I love the apple store.

I know the apple store is efficient and they've spent a lot of time streamlining the experience. Know what? They succeeded.

I went in there today, knowing what I wanted. I had an old laptop battery to recycle and I wanted the family pack upgrade to Snow Leopard. I started a timer when I walked through the doors of the store. Nobody was available so I wandered a bit inwards. Pretty soon, someone came up and asked if he could help me.

When all was said and done and I was walking out of the store, I stopped the timer.


that's hot shit.


The Poor State of Online Banking Passwords

It's been time for me to change my passwords for a while. I believe in good password security, but I also know that I need to have a sane number of passwords if I will have any hope of remembering them. To that end, I have a couple of different 'category' passwords. I have:

  • secure financial password - used for banking sites and the like
  • secure non-financial password - used for sites with secure login that are important, but not financial. flickr, for example.
  • insecure password - used for mailing lists, http-only logins, throw-away sites
  • personal password - laptop unlock
  • work password - all things employer-related
  • PGP key passphrase
  • ssh key passphrase

That list is already longer than a coherent memory can handle, especially since all my passwords are more random than not (such as Hm.t8U%$[1]). So I keep them in a PGP-encrypted file just in case.

Anyway, the time came to change them, and I started with the laptop, work, then secure financial password. pwgen is a godsend, btw. The laptop and work email changes went fine, and I started in on the financial passwords. I was using pwgen -y 9 to create candidates (mixed case, numbers, and symbols, 9 characters long) and then fiddling with them a bit, adding or removing characters, changing one here or there. I came up with a good candidate and started changing passwords.

Then I came to Discover's website. "Sorry, that password is invalid." it says. What company in their right mind uses some password hash so broken that it can't handle punctuation in the password?! I mean, seriously! Are you having people hand-transcribe them or something? Maybe I shouldn't use confusing characters like 1 vs. l either, huh? Idiots. Anyway, I change it around, strip out the punctuation, and add a character to make up for it. Alright, carry on.

A few more go by and then comes American Express. Here are their requirements (straight from their website):

  • Contain 6 to 8 characters - at least one letter and one number (not case sensitive)
  • Contain no spaces or special characters (e.g., &, >, *, $, @)
  • Be different from your User ID and your last Password

WTF is up with 6-8 characters?! Really? What, are you using some archaic version of crypt that still only supports passwords of 8 characters? ... wait a minute. IT'S NOT FUCKING CASE SENSITIVE?!?! Amex, I know you're all old-school with your 'only rich people use amex' and the whole no-limit amex black cards thing but it's not cool to be old-school with website security.

Last in the set of FAILed banking sites comes Smith Barney. They also prohibit symbols, and add one more requirement. Your password must start with a letter. Why, oh God of Security, Why?!?!

Ok, fine. Now my list of passwords has increased yet again

  • standard financial password
  • financial password with no special characters that starts with a letter
  • short alphanumeric password for broken sites from the last century


Why is it that the web sites for which security should be the highest priority are the slowest to adopt (what seem to me to be) standard password / passphrase heuristics? A good password should be at least 6 characters long (recommend at least 8 and preferably 10+) and choose 3 of the following:

  • have lower case letters
  • have upper case letters
  • have numbers
  • have symbols / punctuation

Note - I said 'choose 3 of the following'. If you always require all of them, that *also* reduces the space of the password set! (of course, any restrictions reduce the password set, but choosing three at least encourages good password choice.)

p.s. Can I tell you how hard it is to find the 'change password' link on some of these websites?! OMGWTFBBQ! I should just give up. But I won't. I'm kinda stupid like that sometimes.

[1] Note - not an actual password of mine. pwgen ftw.


AT&T and "Multimedia" messages

[UPDATE 2009-03-23] Apple announced on their iPhone 3.0 preview page (http://www.apple.com/iphone/preview-iphone-os/) that the iPhone 3Gs will be able to send MMS. Thanks!

I am absolutely dumbfounded at how incredibly poorly the iPhone handles picture messages.

You'd think it was common knowledge that in 2009, people with picture phones like to send picture messages. There have been ads forever telling us to snap a picture and SMS (or rather, MMS) it to our friends. Why, then, is it not only impossible to send a picture message from an iPhone, but so incredibly difficult to receive one?!

OK, I don't know why it can't, but I can accept that my iPhone can't send picture messages. It's stupid, but whatever.

I don't know how many of you have received an MMS from someone on an iPhone, but here's how it goes:

  • get a text message ("I sent you a message you can view within the next 7 days") with a URL, a login and a password

  • tap the URL to load it in Safari

  • forget the username (it's something like dc394he0m)

  • go back to the home screen, load the text app, read the username again (because remember, you can't copy or paste on an iPhone either)

  • tap the URL again, curse because the first half of the username you remembered is now gone

  • fill in half the username

  • go back to the text app, look at the username again

  • don't tap the URL but instead go back to the home screen and then into Safari

  • fill in the rest of the username

  • repeat for the password (actually easier to remember like far4back)

  • finally get the picture someone sent you.

Come on, iPhone, AT&T. You can do better than that.


