Primate Brow Flash

Locking Down Facebook

Posted on 1/11/2012 by Tim

I get a lot of pleasure out of Facebook. While I’m happy to use it and even be advertised at, this free application needs to be watched. A lot of security and privacy folks have quit Facebook for their security and privacy lapses. The lapses will continue. As someone who will use Facebook anyway, I wanted to make it as secure and private as possible. So, for this blog post, I made note of the things I was surprised by. The things listed here are really only pointers or teasers for the Exhaustive Guide (updated September of 2011).

That guide goes deep and shows some new features, some of which allow for more privacy. For example,

Make sublists of friends so you can control which groups of friends see which posts.
Keep an eye on those Apps. With Application Access Logs, you can see a history of which Apps requested which personal information from you.
Test your security settings by viewing your Facebook page as it would be seen by another user. To do this, go to privacy settings –> edit profile –> view as. Now type someone’s name in the box and you will see if that person sees only what you want them to see.

There was a good set of instructions going around more than a year ago. I followed those recommendations and like many people, I just assumed those would stick. Well, enough has changed in the account and privacy settings that that old “lockdown” is no longer complete. So, the first step to locking down Facebook is : Pay attention to changes. The graphic at the end of this article shows the changes over time to default Facebook privacy settings and they trend towards more exposure, not less. A good source of Facebook info is the ZDNet friending Facebook blog.

Here are notable facts from the article:

Especially if you use Facebook with public wi-fi, you need to force HTTPS. It took a long time, much longer than it should have, but FB now allows you to use exclusively HTTPS. This means that your communication between your browser and Facebook will be scrambled so that nobody can read your traffic or hijack your session. HTTPS is not on by default, though. You have to turn it on. If you have any doubt about the need for this, watch this video.
Customization for Apps has been upgraded. Facebook apps are things like Scrabble, Wordtwist, Mob wars, and whatever else you are adding into Facebook . These third-party applications are often poorly and insecurely written and can even be malicious. Note that the list of apps you see on your front page when you click “apps” is much shorter than the actual list of apps that are installed and silently monitoring your life. To view the full list go to Privacy Settings –> Apps –> Edit Settings. I was surprised to see several apps that I had forgotten about, silently working.
I missed this in my first pass at checking account settings, but Facebook can also use your “Like” vote about a product or business as endorsement when they show an ad for that product to your friends. You can turn this off Account Settings –> Facebook Ads –> Edit Social Ads Settings.

Two things I would add to that guide:

If you haven’t changed your password recently (or ever), do that now. Breaches in the past year make it somewhat likely that your password has leaked out somewhere.
This might be more paranoid than you wanna be, but photographs uploaded to Facebook may leak personal information. This information may include the make and model of your camera, time of day and location. If you do not want this information known, consider scrubbing the photograph’s exif data before posting

This is from Facebook itself (link):

Applications your friends use can also access information from your profile

Not much has been written this, but your friends’ poor security choices could affect you. It happens when they post on your wall advertising a funny video that is really a virus.

Posted in General | Leave a comment

My Sexy Shoes

Posted on 1/9/2012 by Tim

As requested, here are the shoes I mentioned in a recent post:

Cole-Haan Nike Air Shoes found at Goodwill for $14.99

Posted in General | 1 Comment

6 recent attacks that could have been prevented by NoScript

Posted on 1/6/2012 by Tim

Scripting should be disabled in your browser by default. I know this partially breaks the internet experience, but it can no longer be justified to be surfing around allowing all web sites to run code on your computer when so many attacks come this way. Reading of these security problems, it occurs to me that they can ALL be absolutely protected against with Firefox add-on NoScript. Here are some recent examples:

