This is BrainLog, a blog by Dan Sanderson. Older entries, from October 1999 through September 2010, are preserved for posterity, but are no longer maintained. See the front page and newer entries.

June 2007 Archives

June 30, 2007

Apple has a nifty does-my-Apple-store-have-iPhones tracker that claims the Seattle area Apple stores will have phones for sale Saturday morning. If that tool is accurate, that tool is awesome.

June 29, 2007

No, I didn't get an iPhone.

Of all the people who blogged their opening-day iPhone experience in real time today, Seattle Times' Brier Dudley was the only local blogger I could find who reported anything useful to second-tier iPhone coveters in a timely fashion. (Not that I blame anyone who just dropped $1300 on two 8GB iPhones to look back on their way out of the store.) Sounds like most people who stood in line got a phone, but latecomers could only place mail orders. Anybody who didn't get a phone today won't get one tomorrow.

Brier reported that those who bought phones at the Capitol Hill AT&T store were required to buy an unexpected $50 extra worth of accessories, reminding everyone that they were shopping at a fucking cell phone store. I heard no such thing from people buying from Apple stores, and I'm sure I would have.

Brier was told mail orders would arrive within a few days, but if he heard that from an AT&T employee, I don't know if that's true. Apple's online store states up front that orders will ship in 2 to 4 weeks, so if there's a 3-day fast track, it's probably for disappointed opening day shoppers only.

Quite predictably, it looks like you can't order an iPhone through a corporate purchase plan that otherwise gets you a discount on Apple hardware.

June 28, 2007

David Pogue's iPhone FAQ. Stuff I notice:

  • Touchscreen requires skin contact, no gloves or styluses.
  • Standard headphones don't sit well in the headphone jack, but you'll be able to buy an adapter.
  • No disk mode. I'm guessing this dashes my hopes for being able to copy PDFs directly to the phone for offline browsing, though I can always mail them to myself.
  • No video out to a TV (like the video iPod does).
  • Bluetooth only works with headsets, not computers. Apparently the world has conspired to prevent me from ever having a use for Bluetooth.
  • USB cradle syncing is improved, no need to unmount to remove it from the cradle. One more daily annoyance out the window! I worry I'll miss my bus if I take the time to unmount my iPod properly.
  • "The iPhone comes with presets for Gmail, AOL and Yahoo Mail. You can also set up standard POP3 and IMAP accounts." I won't have to give up my Gmail-slurps-my-POP-account set-up, though I might give it up anyway when the new Mail in Mac OS X 10.5 comes out in October.
  • iPhone Safari will sync bookmarks with your Mac or PC. i wondered if I'd be able to bookmark stuff I find while browsing on the phone, then come back to it later on a computer. Nice.
  • Safari won't remember passwords. Eh? Security risk?
  • Safari won't stream audio or video—"except for some QuickTime videos." That doesn't fully answer the question for downloadable MP3s or MP4s off of web sites: I wouldn't expect to be able to store downloaded music and videos, or stream using obscure streaming technology or Flash plugins, but with a basic QuickTime plugin it might still be able to play the downloadable files from within the browser. Fingers crossed.
  • No iPod to-do or Notes, and I assume that's related to "no disk mode." But it's got its own notes app, and I assume that'll sync with something, no?

Apple's own iPhone FAQ.

Apple already has a web-based iPhone app, an RSS reader.

June 27, 2007

David Pogue reviews the iPhone.

All the expected positives, all the expected negatives. Reinforces two negatives that kill my buzz, both of which are AT&T's fault:

The bigger problem is the AT&T network. In a Consumer Reports study, AT&T's signal ranked either last or second to last in 19 out of 20 major cities. My tests in five states bear this out. If Verizon's slogan is, "Can you hear me now?" AT&T's should be, "I'm losing you."

Then there's the Internet problem. When you're in a Wi-Fi hot spot, going online is fast and satisfying.

But otherwise, you have to use AT&T's ancient EDGE cellular network, which is excruciatingly slow. The New York Times's home page takes 55 seconds to appear; Amazon.com, 100 seconds; Yahoo, two minutes. You almost ache for a dial-up modem.

In other words, that 1 bar I get in my basement from Verizon probably means no signal on an iPhone, and that unlimited data plan probably isn't useful. Here's hoping the Google Maps app knows how to cache driving directions, so it doesn't have to access the server at each turn. I wasn't planning on using cellular data that often, but I was planning on using it for phone calls.

