Skip to content

Blog

Are you replacing an old Broan NuTone 696 b bathroom ventilation fan?

You'll need to buy part number C350BNR from Home Depot ($20 at the time of this writing). It's not much quieter than your original fan, but it'll fit and you won't have to re-cut the hole in your ceiling. It's also advertised as a 696N, but it'll be fine. Make sure that the slot for the power plug is on the side and not on the corner. There's a different 696 Broan-NuTone solution with the plug on the corner which won't fit. You need the one with the plug hole on the side.

There are no new/fancy replacement options for this type of fan housing that I could find. I wanted a quieter or fancier vent (some turn on the vent when humidity spikes, some have bluetooth, some have lights built in). This one is just a plastic fan replacement which is 95% as loud as the metal-fan-blade version that you're probably throwing in the trash, but at least you'll have a working fan.

Good luck!

Too much (corporate) MFA

I work for a company that needs good security.

They recently re-organized their network infrastructure and let the cyber guys build whatever they wanted to build "in their image" and of course, now everything requires authentication. Email, Teams, AWS, VPN, command-line tools, and even on your work laptop, certain privileged commands are limited by dzdo (more modern sudo) and the laptops, servers and VMs are all whole-disk encrypted. APIs are turned off for fear of security exploits and people are just generally upset about the amount of security. It's a horrible environment.

There used to be a saying, "security is the inverse of usability" and I tend to still agree that the saying holds water.

The the days of startups and the wild west of the internet, there was a philosophy of the "hard crunchy outside and the soft gooey center" which meant that there was a firewall surrounding all of the internal networks and everything inside of the firewall was pretty much open and accessible by anyone who was allowed inside the firewall (by being in the office or access via VPN). This was fantastic. People could do whatever the heck they wanted to do. The developers were happy. Sysadmins had very few points of entry, so monitoring for intrusions was in just one or two locations. I get that "cyber" didn't really exist back then for most companies and the world was a different place, but it really was the best of all options.

Nowadays, "cyber" has their fingers everywhere. They control your browser. They limit what software is installable on corporate laptops and which commands can be run. They require encryption everywhere even when the data doesn't leave a system (like communications in-flight inside of a kubernetes cluster for example). They limit urls on the edge firewalls. They install wildcard SSL certificates that are loaded into the root cert store on laptops so the firewalls can do man-in-the-middle interception to peek inside of HTTPS requests that transverse the firewall. You can't just reboot a server or VM now because the whole-disk-encryption password has to be entered before the server will boot. They run multiple agents on every computer that can that watch software versions, open ports, and use peoples' laptops as network scanning agents. And you can't use USB thumb drives or hard drives anymore. They're forbidden.

Turning off APIs removes the option to do any kinds of automation. APIs are good things! Automation is good. It improves performance. Stop making us do everything manually. Computers are powerful. Why neuter them?

How can "cyber" be happy with the number of times someone needs to log into the corporate AD server, enter their username, password and MFA every time they switch to a different app or service? Email, O365, ServiceNow, Time-keeping, etc. They're all different systems but auth from AD and AD cookies expire after just a few minutes, so we have to re-auth dozens of times a day! Passwords need changing every 90 days (which NIST has proven to be WORSE for security and encourages poor password creation). They have to deal with the same systems too. Don't they get fed up with the number of times they need to authenticate in a day too?

Even modern commercial apps don't require constant auth like corporate security does. Gmail keeps login cookies for days if not weeks and there's no issues there. Why does corporate security need to be so anal-retentive about authorizing so many damn times a day? OMFG!

I was thinking. Can't we use the old adage of the "hard crunchy outside and the soft gooey center" in today's world? Provide VPNs for every project that needs silo-ing? Have a DMZ network for things like email, chat, phones, corporate services, etc. Use on-disk encryption at the SAN-level and take it off of the VM-level? The only difference would be that cyber wouldn't know what's installed on peoples' laptops and authing would only happen once when punching a hole in the firewall or walking into the office.

