Always Bet On Standards

An old but interesting interview with X-Plane creator Austin Meyer on Direct3D vs. OpenGL:

…I bet on OpenGL, and used that. As a result, here we are, 15 years later, and the people that use Direct3D can support Windows only. But, with OpenGL, I support Windows, Mac, Linux, Palm OS, Google Android OS, and oh yes: iPhone and iPodOS which are also OpenGL. So having X-Plane in OpenGL let me move over to iPod and iPhone very quickly. The port was done in 2 weeks, to be very exact. And you saw that i have moved 500,000 units on the iPhone and iPod since. I get $7 from each of those sales, and have moved 500,000 units in the last year and a half, so get out your calculator, do some math, and see if i made the right choice to bet against Microsoft 15 years ago.

Always bet on standards. Nobody remains on top forever. When you bet on proprietary tech because it’s in the lead, you’re betting that your demise will happen prior to the leader falling. Never bet against yourself.

Microsoft Flight

I was curious about Microsoft Flight, since it was released today. It’s not really a simulator like Microsoft Fight Simulator was. It’s really just an arcade style game but of higher production quality. The graphics are not bad, it runs smoothly, however there’s not much to keep you playing with it. 30 minutes in and already bored. I personally don’t find it entertaining or challenging.

X-Plane 10 on the other hand is mindbogglingly complicated and I suspect I will never even get “OK” at it, much less good.

It’s a shame Microsoft didn’t just spin off or sell the MSFS product to someone. I bet it could have done fine on it’s own. It seemed to have a pretty dedicated community around it.

Evil Registration Codes

I hate having to use registration codes when installing software, but have accepted it as the way things work.

Today however I got to enter one that’s 80 characters long. That’s right, 80.

Nothing says “we hate our customers” more than making them enter 80 random characters into a text field before they can install the product they purchased.

Twitter Client Gripes

Like many in my trade, I keep a Twitter client open all day. 140 characters works very well between compile times, reloads, uploads. I still use RSS extensively, but Twitter fills the gaps nicely as my brain is always looking for information to absorb (feel free to follow if you don’t).

To this day it amazes me that I can’t find a perfect Twitter client. Tweetie back in its day was pretty damn close, but since it was bought by Twitter, it went downhill to the point of being unusable on the iPhone. Amazingly priced at “free” it’s not worth the price. These days TweetBot is as close to perfect as I can find on the iPhone and I’d recommend it to anyone who is frustrated with Twitter for iPhone.

Largely due to neglect the Mac client is still usable to me, however it’s hardly awesome. Why doesn’t “command /” reliably bring the window to focus? Why can’t I set my preferred url shortener? The developer console has lots of weird select and focus issues. I could go on…

From where I sit, these are the most annoying things Twitter still hasn’t figured out:

  • Search Blows – This one everyone always complains about. Search isn’t good, and only goes a few days back. It’s a miserable experience.
  • Amnesia – Twitter has a very limited memory. You can only search a few days back. Your timeline can only go so far back. Even DM’s can only be retrieved a mystery period back. Everything eventually disappears. I actually backup my tweets to a MySQL database so I can search anything I’ve ever tweeted. Most don’t have this luxury. Perhaps they should just partner with Google and let Google handle their archive/search problem. Let Google pay for the data, and for the right to solve this problem.
  • DM Downgraded – This one is pretty specific to the new Twitter “Let’s Fly” UI. Direct Messages, are very obscured and buried. Yea I get it, you want everything out in the open. It’s annoying however to hide useful and sometimes important UI.
  • Incomplete Clients – There’s no interface that seems to do everything. If you want to know how many RT’s or Favorites posts have, the best UI seems to be the website. If you want to use a custom URL shortener, Twitter for iPhone has you covered. Twitter for Mac has no UI to show what client a tweet was created with, mobile with its limited screen size does. It also has no way to see RT stats for a tweet. Want to be notified when you have a mention or DM? iPhone or desktop client is best (that’s not the web clients fault). Amazingly these UI’s all come from the same company. Facebook (now) does a pretty good job on feature parody across web/mobile clients.
  • What are favorites/lists – I don’t think anyone has fully figured out what these really are and how they should be used. Is there a value to maintaining a list? It seems most use favorites as bookmarks to read later, some use it for marking tweets they really like. I know I’ve done both. Facebook hasn’t figured out lists completely either, though I feel they’ve at least given them a useful purpose for power users.
  • Spam – I think if a user signs up and just @replies a link to 50 people, an algorithm should be able to detect they are a spammer and stop it.
  • Placeholder – The thing that annoys me the most is they still haven’t figured out how to leave a placeholder on your timeline. Why can’t I just pickup where I left off? I need to search for it. Facebook never solved for this problem either. Amazon’s Kindle (and apps) solved for this brilliantly. Surely Twitter could adopt an API to solve for this. As someone who restarts their browser often due to work I’m doing, this makes the web UI unusable.

So what am I ignoring in terms of annoying Twitter client things?

Quicken Security Theater

Quicken Password Confirmation

I don’t understand this one. The reason many (most) sites require you to confirm your password is to ensure you typed it correctly when creating your password, otherwise a typo would prevent you from logging back in correctly later. We’ve all “fat fingered” a password before. That simple confirmation step prevents it on creation. How does entering my password twice when logging in provide any additional security? If the password is compromised, the extra field does nothing.

