Nolisting

Nolisting is a spam fighting technique that works by listing an unavailable MX as the highest priority (lowest MX value) mail server. The idea is that any proper mailer will detect the unavailable MX and automatically retry the next highest priority MX record.

On Feb 7th, 2012, I dedicated one of my IPs to the job of not listening for SMTP traffic, set up a host record, and then configured a few mail domains with my faux MX as the highest priority.

On March 5, I removed the faux MX records. Over the course of a month, the half dozen users of these mail domains had all experienced the loss of valid mail and noticed. Undoubtably, they lost more valid messages than they noticed.

Before I removed the faux MX records, I did some sniffing of the SMTP traffic hitting my faux MX. During observation, most of the failures I witnessed were being sent by an application written using JavaMail. Apparently it’s popular with banks (for sending account notifications), news organizations, and online photo processors.

Which mobile phone carrier?

I have 4 lines with AT&T and am less than pleased. While data speeds are excellent, any call longer than 20 minutes will drop at least once. Coverage at my house is poor. AT&T’s voice quality is poor and has been for years.

My other major objection is their unlock policy. While AT&T will finally unlock iPhones after their contract is up, that still requires that I keep a 2-year old phone around for international travel. While exploring my options, I put together this TCO (total cost of ownership) comparison chart of the major US carriers (AT&T, Verizon, Sprint, T-Mobile) and a few resellers.

Mobile Phone Plans

The larger PDF also compares plans from Cricket, Virgin, and Ting. Pricing is shown for each plan with 1, 2, 3, or 4 phones.

Notes:

  • The One Time Net value assumes the value of an iPhone 5 in two years is $250. If you purchased an iPhone 4 two years ago, that’s about what your handset is worth today.
  • Ting with 3,000 minutes looks outlandish, compared to 1200-1,600 for everyone other plan. That’s because Ting and Virgin have no nights-and-weekends, or mobile-to-mobile. I looked at my past 12-months phone bills to determine how many minutes we’d need.
  • An excellent related post, Which iPhone 5 for a Global Traveller

Adventures in legacy software

Today I opened M.Y.O.B. accounting files from 1999-2001. The files cannot be upgraded because they experienced some data corruption. The only way to access the files is to run the versions of M.Y.O.B. that they were created with.

The solution was to run Mac OS 10.6 inside a VM, which unfortunately, is a violation of the Apple EULA for Mac OS 10.6. Oops. The reason for using 10.6 is that it’s the last version of Mac OS X with support for Rosetta, the PowerPC emulator that lets Mac OS X apps written for PowerPC run on newer Macs with Intel CPUs.

Rosetta allows AccountEdge (the versions of MYOB written for Mac OS X) to run, but one of the files I wanted to access was from 1999, and it requires MYOB Accounting Plus v9, which is a classic application. For that, I turned to SheepShaver, a Mac OS Classic emulator, running Mac OS 9 within the 10.6 VM.

In summary, the solution was to run two emulators within a VM. With that, I’m able to run every version of MYOB within a single VM.

I also have a VM that runs AppleWorks, for those rare occasions when I stumble across a very old file that I would like to upgrade to the latest version of AppleWorks, so that I can further upgrade it to something that’ll run on Mac OS X Lion.

Also, since I couldn’t find one online, I also created a table of the MYOB versions, their marketing names, release numbers, and year of release.

Name Version Release DB ver. Year Company
MYOB 5 5.0.8 5 1994 Best! Ware
MYOB 6 6.0.1 1996 Best! Ware
MYOB 7 7.0.3 7 1996 Best! Ware
MYOB Plus 8 2.0.5 2 1999 Best! Ware
MYOB Accounting Plus 9 3.0.4 3.5 1999 MYOB LImited
AccountEdge 1 4.7.0 2001 MYOB Limited
AccountEdge 2 5.5.3 2001 MYOB Limited
AccountEdge 3 6.5.3 2002 MYOB Limited
AccountEdge 2004 4 7.5.0 2003 MYOB Technology Pty Ltd
AccountEdge 2008 8 12.0.6 2008
AccountEdge Pro 2012 12 16.1.4C 2012 Acclivity Group LLC

 

Scale is hard: gmail edition

Sometime on or about August 8th, IMAP access to Gmail stopped working for me. I don’t depend on Gmail so I ignored the error messages for 6 days. Then I simulated an IMAP session and was able to authenticate to Gmail, but after that, all IMAP commands timed out. So I looked to the Google Apps Dashboard which reported that everything was fine. Lies. Then I found the Gmail Known Issues page where I found this:

We are aware of an issue where users are receiving an error that ‘”imap.gmail.com” is not responding’ when using IMAP on their computers, mobile devices, or tablets. We are currently working on resolving this issue.

