Koh Tao
Anyway, I'm finally feeling human again after an epic first day here (up > 40 hours, on plane/bus/boat for 15 of those, then catch-up/party with my brother on the island) and liking the diving.

Two days, four dives. Sweet. After lunch and a nice long nap I'll be off for a night dive, which I'm absurdly excited about.

Koh Tao is nowhere near as cool as Ningaloo / Exmouth as far as diving goes - and I apparently had an extra-sweet run even for Ningaloo. Here the operators aren't as polished and professional ("no, no, depth gauge not work", "it's just a small leak, leave the tank turned off until you dive"), the instructor I'm with has a bit of a bored get-it-over-with attitude, and the crowd isn't that interesting. There are also hordes of divers, of which I'm admittedly currently one. It's still pretty frickin' sweet, though, what with being a pretty tropical island and all. The food doesn't hurt either.

Crystal Dive, who I'm diving with currently, are fairly decent. OK gear, good consideration of safety and maintenance within a few limits they set (eg: they don't give a crap if the depth gauges on the regs work or not). There's proper safety/emergency gear (ample oxygen, medkits, etc) on board the boats, they take roll calls on the boat, etc. Not perfect, but pretty good.

Oh: In absolute proof of my stupidity, I went down with my phone on the first dive today. Yes, that's my work's spare phone I borrowed because I went swimming with my own while on a dive course.

Gone fishing^Wdiving
I'll be back from Ko Tau on the morning of the 10th of September. My phone will remain reachable for emergencies, and I'll get my email occasionally.

There are windsurfers, catamarans, and of course lots of sweet dive spots. *bounce**bounce**bounce*

Wind power
This was initially a comment in response to a question of themink17's, but became somewhat longer than fits a comment so I've moved it here.

Why is wind power useless for most places?Collapse )

Google Android is not a smartphone OS

... it's a simple phone OS plus a web browser and some Google services.

It lacks some pretty fundamental things you'd expect from a smartphone.

  • Ability to browse and view local files on phone memory or SD card, eg open HTML files, PDFs, etc
  • An IMAP client that can delete messages, mark them as read on the server, etc
  • Any ability at all to support corporate private CAs, since it can't import new CA certificates
  • Any client certificate support for secure mail and intranet access
  • Decent sync and backup facilities to a laptop/PC. Oh, wait, you only use Google services, right?
  • ... and that's only what I found in a half-hour of running an emulated Android phone in the SDK while trying to figure out if it was a reasonable replacement for my dying Symbian S60 N95 (answer: no!).

This is Google's fancy new phone platform? Call me again in a few years, once you've grown up a bit - right now, even the iPhone OS is a more solid choice.

Tags: ,

Client certificate WTF

Why does NOBODY bother to support X.509 client certificates properly? They're a weak, poorly implemented afterthought in many systems if they're supported at all.

  • Microsoft Windows: Perfect support, needs PKCS#12 (.p12) format. Most 3rd party apps (subversion, mozilla apps, etc) use own cert stores rather than the OS's for no good reason.
  • Mac OS X: Limited support in OS keychain. No support in OS services like Apple Mail (IMAP+TLS, IMAPs, SMTP+TLS or SMTPs), WebDAV over HTTPs, etc so nfi why they bothered adding support to keychain. Some apps have their own support, eg Mozilla apps via NSS, but OS has none and apple apps have none. No 3rd party apps seem to look in system keystore.
  • Linux systems: All major SSL/TLS libraries have support, but there's no system-wide or desktop-wide keystore or key management. Netscape security suite apps have good support but must install cert in each app. GnuTLS, OpenSSL apps must implement own cert management but can support - very app dependent. Real support inconsistent - eg Subversion supports, but many svn front ends don't handle cert prompts; Thunderbird supports via NSS; Evolution supports via NSS but has broken nss init code (I have a patch for it waiting for merging); etc. Overall painful but usually usable.
  • Symbian (Series 60) phones: Support is perfect in OS and apps. Very smooth.
  • Sony Ericsson phones: Seem to have no concept of client certificates, treat request for client cert by remote mail server as an SSL/TLS error.
  • Windows Mobile phones: Basically perfect from all reports.
  • Apple iPhone: Decent client cert store support. Unclear how much access 3rd party apps have. Used for safari; unclear if used for mail too. Oddly, better than Apple's desktop products.
  • Android phones: are a near-total information void. Apparently it's just assumed you'll use Google's services, not (say) your own secure mail server with your work. Because, you know, who needs confidentiality anyway? If you download the SDK and phone emulator, you'll quickly find out that not only does the OS lack any way to import a client certificate or use one in negotiation, but it lacks any way to even import new CA certificates. That's stunningly, jaw-droppingly pathetic. Of course, this is a phone with a read-only IMAP client so it's not clear what, exactly, it's meant to do...