Another quote from Pogue, spun as a positive: "Apple points out that unlike other cellphones, this one can and will be enhanced with free software updates." I don't doubt that Apple will push bug fixes, but their track record with iPods implies no new features without paying full price for an upgrade. That makes me wonder: With the 2 year plan commitment, does this mean that most of Apple's core customers won't be willing to upgrade their phone if a new one comes out before mid-2009? Does that mean Apple won't release a hardware upgrade until mid-2009?

Walt Mossberg's review is more optimistic about the virtual keyboard, and equally pessimistic about AT&T's inability to perform. "And the initial iPhone model cannot be upgraded to use the faster networks."

"There's also no way to cut, copy, or paste text." Wrr.

Steven Levy chimes in with about the same verdict, and adds that he was able to fill up his 8GB fairly quickly.

AT&T and Apple announce iPhone service plan pricing. $60/mo, $80/mo and $100/mo plans with unlimited data. More information on rate plans, including family plans at $80, $100, and $120—not including an additional $30 per line beyond the first line. So two phones on the $80 family plan will cost a total of $110/month. Plus the initial $1,200 outlay for the phones totals $2,520 over the two year commitment.

Phone plans are activated through iTunes. Unlike other phones, you don't do the plan at the store, you just buy the device. iTunes syncing won't work unless you activate a plan, so you can't use the iPhone as an iPod without a plan.

The new demo video on activation confirms that you can transfer phone numbers from other carriers. I like how these demo videos answer common questions prior to purchase without taking a FAQ-like format. I'm guessing they'll all be included on the iPhone as a video manual.

McDonald's UK answers questions posted to their web site—all of them. This has to be the ultimate exercise in PR writing.

June 26, 2007

Python 3000 status update.

PwdHash, a browser plugin that converts anything you enter into a password field into a cryptographic hash of your password and the site's domain name. This allows you to use one password for all web sites safely, because what a web site actually sees is a mixed up password that only works on their site and cannot be converted back to your original password.

June 25, 2007

Newbie Emacs tip: I spend half of my time in Emacs shell (M-x shell), one of several ways to interact with your command prompt from within Emacs. By default, Emacs shell runs in a "line editing" mode: Typing a command at a shell prompt and pressing Enter does what you'd expect, but you also have access to the entire buffer, including the output of previous commands, and can press Enter on any line. The shell process doesn't actually see you do any of this like it would in a terminal emulator. Instead, Emacs shell lets you play in the buffer, and only sends commands to the shell when you press Enter.

Because the shell doesn't have complete control over the display, one consequence of the line editor is that the shell cannot hide what you type at a password prompt. There are at least two ways to prevent your password from being shown in the line editor. One is to respond to password prompts by typing M-x send-invisible, Enter, your password, then Enter. The password prompt will get your password, but it won't appear on the screen.

Another way is to tell Emacs to watch for password prompts and show the "invisible" prompt automatically. The following configuration for your .emacs file turns on this feature:

(add-hook 'comint-output-filter-functions 'comint-watch-for-password-prompt)

This feature recognizes password prompts that match a pattern, which handles most common cases. You can customize the pattern used in case you run any programs with password prompts that don't match the default. I noticed, for example, that the default pattern in Emacs 22 doesn't notice MySQL password prompts (Enter password:).

To fix this, customize the variable comint-password-prompt-regexp. The value is a nice long intimidating regular expression, and the new value you set it to needs to continue to work for other shell prompts. In the case of the MySQL prompt, I only had to insert Enter \| near the beginning of the pattern. The complete pattern I used is as follows:

\(\(Enter \|[Oo]ld \|[Nn]ew \|'s \|login \|Kerberos \|CVS \|UNIX \| SMB \|^\)[Pp]assword\( (again)\)?\|pass phrase\|\(Enter\|Repeat\|Bad\) passphrase\)\(?:, try again\)?\(?: for [^:]+\)?:\s *\'

Of the several ways to set this variable permanently, I decided to use Customize, the arcane but otherwise nifty user interface that lets you browse and tweak customizable things in Emacs. The quickest way to find and change the password prompt pattern is to use the Help system to find documentation on this variable (C-h v comint-password-prompt-regexp RET) then click the "customize" link. Modify the value, then click "Save for Future Sessions".

I keep hemming and hawing on whether I'm really the kind of person to buy an iPhone. With an 8GB capacity, it doesn't replace my 80GB iPod's key feature of holding my entire music collection. With an iPod form factor, an iPhone won't fit in my pocket. Those points and more mean I'd have a drastically different relationship with an iPhone than the devices it'd mostly be replacing, and that makes me question whether I'm even a smart phone kind of person, regardless of how nifty this one might be.