In the meantime, you can sign in to Gmail through a web browser. For Android and iOS users, you can also download the Gmail application in the interim.

Then I found the Gmail Forum within the Google Product Forums where many other users were reporting this issue. What I find interesting about this failure was that it took 7 days before my account access was restored and many users are still affected, 9 days later.

 

Mobile mapping isn’t good enough

Today I confronted a limitation of Google Maps. I’m in Buena Park and I need to be in downtown LA around 8AM. Last night, I consulted Google Maps on my iPhone for planning purposes. It answered 31 minutes. I also checked in a browser on my laptop, in case a feature existed that would let me choose a departure or arrival time that accounted for Monday morning’s typical traffic. There is no such feature.

Because of LA’s infamous traffic, I gave us 2 hours to assure we arrived on time. I also consulted Google Maps at 6:00AM when we departed. It offered up 38 min with traffic accounted for. I checked again after arrival and Google Maps predicts 55 minutes. The actual time: 77 minutes.

Perhaps the Google Maps time estimates are typically reasonable in typical cases and LA traffic is an edge case that is poorly handled (as I learned several times in the past week). However, I think this is a limitation of how Google calculates traffic times. It only accounts for traffic as it is at this moment. It doesn’t account for the typical traffic patterns that predictably recur on given days of the week.

This is where other competitors such as Waze and hopefully the new iOS maps app can offer a significant advantage by mining crowd sourced data to make much better predictions. This is almost certainly something we’ll see in a future version of Google Maps.

Microsoft Introduces a Challenger to the iPad

http://www.nytimes.com/2012/06/19/technology/microsoft-unveils-a-tablet-to-challenge-the-ipad.html

Another quarter, another iPad competitor. But the headline is misleading. I watched the announcement. Microsoft didn’t introduce anything. They merely announced the Surface. This one had better be good, Microsoft is running out of marketable words to name their tablet attempts.

The keyboard idea is clever. It’s original. It might even work. It will take up less space than my iPad plus bluetooth keyboard. But is it better?

Ballmer has been watching Apple product introductions. He was trying hard to channel Steve Jobs. The hushed invites. The buildup music. The decor of the stage and slides. The introduction and invites. The structure of the presentation. The lack of PowerPoint looking slides. The Jonny Ive inspired “design” video. Microsoft is trying really hard to be like Apple.

They talked about the Surface and the ability to do all our Windows tasks on it. But they didn’t actually demonstrate the tablet doing any of them. Lots of talking and hand waving. Here’s the NetFlix screen, here’s the, oops, hang on while I grab another tablet. What? A crash during the announcement? That’s not the part of Windows we want you to bring to the mobile computing world Microsoft. Sad, sad, sad.

They let journalists touch them afterwards. For 90 seconds. With the power turned off. No typing on the vaunted keyboard. If these products worked even modestly well, you can bet they’d have been showing them off, like Apple did at the iPad announcement.

The announcement reeked of desperation. They announced a product so buggy it can’t survive a live demo. It may ship in the 3rd quarter, but Microsoft isn’t known for nailing their ship dates. There’s no pricing, likely because they’re having trouble sourcing components in quantity, because a certain dominant tablet maker owns the tooling and factories that create all the hi-res tablet displays. They have zero third party apps optimized for a tablet, and little enthusiasm from mobile developers. They are paying developers of popular 3rd party apps to port them to Windows Phone 7.

The saddest part of all this is the powerlessness at Microsoft. Back in the 90’s, I recall Microsoft product announcements instilling a sense of doom in anyone competing in a market. Competitors scurried. Projects and sometimes products were cancelled at the mere announcement of a Microsoft initiative, because competing with Microsoft was certain death. Now Microsoft makes an announcement and it’s just sad. Memories of greatness are replaced with memories of PlaysForSure and Zune trying to compete with the iPod. Then the Danger fiasco, the Kin disaster, and the underwhelming Lumia trying to complete with the iPhone. Then there’s the list of Windows powered tablet flops, crowned by the HP Slate. It’s just sad.