Physical security is ok with the locks only being on the outsides of the office buildings. Once you're inside, you can move from office-to-office without issue and bring anything you want with you in and out of the building. If this is allowed, why should the network/laptop/server security be any different?

Don't even get me started on password/secrets vaults. Cyber doesn't like that users keep passwords floating around in 100 different places and ways, so they came up with a password vault. Now all secrets and passwords are in a single location and accessible by anyone that can auth. So, Julie in HR who's password is snoopy123 can access every password that the organization uses for everything! Does that sound like a secure system to you? Now your one personal password is even more important to not lose. I did some asking around when password vaults first arrived on the scene and the authors of the password vaults even admitted that the only good reason for password vaults as far as security goes is that AFTER an intrusion, the access logs can be checked to see who requested the password used in the intrusion. That and automated password-rotation is really the only reasons that I can see using a password vault over the traditional method of password management.

Personally, If I were designing a new secure infrastructure, I'd make a damn secure VPN and not use any external services (Office 365, I'm talking to you). Once you're inside the corporate firewall, feel free to use email with a normal email/password, chat can be done internally, we don't need Teams or Slack or anything crazy like that. Firewalls can allow NAT'd traffic to stop any unwanted outside connections from coming in. If this were the case, the only thing that we wouldn't have that corporate security wants is control over the user's laptop. There's nothing stopping someone from downloading a virus. There's nothing stopping an employee from picking up a USB thumb drive from the parking lot and plugging it into a laptop and a virus running rampant. To protect against these things, use password protection (and allow for password vaults) to add an additional level of security to sensitive things (databases, internal documentation, proprietary code repositories, etc.) which are already available in most tools. Personally, I don't see anything wrong with the old way of doing things. If/when an employee leaves, their VPN access is revoked and that's that. The door's locked.

If someone from "cyber" can tell me why the old way is bad and the new way is better, please tell me, because I'm so frustrated every time I have to re-authenticate everywhere, all the time, that it's the number one worst part of my job.

If I were to run for president

My platform would be:

  • Term and (upper) age limits for SCOTUS, congress and (V)POTUS

    • The world belongs to the young. They should be deciding their own fate, not the old and disconnected fogies that are currently in power.
  • Computerize as much as possible in the government and give the poor an easy way to access government services (free phone, computer access, whatever is needed)

    • Too much of the government is run by very old computers and even a paper system. It's way past time to modernize. Very important systems (i.e. FAA) can keep paper as a backup as they already do.
  • Transparency for everything (that's not a military or intelligence secret)

    • Publish stats for everything as soon as possible so FICA requests aren't even needed anymore. Where does the money go? Who is doing what? Expose salaries of everyone who gets paid with tax money. In today's day and age, it should be easy to make information available to the masses quickly.
  • Make illegal:

    • Gerrymandering
    • Lobbyists in any form
    • Political campaign donations (and cap campaign spending to something reasonable where you don't have to be a millionaire to run for office)
    • Political special interest groups
    • Presidential immunity and presidential pardons
  • Allow vote-by-mail in every state.

  • Legalize marijuana across the country. Keep all other harder drugs illegal.

    • I don't smoke it, but it's legal almost everywhere already. This would allow pot shops to put their money in banks and make the system more secure overall.
    • Full amnesty for anyone in jail or prison for marijuana-related offenses. Restore their voting privileges.
    • Honorable discharges for anyone discharged from the military for marijuana-related reasons.
  • Federal help for any 'serious' drug addiction rehabilitation

  • Audit and modernize the welfare system - get rid of loopholes.

  • Guns:

    • Annual accountability audits. Just like annual taxes, let's make sure that the weapons that you bought are accounted for and in the hands of documented individuals. This is an effort to get weapons out of the hands of people who acquired them illegally. Proud weapon owners would be very willing to go through their weapons one at a time and show that they're in good working order and owned by the documented owner and incentivize them to not sell without documentation.
  • Police:

    • Get rid of military-style gear, but keep riot gear. If military force is required, that's what the National Guard is for.
    • Get social services to work side-by-side with police during every house call.
  • Very nice homeless shelters in every city that provide safety, privacy, a place to sleep, eat, clean and free WiFi. Nicer than tents, but not as permanent as a real house, perhaps partially exposed to the elements to encourage only temporary occupation.

