America: &%$# Yeah!

img_0021Ashley and I are currently back in Silicon Valley for a quick trip to visit with friends and attend MacWorld. It’s kind of weird to be back – has it already been a year since we left? The time back in Vancouver has given me an opportunity to get a little perspective on the time we spent in the US, and come to conclusions about what I like and dislike about each. But that’s something for a different post – this post is all about the things I missed about the US:

  • Crazy products: It’s an historic time in the US – with the election of Barack Obama, change is in the air, and it’s time to celebrate…with a sweet collectible commemorative plate! Only $20! Comes with a certificate of authenticity! And a warning that you shouldn’t use it to serve food!
  • Sweet tea: There’s iced tea and then there’s sweet tea. Sweet tea is sugar held in suspension by the minimum amount of water possible. It makes my teeth hurt just thinking about it. Two gallons for $5, this week only at Walgreen’s.
  • Carnitas: Technically not an American thing, but I’m not about to travel to Mexico just to get a decent taco. If eating fried pork is wrong, then I don’t want to be right.
  • Bumper sticker politics: Why bother to articulate your thoughts carefully through public speaking or other political discourse when you can say it all with a humorous yet topical bumper sticker? Tell the world how you support John Kerry in 2004!

The “Fab”-ulous Future

I remember my high school got a CNC milling machine – a device that would allow you to feed in 3D drawings over the network for the milling machine to carve out of metal, plastic, or wood. It was revolutionary for the time.

Fast forward to today. We’re rapidly approaching the kind of “fabrication on demand” envisioned by science fiction from Star Trek to The Diamond Age. Already there’s a 3D printer that costs less than $5K and can fit comfortably on your desk. Meanwhile, the Open Source community is working hard to make the same capabilities available for free through the Fab@Home project.

More interestingly, a number of services have appeared online that provide creators with access to sophisticated rapid prototyping capabilities. Offline services, such as TechShop in the Bay Area, provide creators with access to tools. But that is just a stopgap between dedicated hardware, and on-demand online services that print custom objects. Online services such as eMachineShop provide the ability to perform heavy-duty machining to create custom components in a wide array of materials, whereas providers like Shapeways provides the ability to create 3D objects in a variety of plastics. And it probably won’t be long until we see services allowing users to print circuit boards using cheap inkjet technology.

One of the more interesting services I’ve seen so far has been Ponoko, which allows creators to use laser cutting to punch out shapes in cardboard, felt, wood, metal, or plastic. While this service is slightly more limited, given that it can only create 2D shapes, it has a unique ability to create objects from photos – no CAD software required.

As these rapid prototyping services have come online, many have incorporated a marketplace for creators to sell their wares. Which begs the question: how long until we see a clandestine trade develop around electronic blueprints for common goods that can be cheaply manufactured using these services? The “Napster of Things” can’t be too far behind…

Ginger Pride

Following on the heels of the “National Kick a Ginger Day” outrage last week, I had two people in as many hours ask me if I’d been affected (specifically, had I been kicked). I responded, if a little curtly, that I had not been affected because I was a 33-year-old man, not some child attending elementary school.

Looking at some of the public commentary on the “National Kick a Ginger Day”, I have to wonder: doesn’t anyone remember getting teased as a kid? It’s all part of growing up – kids need to learn to deal with it. It’s not like the kids were being held at knifepoint and forced to snort meth. Society’s insistence on wrapping children in bubble-wrap these days is getting a bit annoying. A little perspective is required.

Sure, as a red-haired child I had my share of teasing as a kid – but, in all honesty I can’t really remember any of the insults. Carrot-top? That’s about as specific as I can get. I do, however, recall one hilarious/embarrassing episode of my childhood in which the color of my hair figured prominently.

In grade five, I had a particularly stern teacher, Mr. Leschuitta. He was a real hardass, the kind of guy that would given you push-ups as punishment. Truly, he missed his calling in the military. This was, of course, the last guy you want teaching sex-ed. I think you can see where this is going…

The day of sex-ed, the boys were separated from the girls, with the boys going with Mr. Leschuitta to watch a film strip that inevitably raised more questions than it answered (for those of you who don’t know: I went to a Catholic elementary school – enlightening children on fornication isn’t really their forté, unless you count the priests). In the Q&A following the film strip, one of my friends, Ian Colgur, timidly raised his hand and bravely asked a question on the topic of pubic hair:

Ian: So, uhm, is all pubic hair black?

Mr. Lescuitta: No, generally your pubic hair is the same color as the hair on your head, although in some cases it may be darker…

For a moment, this answer satisfied the class. And then, you could almost hear the implication of this pubic revelation snapping into place for the class. And all eyes in the classes swivelled to focus on me. After an awkward pause, the entire class burst into laughter, myself included.

Sigh. Good times.