Seeing more ads while wondering where Laura Frisian went? A current Facebook clickjacking attack will fill your browser with ads and infect your wall after you click on a bogus video posted by an infected friend. NoScript makes this impossible. In NoScript, you can still allow facebook to run scripts but deny attempts from other domains to run scripts. NoScript will totally shut this one down
Mac Defender. Recently some Mac Users have been falling for a ruse that Windows users have become enured to: The popups that warn us that our system is infected and then proceed to infect when installed. Recently, a group of Google Images were crafted to run the “Mac Defender” or “Mac Protector” warnings and infect users. The Mac Defender popups look like Mac system messages. A user of NoScript would never see them.
Cross Tab attacks. A new kind of attack that uses javascript to modify open tabs to resemble web sites you trust. Totally shut down by NoScript.
Scripting in the browser is not limited to javascript. CNET describes an attack that uses Scalable Vector Graphics libraries act as a keylogger. NoScript stops this as well. This vulnerability is patched in the latest browsers, but if you run NoScript, you don’t have to wait for the software to get fixed.
Banker Rootkit. The Banker Rootkit exploited a hole in Java that has since been fixed. A user gets infected by navigating to a malicious website which then loads java and through the hole in java, installs a program on your computer that changes your hosts file and installs fake certificates in your browser. The attackers can then gather your bank credentials and empty your account. NoScript turns off Java as well by default and protects against this attack.
Oh, you never go to malicious sites? Perfectly legitimate sites might be infected with either malicious ads or SQL injected files that in turn attempt to run malicious scripts when you visit. A recent SQL Injection campaign infected tens of thousands of sites with javascript based malware that NoScript handily prevented from running.

The author posts ongoing NoScript development news on his excellent blog.

I think I’ve been made much safer by NoScript and I’ve grown used to the extra step of allowing scripting at sites I trust. But don’t trust me. Even the National Security Agency recommends NoScript in their recent security Best Practices datasheet.

Posted in firefox, security | Leave a comment

Firefox Certificate Patrol

Posted on 1/4/2012 by Tim

Several months ago in Syria, a Facebook user noticed that Facebook’s IP address resolved strangely. He was also getting an untrusted https certificate warning. A certificate is a piece of text that sits in your browser. You can view yours by going to Tools –> Options –> Advanced –> Encryption and clicking the “View Certificates” button. The server you connect to must verify that it is who it says it is by authenticating against that certificate. Apparently, the Syrian authorities tried to set themselves up to eavesdrop on citizens communications with Facebook and to fake the Facebook certificate. Here an image of the fake certificate next to the real one(on the right).

Syria did not do a very good job. While they were able to set up a Man in The Middle (MITM) they didn’t bother to issue a realistic fake certificate. A browser will warn the user that an unknown certificate is presented by a web server (the fake one wasn’t found in that user’s list of certificates). Unfortunately, many users just click past whatever warnings they need to click to get to the site they want.

Much more effective and scary is the recent attack by Iran doing almost the same thing but issuing a real certificate through an authority that browsers trust. In this case, the browser will NOT warn the user that the certificate is bogus.

A security company named psyced sought to address this problem. According to them:

Your web browser trusts a lot of certification authorities and chained sub-authority, and it does so blindly. Subordinate or intermediate certification authorities are a little known device: The root CAs in your browser can delegate permission to issue certificates to an unlimited amount of subordinate CAs just by signing their certificate, not by borrowing their precious private key to them. It is unclear how many intermediate certification authorities really exist, and yet each of them has God-like power to impersonate any https site.

Once a subordinate gains this trust, it can issue any “valid” certificate it can think of, even for a domain they have no business signing. This means that these subordinates can change the country of the cert and change the domain, becoming the trusted certificate authority for, say, Bank of America.

Firefox Certificate Patrol to the Rescue. This neat little add-on warns you when a certificate trusted by your browser changes. This extension would warn you if a subordinate certificate authority suddenly got delusions of grandeur and decided it was a major US bank. It keeps a database of all the https certificates it knows about, and if one changes, it warns you.

Installing this product into Firefox, I don’t find it very intrusive or confusing. When it finds a certificate it hasn’t encountered before, it positions a yellow notice in the top of your browser that disappears after a short time. Now that It has shown me one for Twitter, for example, it won’t show me one again until it changes, indicating that either Twitter has changed its provider (unlikely) or that a subordinate certificate authority has been compromised and made to look like Twitter.

Here is an academic-looking paper about such attacks. The paper does a nice job of describing the problem and plausible scenarios where a CA is “compelled” by a government to issue subordinate certificates that may be easily falsified. It promotes a way of warning users only when the country of the certificate authority changes. This is helpful because it can let the user know if their bank’s certificate authority suddenly switched to being issued in Russia. The paper’s promised product, CertLock seems to have never been released, though.

