Month: August 2007

MacBook develops “short-term memory” personality disorder

Apparently blogging about a new laptop is the way to jinx it. (Either that or alluding to botched business decisions by Apple Inc. Conspiracy theorists would argue that Windows took offense at being virtualized and sabotaged the system.)

After working through the weekend, on Monday the XP SP2 image in Parallels refused to boot. Corrupted VM images are not uncommon but then Parallels itself started acting up, claiming that the image file itself can’t be opened because it is in use. Back at MSFT it would have been easy enough to grab another copy of any Windows flavor from an internal share and reinstall the operating system. Even simpler: PXE-boot and remote install over network. In principle that also works here but the BIOS emulated by Parallels apparently does not implement PXE boot. No problem– quick visit to the friendly support folks revealed the missing piece required to get PXE boot working. Being optimistic, this blogger assumed the OS install can be done on self-help basis and there is no reason to bother the support team already busy with irate users stopping by with more mundane problems than trying to get 2 rival operating systems working together.

Wrong. PXE boot worked and XP install would succeed partially before it would complain about corrupted local images. Even more bizarre, after stopping/restarting the VM there would be no trace of the installation at all– no formatted disk, no copied files. Back to clean slate. After a few more tries in the hope of non-deterministic success, it started to get bizarre: Parallels errored out a couple of times complaining that the VM can not be started because it is already in use. Each time a new image was created, installation would proceed

Next steps would have been a return trip to support and ask for help with the XP install from scratch. But MacBook started acting up for good and this time it was not Parallels to blame. After 3 days of constant use, Firefox started up with the first-time experience– as if it had never been run before. True to form, it complained about not being the default browser and asked if Safari should be demoted from that distinction. Meanwhile all the bookmarks were gone, history erased etc. This is not exactly what users have in mind when they want privacy-enhancing features.

The amnesia proved to be a recurring phenomenon across the board. Attempting to change the desktop pattern lead to more mysterious behavior– restarting the OS lost all customizations. Same with any changes to the browser, icons on the desktop, shortcuts added to the dock etc. All too reminiscent of the infamous patient Henry M case in psychology, about a man who undergoes surgery to remove parts of the temporal lobe. After the operation, his short-term awareness is intact but he can not commit anything to long term memory, the world frozen permanently in an instant before the operation. (He would routinely have to be explained everything over and over again.)

The mysterious behavior could have been caused by a subtle corruption in the file-system that prevents write operations from being fully committed. OS would simply reconstruct previous state on each reboot and disregard changes. But some experimenting showed files can be saved under Documents at least and running a disk-scan did not reveal any problems.

Outcome: yet another visit to the friendly support team to get OS-X Tiger reinstalled from scratch. This sets a new personal record for time to bring a brand-new machine to its knees to the point that the only recovery option is flatten/rebuild. (In fairness, rendering a PC inoperable is surprisingly easy when one is trying, but in this case the only objective was learning about Mac OS-X.)

cemp

Electric vehicle rally in Palo Alto today

Observations from the EV rally sponsored by the Silicon Valley chapter of the Electric Automobile Association:

  • Required  background reading for the event is Plug-in Hybrids by Sherry Boschert. Mandatory movie is the documentary Who killed the electric car? which premiered last year.
  • There were a couple dozen different EV cars, as well as random other eco-friendly conversion projects which appeared to have nothing to do with electric propulsion, including a diesel Benz converted to run on vegetable oil.
  • The vehicles spanned the whole range from bicycles assisted by lightweight electric engines to fully electric scooters and motorcycles, a toy car modeled after a Hummer H3 chassis to several flat-bed trucks intended for hauling weight.
  • Similarly the state of the EV technology ranged from brand new Camry hybrids off the dealer lot still carrying the stickers, to production spec Sparrows to home-brew projects with their guts spilled out, resembling a Rube-Goldberg contraption, high-voltage wires going all over the place etc. No fuel-cell vehicles in attendance as far as this blogger could see.
  • CalCars had a significant presence with their plug-in hybrid conversions. There were two different examples, one a relatively “incremental” modification with additional lead-acid batteries and another with the all-out lithium-ion overhaul. Toyota being the conservative company it is, would likely view them as equally damning when it comes to voiding the warranty.
  • On the one hand, it’s great to see the tinkerer spirit well-and alive. Modding cars is part of American tradition, and if the 50s were about muscle cars, the contemporary frontier is making electric vehicles a reality well ahead of the mainstream automobile producers.  (It turns out one of the plug-in conversions was done in ~2 days by a group of amateurs during Maker fair.)
  • On the other hand, inquiring about what it takes to convert a Prius to plug-in shows that for the most part, EV still remains something of a hobbyist project. Most of the pure electric vehicles have serious limitations to their range, top speed or safety, by virtue of low curb weight in relation to the bloated SUVs they will be surrounded by on the road.
  • Similarly the conversion projects remain beyond the realm of feasible even for those willing to void their warranty in creative ways. Two extreme ends of scale are represented by an “open-source” DIY additional battery kit under $6K or full-service replacement by the more advanced lithium-ion cells similar to those powering laptops  for >$25K. (NiMH is in between according to one of the reps.) That this latter number exceeds the cost of a new Prius ought to give anyone a pause for concern. Add to that rumors of plug-in Prius in the works from Toyota for 2011-2012, it’s difficult to justify being an early adopter on this front.