    • For those homeless people that are not drug users, they can always use existing homeless shelters, but they're frequently not safe or family-friendly.
    • For those who are drug users and don't want to change their situation or aren't allowed in today's homeless shelters due to their drug use they also need a safe place to live with access to rehabilitation services.
  • Open the borders - wide open. Let everyone in that wants to come here. The Statue of Liberty says to do it. We should do it.

    • Let the people in! 99.9% of them just want asylum from a horrible country. The other 0.1% will be caught in our very good justice system.
    • Add more immigration judges to increase the speed of the immigration process - currently years, should be weeks or at most a few months.
    • Take the rest of the border budget and put it into infrastructure to add more train/rail and fix the ageing highways and bridges in the country.
    • Fine the immigrants that are here illegally and provide a legal path to citizenship.
  • Get rid of daylight savings time

    • Long overdue - doesn't help anything
  • Double (or even triple) the money for public education across the country

    • Encourage the most popular YouTubers to teach a school subject or get the YouTubers that already are teaching these subjects and super-popular to become part of the curricula.
  • Make sure that US Veterans get the help and medical treatment that they deserve no matter what the cost.

  • Higher taxes for billionaires - reduce or get rid of any large tax loopholes or incentives that keep them from paying their fair share.

  • Higher taxes for billion-dollar companies. Get rid of tax loopholes that keep companies from paying their fair share. Other non-tax incentives to build in certain states or cities can stay in-place.

  • Lower the cost of higher education using whatever means necessary back to a couple of thousand of dollars per semester. College costs are way too high and the middle-class are struggling to send their kids to school nowadays. Work towards a free federally-funded system if it's possible.

  • Adopt the European/Canadian healthcare/education system and work/life balance guidelines.

  • Put Steve Bannon, Roger Stone and Donald Trump in prison, but in the same cell - just because I think they deserve it. :)

Graphing Trump Lawsuits

Using public data, these are the causes and results of the trump lawsuits that are available via public records 1 (more than 50% of the court records were not made public).


  1. source: https://www.usatoday.com/pages/interactives/trump-lawsuits/ 

Ideas for modular homeless shelter

basic concept

A friend of mine convinced me to finally visualize something that I've been kicking around in my head. I always see homeless sleeping in tents on the side of the road or under an overpass and think to myself, "there's got to be a better way", so I finally built something.

I wanted to design something that could be used as temporary shelter. Not something that someone would really prefer over a real home, but something that would be safer than a tent on the freeway. Something that could house all kinds of small families, drug users, mentally challenged people safely, be easy to clean, be something that someone could call their home and provide some basic infrastructure for those less fortunate.

In the images on this page, I've designed a modular homeless shelter made of concrete that provides partial shelter, lighting, power, heat and water and is easily cleaned. The modules can be lined up herring-bone-style and in the rain, they'd even self-clean their neighbor. The entire collection of modules could all drain freely. To clean a module, it would only require a hosing out of the module. In the images, green represents a grate-covered drain. Red represents a heater. Blue is the sink.

There would be a community bathroom with showers elsewhere in the camp and it might be enclosed with a wall or fence to keep people out who haven't qualified for the shelter or who is potentially violent.

This is how the modules would "stack"

This shows the heater on the "bed" side of the shelter and the sink on the "drain" side.

I'm sure that not much would come of my design but I figured that I'd put it out there just in case...

How do GPS receivers actually work

I had to give this some thought because my pothole finder tool that I wrote during the summer of 2023 isn't providing very accurate pothole locations it turns out. :(

Ok, so I'm driving down the street, right? When I'm watching my phone and I have the map app running, I see my car dot following my actual location, which I expect. I know when I drive through an intersection and a few seconds or a few updates later, I see the dot on the map drive through the intersection. Ok, I get it, it takes a second or two to get the location from the GPSs. It takes the app a second to update, etc. No big deal.