The paper says,

We also believe that there is little reason to warn users if a website switches CAs within the same country. As our threat model is focused on a government adversary with the power to compel any domestic CA into issuing certificates at will, we consider CAs within a country to be equals. That is, a government agency able to compel a new CA into issuing a certificate could just as easily compel the original CA into issuing a new certificate for the same site. Since we have already opted to not warn users in that scenario (described above), there is no need to warn users in the event of a same-country CA change.

Fortunately, Certificate Patrol has opted to warn users in that scenario and many others. Even if the government compels the same CA into issuing a new certificate, you will be warned. It may not be possible in all cases for you to figure out if something funny is going on, but you will be warned. You may wish to combine this warning with a search in the EFF’s SSL Observatory for further research.

While Security Patrol is a great product, it is kind of a band-aid. It seems like we need a new approach to the CA system and I don’t know what that is.

They say that Firefox security patrol is for users that will not be befuddled by more alerts in their browsers. They also say that “only by getting familiar with this will really help you get in control.” I say that our privacy and security depends on understanding this stuff.

A great real-life example how this works is related in this forum post. The browser in question there is Google Chrome and Google has a slightly different approach to this problem., but the warning would be similar.

Posted in General, firefox, security | Leave a comment

Light Rail on Robert St.

Posted on 12/19/2011 by Tim

Here is the light rail station going up in front of my office building

Posted in General | 2 Comments

St. Augustine was a real guy

Posted on 11/23/2011 by Tim

Saint Augustine by Garry Wills

My rating: 3 of 5 stars

I’m glad I read this book because I gained insight into the world of late antiquity. Augustine’s personality and the events of his life come alive. He became a real person instead of a ghostly figure in a Russian icon. I was struck by how easy it was to relate to the attitudes and activities of these people. Augustine ran around as a youth in Carthage with a gang of hipsters vandalizing stuff and having all-night bull sessions.

I gained less understanding about why Augustine was so important and why Augustine was attracted to Christianity out of all the competing ideologies he experimented with (Paganism and Manicheanism).

I needed something like “Augustine came up with X and this influenced all Christian thought as evidenced by A,B, and C.” If I had to come up with the X after reading this book, I guess it would be his insights about the will or the concept of the church as a “City of God”. I would not be able to give you the A, B, and C. It may be right in there, but I missed it. I suspect that Wills assumes some pre-existing knowledge on the part of the reader. I didn’t always find it easy to read the philosophical explanations. When he discussed a theory of time and brought in Karl Popper and Bertrand Russell, wow, I was lost (and I consider myself a time-travel expert).

Gary Wills has this way of lurching from one subject to another. Traditional demarcations of subjects such as chapters or transitional paragraphs are missing.

View all my reviews

Posted in General, history, religion | Comments Off

My Holds

Posted on 11/21/2011 by Tim

I like the rhythm of the library. Request, borrow, read, return.

Posted in General | Comments Off

can’t stop talking about my shoes

Posted on 11/8/2011 by Tim

I went to Goodwill last weekend and found a brand new pair of long pointy shoes with superfluous seams and brightly patterned laces. You may be thinking, “clown shoes”, but they are quite nice and of a style so rare, they have deleted it from the manufacturer’s web site. I tend to buy square old-man shoes and wear them until they fall apart. When buying used ones, I get variety forced upon me! I look down at them and say, “woah! Whose feet are those?” They are made in China, yet cost nearly $200.00 new so I also get to feel like I’m sticking it to the man with every step I take.

For someone of my height, shopping at Goodwill isn’t always the best use of my time. I do better at Lutheran church rummage sales. I pretty much need a “long” and those are few and far between (and often monogrammed).

Posted in thrift | 1 Comment

Cuyuna Mine Trails: A work of art.

Posted on 10/16/2011 by Tim

I went with some righteous dudes to Cuyuna for two days of great mountain biking. The trails are a beautiful and functional sculpture cut into 100-year-old piles of mine tailings. Someone, mainly Tim Wegner, put a lot of engineering skill into making grand, banking curves on all the downhills so that you could really speed. I was a bit cautious, riding right at the edge of my ability to control the bike, but still had a ball on these downhills. This video doesn’t capture the feeling, of course, but it gives you a look at the banked curves of “Bobsled”.

