Been meaning to write something, always too distracted to “do a good job”, as if getting nothing written was a good job. So….

Just now read a Copenhagenize article on bikes and trains saying something I had believed, but had no data to support. They have data. They also point out by example yet another way we do bikes wrong here in the US. Read the rest of this entry »

Biking and cold weather

April 1, 2017

One thing I didn’t understand growing up in Florida was how people could bike in cold weather.  Now that I live near Boston, I do it all the time, and I understand how.  I will share these secrets with you.

The two most important things to know are that you need to shield your extremities (toes, fingers, ears) from cold wind, and that even moderate cycling generates an enormous amount of heat.  Humans are not efficient motors; for each 100 watts we deliver to the pedals, we leave 300 in our legs, to be swept into the rest of our body by our remarkably effective circulatory system. Most people can pedal at 100 watts once they are in any kind of shape at all. The heat isn’t all there right away, so you also have to get used to the idea that rides start “brisk”, but use layers because you’ll warm up.  Wind blocks and sweaters that unzip down the front (as opposed to pull overs) are a good thing because your thighs and torso will be warmest by far. And by layers, I don’t necessarily mean thick ones; it’s easy to overdress for a trip of more than a couple of miles, and then you’re sweaty, in the winter, which is dumb.

Another thing that helps is learning to personally quantify what is or is not endurable.  For example (note, I seem to run warm, especially after ten years of biking in the winter) above 45F, I can ride barehanded, below 45F I need gloves or some sort of a wind shield.  With “baggies” or “pogies” to shield my hands, I can ride barehanded down to 15F (you try it, and if it doesn’t work, you put on gloves).  Without a beard I need to do something for my face below 30F, with a beard I am comfortable down to 20F. It turns out that with a wool long-sleeve T-shirt and a wind block (and gloves) I can endure 40F raining or 20F dry. (“endure” means parts of me may be cold, but not painful, and my torso and legs are warm enough to keep it that way).  I don’t have a lot of experience biking in single digit temperatures, but a balaclava appears to solve the cold-face problem pretty well and that appears to be the main problem; gloves in pogies and two layers of socks handle the rest.  

In order to reduce my risk of being phished or otherwise have my account(s) hacked, I decided to get a Yubikey for my personal laptop. We use them at work, work is paranoid, if it’s good enough for them it is good enough for me.

So I bought a Nano4 and a NEO. I want the Nano4 so that it just stays plugged in by default, and the NEO has NFC so it can talk to my phone and tablet if I am authenticating from there. Both of these come with way more capabilities than I need, but they are the only two keys that can stay plugged in and support NFC.

Those way more capabilities are a problem because they’re all enabled by default. One authentication method that I’m not using is OTP — long press on the Nano4, and it burps a string of characters as if I had typed them. “Long Press” is what you get if your hand rests over your USB port, if it touches your leg, etc. Yubikey made a mistake here; almost certainly, the new customers for this gadget will be people less technical than me, and (more alarming) less technical than the tech support guys at work who hand these out (preconfigured) for our use, who also didn’t have an immediate answer to this question. Nobody’s going to want OTP configured, it’s incredibly annoying.

But, here you are, like me, you have your shiny new Nano4 and it does this annoying thing. How to fix? You need the YubiKey NEO Manager.

It has a window that looks like this, when you start it with your new YubiKey (NEO or Nano4) the “Change connection mode” button will include “OTP”. It’s pretty obvious from here: click the Change button, deselect OTP from the options presented, follow instructions (the key has to be removed and inserted) and you will be done and none of the U2F associations you’ve already made will be bothered (i.e., it will work exactly the same except that the annoying OTP typing burps will be gone).

If you don’t need NFC, or don’t need the key always resident in the laptop (that may have been a mistake; we use them several times daily at work, but I don’t for my personal account) you can save money and avoid this by instead buying a FIDO U2F Security Key. U2F is what Dropbox and Gmail use. I’m still working on figuring out how to not use text messages to my phone, since some of these services require both phone (which can be socially hacked from your provider, though that is well beyond normal phishing). One choice for some accounts is Google Authenticator (for a Mac); to use it requires physical access to the phone, not the account.

I would add, that at this point I feel a need to draw myself a graph of services and authentication methods and password managers (that can store data in the cloud on these services) to be sure that my access protection is “just right” — not so weak that it’s trivially hacked by phishing, not so strong that if I lose a single phone or key I am screwed.

Other stuff I use to help secure my laptop: Little Snitch (intercepts network connections) and Little Flocker (intercepts file I/O — i.e., ransomware). These tools are very annoying for normal people.

E-bike owners survey

November 15, 2016

I’m writing an article on e-bikes for the Belmont Citizens Forum,
so I need information from e-bike owners.

I don’t own one; I ride a cargo bike, so I don’t have any first-hand experience.

I’ve the questions here so that people can answer them in the comments, and so that they can send the link around to other e-bike owners.

I’m most interested in feedback from people in the Boston metro area, but feedback from other areas helps, especially if you can provide contrast with Boston (e.g., it’s hilly in West Virginia, it’s very snowy in Buffalo, it’s hot in Houston). If you prefer not to answer in the comments, you can mail them to me at dr2chase@mac.com.