cemp

MacBook Pro first impressions

This blogger is now the new proud owner, scratch that, “temporary custodian” of a MacBook Pro, having traded in a defective IBM Thinkpad that should have been recycled for parts eons ago. Here is the obligatory blog post on switching from someone who has spent a decade working on building MSFT platforms (at MSFT to boot) and whose last recollection of Apple is a series of over-priced, underpowered, lame pizza-box shaped machines that justifiably earned the moniker “Macintrash.”

First one admission: this is not about kicking the Windows habit. Thanks to Parallels, there is now an uneasy truce in the operating system wars. It came pre-installed with an XP image and looks very polished with the coherence mode seamlessly integrating Windows applications into the standard Mac OS-X user interface. (Future blog subject: getting the same effect with remote applications in W2K8 Server aka “Longhorn” improvements to Terminal Services.)

Mostly because this laptop will be used in a work context, the first few hours were spent re-installing all the Windows applications that were present on the loaner PC. But this was enough time to walk away with a few observations:

  • Apple does live up to its reputation for design: the visual appearance of the machine is hard to beat, right down to small details such as the placement of power button and  a clean surface uninterrupted by lame logos. Same goes for usability.  Setting up a wireless network with WPA authentication in Airport right after taking delivery was intuitive and easy.
  • It is disorienting to go back to a one-button mouse. Right-click is particularly tricky in Parallels because the standard key combination for this in OS-X means something else in Windows. (Solution: discovering that Parallels had already mapped this to a different set of hotkeys, namely Ctrl+Shift)
  • OS-X does not appear to have a notion of domain logon (different password locally vs. the Active Directory domain) Very typical of a mind-set designing machines exclusively for home/consumer use instead of enterprise scenario– good news for MSFT’s enterprise sales division. But it can still mount Windows file shares using SMB so in practice this limitation may not be significant except when interacting with Kerberos protected resources.
  • There is no good reason for some quirks other than standard Apple “our-way-or-the-highway” attitude which brought consumers such priceless innovations as AppleTalk and kept the company’s market-share perennially capped at 5%. For example: while there is no Windows key understandably, it does have CTRL, so there is no excuse for Ctrl+C not translating into a clipboard copy. Apple seems to not have internalized an important lesson that Linux developers grasped instinctively: interoperability with the dominant paradigm is good, especially when your goal is to increase market share at the expense of the leader.

cemp

Thinkpad T43: good-bye and good riddance

When Google asked this blogger what type of laptop he wanted, there was no hesitation. After 9 years of working on MSFT platforms , it was time for a change, to give Apple another chance. Following the switch to Intel processors (a sensible business decision coming out of Cupertino? can it be?) and the ability to dual-boot Windows with BootCamp, it seemed that users could have the best of both worlds: sleek Apple design, instant coffee-shop credibility and of course the ability to fall-back on Windows when interoperatibility with “real-world” becomes a concern again.

But there was a slight problem: on the first day of employee orientation when laptops were being handed out, instead of a shiny new MacBook, there was an apologetic note from IT department explaining that due to recent problems with OS X images they had decided to hold off on handing out any more Macs, providing a temporary PC loaner instead. Discussions with colleagues who received the said defective OS X installs did confirm they were having serious problems with wireless and power management, most likely owing to faulty drivers. Way to go Apple.

If there is one thing worse than upgrading a defective Dell to Vista, it must be going back to regular XP on an equally defective IBM after getting used to the Vista quirks. This loaner proved to be an equally bad set-up: an IBM T43 Thinkpad that could serve as exhibit A for why it was a wise decision for IBM to spin-off its PC unit to Lenova. Barely one hour battery lifetime, dysfunctional keyboard layout, flaky built-in wireless which intermittently fails to connect to a random networks and then refuses to cooperate with Windows “repair wireless connection” option and perhaps most frustrating, a strange bug that causes the OS to fail hibernation and require either stand-by (draining the already weak battery) or shut-down losing all context.