A motivated visitor could hit just about all the trails in a two day trip. The major idea I’d like to get across in this post is that you don’t have to be any kind of expert or have special gear to enjoy most of these trails. There are a couple of double-black-diamond sections that are clearly set off and contain rock gardens and crazy wooden bridges that require you to bunny hop and unload your rear tire and move it sideways.
I rode a single speed with no shocks and I don’t feel like I missed out on anything. It could handle most of the uphills, except for some difficult switch backs that I probably couldn’t have done on any bicycle.

I had on Kenda Nevegal tires that I had bought about two years ago and never used. These made a huge difference in how confident I felt going around corners at speed. I think the tires I replaced would have felt like they were sliding out from under me.

I really enjoyed the people I went with. They probably couldn’t tell, since I took a sip of whiskey and passed out each night, but I did enjoy their company.

Posted in Minnesota, cycling | 1 Comment

4 Books I Can’t Wait for

Posted on 10/11/2011 by Tim

First, published TODAY is Vernor Vinge’s Children of the Sky. I loved the other two books in the series and I want to pack up my family and live in that universe. I’d even live in the slow zone if I had to. BoingBoing has an early review and they say it is as good as the first two.

Then, in 2012, the final installment of the Years of Lyndon Johnson biography by Robert Caro is due out. Caro has devoted most of his life to figuring out Lyndon Johnson. If you haven’t read any of these, you are missing a critical chunk of American history.

Then, we have the final installment of the Liberation Trilogy. This one will be about “The Normandy Invasion and the War in Western Europe”. book that follows the excellent volumes about American troops in World War II. Atkinson wrote a whole other book between the first and second volumes and there is no publication date mentioned anywhere, so I’ve got time. Read any of the two previous books for really in depth discussion about the leadership and capabilities of American soldiers in WWII AND detailed analysis of the battles and decisions made during them.

THEN! We have the next volume of Song of Fire and Ice (i.e. Game of Thrones), which could be two years or twelve years away. You won’t find many people over age 17 willing to admit they read this series. For me, it is hard to hide the fact because I stop bathing when I do. George R.R. Martin fans waited six years for Dance with Dragons. Man, that ain’t gonna be me, waiting on this freak. In fact, I’ve put off reading Dance with Dragons until closer to the release of the next volume (I’m 33 of 44 holds at the library)

Posted in books | Comments Off

The Koch brothers

Posted on 10/3/2011 by Tim

The Koch brothers have been much maligned recently, especially in a New Yorker article by Jane Mayer, author of The Dark Side. Looking for an enemy of the day, I just read the wikipedia page for David Koch:

“I have friends who smoke pot. I know many homosexuals. It’s ridiculous to treat them as criminals—and here was someone running for president, saying just that.”[12]

Whaaaaaaaaaaa?

He broke with the Libertarian Party in 1984 when it supported eliminating all taxes[3] and Koch has since been a Republican.[3]

Current political views

David Koch supports gay marriage and stem-cell research.[3] He is against the Patient Protection and Affordable Care Act and was against the Dodd–Frank Wall Street Reform and Consumer Protection Act.[3] Koch is unsure if global warming is caused by humans, and thinks a warmer planet would be good because “[t]he Earth will be able to support enormously more people because a far greater land area will be available to produce food”.[3]

He opposed the Iraq war, saying that the war has “cost a lot of money, and it’s taken so many American lives”. “I question whether that was the right thing to do. In hindsight that looks like it was not a good policy.” he told an interviewer.[15]

David Koch dislikes President Obama’s policies. “He’s the most radical president we’ve ever had as a nation… and has done more damage to the free enterprise system and long-term prosperity than any president we’ve ever had.”[15] Koch believes that Obama’s father’s economic socialism explains what Koch views as Obama’s belief in “antibusiness, anti-free enterprise influences.”[15] Koch believes Obama himself is a “hardcore socialist” who is “marvelous at pretending to be something other than that.” [16]

Yeah, not so black and white…. and then I read on:

