Poojan (Wagh) Blog

So, I’m basically making this post so I can share with friends/family. In this post, I will explain what I do for managing passwords, including two-factor authentication (2FA), and give some options for getting 2FA. Before I do that, I will explain how I got to the conclusion on what I am using.

For those that don’t know me, I am not a security expert. You should do your own research (and maybe consult the security experts out there). I could be wrong about some of my conclusions. And more generally, what might work for me might not work for you.

Also, the scope of what I explaining here is only for my personal accounts. My company (and most out there) has an IT policy for work accounts.

You can skip past the Intro, if you don’t need convincing on why reusing passwords is insecure. Also, I put my recommendations right up-front in the Bottom Line section, if you don’t want to read the whole article.

I recently went back on my previous decision to avoid B&N. There prices on audiobooks were pretty good (compared to both Audible and eMusic). So, I bought this (note the Amazon link):

Read the rest of this entry »

Google Chrome seems to have a bug in its rendering of SVG files. Here’s what it looks like:

Here’s what the same files look like under Firefox:

The HTML file I used to test this is:

The embedded SVG file is:

I’m basically trying to support MathML with SVG as a backup over at the circuit design site. I guess the 7% of visitors that use Chrome will have to deal.

Update 2010-1-3

I’m back to using Barnes & Noble. Every now and then, they have an ebook or MP3 audibook that’s way less than either eMusic or Audible. Also, I do know to look out for the WebLoyalty (etc) pitch, so it doesn’t bother me as much now.

Original Post

I’ve been pretty happy with Barnes & Noble as an alternative to Amazon. I just bought What Got You Here Won’t Get You There: How Successful People Become Even More Successful and unfortunately found the following link to Webloyalty

Sigh. I have a hard time leaving Barnes & Noble; their discounts are good, but I’m afraid I might have to because of their affiliation with Webloyalty

It’s clear that ClearWire’s software gives the user a better 4G experience than Sprint.

I’ve been using Sprint’s 4G for almost a week. As I posted before, I didn’t particularly like their connection software popping up their start page every time I connected to their 4G network–especially since I had to connect several times on my train ride into the city. Don’t get me wrong, the Sprint SmartView software will auto-reconnect (although I’m still not sure how I got it to do so) in the background if your 4G signal gets dropped–except every time it does so, there’s the sprint start page again, completely interrupting your work.

I coworker had issues installing SmartView on his Windows 7 64-bit machine. (I’m running 64-bit Vista right now.) He read somewhere that ClearWire’s software will install on Windows 7. Since Sprint and ClearWire are the same 4G network (Sprint divested/invested in ClearWire), the software should work. So, I happily installed ClearWire’s software trying to “upgrade” from SmartView.

It didn’t work. What’s worse is that SmartView refuses to function. Even after a complete de-install/re-install. Even after deleting sections of the windows registry, and the Sprint sub-folder in my %APPDATA% folder. (For those of you who don’t know what registry and %APPDATA% are, be thankful, and just realize I was taking desperate measures to cope with broken software.)

As it turns out, one of our IT guys told us that the 32-bit version of Clear’s software seems to work with Sprint’s 4G network (meaning, it authenticates under a Sprint 4G account–Clear and Sprint have the same network). However, the 64-bit version doesn’t. That didn’t help my Win7-64 friend and I.

What did help immensely was this post at the sprint forums. This guy “manned up” and modified the Clear software so it’ll connect to the 4G network using a Sprint account:

And it worked for me! So, no more trying to get SmartView running again. This software is way better. It’s much smaller and less intrusive. Its default install automatically reconnects when the signal is dropped. It has more updated drivers, and it supports 64-bit Win7. It’ll connect using either the 4G or the 3G modems built into the U300 (which Clear also sells).

The lesson learned here is that Sprint is distracted by 4G. It’s not their main thing. They’re supporting a bunch of other devices, and they don’t invest as much in their SmartView software. However, 4G is all ClearWire does. It shows in their software’s usability.

Just an FYI: there are no guarantees to any of this working for you. Also, the buttons on the clear software “my account”, “my usage”, “my local” won’t work for me because I don’t have a clear account… but that might change.

ClearWire also supports the built-in Intel WiMax radio inside my Lenovo T400. So, I’m going to try out their service as an official subscriber. That means I give up connecting using 3G, but that’s not so bad. It’s almost worse to have the 3G backup, because your 4G connection will imminently drop, the software will connect you on 3G, and you’ll be stuck on 3G unless you manually reconnect to 4G. Also, the U300 works better with a proprietary Y cable (supplied by Sprint/Clear) that allows for more power; it’ll be nice to not have to worry about that cable.

Incidently: if you connect to Clear’s network (using Intel’s proset WiMax utility), you’ll get an offer for a 30-day free trial (until the end of the year)—which you won’t see on their home page or anywhere else. So, it pays to just try to connect and get the offer. You do have to agree that they get to send you emails during the 30-day trial period. I’ll post a follow-up with how ClearWire’s service looks (as an official subscriber), but for right now, I’m much more impressed with ClearWire than with Sprint.

I’m taking the train along Metra’s Milwauke District West. Here’s a test close to the Elgin Station:

That’s right: 5 Mbps down and 1 Mbps up. Except that by the time I reached the next station, the 4G was disconnected. I can’t say that this is due to Sprint’s 4G network, due to their software, or if it’s due to my laptop. Regardless, it’s annoying. I do have a couple firmware updates to install, though. I tried doing it last night, but I’m not exactly sure how to (the button to update didn’t seem to do the job.)