But nothing makes me want an iPhone more than my LG VX6100. This isn't a "boy most phones suck so a nice phone can convert anyone no matter what the cost" kind of thing, because I mostly like the LG VX6100's execution of the phone's basic features. If it weren't for the buttons on the sides, it'd be the perfect phone:

  • With the phone closed, holding one button down turns on the camera and starts snapping pictures and filling up memory. Several times a day I hear a "ka-chick!" fake camera noise from my pocket, meaning it's time to take the phone out, cancel camera mode, and delete more black squares—three keypresses and a 5 second delay for each picture of the inside of my pocket.
  • Another button, when held, toggles manner mode, which vibrates the phone and disables the ringer, causing me to miss calls.
  • Another toggles "driving mode," a mostly great feature that I don't use because I don't own a car, which leaves the phone in speech recognition + speakerphone mode which I don't notice until everyone on the bus hears the first few seconds of my next phone call.

Otherwise the phone meets my needs very well. Heck, I'd downgrade to Verizon's cheapest Samsung except I depend on the secondary display for the clock and the caller ID. It seems silly that these frustrations would kick me over into the $600-for-a-smart-phone market, but at least $200 of that is from hating my current phone, and the rest is just for a nicer iPod.

June 21, 2007

Retired Gen. George Washington Criticizes Bush's Handling Of Iraq War.

Seashore, an open source bitmap image editor for Mac OS X. Based on GIMP technology, but meant for lightweight image editing, and with a clean Mac-like (sort of) interface.

June 19, 2007

Check out Matt Haughey's How to talk to the press both for the insightful essay and for the amazingly high-signal comments posted by Matt's readers.

Aquamacs 1.0 released. Their announcement.

I tend to use Emacs on different operating systems throughout the day, so I prefer the standard behaviors to the Mac-like behaviors of Aquamacs. Plus, Emacs 22 comes in a nice straightforward Mac version. But Aquamacs does have some nice customizations built in, and for mostly-Mac users it's one of the better power editors available.

June 18, 2007

Movable Type 4.0 beta is out, with tons of new features, a new design, and a promise to open source the code base. Among other things, it includes a built-in rich text editor with multimedia capabilities. Anything to simplify multimedia asset management is most welcome.

I decided to jump into the beta and upgrade this place, and I was extremely impressed that the upgrade went so smoothly. The upgrade process is as simple as before: Just pour the new files over the old ones, and sign in to upgrade the database. Considering how much is brand new under the covers, it's amazing that my blog doesn't look any different from the outside. I've also tried out a fresh install, and that too is especially impressive.

As excited as I am about the new features, I don't recommend the beta if you care more about your web presence than the opportunity to test new software. It's complete enough to run a web site, but it's definitely unfinished in some spots. Little things from MT 3 still haven't been added to MT 4, though I assume most of them will be back before the official MT 4 release. My understanding is that downgrading isn't really an option, so for that reason alone, you might want to wait to pull the trigger on your MT 3-based web sites.

A running list of issues I've had with the upgrade to MT 4 beta 2, all of which will probably be fixed before the official release (and yes I've filed bug reports):

  • Attempting to edit a comment causes a runaway memory drain, resulting in a server error. I probably shouldn't be admitting that in public, but it's the most serious issue I've found so far. This might be limited to my blog or Dreamhost, because it ought to be a beta-stopper.
  • The QuickPost bookmarklet is not yet implemented. My old bookmarklets don't work, and there is no new one. (6A confirmed this feature will be re-added.)
  • Entries without titles appear as "..." in the admin interface. Since almost all of my entries lack titles, this is a serious issue for me. I had to convince 6A that this was a problem back when MT 3.0 was in beta, so I hope I can do so again.
  • The template tag MTTagArchiveLink has been renamed MTTagSearchLink.
  • The template tag MTEntryLink used to appear in the default "your comment is pending approval" template without the use of an MTEntries container. This is now an error, so the default template no longer works, nor does my derived template.

Google has always made it easy to add a Google search box to your web site, one that offers to search only your web site or the rest of the web. That feature recently evolved into Google Custom Search Engines. With CSEs, you can configure your search box to search one or more web sites that you specify. If you have a collection of sites you like that provide information on a subject, you can create a Google CSE to search all of them at once.

Google just launched a new feature of interest to bloggers and other dynamic web sites: Google Custom Search Engines On The Fly will search your site and any site you link to, automatically. As far as I can tell, CSE-OTF's idea of related sites is pretty literal: If you search from my blog's home page, it'll only search sites linked to from the home page. Of course, what I want is a CSE-OTF that searches every site I've ever linked to in the history of the blog. Nevertheless, I get some of this effect from archive pages, especially tag searches. I"m going to try adding CSE-OTFs around this site as an experiment.