What I find most telling is that Microsoft and Google have both publicly confessed that Apple’s integrated approach is best. The modular solutions they previously championed (hardware from them, software from us) are not good enough. Google bought Motorola and will soon announce its own hardware, and now Microsoft has announced their own.

I think it’s premature to declare the Surface an iPad challenger. But one thing is for sure, it’s going to get even tougher for HTC, Samsung, and LG to complete in the mobile computing race.

Flashback and Mac OS X security

I’ve had several people inquire about the security of their Mac, particularly since the media began exploiting the Flashback trojan with sensational titles and coverage that I refuse to link to. If you want a good summary of the Flashback trojan, Macworld has an excellent writeup: What you need to know about the Flashback trojan. As for what you should do, read on.

We need to remember that absolute security is impossible to attain. Safety and security are more accurately described in degrees. What we mac users are accustomed to is a greater degree of security than other PC users. So long as we employ a bit of caution when downloading, we can surf the big bad internet with very little concern.

That’s not so say we’ve had absolutely nothing to worry about. Every year, there’s been an exploit or two and the page view generators declare that “The Mac is no longer secure.” Never mind that no platform is secure. Such facts do not generate page views. Here in reality, we Mac users have seen three primary vectors of security exploits on the Mac platform: QuickTime, Flash, and Java.

  • QuickTime: There have been quite a few QuickTime exploits, often as the underlying open source applications discover and patch exploits. Apple has been pretty good about getting these patches applied and pushed out to users quickly. Software Update is easy to use so most users see and install these updates.
  • Flash: Flash is the gift (to those with malicious intent) that keeps on giving. For a while, it seemed that Flash Player needed to be updated every week to remain secure, where by secure we meant it had no known vulnerabilities. A few years back, I realized that nothing I cared about required Flash, so I manually deinstalled it. John Gruber has a few tips for going Flash free. The benefits I noticed from disabling Flash were the disappearance of animated ads, faster page loads, greater battery life, and a cooler laptop. I was pleased when Apple shipped Lion without Flash and Java. With Flash use on the decline, the internet is already a better place.
  • Java: For the same reason that Java is popular in enterprises (write once, run anywhere), Java is popular with malware authors. Apple has a history of slow Java updates which you can read about at Macintouch. The short version is that just like Flash, Java updates on the Mac require cooperation with a third party (Oracle, and previously Sun). That often delays the release of new features as well as security fixes for Java on the Mac platform.

The only web site I use that utilizes Java is one bank, and it uses Java only for its online check deposit feature. Since I rarely use that feature (there’s an App for that), and having Java enabled poses real security risks, I have little reason to have Java enabled in Safari. Apple has made it very easy to disable Java: Safari -> Preferences -> Security -> Enable Java and click that checkbox off. I recommend that everybody does the same. It is comparably easy to disable Flash and Java in FireFox, Chrome, and Opera. Doing so inoculates you from nearly all internet nasties.

In summary, Mac users can continue to eschew antivirus software and still remain reasonably secure, so long as we employ three basic precautions: apply security patches that Apple releases, disable Flash, and disable Java. This is the way it has been for years. The thing that has changed the most regarding Mac security is that now it’s easier than ever to live without Flash and Java.

Green built houses

With house prices and interest rates low, we are considering homeownership again. We have looked at hundreds of houses in the past year and found a half dozen that we really liked. What we haven’t found is a house we like at a price we like.

In 2011 we learned about three standards in the green building industry:

  • Passive House: limits household energy consumption to 120 kWh per cubic meter. A Passive House is very efficient and there are tens of thousands of houses built to this standard in Germany, Scandanavia, and Canada.
  • Net Zero: consume zero energy and zero carbon emissions annually.
  • Energy Plus: produce more energy annually than is consumed.

In 2011 we attended several green energy festivals. We toured a couple Passive Houses and the only Net Zero homes in the Puget Sound area. The cost of getting to net-zero is 15% more than building a traditional home. Our goal is to get as far as we can towards net-zero. A net-zero home has a monthly gas and electric bill of $0. Getting to net-zero requires reducing energy consumption through:

  • an efficient building envelope (super insulated, tightly sealed, oriented for beneficial solar gain)
  • highly efficient fixtures and appliances (LED lights, induction cooktops, solar water heaters, heat pumps)
  • a heat recovery ventilator (recover heat from ventilation air before exhausting it)

The other ingredient required to achieve net-zero is energy production. Solar has long (at least since the Chinese & Greeks oriented their buildings to face the winter sun 2,500 years ago) been the first answer for harvesting energy. Until the 1970s, the best available technology was exposing internal masonry to the sun. The thermal mass of masonry would warm up in the day and then give off the stored heat at night.