Since 2000, Koch has pledged and/or donated more than $600 million to the arts, education and medical research, more than he gave to political causes.[24] Koch maintains that only a relatively small portion of his giving goes toward political causes. Instead, most of his charity goes toward cancer research, followed by cultural and educational programs.[25]

Does this sound like the big bugbear of the democratic left?
Today there is a huge headline on Bloomberg: “Koch brothers flout law with secret Iran sales”. So, I thought, maybe they are evil after all. In the first few paragraphs of the article, it becomes clear that somewhere in their vast empire of companies, one in France might have been paying bribes and Koch industries dispatched investigators and things then get very murky. And yes, in that murk, there are sales to Iran, conducted by a French subsidiary. Not evil enough for me. Not nearly as evil as the Brown brothers, who would have LOVED the Iraq war.

Posted in General | Comments Off

I’m so sorry I read this graphic novel now.

Posted on 9/18/2011 by Tim

Brain Camp by Susan Kim

My rating: 1 of 5 stars

I read this and thought, “who agreed to publish this garbage?”
I get that it is for seventh graders and up and yeah, I’m 44, but I was previewing it for my kids and I found it devoid of value. Initially, the outsider characters seemed promising, but the plot made no sense. The theme was one of “strict white-bread discipline camp is really a front for a generic EVIL” and something about aliens but the writers became to bored to see it through convincingly and by some sorrowful chain of events it got published anyway and ended up in my library bag and now I’m pissed off.

View all my reviews

Posted in books | Comments Off

European Economic Governance and the end of Greek democracy

Posted on 9/16/2011 by Tim

I’m reading the excellent “This Time Is Different” By Carmen Reinhart and Ken Rogoff. It is exciting to be reading it at the same time as the EU is trying to figure out what to do with Greece. I just finished a part that talks about how the Dominion of Newfoundland was, for all purposes, an independent country until it defaulted on its debt and the British established a Commission of Government that made all the decisions for Newfoundland for fifteen years. The commission ended with Newfoundland becoming part of Canada. In those days, gunboat diplomacy was often used to make sure countries repaid their debts. Today, apparently, we use the European Economic Governance. Here is Nigel Farage, who has been a voice in the wilderness warning of the threat to democracy built into the European Economic Union.

I have to ask, though, is today’s Greek democracy something to treasure? Also have to ask if Farage, as entertaining as he is, is really concerned about the people of Ireland, Iceland and Greece, or is he pursuing his anti-immigration, anti-environmentalist goals? Tim Flannery says in The Weather Makers, the future will require some sort of carbon dictatorship. The EU is in the early embryonic stages of such a thing and it is this kind of dictatorship that Farage is warning about.

Posted in books, climate, history | Comments Off

Everyone needs to read “The Big Short”

Posted on 9/14/2011 by Tim

The Big Short: Inside the Doomsday Machine by Michael Lewis

My rating: 5 of 5 stars

This proves it is possible to write entertaining non-fiction about bonds.

The book is character driven and follows the lives of about ten people who saw the sub-prime mortgage backed bond market for the scam that it was. These ten people were in many ways outsiders. They were not polite, and retained a child-like and apparently rare ability to see the reality that most of Wall Street was trying to ignore. For this reason they are heroes to me in spite of the fact that they worked hard to profit from a wave of defaults and foreclosures in middle America.

This book should be read by everyone because it gives a peek into the crazy world of bond trading. The book likens moving from investing in stocks to the unregulated world of bonds to taking a small furry mammal who evolved on an island with no predators and throwing it a pit of vipers. Like a video game that allows players to make modifications to the game, the bond market allows banks to invent new investment vehicles seemingly at will. For example, bond traders found plenty of investors for sub prime mortgages, but were running short of actual Americans with poor credit. So, they invented a set of investments that looked just like collections of mortgage backed bonds, but were not backed with actual mortgages; they were essentially bets on other piles of sub-prime mortgages. It was kind of like opening up betting on 50,000 imaginary race tracks where the outcome of the imaginary races depends on one real race. Yes, this is what they come up with, these people educated in our best schools and rewarded with incredible salaries. Meanwhile, our heroes spent a lot of time trying to understand these inventions and soon found that few traders and absolutely no raters who even understood the investments they were working with. One of the guys who understood them was a borderline psychotic Deutch Bank trader. He was betting against sub-prime mortgages(shorting them) as much as he could. One of the ways to short these investments was to take out an insurance policy against the bonds going bad. In one of the most fascinating parts of the book, to make his position even more valuable, he tried to shut down the market for further shorting of sub-prime mortgage backed bonds by alerting the insurance giant AIG that they were insuring really, really shaky bonds and facing huge losses when the sub-prime market crashed. The drooling idiots at AIG failed to understand what this guy was telling him and the idiocy continued.