Tags: ,

i1Pro *bounce* *bounce*
I have a fancy new spectrophotometer. *gleeful* *bouncing* *of* *joy*. The i1Pro (i1Basic package) will finally let me do all sorts of cool print and photographic colour calibration as well as much better display profiling.

(Note that the i1Basic doesn't enable anything but monitor calibration with the mfgr software - you need to use 3rd party software, pay extra to enable additional features, or buy the more expensive i1Xtreme package for $LOTS).

I'll be using it for work too. At any sane colour-sensitive workplace (like a newspaper) work would've bought one since it's less than two grand, but not my work, no.... Ah well, at least I have one to play with now, and maybe once they see the results they'll pony up for some software upgrades for me.

(Of course, literally three days after I bought the i1Pro, Graham Gill, who develops Argyll CMS, announced support for the much cheaper ColorMunki spectrophotometer ... but hey, the i1Pro is a much better instrument so no harm done.)

I got the instrument cheap (ish) - at AU$1500 ex GST and shipping compared to the AU$1800 quoted price. X-Rite force you to buy through exclusive local dealerships that add a huge markup, so while the US price is US$995 for the same instrument (AU$1200 @ current rates) you can't just order from the US. They won't ship it to you. You can use a US remailing service but X-Rite won't register it and won't support it outside the US - and neither will the AU distributor. You can't get it recalibrated etc without a painful amount of effort.

The AU dealership tries to claim it "adds value" ... but they don't do local advanced tech support, don't have any techs or offices outside metro Sydney, ship the instruments off to the US (3-4 week round trip) for calibration, and don't even keep spares in stock. So what value, exactly, do they add?

In other words, X-Rite are rip-off artists. Unfortunately they buy out all their competitors (like GretagMacbeth) so they're the only game in town. Like Quark, they'll suffer for their customer-hostile attitude and parallel import restrictions eventually, but right now they're in the "raking in the dough" phase.

If you buy something from them, do not pay list price. Negotiate. Hard.

At least, unlike Quark, X-Rite's product quality somewhat justifies their prices if not their international sales practices.

Time to resume wandering around measuring emissive spectra of light sources...
Tags: ,

Dealing with dell can be pretty nice
"Yeah, I replaced your LCD as well, I wanted to do it just in case it was the problem not the LVDS cable, and anyway it had a few bright spots on it. This one is nicer."
Tags: ,

Phở and cello

... are two of my favourite things. I do, admittedly, have a great many "favourite" things.


I've been playing with my pressure cooker. Having made a yummy chicken stock and turned it into fairly successful chicken and corn soup, I thought it was time to tackle something trickier.

Attempt one: wow, I don't often make things that bad. I didn't finish it. Insipid, and somehow kind of chalky. Ick.

Attempt two: took the lid off the pressure cooker and thought "yup, that did it" as the awesome cinnamon + star-anise + garlic + chilli smell punched me in the face. Silly happy dance time.

Experimental cooking is fun.


I saw FourPlay at the Fly By Night in Fremantle on Friday. They were awesome. Literally jaw-dropping, as those with me on the occasion can attest to. Those folks are astonishingly good with their instruments (a violin, two violas and a cello) when playing conventionally, but ... they're not very conventional. The creative variety with which they all used their instruments was astonishing and seriously impressive. They would've been great foley artists if they weren't such amazing musicians. Banjola is only the beginning.