The friendly IT department informed me that the MacBooks are back. But picking up the originally requested item required dropping off the T43 first. “Good-riddance” is the sentiment but there is still going to be a lot of time wasted moving files and reinstalling software. The particular MacBook Pro model will run Parallels so all the Windows applications will be available again. Parallels does have a physical-to-virtual migration option to do this automatically, but that requires access to the existing Windows install– a slight problem given that the loaner has to be returned first before taking over the new laptop. Plan for the weekend: spend many hours rebuilding a new laptop by reinstalling the same applications from two weeks ago. Well worth the effort in exchange for having a usable machine again.

cemp

Identity systems and incentives for openness

Interesting debate taking place in the blogosphere between two of my former colleagues from MSFT. It started with an article in Wired,  titled “Slap in the Facebook” decrying the closed nature of social networking sites and urging Facebook to embrace an open model where users can reference content from other services. Dare wrote a response pointing out that business incentives favor this closed “walled-garden” model because Facebook has no incentive to refer visitors to other websites unless there is some benefit– the idea being that eye-balls/traffic drive revenue for advertising supported websites. The argument goes, allowing users to link to other websites or reference content there amounts to an altruistic (read: foolish) act of driving those coveted eye-balls elsewhere. Kim Cameron came back with a rejoinder arguing that authentication by itself does not constitute a revenue source. Quote:

“Summary: what counts is the ACCOUNT, not the CREDENTIAL.Credentials should be seen as a cost center, and accounts as a profit center.”

Stepping back, there are three issues here:

  1. Authentication is indeed a cost center. Most companies invest in an identity management systems originate from the requirement to solve a problem that the company itself has. As a concrete example, Amazon asks users to create account so they can purchase books and track their orders. That scenario is directly relevant to their bottom line. It’s difficult to see how allowing users to authenticate some place else with that ID contributes to their business objectives, especially when each instance involves a transaction cost.
  2. In the language of identity management, relying parties are indeed at the mercy of identity providers. That is to say, if website Foo started accepting users with an identity issued by website Bar, it would be taking on a critical dependency on Bar. Because many scenarios require authentication– if user can not authenticate, nothing else works. This is partly the reason every website decided to invent its own identity management system (most of them mediocre and dubious in security assurance, as expected) contributing to the proliferation of passwords that unfortunate users must remember.  It is possible that Bar will at some point decide to hold users hostage by refusing to authenticate anyone to Foo, especially if there is no contractual relationship between them. Cameron argues that the PR repercussions will act as deterrence. It’s not clear if this has prevented companies from breaking interop in the past, as the history of failed attempts at getting instant messaging systems to cooperate shows. This is not entirely unjustified paranoia either: failure of authentication leads to breach of security and the last thing an aspiring website wants to see is to get blamed for someone else’s error. In the public perception, blame is not always allocated fairly.
  3. Finally there is an interesting irony: everyone wants to see authenticated users coming in, but no one is interested in authenticating their own users to other websites. Even assuming that the concerns in #2 could be addressed and sites would be willing to accept external identities, why would any ID provider spend their own resources in the interest of another website? The common sense answer would be: “because users want this feature.” But this is no different than the deadlock which existed among mobile carriers: everyone wanted to be able to convert users over to their network without changing their cell-phone number, so-called “portability” problem. Yet no company wants to make it easier for users to switch to another carrier, so there is an incentive to raise switching costs by not allowing the customer to keep the number. Any mobile carrier to offer this on their own would be faced with the classic sucker pay-off from game theory. Eventually it was a regulation that mandated portability, by forcing everyone to implement it at the same time.

cemp

Lost and found: music on the iPod

An iPod can store music in two ways:

  • Mounting the device as ordinary USB drive
  • Syncing content using iTunes

In principle the user experience for these two modes is different and incompatible. For example MP3s stored in the drive will not show up in the music selection. Meanwhile the iTunes content is in principle not visible as plain files that can be copied to another location by mounting the iPod as a drive.

It turns out “in principle” is the operative keyword there. One of my friends pointed out that she is aware of some special-purpose 3rd party applications that can recover iTunes content. A little bit of experimenting shows that nothing fancy is required; the basic functionality available in Windows XP+ will do the trick. (Note: following descriptions apply to an iPod formatted for Windows.)

Short version of the story is that iTunes places content in a hidden-folder and scrambles names of MP3s. That means recovery requires two steps:

1. Display the hidden folder– this is relatively easy. In Windows Explorer, navigate to the iPod drive, select Tools –> Folder Options, switch to the View tab, locate/select the radio-button for “Show hidden files and folders.”