Finally, this book exposes the enormous FAIL that is the rating agencies. Moody’s and S & P get paid only if they get to rate bonds, and so of course rush to give falsely positive ratings so that banks will keep giving them business.

View all my reviews

Posted in books, history | Comments Off

The Hiawatha Cyclery ride August 13, 2011

Posted on 8/19/2011 by Tim

The Hiawatha ride has a life of its own and it happens even when the organizers are out of town.

This past Saturday, there were two of us and we rode through Ft. Snelling State park and in a loop around the airport before proceeding to the Midtown Greenway Commons where there was a 24-hour bike race under way.
The race was a five-mile circuit around Powderhorn Park. The racers were a mix of fixie delivery types and decked-out roadies. The course crossed Lake Street and I can’t believe no one got hurt, because I watched the Lake street crossing for a while and nobody was stopping for red lights.

While we watched the Powderhorn24, a cross country bike tour consisting of 55 velomobiles came down the greenway and stopped for coffee at the commons. I felt like I was at the Bike Center of the Universe, until some guy shouted, “Our town freakin’ rocks!” and cost us the Bike Center of the Universe Designation.

Most of the Velomobile guys were from Western Europe. They were happy to show us how their vehicles worked. At least one of them had an electric assist technology. The concern with designing these things is heat dissipation. Most of them have wheel covers, which rules out disc brakes, and so most of them have drum brakes. They all need parking brakes of some sort, or else they roll away.

Posted in General, Minneapolis, cycling | 1 Comment

Navigating the Hills and Gasoline Engines of Wisconsin

Posted on 8/8/2011 by Tim

I rode about 135 miles up to a cabin in central Wisconsin on Friday. I’m glad took a less direct route so that I could ride on interesting back roads instead of the Gandy Dancer Trail. I enjoyed the good towns of Osceola, Amery, and Cumberland. I divided the day into three psychologically digestible 42 mile legs. Osceoloa, WI was the end of the first leg and as planned, I had pie and coffee when I got there. In Scandia, I helped another biker pump up his tire and we rode together to Osceola. He was going up the Gandy Dancer trail to Luck where his friends had a cabin. I would have ridden with him further, but I really had my brain set on the pie and coffee in Osceola, and I was planning to avoid “The Gandy”.
From Osceola, I took county road M to the new Stower Seven Lakes Trail. This was probably the most frustrating part of the trip because the crushed limestone slowed me down a bit. I kept looking over at the nearby road, thinking I should be on there instead. Anyway, it was a break from being in traffic and it had some nice scenery.
The trail ended in Amery, which is a decent sized town with all sorts of concessions, including a bike shop. I tried continuing on the Cat Tail Trail east out of Amery and found the sand too deep. Google maps wrongly suggests the Cat Tail Trail as a good route for bikes.
Amery to Cumberland was hilly and varied with lakes, farms and forests. Cumberland was the end of the second leg, and I took a long break in an air-conditioned restaurant there and looked over my new “Wisconsin Atlas and Gazetteer “, a book with detailed maps of all the roads in Wisconsin.
My route north from Cumberland followed county highway “H”, which is very hilly. I enjoyed a slight tail wind out of the south. I was getting braver and braver in speeding down the backs of those hills. I got to my destination after dark, much later than anticipated. My total time on the road was about 14 hours with breaks totaling about 3 hours, I guess.
135 miles in 11 hours.

My knees did not bother me at all, and neither my crotch nor my hands became sparkly. I did experience horrendous oozing saddle sores. I also I got tired of my own company. On the brink of exhaustion, I turned into some annoying stoner where my brain was always going, “Dude, time to eat that cliff bar.” I also became irritated by the gasoline engines working over every acre of countryside. Motorboats and jet skis, lawnmowers and chainsaws, combines, cars and trucks, ATVs, motorcycles. I was praying for a real crisis to come down and cleanse the countryside of these sinners. At that rate, I’m sure I’ll see my prayers answered, but I was spending a lot of energy resisting that reality and that is part of the reason I tired of my own company.