I presume the reason is to make Quicken look/feel more secure than it really is.

I should note that I like Quicken. I like it enough that even though the native Mac version is so disappointing on paper that I never purchased it, I did I purchased the Windows version and continue to use it there. I think that demonstrates my not hating Quicken. It does however have its quirks that just make me wonder what they were thinking.

On Square Skimmer Security Risks

There’s an “open letter” going around about the alleged security hole created by SquareUp, a startup that gives out free credit card readers for smart phones. To quote the meat of it:

In less than an hour, any reasonably skilled programmer can write an application that will “skim” – or steal – a consumer’s financial and personal information right off the card utilizing an easily obtained Square card reader. How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this.

Allow me to debunk the hell out of this:

  • To skim a card you need physical possession of the card. The numbers are printed on the front. No reader needed.
  • Skimming is normally done by attaching a device in front of a legitimate reader (such as an ATM) so it passively collects data. Not via cell phone. Stealing a credit card, walking to a back ally and skimming doesn’t make any sense.
  • Credit cards numbers are worth almost nothing on the black market. They are sold in bulk. This process is to slow to be viable for even the most brain-dead of criminals to want to bother with.
  • There are easier methods than the above including phishing attacks, becoming a waiter (the best job for credit card thieves), or just hacking one of the many insecure ecommerce sites on the net. An ATM skimmer attached to an ATM is much more profitable and harder to get caught since you can leave and come back later.
  • Square’s dongle doesn’t encrypt data because it goes directly to the phone. You’d need to extensively modify the device to intercept anything. The connection from your phone to Square seems to be encrypted.
  • Oh yea… They have their logo on top, but never link to their homepage or explain who they are. VeriFone is a vendor of credit card scanners. A direct competitor of Square. They also sell wireless scanners that would compete directly with Square. They cost a lot.

How’d I do?

Bonus:

VeriFone sells “contactless” point of sale systems. I’ve mentioned several times over the past few years how poorly thought out these seem to be. WREG recently did a great story on how easy it is to scan/clone one of these cards to a hotel key (full disclosure: WREG is an affiliate of my employer).

Conclusion:

If someone steals your credit card swiping it on their own scanner, reads the numbers off, or just running to the nearest store and buying things, it doesn’t make a difference. Square isn’t the security hole here.

I’ve got a square reader on hand and can say it’s cheaply made (obviously), but no reason at all to think it’s any less secure than any other terminal. The owner/operator of the terminal is the chief point of failure.

MacBook Pro Sleeps When Lid Closes

The MacBook Pro still has a quirk that has always bothered me. It’s not a hardware issue, it’s a software issue. Power users with laptops know about “closed clamshell” or “closed display” mode. That’s when you use a laptop with a desktop keyboard and mouse and the laptop remains closed. I don’t think any OS I’ve used totally gets this totally right, they all have their quirks. The MacBook Pro just has this one quirk that gets to me.

The problem with the MacBook Pro is when you have the computer open and on and you connect another display you’re given the option to mirror or use the display as a second display. If you mirror and close the laptop it goes to sleep. That’s completely illogical. There seems to be no way to disable going to sleep in this situation that I can find. I can’t imagine why anyone would want another behavior when closing a laptop while having a display and input device connected. When no display is connected and the laptop is closed, it should obviously sleep.

Searching on Google returns numerous forum threads with people who also have this gripe. Even a check box in the Energy Saver pref panel to facilitate this would do nicely.

For the record Windows is no saint either. It’s handling of monitor resolutions, especially if your desktop display is a different resolution is abhorrent. It can result in anything from reshuffling icons to putting windows out of the display area. I’ve never even bothered with such functionality in Linux, at least not yet so I can’t speak to its competency in this area.

Mac Finally Gets H.264 Decoding In Flash

Adobe today pushed an update that enabled H.264 hardware decoding in Flash 10.1. It only works on certain newer Mac’s and there are an assortment of caveats in which Flash will revert to software decoding according to a Flash Engineer.

I’ve only played with it for a few minutes on my Core i7 MacBook Pro, and things seem very speedy and my CPU didn’t see much of a spike. Hopefully enough videos will take advantage of hardware decoding that this will be a nice improvement.

I still believe WebM is the better future, but H.264 hardware decoding does make Flash less painful for the moment.

Email Alarm System

I’ve been in the mood for some hardware hacking for a while. Recently at work I thought it would be nice to have a way to know if an important (emergency) email came in that required attention. These fire-drills are just part of the job. I have multiple computers and screens so an on-screen alert isn’t always effective. Audible alerts don’t work either because speakers are only connected to one computer at a time and often headphones are plugged in. I need something more independent.

My solution was to build a USB alarm system: Two rotating LED lights to get attention visually as well as a 76 db piezo buzzer which chirps when the system is activates to help get attention. The buzzer only chirps and only when the system first invokes so it’s not an annoyance. It’s enough to get attention, but not enough to bother others. It has multiple chirps so that I can potentially setup multiple alert types.

Now we can really be on the ball!
P1 Bug Report Alarm
Obligatory goofy office signage

Continue reading