The teasing aside, I’ve always viewed being a ginger (rhymes with ‘singer’) as something unique, something that made me special. When you’re part of a class of students with three different kids named Chad, two kids named Robert, a girl and a boy both named Chris, being different didn’t really seem like a bad thing to me. Plus, there were cool ginger role models, my personal favorite being Tintin.

It’s all in how you look at it.

Not a few days before the whole “National Kick a Ginger Day”, a VP of Development from a local software company asked me how I might handle a C-level executive who may view me as a snot-nosed 25-year-old. A friend later attributed this misjudgment of my age to my red hair. In the conversation with the VP of Development, I ignored the slight, choosing to instead attribute his misjudgment to my youthful looks.

I suggest everyone do the same with this silly outrage over this incident. Ignore it. Worry about the things that are really doing damage to kids instead of nonsense like this.

Terrorist Attack in Mumbai: Personal Connection

This story about a local Vancouver connection to the terrorist attack in Mumbai is simply amazing:

Vancouver-headquartered Live Current has a huge stake in India with their Cricket ventures and staff visit Mumbai often. This week President & COO Jonathon Ehrlich and Chief Revenue Officer Alex Chamberlain were visiting and got caught in the crossfire.

Here’s the crazy bit: a couple months ago, I talked with Jonathan about contract opportunities at Live Current and he mentioned he might need someone to go to India. I didn’t hear back from him on the opportunity – and, with this latest news, I’m kind of thankful I didn’t.

Google’s SearchWiki Goes Live

Sometime in the last couple of minutes, Google turned on some new UI in search results:

Example SearchWiki UI

Example SearchWiki UI

This is, apparently, a new way for users to personalize Google search results:

“SearchWiki allows you to reorder, remove or add notes to specific web search results so that the next time you do the same search, you’ll see the customized result set that you prefer.”

TechCrunch (Mr. Arrington in particular), has the details on this new feature. Seriously, does anyone at TechCrunch even sleep?

Will Patent Feuds Scuttle Android Developers?

Recently, the technology press has been aflutter with coverage of Google’s newly released Android mobile operating system and the first Android-enabled commercial handset from HTC being offered by T-Mobile. Much of this coverage has focused on Google’s ZXing barcode recognition SDK, a software library that turns an Android-enabled cameraphone into barcode scanner. Barcode scanning-enabled applications, such as Compare Everywhere (formerly called Android Scan) were among some of the most interesting winners of the first round of the Android Developer Challenge.

Unfortunately, many of these developers are ignoring the existence of key patents related to use of cell phones as barcode scanners that may ultimately doom their application. Several firms, including Neomedia and Scanbuy, have received patents on accessing content by taking a photo of a barcode with a cell phone, or linking physical media to information on a network using an mobile device. Are these patents defensible? Probably not, as they likely fail the requirement that an invention be non-obvious to someone versed in the state of the art.

Whether or not these patents will withstand judicial scrutiny in the long term is inconsequential. The patents have been issued and in the short term their owners will undoubtedly attempt to use them to extract funds from Android developers that build on top of ZXing to create barcode scanning-enabled mobile applications. Those that have managed to create an application that generates revenue will have to choose between paying up, folding, or taking the fight to court. I happen to know that some of these same patent holders have attempted to shake down other, non-Android, mobile application developers aggressively in the past.

What’s especially interesting is that this is an issue that Google appears to be carefully and studiously ignoring. While the EFF has been attempting to bust down some of these patents, that won’t be good enough in the short term. Until those patent hurdles are removed, developers will need to realize the risk that they may be facing by building on Android and the ZXing library.

Your Government: Powered by Google

Department Of Homeland Security LogoIn a recent short story, Cory Doctorow imagined a world in which Google powers the US border and immigration services. That world conjured up a new term: Scroogled. As nightmarish as the prospect of any fictitious world that can be conjured up by a bastardized compound of the words “Google”, “scrutinized”, “screwed”, it’s not quite as bad as the reality I came across over the last two weeks.

I recently realized I needed to fill out some paperwork to maintain my US permanent resident card. I found the form online, filled it out, and then realized I might actually need to still be in the US in order to submit the form. Something about the US government wanting my bodily fluids I think, and not in a good way.

I was pretty sure the US government already had every scrap of biometrics on me that it could possibly ever need, but rather than blindly submitting the form, I went to the US consulate in Vancouver to see if I could get a definitive answer. Except, apparently, customer service isn’t what a consulate provides, even if you are a legal US resident. The guards at the consulate gave me a 1-900 number to call for information.

Wait…the US government uses 1-900 numbers? Aren’t those those reserved for televangelists and phone sex lines?

Apparently not. For the low-low price of $1.89 a minute, the US government will answer your questions about the absurdly complicated world they created. Hooray! It’s like being stuck in the movie Brazil, but without a British accent to make those whole experience appear polite. But the results were just as comical:

Me: Hi, I’m trying to find out if I need to be in the US to file my I-131? Does that apply if I’ve already got a permanent resident card?