Posted in cycling | 1 Comment

‘I’m dead and its all my fault’ is dead, but still funny

Posted on 8/4/2011 by Tim

http://www.imdeadanditsallmyfault.com/

I’m sticking it to big oil, Doug. Got me one of these totally rad fixed-gear bicycles. It’s called that because you can’t stop pedaling and it has no brakes. Because stopping is for pussies, Doug. With one of these babies you just let your ‘tude carry you through the intersections.

Posted in cycling | 1 Comment

Mounting a smart phone as a cycling computer

Posted on 8/1/2011 by Tim

Hi, I’m Matt, Tim’s brother. I decided to geek out and mount a mobile phone on the handlebars of my bike to use as a cycling computer. Tim asked me to write a guest blog post about it – you know, to contribute to the hive mind. Here’s how I did it.

Get the phone
In addition to my basic criteria for any phone, my criteria for a cycling computer phone is something like this:

* Smartphone – to run cycling appropriate software, it should have a GPS, a decent sized screen, a data plan, and plenty of software options. Right now, this pretty much limits me to Android or iOS.
* Rugged – I don’t want a phone that couldn’t take a few lumps or that would fry with the first rainfall.

I’ve been wanting to do this for a while, so I’ve been keeping a lookout for the right phone. When T-Mobile offered a buy one get one deal on smartphones and my Father-in-law went in for the MyTouch 4G, I choose for my free phone the Motorola Defy. The Defy runs Android (albeit with Motorola’s “Blur” skin on top) and meets my first requirement, but so do a lot of other phones. The salesman was baffled as to why someone would choose this mid-range smartphone over the fancier, faster and uncontaminated-Android G2 when they are both offered for free. But the Defy is water resistant, it has a rubberized exterior, and has a Gorilla Glass crack resistant screen. It has no moving parts and seems like a rugged little bugger. Indeed, I’ve dunked this thing in puddles, I’ve dropped it on concrete and kicked it around to a degree that has seen lesser phones fail. Here is a picture of my G1 which I dropped on concrete:

not appropriate for cycling applications

If I was a true cycling performance freak, I might have held out for one of the new Sony Ericsson Android devices with the ANT+ compatibility. This would allow me to wirelessly hook up a power meter (I love measuring watts), cadence sensor and other devices to the phone for monitoring and recording.

Build the Mount
So now I have my phone, and it’s time to figure out how to mount it on the handle bars. I bought the car mount accessory for the Defy to hold the device. To affix it to the handle bars, I screwed the part of the car mount which holds the phone to the clamp from a handlebar mountable cup holder from REI. It isn’t the most elegant solution, but the two pieces actually fit really well together. Together, they hold the phone seemingly securely with the screen totally unobstructed.

Download some Software
The Android Market has a number of fitness type applications that seem suitable for bicycling including, Move! Bike Computer, Velox, Cardio Trainer, SportsTracker, Endomondo and MyTracks. So far I’ve only tried out Move! and MyTracks. Of these two, I prefer MyTracks because it makes it easy to upload and visualize on the web with maps and tables.
For an example of the data output, check out my Odometer.

Also MyTracks seems to update the speed information more frequently. I plan to try out some of the others as the summer goes on. One feature of Move! I do like is the ability to race yourself. You can load up old ride data and try to beat your previous performance over the same ride.

My first test of my the new rig revealed a near fatal flaw. After only a minute of not touching the phone, the screen turns off. This is normal behavior for a smartphone, but not a good one for riding. I want to be able to see ride data at a glance. Unlocking the screen is tricky enough to be dangerous to attempt while riding, so I need the screen on the whole time.

To fix this without having to mess about in the settings every time I go for a ride, I use an Android program called Tasker. Tasker lets you create tasks that listen for phone events and then trigger other changes to the phone. I found these tasks tricky to set up, but they give a lot of access to the phone.

