups are a good way to hold a bicycle (or a kayak!) to a car. (Digressing again… funny story… two days ago I got passed on the freeway by someone who had an Amazon Fresh delivery bag "strapped" to the top of his car with a surfboard strap. Less than a minute later I saw the bag sitting on the pavement. People are idiots.) It’s not really a superpower but my engineering background helps me choose which vehicles to avoid following and if I ever see one of these suction cup racks, you can bet that I will not be behind it.

Let me now shift topics to shifting gears, bicycle sprockets actually. I just came across this pretty good article describing the history and current state of bicycle shifting technology (though they fail to mention my preferred systems, aero bar mounted shifters and Gripshift, and my least favorite system, Shimano "Rapidfire").

My first comment on this topic is to editorialize about STI. I have no conceptual problem with integrated shifting from the brake levers on road bikes. It seems like a good idea. But I have never used it personally. I simply am too poor. The cost of a set of integrated shift/brake levers is comparable to the price in my head that an entire bike should be. I’m not sure that a technology that doubled the cost of bicycles was really great for cycling. Well, certainly not so great for bicycles with gears. I would love to see an overlaid plot of STI and fixie adoption over time.

Now that I’ve gotten my miscellaneous bike rambling out of the way it’s time for the real topic - electric shifting systems. This actually relates to the suction cup thing because, just like suction cups, another technology I will not bet my life on (harsh conditions play a role here too) is batteries. My policy is simple - use whatever you want, but these systems should be banned by the UCI as they currently exist. I’m not against the electric actuation per se. What I believe is wrong to bring to the sport of bicycle racing is carrying around batteries. To me that’s starting down the road of an ebike (which I’m a big fan of outside of racing). And, yes, I am consistent. I don’t think bike computers or race radio units should be allowed if they involve energy that is not from the rider produced during the race. Half of the rationale for this is conceptual - it’s a human-powered race. The other half is practical - I really hate the idea of so much attention and development going into products that will be extremely annoying and expensive to people who ride a lot (but who are not on sponsored racing teams). What do I mean by "a lot"? Let’s just say that I stopped using bike computers because changing the batteries became too much of a hassle (and I gave up on the wireless one I once bought after about two weeks). I also know this from trying to manage battery powered lighting in a freezing climate (obviously a different climate than the Tour of California started in). After using my Schmidt Hub Dynamo for a while it became clear that, all things considered, batteries are nowhere near ready to compete with my legs at generating power.

Anti-Anti-Virus Is Not Pro-Virus

2016-05-17 14:14

One of the reasons I’m such an untouchable leper in the world of computer professionals is that I believe that "anti-virus" may possibly be hokum. Or worse. Though it is an extreme heresy (similar to saying that vaccines may not always promote optimal health) I have always believed in the possibility of anti-virus programs being a worse problem than viruses for certain classes of users.

First of all they are lulling you into a sense of security which may be false. Once you feel that the problem is handled, you may be less likely to address spontaneous security issues that would be apparent to an engaged defender. There’s even a bit of the old infinite regress in committing to scrupulously attend to the software (updates and licensing and so on) which attends your actual security. Second, the typical form of malware scanning software really only picks the low hanging fruit of well-known unobfuscated common malware. Third, the harder a malware scanner tries to catch bad things, the more hassle it causes the rest of the system the rest of the time; think of airport "security". Fourth, a very large portion of successful exploits target sketchy browsing and use phishing. In other words, no malware, per se, is really needed these days.

These problems still don’t actually imply that a proactive computer operator should avoid anti-virus software and perhaps one should use these things.

My apostasy is more profane than that of course. You should do what you think you should do and you should not listen to advice from me, but I will avoid these "anti-virus" products. To begin with, they smell a little too much like extortion, quite literally a protection racket. And who are these good Samaritans? They are huge companies that stand to profit more as the problem worsens. That kind of conflict of interest never seemed right to me. Most of these products, and indeed any that will be taken seriously (regardless of their actual merits), are proprietary and shrouded in secrecy. How they are controlling things at the very core of your computer’s operation is, by design, a complete mystery. Are they protecting you or abusing you? You’ll never know.

I believe that doing your best to not understand what is going on with your computer is not the best way to protect it.