Netflix, Tivo, Troubles and Triumph

When Tivo and Netflix announced their alliance, I rejoiced. It is fantastic to browse through a list of movies, choose one, and have it magically show up on your TV. Well done.


We tried to watch Empire Records, and the sound and video were several seconds apart. Bummer. I tried it on my laptop, and it was just fine, but we wanted to watch it on the TV.

So I called netflix! They have an 800 number on their contact page with 24hour support, and the website lists how long the hold queue is! That's pretty cool. The wait was only a minute, so I called. It was actually less, and the woman who answered the phone asked me the right questions, put me on hold for a moment, and then told me that it was a known problem and the video would be re-encoded. The Tivo gets its videos streamed from a different set of servers from when you watch the movie on your laptop, so it's not uncommon for one to be broken and the other work.

So while it kinda sucks that the video we wanted to watch was not working just right, I'm quite impressed by the availability and quality of 24hour phone support.

So Boo. Yay! Boo. Yay!

Off to watch something else...

Flying the Bay Area

Golden Gate and Marin Headlands, originally uploaded by maplebed.

The weekend before returning to the frozen wasteland that we call Boston (and having to shovel feet of snow), my coworker CG took me for a nice flight around the bay area in his little 4-seater Grumman. Man, what a trip. This picture says more than I ever could.


Why does RCN cable suck so very very much?

Ok, lemme start with the story.

Christy and I return from the Wonderful West to find that our Tivo is unhappy and our cable is broken.

I call RCN (which, incidentally, has this fancy caller-ID routing system such that I can't call their 800 number because it routes me to the California office, which was merged with a different company, so I always call some random branch office and transfer into the main system) and talk with the least helpful customer service rep ever. Talking to her was like pulling teeth. Every little scrap of information I wanted I had to ask the question in like 3 different ways before she would give me any useful information. She suggested no resolutions to my problems, and instead forced me to ask about this thing and that thing and so on until I finally got the info I needed.

It boiled down to this: RCN switched from analog (or analog + digital?) to digital only on Jan 6th. (Did they tell us? No. Our cable just stopped working.) While our Tivo understands analog cable, it needs a cable card to understand digital, so I need to either drive to the local RCN office or schedule an appointment to have them deliver a card and install it.

OK, that's not so bad. I found their local office was in Arlington and they could send out a technician on Tuesday. After thinking about it for a while, I opted for the ($15.99 installation fee + $49.99 visitation fee) technician to come out and install the card (since driving in the icy frozen wasteland that is the East Coast is scary). I called them back and they scheduled an appointment from 11-2 on Tuesday.

Well, Tuesday rolls around and the guy shows up at 1pm (within the window! Hooray!). Whoops! Nobody told him he was installing in a Tivo. He doesn't have a multi-channel cable card, but he does have two single-channel cards, which Tivo claims will work just as well. Except that they don't. One card only sees the even channels and the other card only sees odd channels. Anyway, the cable guy winds up spending nearly 2 hours futzing with it, testing the cables, removing splitters, poking at this and that, until he finally leaves and says "I think everything works. If it doesn't, you should call Tivo first."

I guess it's working... I mean, I think Tivo is successfully recording two shows at once, without the evenness or oddness of the channel making a difference.

There's one thing though. Now it takes a full 3 seconds to change channels. You press the channel change button and it takes just under one second to switch to the next channel. That's normal; there's always a bit of a delay between pressing the button and the TV switching. But then you get a solid gray screen for a full 2 more seconds before the picture shows up. What's up with that?! I heard one coworker today say that with analog cable they send the whole feed and the client box chooses which channel to view, but with digital cable, it only sends the one channel you're watching. When you switch channels, it sends a signal up the wire and the central host send you a different channel. That makes sense to me, but really kinda sucks. It makes channel surfing a PITA.

In addition to the 3 second delay, half the channels in the lineup just give me a solid gray screen. But since I always get a gray screen when changing channels, I wait something like 5 seconds before I realize the picture isn't actually ever going to come and go on to the next channel. This part makes channel surfing a Royal PITA. It's like they don't want me to even bother watching TV anymore.

Anyway, the whole experience has been pretty frustrating and overall reinforces my dislike of cable companies and the whole state of our interactions with large media companies. Why is it that we value a market system in which you will make more money by treating your customers worse? It screams of back room deals and lobbying and regulatory systems that prohibit any disruptive small business from even having a snowball's chance in hell of actually being able to threaten any of the big media conglomerates.

Oh well.

So RCN made a change to decrease the bandwidth they use and increase their ability to transmit more (useful) data over the same cables. What's the net result?
* I wasted time on the phone with their customer support
* Their employee wasted 2 hours working on my equipment
* My service is worse than it was before they started

You could argue "Well, you have an old TV so the fact that the quality of digital actually is better is lost on you." Ok, well, if I had a better TV I would have already been using the digital signal. Since it doesn't matter, I was using the analog signal, which was giving me better service. So the change doesn't matter for some customers, and makes the experience worse for others. To me, that seems like a net negative. Oh yeah, RCN saves some money. Hey, maybe they'll lower their prices since their costs are now decreased! Yeah right, fat chance.

Dear RCN. You wasted my time and made my TV experience worse. I hope you're happy.