This will reveal a hidden folder named “iPod_Control,” distinguished in the listing by its pale, faded color. Alternatively in a command line you can type “dir /ah” which instructs the shell to display files with attribute “H” for hidden. Inside the main directory is a series of sub-folders with names like Fnn where “nn” is a two digit number. Inside each folder is one or more MP3 files with cryptic names. But hovering over an MP3 show the ID3 meta-data, which includes information such as the song title, artist, album name and genre. This is good news because it suggests that the file is left intact by iTunes when transferring to the iPod.

2. But the file names no longer correspond to song names, which is probably what they started out with originally. Not that it is always correct: typically ripping software will contact an online database to retrieve song information. Accuracy of that database varies. This creates a search problem.
It turns out that even the primitive search capability built into XP is up to the task. Selecting “Search” from the File menu in explorer brings up a new window, with a picture of a dog wagging its tail and blinking its eyes in the lower-left hand corner. (Clippy strikes back? Apparently somebody forgot to remove the last vestiges of that abysmal UX experiment from Windows.) For example, entering “Dylan” for the word/phrase to search and selecting MP3 from advanced options finds all tunes performed by Dylan or written by Dylan, although it takes a while to search the files individually. An indexing-based approach such as the one built into Vista, Windows Live Toolbar or Google Desktop will likely yield the same results but faster.

cemp

Smith & Barney case study: how not to authenticate customers

MSFT uses Smith & Barney’s BenefitsAccess online site for administering some employee benefits. (It used to be Schwab in the distant past.) This choice lead to a series of interesting exchanges over the past couple of days.

  • S&B representative leaves cordial voice mail in response to earlier phone inquiry, providing 888 number to follow-up.
  • Call back at the indicated number. Very first ask after language selection: “Please enter your global ID or social security number”
  • Why SSN? Granted they already have this information (because it also happens to be the “TIN” or tax identification number, used for income tax reporting purposes to IRS) but using it for authentication in a cavalier manner is asking for trouble. SSN is an identifier, not a secret intended for proving one’s identity. Over time it became a credential, as various businesses began to make the convenient assumption that if you know the SSN for a person, you are that person. Financial services sector routinely depends on this dangerous repurposing for verifying customer identity when they are on the phone or online. But in this case global ID– whatever that means– is sufficient, so any number of other factors such as company ID, date of birth etc. could be used to uniquely identify somebody. (For comparison 1st Tech Credit Union asks for last 4 digits of SSN.)
  • S&B continues the authentication process by asking for the online trading PIN.
  • Skip through more options, finally reach a person.
  • After explaining the request, her first question: what is your social security number? Where is the connection between the automated phone system and the support ticket system? Why bother authenticating customers up front if the process is going to be repeated manually? For that matter, why not assign a case number or other temporary identifier to track this ticket (since S&B called the customer in this case) instead of requiring the caller to verify their identity each time?
  • More discussion of the particular problem. Ask S&B about wire transfer. It turns out that setting up wire transfer requires faxing in a form– and a copy of driver’s license.

Sadly the appetite exhibited by S&B for personal information, the assumption that users are willing to provide this at will and cavalier attitude towards data security appears to be the norm in the financial services industry. (Earlier posts on this blog covered an earlier American Express debacle.)

cemp

WikiScanner: catching the obvious offenders

First publicized in a Wired article, WikiScanner project aims to reveal conflicts of interest in Wikipedia editing. The Wikipedia model for putting together an encyclopedia has already been criticized endlessly on two grounds. First that a “coalition of aspiring experts” could not put together a reference work to compete with the existing stalwarts of knowledge. Second, complete openness to input from anyone and the reliance on self-policing to correct abuse means that at any point the loudest, most persistent voice is more likely to be hear than the most informed.

Wikiscanner does not answer the question of how vigilante the band of volunteers have been at upholding the so-called neutral point of view. But it can provide an interesting perspective on the extent neutrality has been under siege. Since Wikipedia keeps a history of all edits, the task boils down to tracking the contributors against the entries they modified. Not surprisingly the project found that users from Diebold, Wal-Mart, Dell and various congressional offices all edited entries related to their employer, predictably removing critical passages or providing counter-points in defense.

This is a good start but fails to answer two important questions:

  1. In each case, were these instances of over-zealous employees (as Dell seems to have argued in response to a New York Times article covering the same problem) or a systematic campaign endorsed by the company itself– or both?
  2. Is there any reason to believe that all conflicts of interest can be identified? WikiScanner depends on one piece of information: IP address of the contributor. At this point, natural selection favors those who realized that IP addresses can be tracked back to their source organization using a simple whois query. Better organized attempts to subvert Wikipedia content could originate from home IPs or anonymizing proxies. In that sense WikiScanner is another instance of the state of cyberspace accountability: “we catch the dumb ones.”

cemp