Usually, by popular consensus, I am wrong and that’s just something I have to live with. But today I am heartened to find this incredible account of some light being shone onto the crawling things which hide deep within these systems.

Do check out CVE-2016-2208.

Here is a highlight.

This is a remote code execution vulnerability. Because Symantec use a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link is enough to exploit it.

On Linux, Mac and other UNIX platforms, this results in a remote heap overflow as root in the Symantec or Norton process. On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability - this is about as bad as it can possibly get.

(Note that the "wtf!!!" was not even added by me but it’s completely appropriate.)

If you’re a normal person, apply patches, etc., and carry on with your "anti-virus" agenda. Have a nice day. But if you fancy yourself a computer security sophisticate, you must at least grant me that such things as described in this report are theoretically possible. And maybe more.

Robot News

2016-05-05 10:32

Quite a lot of robot news today. You’d think that robots were finally happening. I based my whole life on that premise decades ago soon after seeing the Heathkit Educational RObot. Computers had suddenly arrived. Surely having them interact with the real world would be next. And yet in 2016 I still clean my toilet with a brush whose design is unchanged since Roman times.

What’s stranger is even with gobs of relevant experience in computers and mechanics, an actual appropriate engineering degree, and more enthusiasm than anyone I’ve ever met (my odds of avoiding a violent premature death improve directly with improvements in autonomous vehicles), I feel like the chances of me being able to get a job working on non-military robots is extremely low. In the city where I live (8th populous in the USA) the odds are nil.

All of which reminds me, I need to clean the toilet.

Have You Tried Turning It Off And On Again?

2016-05-05 13:30

So just what are the world’s elite technical resources up to these days to advance the state of the art in functional, empowering techno-gagetry?

If my own personal experience and the existence of this mind blowing product are any gauge, then I think Roy from the IT Crowd pretty well summarizes it best, "Have you tried turning it off and on again?" Yes, this power outlet extension senses a loss of wifi signal and power cycles the outlet which presumably has your router plugged into it.

What’s really blowing my mind at the moment, however, is that I actually need this product to do exactly what it is claiming to do.

I really wish that all wifi routers were compatible with user installed operating systems. Even given the tumultuous world of free software (OpenWRT just forked into LEDE) at least I could choose my own problems.

Line Is Not an Emulator?

2016-03-31 10:09

Wow! I knew Microsoft was seriously getting its act together, but their latest move is the most impressive yet.

You can read the reports here and here and here, but the basic story is clear from just the headline.

Bash on Windows

Microsoft just announced that Linux non-graphical programs will now run on Windows. This of course includes the main interface to Linux, the Bash shell. It also means all the other Unix tools that Linux and Mac users take for granted. This is huge news.

Basically this is like Wine but in reverse. Wine, started in 1993(!), is a recreation of the functionality of Windows system calls for Linux. So when a C program calls a standard function, for example, fopen() to open a file, the OS, which actually manages files and memory and processes and such, answers the call. Obviously the Linux kernel and the Windows kernel do things differently and Wine is a way to translate what a program is expecting from Windows into proper Linux calls. But this thing they’re showing does the reverse. When a Linux program (like Bash but it applies to all) runs on Windows, apparently this new Microsoft thing converts what Linux programs expect into the system calls appropriate for a system managed by Windows.

Of course there are still questions like, why can’t the open source Bash just be ported properly to native Windows? This question implies the real question — are there fundamental deficiencies in the Windows kernel that make full Bash functionality difficult? But hey a reverse Wine for Windows is still a great thing and will no doubt be very useful and make Windows a much more plausible system to use.

And if that’s not enough for one day, Microsoft is also releasing an extension to Visual Studio that allows C++ code to (cross?) compile for Linux machines. I’m guessing these things are related. Still, this is a pretty huge deal.

At this point if Microsoft releases a DirectX library for Linux (go ahead and charge for it, it’s good stuff), then Linux and Microsoft are suddenly on the same team. This is a great victory for Microsoft and an even greater one for Linux.

UPDATE: Here’s even more on this confirming my conjectures about what exactly this new feature is. It also mentions some of the things that don’t work which are related to the deficiencies in Windows I mentioned. Still, it will be very interesting to see how this develops.


For older posts and RSS feed see the blog archives.
Chris X Edwards © 1999-2016