However, using my app, I have a button that I press when I pass over a pot hole. I want to "drop a pin" on the map when I press my button, so the road repair guys can look on a map, zoom in and find exactly where my pot hole is located and start the work of filling it in.

Well, it turns out mixing real-world location and time with a GPS signal isn't as simple as it turns out.

As I'm driving down the road, the GPS is providing my app with lat/long pairs and other assorted information, however it's not as easy as just using the last GPS location that the app was given.

As I'm driving, let's say I get a GPS location at location "A". The actual location of tick "A" is a mish-mosh of average locations based on the different times that were received from the different GPS satellites that my receiver is listening to. If I have enough satellites overhead, I can get a lat/long, if I have more, I can get elevation and even more accuracy. This is all well-known however if I'm a fast-moving object, which locations between tick "A" and tick "B" am I getting? I don't really know how it happens, but I can either assume that it's one of two things. It's either an average of all of the locations that were calculated between point A and point B or it's the last location between point A and point B. Either way, when I press my "found a pothole" button, the location that is available to the app is much further behind where my car is actually located.

My initial simple fix was to set a flag that the button had been pressed and the time that the button had been pressed. When point "B" is given to the app, I calculate the percentage between point A and point B that the button had been pressed (based on the times that the GPS had given me point A and point B) and figure out an average percentage of distance between point A and B the button was pressed. I then calculate the lat/long of that location based on the locations A and B and the percentage of distance between them.

Still, locations weren't showing up correctly on the map. :( Grrr!

I can only assume that the GPS location that I get from the receiver is > one tick "old" as far as location goes. I don't know how the GPS works internally and there isn't any real information about the internal workings of a GPS receiver. Anything I found about the resolution of GPS mainly references the legal stuff and the "within 30 meters" accuracy that the original GPS spec included after the government removed the on-purpose jitter from the non-military time signals.

So the solution?

So, I'm adding a fudge factor into the code and tweaking it enough until I can drop a pin and the pin will actually show up at the correct location. It's a long and drawn-out process. I modify the code, re-install my raspberry pi into my car, drive around the neighborhood dropping pins as close to the corners of the turns and as close to the middle of the intersection as I can when I drive around. After 10 minutes, I go back home, load the dropped pins into Google maps and check how close I am to the actual locations that I think that I dropped them. I'm getting close to being accurate, but at the time of this writing, I'm at 1.5 "fudge-factor" ticks extra when I drop the pin from the GPS location, meaning that the pin isn't dropped at point A, point B or even point C, but somewhere between point C and point D which haven't even happened yet. If I'm accelerating or decelerating at the time I drop a pin, this "fudge factor" calculation would be way off, but it turns out driving around, I tend to keep a pretty constant speed, so the "fudge factor" amount actually works out pretty well.

What's with guys not being able to compliment women anymore?

I brought this up with a friend of the family and she was confused and thought (like I did) that it was still OK to compliment a woman about something about her. I complimented her and she appreciated it.

My wife and daughter think differently however. They said that it's not ok for a guy to compliment any woman on pretty much anything. Looks, clothing, hair, shoes, ... Anything.

I was re-watching "Only Murders in the Building" (Season One) with my wife and daughter and this same topic came up.

From the show:

You need to relax, okay? Just have fun. Laugh. Flirt.

Isn't it insulting to flirt now?

Well, who the hell knows?

Suddenly, it's rude to tell a secretary she looks pretty in a pair of slacks.

No. To that whole sentence.

Oliver: Compliment her purse. If it isn't on their body, you can like it.

No. Again, to every word that's coming out of your mouth.

The day i started sitting

Today I sat.

I sat a lot.

I quite enjoyed it.

People should try sitting. It's way better than standing.

Those people at work with standing desks... They're just trying to fool you into thinking that they're healthy. They're really miserable. Sitting is so much better.

Your ass is natural padding that your body made just for you. Naturally, it has evolved over time to encourage sitting and make sitting as comfortable as possible. Your feet aren't naturally filled with fat to make standing comfortable. The whole shoe industry is painfully aware that standing is horribly painful and is rolling in the cash because of it!