As well as being incredibly good - and creative - with their instruments, as a group and as individuals they're interesting and delightful composers and arrangers too. Both their original and adapted music is fascinating.

I can't recommend them enough. Alas, they don't come to Perth much, but it's well worth keeping your eye out, especially since the tickets were only $25 each. They usually play at the Fly By Night, which is a pretty reasonable venue.

The only downside of this particular performance was the sound engineer they Fly By Night had on. I can only hope he was a stand-in on short notice. He was terrible. The band at several points were throwing oh-my-god glances at each other. He totally missed strong signals from band members to turn them up/down during or between songs, managed to make them sound kind of muffled for some of their songs, and evenmanaged to create feedback in the last set. Despite this attempted murder of music, the band sounded fantastic throughout most of their performance.

Fantastic show. Their recorded music really doesn't do them justice, especially if what you've heard is their earlier covers like Enter Sandman.

(I only wish the show hadn't conflicted with Friday night hangouts with folks I haven't seen in way too long)

Tags: ,

Problem solving
  • User calls. "How do I make a PDF smaller to email it" ?
  • Me: [talks user through PDF optimiser]
  • User: it still doesn't work, it comes back to me.
  • Me: Odd. Did you have a look at the file size?
  • User: No. [looks] It's exactly the same as the old file. 2.5 Mb.
  • Me: Hmm, that's not very big. Got the bounce message? Have a look and see what the error is.
  • User: Its in my trash. [looks] blah blah unknown address
  • Me: Well, that's a hint, then.
  • User: Guess so :S
    • The point? You don't have to be technically savvy to use simple problem solving skills, whether with computers or anything else. Instead, people seem to jump to a random conclusion, or at least one that's been the right answer one or more times in the past (but not always), try that, and get stuck.

      I don't get it. I'm honestly puzzled and confused. We learned this stuff in primary school, right? Simple problem solving is a basic life skill. Why is it that so many people can't, or won't, do it?

      Sure, they're often scared of computers and "turn their brain off" to an extent, but I see this all the time in other areas, technical and non-technical, to the point where I wonder how some people manage to live day to day.

Tags: ,

Maginot line
Peter Thrush of ICANN recently commented that the Australian Internet Filter proposal is akin to the Maginot Line of WWII French fame. We all know how well that worked.

This is a surprisingly good analogy. The Maginot line presumed that the attacker would do what was expected of them, and wouldn't take the defenses into consideration when planning what they were doing. In much the same way, the Australian internet filter presumes that if it blocks what people do now, they won't change their behavior to circumvent the blocking with trivially available tools and techniques like encryption, tunneling, outside proxies, etc.

We already know that's an invalid assumption - not only is it rather contrary to general human nature, but it's being seen over and over in China with the Great Firewall. This despite the fact that China's Great Firewall is much more restrictive than Australia's is ever likely to be even under the most moralistic, conservative, idiotic government. Let's not forget, also, that in China it can be unhealthy to circumvent blocks that prevent you from accessing or posting information that's not meant to get around ... something I don't see becoming the case here.

So - in much more hostile circumstances, people still just waltz through the Great Firewall. Heck, I've done it myself - I had a workmate in China who needed unfiltered access, and it was the work of a few seconds to help him set up an encrypted SSH tunnel to a proxy on work's servers from which he could get to whatever websites he liked and do so undetectably. It's not even possible to tell that the encrypted data is web browsing data rather than something else.

Once again, it's clear that the only way the internet filter can work is if it's a whitelist. If a site isn't approved, you can't access it. If a protocol can't be inspected and content-filtered, it's blocked. No encryption of any sort may be used. Even that's imperfect due to cracking of whitelisted sites and use of them for proxies, etc.

It's a dumb idea. Why are we still wasting time and taxpayer money on such blithering idiocy?


Log in