  1. What motivated you to try an e-bike? Was a hill too steep, or a commute too long, or were kids too heavy, or did you need to arrive at work not too sweaty?
  2. Have you had your bike for long? Is it reliable?
  3. What kind of bike is it? (for example, Pedego, Specialized, or some brand of electrified cargo bike?)
  4. Can you describe how you use your e-bike? That is, do you ride for fun, or for commuting and errands? Do you ride every day, once or twice a week, or less often? Are there hills or long distances involved? Do you carry heavy loads, or children?
  5. How does the e-bike help this?
  • May I use your name or initials in the article?
  • May I describe your situation in some detail, rather than general terms?
    For example: “AR commutes year-round from a steep hill in Belmont to Kendall Square in Cambridge, carrying two small children in a ButchersAndBicycles tricycle to drop off at day care along the way”

Thanks you for your time. If you would like a copy of the article, please mention that in the comments or email.

Charitable plans

November 12, 2016

SPLC, NAACP, CAIR and/or ICNA, Planned Parenthood, Lambda Legal, Trans Lifeline.

and ACLU, EFF, National Popular Vote.

Any other suggestions? I think I’m a little light on defending rights of immigrants.

Oops — As JF points out in email, ADL.

I’d also like to fund organizations doing voter registration work, especially in swing states, especially in states where Republicans narrowly control legislatures and/or executive. We need to reduce the amount of gerrymandering in this country, we need representation in the House of Representatives that more nearly reflects the popular sentiment, and we need to ensure that we are well safe from crazy constitutional amendments (a constitutionally mandated balanced budget would be a macroeconomic disaster; recessions would turn into depressions).

I realize I am setting myself up for a deluge of please-help-our-worthy-cause solicitians, both electronic and paper. We get those already, plan is to set up a spreadsheet, and just give once a year, every year.

People will live in electric vans

Reading an article about people in Silicon Valley living in cars (didn’t save the reference, go look for it) and noticing that there was no plan to build new housing fast enough to meet demand, it occurred to me that (necessity being the mother of invention) there would be innovation in the world of cars-for-living-in.

I thought about this a little more, and realized that electric vans (camper vans, minivans, step vans, not sure exactly what) were likely to hit the sweet spot for this. So many things go better with electricity, especially nowadays. Electricity runs lights, computers, fans, phones, electric blankets, in a pinch it can even run air conditioning. And it does all this quietly, with no smells. Gas powered cars can supply a little power for a little while from their batteries, but they’re small, and the usual way to recharge them is to run the engine when there is otherwise no need. Mechanical constraints to get power to the wheels usually force the floor of the car (or van) relatively high above the ground, reducing interior headroom.

Electric cars have comparatively huge batteries, and will certainly be able to refill at charging stations (and some employers even provide these for free, at least for a little while more), or at relatively low cost from someone else’s electric power, and there is always the option of solar (especially in sunny places like Silicon Valley), especially on the squarish roof of a van. Rooftop solar wouldn’t provide enough energy for a lot of driving, but it would cover consumption by electric amenities. Because power can be distributed to the wheels through wires instead of mechanical axles, the floor of the van can be relatively low to the ground (this is a really good idea anyway for a delivery van) which provides a lot more headroom inside.

It’s possible that a self-driving van could also dodge overnight parking restrictions by driving very slowly on low-traffic streets, automatically pulling over whenever faster traffic approached from behind (5mph or less, to conserve energy, minimize motion for sleeping passengers, and maximize safety).

If I can think of this, I’m sure someone else is already working on this. Anywhere that artificial restrictions on housing supply cause prices to spike, this could be an option.

After a little more thought, this: “Neighborhood Electric Vehicles”. A weight budget of 3000lbs, but no need for a high-strength frame or collision crumple zones gives you room to work with (old VW vans weighed much less than that).

Avoid Paypal

August 29, 2016

Avoid Paypal

I’ve been using Paypal intermittently for years, but recently encountered a problem so severe that I am now trying to terminate my account completely. The fact that I cannot, and that they cannot tell me why (without contacting “customer service”, as if I expect that to be productive) is one of the reasons why.

What precipitated this was two things. First, I moved my primary bank account from the credit union whose only remaining branch was a 30-minute drive away, to one a short walk from work, and our credit card company “upgraded” (?) us from MasterCard to Visa. Over time I took steps to upgrade all my recurring payments and stored credit cards. Most organizations would let me know if they had been missed, and I’d fix it, and poof, it was done.

Except PayPal.

For months, every attempt to remove the deprecated (now closed) bank account produced a message “Sorry, you can’t remove this bank account because of a pending transaction. Please try again later”. Same for the defunct credit card. This continued for months. I managed to find the place where the primary bank and credit card were configured, I changed those to be the new ones. I found the place where the recurring and preauthorized transactions were listed, and I canceled all of them, and went to the vendors at the other end to update their payment methods to a credit card (happily, I have a leftover credit card from oldest child sent to college, he’s employed, married, and working on a retirement plan, and it is perfect for this – low credit limit, almost never used, this cuts the risk both to me and my credit card company should any of the recurring-payment people be less secure than we might want). So, those two accounts have been deselected from everything, all the recurring payments are shut down – and no change. Still can’t delete the dead accounts.

Note that nowhere in the message from Paypal does it suggest that I can do these other things; I did have one shot at “customer service” and they told me about making sure that they old accounts were not the primary funding source – but that didn’t work.

So, given proven incompetence on the part of Paypal, it seems pretty wise to sever all ties with them, how do I know my money is safe, it was foolish of me to ever give them access to any of my money. But when I hit the “close my account” button, I get:

Before you close your account
Sorry, there’s a problem. If you keep seeing this, please contact customer service.

I’m not entirely sure what to do next. I may talk to my bank; I really don’t like the idea of these guys having access to my money, and I’m virtually certain that in the EULA that I didn’t read I consented to binding abitration bullshit, and that’s just way the hell too much exposure to someone else’s incompetence.