I really don't like standing. Standing in line. Standing guard. Standing ovations. Blech. Who needs 'em. :)

So, let's all just say, "no" to big-shoe!

Sit and be comfortable, I say!

The Longmont Pothole Project

The city of Longmont, Colorado has a pothole problem and it’s so bad that I’ve decided to try to do something about it.

The city has very thoughtfully provided a pothole reporting page but it takes quite a while to fill out the page every time that you need to report a single pothole.

Initially, I tried to generate some python code to auto-submit pothole filling requests, but the server-side requires a unique token from the initial visit that’s in javascript only and carried with the user throughout the form filling process which was such a big pain in the ass that I decided to just punt and go a different direction.

I called up the City and finally was able to talk with the guy who’s in charge of the team that fills the potholes in the city. He was nice enough to take my call, and I was afraid that he’d be all defensive if I started to rant about how bad the pothole situation in the city was right away. He and I talked for about 15 minutes. I asked tons of questions about how the process currently works, how many people he has working under him, are they filled by-hand or is there an automated truck that does the work, etc.

I felt kinda bad for the guy after talking to him. He is understaffed and only gets a handful of pothole reports a week, so he has to track down and make notes of the potholes himself as he’s driving around the city. I told him about my attempt at creating a system to at least report the potholes on the major streets in the city, and he was very receptive. I asked him if I could submit a map of where I found the potholes, and he said, “sure”.

Attempt #1: android app

I first wrote an android app which I could attach to my car and bring up when I was driving around the city and just hit a button on the app to save and report an email. The app had a second button to send the locations to me in an email once I stopped driving.

RESULTS?

Well, it turns out that the locations were all over the place due to my phone’s GPS accuracy (The Google Pixel 6 Pro GPS is apparently not great). Some potholes were in ditches and tens of feet or tens of yards away from where they actually were located. The phone was also inside the cab of my car so the GPS was affected by noise in the car and the frame of the car itself, etc. Also, when I stopped, I noticed that the GPS drifted quite a bit, so only moving GPS data was even semi-trustworthy.

Attempt #2: raspberry pi zero w/ USB accessories

I had fashioned myself a little gadget made from a USB keyboard with 3 keys, a USB GPS that magnetically sticks to the roof of my car and a raspberry pi zero W with the battery hat. The battery gives me about 2.5 hours of driving time (and I can optionally charge it as I drive). The roof-mounted GPS gives me much more accurate location readings at 1-second intervals and the USB 3-button keyboard is small enough that I can hold it in my hand while I’m driving and not take up too much space.

Price all-in was around $40

Here’s the initial version of the code (I’m still kind of tinkering with it though). One thread reads GPS data, one thread reads keyboard input. One file is used to record pothole locations and one file is just the GPS trail. The 2nd and 3rd keys on the keyboard can be used as an “undo” button in case I want to un-flag a false-positive as I drive over the pothole. The files are opened, written to, then closed in case of a power outage, the files won’t have been left open hopefully to avoid any file corruption.

Feel free to heckle me on my coding style. :)

#!/usr/bin/env python3  
from gps3 import gps3  
import json  
import threading  
import time  
import keyboard  
from datetime import datetime  

logtime = time.strftime("%Y%m%d-%H%M%S")  
lat = 0.0  
lon = 0.0  
gps_time = None  
lat_old = 0.0  
lon_old = 0.0  
gps_old_time = None  
enter_time = None  
new_pothole = False  

def latlondiff(lat1, lat2, amount):  
    if (lat1 > lat2):  
        return ((lat1-lat2)*amount)+lat2  
    else:  
        return ((lat2-lat1)*amount)+lat1  