DreamHost Status: Web Hosting Break-Ins, Security Update. It is no longer possible to view passwords in the admin panel. They're also going to promote secure connections for email to their users.

June 8, 2007

DreamHost 's official post about their 3,500 account security breach. I can't really say "I told you so" because I haven't actually said anything public, but I've always been bothered by the way Dreamhost exposes passwords in their admin interface—and more alarmingly, in e-mail. This attack involved gaining access to the admin interface (with a method not yet announced) to glean password data and modify files. If Dreamhost used the more secure method of never displaying passwords and only offering password recovery through resets via registered e-mail addresses, access to the admin interface would not be enough to gain access to files.

Of course, this would require similar protections against changing the registered e-mail addresses, and since DH is an e-mail hosting provider, this might be difficult, and maybe DH worked backwards from that and decided it wasn't worth it. I can imagine that a category of customers would be willing to exchange that level of security for a more convenient interface, having everything depend on the security of the admin account.

Sending passwords by e-mail is especially tricky because most e-mail set-ups don't use secure connections between the client and the mail server. DH offers secure mail server connections, but (last I checked) does not offer security certificates for the server, so though you can encrypt the data (and, importantly, your e-mail password used when making the connection), you can't defend against man-in-the-middle attacks. I mostly want e-mail security at public wireless Internet spots, where MitM attacks are relatively likely.

Exposed passwords do more than provide temporary access to the account. Depending on how you pick passwords, an exposed password may compromise other accounts for which you use the same password, or provide a clue to what method you use to pick passwords for this and other accounts.

DH claims to know of 3,500 accounts that were compromised, and claims to have contacted all of those account owners. Since we've gone a day or so without further confirmation of these facts, it's probably safest for all DH account owners to change their passwords—all of them.

Update: DH is updating the web page linked above as they investigate. They now suspect that the FTP account attack is unrelated to a security problem they found and fixed in their admin panel. They're requiring all customers to reset their FTP passwords.

June 7, 2007

Lots of people seem to dislike the new Olympics 2012 London logo. I like it, and I'm very surprised that that's both my initial and delayed reaction. Speak Up › London, How do I Hate Thee? Let me Count the Ways, 1, 2… 2012 goes into detail.

The Science Creative Quarterly : The Social Norm of Leaving the Toilet Seat Down: A Game Theoretic Analysis. (Widely blogged, but I couldn't resist.)

Redfin Sweet Digs, one of the best ideas to come to house hunting in a long time, "will no longer publish eyewitness property reviews because of a local MLS rule that deems them an advertisement of another brokers' listing."

June 6, 2007

Math is Hard

I thought I knew arithmetic until I found the Disney Magic Math Machine, a book of illustrated addition and subtraction problems with a handy cardboard mechanism for looking up the answers in a table. It starts out innocently enough on the front cover:

2 cherries plus 6 cherries

2 cherries plus 6 cherries is 8 cherries. I get it.

But then, inside:

2 peaches plus 3 pineapples

2 peaches plus 3 pineapples is... uh... two peaches and three pineapples? Five fruits?

7 beach balls minus 5 roller skates

7 beach balls minus 5 roller skates. I have no idea.

At least the back cover brings the difficulty back down a bit:

8 soccer balls minus 6 soccer balls

8 soccer balls minus 6 soccer balls. It's obvious from looking at it: The answer is 14 soccer balls.

Picking on the Machine is fun and easy, and I should probably leave it at that. But I can't resist the opportunity to mention a few of my favorite books on numbers for small children, because they nail the difficult task of visualizing these concepts:

June 5, 2007

CAPTCHAs are those squiggly words you sometimes see on web sites that you are asked to read and type in to prove you are a human being. CAPTCHAs only work as far as a computer cannot reasonably be used to identify the word automatically, so CAPTCHA software and CAPTCHA cracking software are typically in an arms-race situation.

reCAPTCHA adds a brilliant twist: The images of squiggly words are actually scans of real words from real printed pages that have been run through a computer text recognition program and could not be identified successfully by the computer. By typing in the word, you demonstrate you are a human and you help the scanning effort correct the word.

Of course, to serve as a CAPTCHA, the answer has to be known by the system, so what you actually see is two words, one of which is known. Your answer for the unrecognized word is used to build confidence until the word is considered recognized based on multiple answers.

(Thanks Matt.)

June 4, 2007

Emacs 22 officially released. And the Emacs die-hards chuckle because we've all been using the in-development version for years. Time to upgrade to the in-development version of Emacs 23! :)

An article on the 1986 Lake Nyos disaster.

On the subject of free math software: 3 awesome free math programs; Maxima tutorial.