Another thing that’s annoying? After I reconnect, the Sprint Smartview software opens Sprint’s web site in my browser. This is mildly annoying when I have firefox up (it just adds another tab). However, it’s absolutely intolerable when I don’t, because I just want to get back to work, but instead, all of a sudden, firefox pops up with:

I’ve been looking for a way to stop SmarView from doing this, but I haven’t found it yet. Incidently, I had to reconnect twice while writing this post.

OK: make that 4 times. If anyone is wondering, I’m using the U300 (can’t tell if it’s Sierra Wireless or Franklin) modem. It supports both EV-DO and WiMax. It does not automatically hand over. I’ve also tried getting SmartView to auto-reconnect to WiMax, but that doesn’t work either. You have to manually reconnect when disconnected.

I’ve been upgraded to Sprint’s 4G WiMax. I’ve tried it for all of 10 minutes. The connection (coming out of downtown on the Metra) was a little spotty. I keep getting disconnected. It’s unlikely but possibly the fault of my laptop (the Lenovo T400 seem to have trouble holding a WiFi connection, but AT&T and Sprint 3G mobile broadband seem fine). Anyway, here’s the speed test results:

1.047 Mbps download isn’t bad. However, I’m extremely happy about the 657 kbps upload. That’s going to be some good VNC.

A little further out (near the Grand/Chicago stop on the Metra Milwaukee District West line), I got the following:

2.3 Mbps down and 731 kbps up. Nice! Hopefully, the connection holds stable.

I got mad after just completing a purchase with Barnes & Noble. Seriously? They expect to compete with Amazon in the online game? Amazon at least takes security seriously. That’s the very basics of competing online: customers must trust you with their credit cards. Anyway, here’s the rant I sent them:

I’d like to express my gross dissatisfaction with your association with WebLoyalty, Inc.

I noticed it recently when completing a purchase. You certainly know that most of your customers don’t gain any value in the services offered by WebLoyalty. In effect, it’s a scam that they will try to get out of in the near future. Most of your customers will be surprised that they unwittingly gave their credit card information to WebLoyalty through your web site.

If you want to beat Amazon and your other online competitors, customers need to trust your web site. They cannot do so when you present links to sites such as WebLoyalty that are notoriously nefarious [1][2].

[1] http://www.grc.com/sn/sn-207.htm
[2] http://www.consumerwebwatch.org/dynamic/ecommerce-investigation-webloyalty.cfm

I just read New Twitter Research: Men Follow Men and Nobody Tweets – Conversation Starter – HarvardBusiness.org.

A few things strike me about the results:

1. It meets the 80/20 90/10 rule.
2. Twitter is basically a broadcast service–not a one-on-one messaging tool.

#2 strikes me because I’ve always seen myself as an outsider. I’ve always felt that there must be a large contingent of twitter users that use twitter to tell their friends where they’re meeting for drinks tonight.

I’ve told friends that the only thing they’ll get from me on twitter is spam. (That’s a bit facetious: I’d like to think that my blog posts have intellectual value that informing people that they can proffer money in exchange for retail products advertisements do not.) If I were a corporation, they’d be filled with tons of marketing.

I suspected that I’m not getting this utility out of twitter because my friends aren’t on there, sharing in dialog.

What I realize now is that there’s a sort of myth behind twitter: it’s generally being used as a broadcast medium. In that respect, it seems less useful for my socializing: I don’t really care what most of my friends are doing each night in Chicago. I’m not in Chicago most nights. If I have a night available to meet up with friends, I’ve already pre-arranged it.

Incidently, I learned about this post from http://twitter.com/HarvardBiz/status/1995340326

I’ve been thinking about switching from DreamHost to BlueHost. My main reason is price: I’m paying around $10/$9/$8 per month (1/2/3 year term respectively). However, I’ve come across a coupon that causes BlueHost to charge me $5/$4/$4 per month (1/2/3 year term respectively). My DreamHost term expires in June, so I’ll need to either pay month-to-month or sign up for another year.

My difficulty with BlueHost is that you need to pay up-front: there’s no free trial term. I want to lock in this cheap hosting for as long as I can (3 years preferably), and BlueHost will reimburse you if you quit early. But I want to make sure I don’t regret the time I spend switching hosts—and I definitely don’t want to have to undo all my changes sometime in the future. If anyone has any experience with both DreamHost and BlueHost, let me know (in the comments for this post).

Here’s a comparison with the services I’d be interested in:

The “SORT OF” entry under Mail Filtering isn’t merely a pun: I just mean that both hosts provide mail filtering, but they don’t (for example) do custom sieve scripts.

Between DreamHost and BlueHost, the main difference is in off-site backups. BlueHost does not provide them, so I’d have to continue paying Amazon. (I use Jungle Disk’s interface to Amazon S3.) This isn’t so bad: Jungle Disk’s solution is set-and-forget, with very little intervention required. If I decided to use the FTP space that DreamHost provides, I’d probably go with manent. I haven’t tried it in a while, but it looks really good, and they’ve just added a Windows installer.

For SSL, BlueHost is better since they offer a shared SSL site and they offer unique IP’s (required for SSL) for cheaper than DreamHost. I don’t know if BlueHost provides SSH tunnelling. However, if I can use SSL, I don’t need it (I use SSH tunnelling to secure my HTTP traffic.)

I’ll probably stick with DreamHost for now. But, I’ll continue to obsess over BlueHost. If anyone has any information to tip me in either direction, I’d be relieved to hear it.