Customs: An I-131? What is that?

Me: It’s a re-entry permit.

Customs: Oh, sorry – we only handle visas on this phone number…

Me: I guess it’s a type of visa…it lets me get back into the country.

Customs: …yeah, we don’t handle that type of visa at this number. Have you tried the US consulate?

Me: Yes. They gave me your number.

Customs: Hmm…well, you know what you might try? Why don’t you Google it?

Google it? Two bucks a minute to be told the answer is on the Internet? What. The. Hell.

At least the guy gave me two other phone numbers to call – one at Vancouver Airport, and the other at the Niagara Falls border crossing. No one picked up the phone at Vancouver Airport, but at the Niagara Falls crossing, I had an eerily familiar experience:

Me: <same as above>

Customs: Hmm, I don’t really know about the I-131.

Me: Well, I’ve tried the US consulate, they gave me a number, and the guy there gave me your number. Any other ideas where I can find out about this I-131?

Customs: Well, why don’t you try the Interne–

Me: <click>

Last month, The Atlantic posed the question: is Google making us stupid? I think we have our answer. Rather than turning the US into a pseudo surveillance state as Cory Doctorow envisioned, perhaps the reality is worse: a government that is so inefficient and ill-informed that it relies on a search engine to provide its citizens with access to their own government.

MBTA Shows MIT How Security Disclosure Really Works

The Massachusetts Bay Transit Authority (MBTA) had a problem last week – a group of students were prepared to deliver a presentation at Defcon, a high-profile security conference, on vulnerabilities they had identified in the transit card system employed by the MBTA. In a vain attempt to suppress this information, the MBTA filed an injunction filed to stop the presentation. In doing so, the MBTA filed this document in their court documents, and provided far better disclosure of the vulnerabilities (see Exhibit 1) than would have been provided by any such presentation.

While I disagree with the actions of the MBTA, if they really wanted to quash the disclosure they could have at least tried to do it right. There can only be one of two possible conclusions: they didn’t really want to quash the disclosure but had to appear to do so for political reasons, or they’re incompetent. Does no one on the MBTA legal team realize that filed court documents are public records? And readily available on the Internet? No? OK then, you’re fired.

On a related note, I learned a new term: the Streisand Effect.

(Incidentally, I don’t see what the big deal is about this vulnerability. When I was in university, we were cloning our university the pre-paid printer stored value cards using only blank audio tape and a piece of Scotch tape. It’s not rocket science.)

“Security error accessing url” in Flash 9,0,124,0

Adobe FlashIt appears the April update of Flash Player’s security policies have some implications for Amazon’s web services. Per the release information, it appears that is is no longer sufficient to have a crossdomain.xml file that contains <allow-access-from domain="*"/>:

In order for a SWF to send a header anywhere other than its own host, the origin domain of the SWF must have explicit permission from the host to which the header is being sent, in the form of a policy file. The existing policy file model will apply, with the same file locations and ActionScript APIs, but a new syntax will be required. To specify header-sending rights, use this new tag: <allow-http-request-headers-from>.

Without such an entry, whenever you use the WebService tag in MXML to access an Amazon web service, you’ll get the “security error accessing url” message. I currently have this problem with the following use of WebService tag:


This code functioned without issue until I updated to Flash Player 9,0,124,0. I’ve started a thread on the Amazon Web Services Developer Connection, so hopefully someone at Amazon add the appropriate <allow-http-request-headers-from domain="*"/> entry into the crossdomain.xml file at to address this problem.

Hopefully this post saves some people a few hours of beating their heads against a wall. Unless I’m totally mistaken, and there’s a workaround that doesn’t involve using a proxy?

US Border Laptop Search Policies Are Scary

The Department of Homeland Security has revealed its laptop search policy. According to the Washington Post:

Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.

Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement.

I totally saw this coming once the Ninth Circuit ruled border searches of luggage legal – and the Canadian Border is following the DHS’ lead. It was only a matter of time, as I predicted, before they argue that they need the capability to copy or retain data.

This should scare the bejeezus out of Canadians and Americans alike. The border services are notoriously incompetent, and it is inevitable that laptops and data will be lost. As a result, sensitive corporate or customer data will be compromised, identities will be stolen, competitive advantage will be lost, and a host of other consequences will be incurred.

What I find mind-boggling is that Senator Feinstein “intends to introduce legislation soon that would require reasonable suspicion for border searches”. In other words, to re-affirm that the fourth amendment of the US Constitution does apply at the borders. Talk about cat and mouse.

There’s one additional implication for Canadian companies now that this policy has been clarified. Under PIPEDA, companies must safeguard Canadians’ personal data. This has lead to many services, such as those storing Canadians’ health data, to be moved off of US servers due to the wide-sweeping powers of investigation granted under the US Patriot Act. The implication of this new laptop policy is clear: companies operating in Canada must not carry Canadian customer or employee data on laptops to the US.