To start with, I set up a new “profile”. Tasker allows you to create multiple profiles, each of which can be enabled or disabled separately. Within a profile, Tasker allows you to set up one or more “contexts”, or things to listen for. These contexts can be, for example, a time of day, a certain location, or whether the battery level is below a certain level. I set up an “application context” that listens for the state of one or more applications. Then I set up two “tasks” that listen for the context. The first task, executed when one of the applications is running in the foreground, changes the display timeout to the maximum value. Tasker interprets this as never. The second task changes the display timeout back to one minute. I currently have two applications in the context, iBike and MyTracks. When I get around to trying them, I can easily add other cycling applications to the same context.

Conclusion
I’ve taken it for a few spins. It works really well; the phone hasn’t popped out yet, but so far I’ve been careful not to hit any sizable potholes. I’ve been able to see the ride data right in front of me, and I’ve uploaded it to Google Docs and Maps as well. On my way home from work last week, it rained, and the phone plugged away like a champ, delivering the precious real-time data stream. After the ride, I just popped the phone out, wiped it off and slid it into my pocket to dry. No problems.

Relative Humidity: 100%

Negatives – with gloves on, the device is totally inaccessible, you can’t even answer it. Also, in direct sunlight, I’ve noticed some glare at certain angles. However, my head seems to provide adequate shadow in my natural riding position, so I’ve yet to experience this problem while riding. These are pretty minor issues.

I am expecting longer rides to take a serious toll on battery life. So I’m considering a new wheel with a dynamo hub, and some kind battery with USB out – something like this… although $120 plus $100+ for the wheel set seems a bit steep. We’ll see; stay tuned.

Posted in Computers, General, cycling | 1 Comment

Devil in the White City: True Crime and more

Posted on 7/29/2011 by Tim

The Devil in the White City: Murder, Magic, and Madness at the Fair that Changed America by Erik Larson

I’m loving this book. It is weird in that it is careful history of the Chicago world’s fair mixed in with a mind-bogglingly fantastic tale of a real life serial killer operating in Chicago at the same time. I like that the writing makes these historical characters real enough that one realizes that people in the 1890s were not very different from people today, though they seem to have much greater capacity for hard work. I hesitate to recommend it to “true crime” fans because while the serial killer is morbidly fascinating, they might find the historical parts a bit dull. History buffs will love the steampunk atmosphere. It really brings this time alive. It also serves to remind the reader of the time before citizens stood up and demanded better government services. The book’s descriptions of Chicago’s streets will make you want to run out and kiss the first sanitation worker you can find.

View all my reviews

Posted in books, history | 1 Comment

Fox Hydration Backpack – 2 years later.

Posted on 7/21/2011 by Tim

Fox Hydration Backpack

I bought a “hydration” backpack about 2 years ago during our trip to New Mexico. The bike store guy recommended the Fox brand over Camelbak because it was cheaper and just as good. I recommend hydration packs in general and this brand specifically. Every time I’ve worn it, I’ve been able to have better endurance and less after-effects of riding all day. This review is about how well the product lasts and the effects of long-term ownership. This thing still looks and feels brand new to me. I’ve never given it a proper cleaning other than rinsing out the reservoir and cleaning the valve with hot water and soap. There are no weird smells and the water tastes great. The reservoir is protected from the sun so it stays cool longer. The storage zipper spaces are useful as are the Velcro straps where I carry a small pump, map, wallet, snacks and tools. The one effect of long usage is that the biter valve does not close like it used to and I need to use a hand to press it against my teeth to make sure it doesn’t drip after I’ve taken a drink. The many online reviews of this pack complain about the same thing, but they have not figured out how to close the leaky valve. If I couldn’t close it manually, then yes, it would be very annoying.

The mouthpiece/valve does seem to wander and has a tendency to reach out and come into contact with all manner of inappropriate surfaces. I know that some brands of packs have an “elbow” in the tube to make the mouthpiece stay more where it is needed instead of giving it a 360 degree range of motion

I thought this pack was a great value. I see that this model has been replaced by a 68 oz. pack that is slightly more expensive. Other reviewers have not yet posted about whether the the drip problem is resolved on the new model. It is interesting that neither REI or Nashbar carries this brand.

Posted in General, cycling, product review | Comments Off