def gps_real(name):  
    global lat, lon, gps_time, lat_old, lon_old, gps_old_time, new_pothole, logtime, enter_time  
    gps_socket = gps3.GPSDSocket()  
    data_stream = gps3.DataStream()  
    gps_socket.connect()  
    gps_socket.watch()  
    for new_data in gps_socket:  
        if new_data:  
            nowtime = datetime.now()  
            data_stream.unpack(new_data)  
            print("Loc: ", data_stream.TPV['lat'], data_stream.TPV['lon'])  
            lat_old = lat  
            lon_old = lon  
            gps_old_time = gps_time  
            lat = data_stream.TPV['lat']  
            lon = data_stream.TPV['lon']  
            g = open('track-'+logtime+'.txt', 'a')  
            g.write(str(lat)+","+str(lon)+","+str(nowtime)+"\n")  
            g.close()  
            gps_time = nowtime  
            if new_pothole:  
                timediff = (enter_time - gps_old_time).total_seconds()  
                print("TimeDiff (in seconds, should be less than 1):",timediff)  
                try:  
                    accurate_lat = latlondiff(float(lat),float(lat_old),timediff)  
                    accurate_lon = latlondiff(float(lon),float(lon_old),timediff)  
                    print("pothole at:",accurate_lat,accurate_lon,entertime)  
                    f = open('holes-'+logtime+'.txt', 'a')  
                    f.write(str(accurate_lat)+","+str(accurate_lon)+","+entertime+"\n")  
                    f.close()  
                except:  
                    pass  
                new_pothole = False  
def get_input(name):  
    global enter_time,new_pothole,keyboard,logtime  
    while True:  
        keyboard.wait()  
        if keyboard.is_pressed('a'):  
            enter_time = datetime.now()  
            new_pothole = True  
        if (keyboard.is_pressed('b') or keyboard.is_pressed('c'):  
            print("UNDO")  
            f = open('holes-'+logtime+'.txt', 'a')  
            f.write("UNDO\n")  
            f.close()  

if __name__ == "__main__":  
    x = threading.Thread(target=gps_real, args=(1,))  
    x.start()  
    y = threading.Thread(target=get_input, args=(1,))  
    y.start()

Driving around was pretty inconspicuous

I was able to locate about 250-ish potholes in my first two 40-minute drives around the city. Longmont has about 340 miles of road in total. I’d like to start with most of the primary roads and then if I have time and the nerves to do it, I’ll hit all the residential roads too.

I’m going to continue to use this method of pothole detection for a month or two and see how it goes.

Here’s the live map of the detected potholes around the city if you’re interested in following my progress:

My idea for version #3: seriously over-engineered

If the “click a button every time I drive over a pothole” version doesn’t seem to work out, I’ve got in mind an even nerdier solution.

I bought an XBOX Kinect v2 (the one with higher resolution) and I’ll strap it to the front of my car and drive around the city and literally scan every inch of road. The Kinect has a depth sensor on it and I should be able to generate 3D relief maps of every road that I traverse.

Once I have depth data for every road, I can do some offline processing of the data and generate an image and a 3D profile of each 1-second’s worth of GPS data. Then I could identify the largest potholes and report them as the highest priority to the city leaving the smaller potholes as a lower priority. I could provide a website with each picture and 3D relief map of the pothole. Technically I could even provide the amount of filler that would be needed to fill each hole as well, but I might not actually bother with that.

There are a couple of downsides to this solution though:

  1. The sun. The sun generates enough IR light that it drowns out the IR from the Kinect, so the driving would have to happen after sundown.
  2. This would require a (bunch) of OpenCL code to stitch together the point cloud data and images and then analyse the pothole data to detect the size of each pothole. Also, if the pothole spanned more than one-second’s worth of GPS ‘length’, I’d have to stitch together a much larger area.
  3. I’m sure that curved or bowed roads (roads that are higher in the middle than on the sides) would make the pothole detection more tricky 3D-wise. Also writing some code to ignore normal road features (curbs, etc.) might be difficult.
  4. noise in the sensor or bugs flying around or a dirty lens, all of these real world problems could cause this version to be a huge headache.

I have all the hardware that I’d need to build v3 of the pothole detector, but it seems like it would be a lot of work, so I’m hoping that v2 of the pothole detector will be enough to improve the state of the city’s roads. I’d like to keep it as simple as possible for my own sanity. :)

to be continued …