Using solar exposed masonry is still an excellent and highly efficient way to collect heat. The obvious limitation is availability of sunshine, which is often meager in Seattle’s heating season.

Retrofitting an existing house to achieve green building standards is more complex than building the house well initially. This has made choosing a house more challenging. I desire the ability to retrofit a house up to at least the Passive House standards. Some house designs make this more challenging than others. For example, I can’t easily change the orientation of a house to capture beneficial solar gain. Generally, houses are sited for the convenience of the builder rather than the long term benefit of the occupants.

In the meantime, we aren’t waiting for a new house to be more environmentally aware. We have reduced our household waste to less than one kitchen bag per week. The majority of food waste is diverted to my compost pile and the rest is recycled. I have replaced all our household lights with LED bulbs. In areas where lights were typically left on, I installed motion sensors with timers. We have a hybrid Ford Fusion and a Nissan Leaf, greatly reducing our gasoline consumption.

Deposit checks to EverBank with a ScanSnap scanner

I have a bank account with EverBank. They have a feature that enables check deposits from home. It uses a Java applet that runs in the browser. The applet includes a scanner driver that directly controls any TWAIN compliant scanner. The general idea is that a customer will go to their web site, log in, turn on their scanner, click the “make an online check deposit,” and then the Java app will scan and upload the image.

That scenario doesn’t work for me because my ScanSnap document scanner is not TWAIN compliant and likely never will be. So I contacted EverBank and their support staff “changed” my account so that it runs a different Java applet. Instead of controlling a TWAIN scanner, it accepts two scanned JPEGs. Once the changes to my account were completed, I tried using the feature and got this error message.

There’s two straight forward ways to tackle this problem.

  • Do as they suggest and select 32-bit Java. Run the Java Preferences app in Applications / Utilities. Reorder the list so 32-bit Java is first. This works, but it means that all Java apps will run 32-bit instead of 64-bit.
  • The other workaround is to set one web browser to run in 32-bit mode and always use that browser for online banking. Since I rarely use FireFox, I set FireFox to run in 32-bit mode and it worked as expected.

Then I set up a new ScanSnap profile for scanning checks. I named it “EverBank” and configured the following options:

  • Application: Scan To File
  • Image Quality: Best (slow)
  • Color Mode: Color
  • Scanning Side: Duplex
  • File format: JPEG
  • Paper size: Auto
To deposit a check, I switch to the EverBank profile, scan the check, and then choose the resulting files in the Java applet. It works.

Minivan + kids + interior lights = dead battery

Our family vehicle is a Honda Odyssey. The dome lights are toggle switches. Push the light, it’s on. Push again, it’s off. There’s no visible way to tell which position it’s in. If a child pushes the light and it gets left on, the next morning we have no minivan until after a date with Mr. Battery Charger. Since the kids were able to reach the dome lights, we’ve been vigilant. There are ways to be vigilant. We’ve tried:

  1. Exit the vehicle. Close all doors. Lock with the remote so interior lights turn off. Peer inside to see if any lights are on.
  2. Disable interior lights entirely with switch on dash.
  3. Re-enable interior lights, but forbid children from ever, ever, ever touching the light switches.

The third solution works most of the time. On Nov 3rd, I gave some neighbor kids a ride home from school. When they got out, one of them pushed the light switch to turn it off. The lights don’t turn off when the door is opened, so nothing happened. The child exited the van. Having trained my kids not to touch the switches, I didn’t perform #1. On Nov. 4th, we biked to school while Mrs. Odyssey and Mr. Charger hooked up.

On Nov. 5th, I found this post on the OdyClub site, detailing the LED bulbs another Honda owner ordered from China and installed in his Odyssey. I paid $28 for the following ten LED bulbs, shipped: (1) 51109, (4) #51002, (2) 35725, (1) 34641, and (1) #34608. When they arrived a couple weeks later, I installed them in about 15 minutes.

Last night, both kids were reading books on the ride home from swim classes. Both kids left their interior lights on. Both parents failed to notice. This morning, I opened the garage and saw the lights on. I smiled. When I got in, the van started. Mission accomplished.