Nicholas Rinard Keene's Little Bit

Download and view my resume (PDF)

Friday, March 24, 2017

Equifax is -- no surprise here -- a fraudulent company

This may shock some people, but Equifax absolutely positively sells products using fraudulent claims. I know, I know, it's hard to believe that a company with such a stellar reputation in a market segment widely respected by most people (ha! sarcasm!) would engage in direct fraud, but here it is:



In order to rent out a property I wanted to screen potential tenants. Phrased strictly, I wanted to screen others when privately leasing property. That is precisely what I needed and I found Equifax Identity Report which is advertised with the words -- here, let me quote them -- "screen others when privately leasing property".

So that was the product I wanted, right? because I wanted to screen others when privately leasing property, right? and that's what the actual words on the website actually say, right?

Before I paid my ten dollars, I paused and said to myself -- out loud! -- "Equifax is a bastard of a company, I bet they are going to screw me on this." Then I re-read that phrase ten times and decided it was unambiguous so this service would certainly do what I needed. I paid the ten dollars.

So was I able to screen others when privately leasing property? No. Equifax is an unethical company which purposely misleads consumers into paying for products they don't need by fraudulently claiming untrue things. Their Identity Report service absolutely, positively does NOT allow you to "screen others when privately leasing property".

It just doesn't do that, not at all, and I know because after clicking around in the website for a while I couldn't find it; so I got on their chat with an agent who told me to go to a different Equifax page and pay another ten dollars for some other thing. Try to imagine why I didn't buy the second thing they tried to sell me.

So that's that, proof positive that Equifax is a fraudulent company. Moreover, I told them about the false advertising claim multiple times and they haven't removed it, meaning they are doing it on purpose with full knowledge. It's not a mistake or an oversight! To make it even more clear I put in a complaint at the CFPB who poked the company about it (to no avail, obviously, because nobody can get credit reporting agencies to act ethically, not even Uncle Sam).

You might be wondering, what is "Identity Report"? What do you get for your ten dollars? What you get is access to your own credit information, the exact same information you get in your annual free Congressionally-mandated report. I didn't see anything in Identity Report that was different than what I'd seen the week before in my free report. So what you get for ten dollars is the same as what you get for free which, let's be honest, is also a form of fraud.


Wednesday, March 22, 2017

FooBar Gearing Up For Destruction

I was pulled into Google FooBar. This is my solution to the third problem I received, Gearing Up For Destruction.

Given
R0 is radius of the zeroth element
Rn is any radius of element n
Rlast is the radius of the last element
Pn is the peg position (the input int) for element n

This is an induction problem, so I solved it using a base case and an induction case:

R0 = 2*Rlast
Rn+1 = Pn+1 - Pn - Rn

To get a feel for the resulting math, I then expanded out a few iterations and saw that it formed a predictable series (written with unreduced complexity to show patterns):

Two pegs:
R0 = (2/3) * (-P0 +P1)

Three pegs:
R0 = (2/1) * (-P0 +2P1 -P2)

Four pegs:
R0 = (2/3) * (-P0 +2P1 -2P2 +P3)

Five pegs:
R0 = (2/1) * (-P0 +2P1 -2P2 +2P3 -P4)

...and so on.

So, the pattern was two times each peg, except only one times the first and last peg, and the signs flipped for each peg. Then also there was a coefficient in front of all that: 2 for odd number of pegs and 2/3 for even number of pegs.

That's the basic solution, a simple math problem, but the description also demanded reduced fractions plus recognition of logically invalid cases, so there was a little more code.

    public static int[] answer(int[] pegs) {
        // do the inductive math
        int a = pegs[0];
        int flip = -1;
        for(int peg: pegs) {
            a += 2 * peg * flip;
            flip *= -1;
        }
        a += pegs[pegs.length-1] * flip;
        a *= 2;
        int b = (pegs.length%2==0) ? 3 : 1;

        // reduce

        if(a%b==0) {
            a /= b;
            b = 1;
        }

        // reject bad values

        float prevR = ((float)a) / ((float)b);
        for(int i = 0; i < pegs.length - 2; i++) {
            int width = pegs[i+1] - pegs[i];
            if(prevR < 0 || prevR > (width-1)) return new int[] {-1, -1};
            prevR = width - prevR;
        }

        return new int[] {a, b};

    }

I really enjoyed this problem, I had to puzzle it out on paper. Coding it was made more difficult by lack of access to the test cases so it wasn't clear where the algorithm was failing. The code to reject invalid values looks straightforward but it is the residue of many failed attempts.

Wednesday, December 28, 2016

The Best Secure Email Service

I am looking for an encrypted email service so that I can have at least a little bit of built-in security for my communications. Herein, I compare providers and select one.

Required features
  1. Exchange insecure emails with normal email users
  2. Exchange secure emails to users on the same service
  3. Send a secure message to a normal insecure email user
  4. Decent web interface
  5. To use my own domain name for my family's email addresses
Nice features
  • Exchange PGP emails with existing users
  • Decent Android interface
  • Secure emails encrypt subject too
  • Able to share domain with other users
Features I don't care about
  • Anonymity. My email address is my name. The purpose of encrypting these communications is not to hide who I am, it is to hide what I am saying.
  • Decent iOS interface.
Definition of secure
  • No screwing around here. A secure message is one that is encrypted by the sender, decrypted by the recipient, and no broker in between is capable of reading the plain text. How to do this is a long-since solved problem so there is no excuse for doing it wrong.
I started my comparisons by making a spreadsheet for feature comparison. That was interesting, and the internet has a bunch of those already, but I found it to be irrelevant because almost all of the services were simply unacceptable for technological reasons which made their other features irrelevant. Instead of starting with the chart, I'll tell you why each service was unacceptable, then at the end I will show a chart comparing only the ones that were technically okay.

First up is Posteo. The analysis for this service was easy because they do not support using your own domain and specifically say that they will never do so. The whole point of having my vanity domain is for the email address, thus this service is not for me. I have no opinion of it as a service because I didn't evaluate it; it just doesn't do what I need it to do. Posteo was the only provider I considered which didn't support custom domains.

Next is Countermail. This is a long-lived secure email service with many fans. But the interface to the emails appears to be strictly through a Java app -- no, make that applet, which isn't even a feature of my web browsers anymore. Sure I could install Java for my browser on my home computer but what about other computers? I don't always have a browser with Java handy which is why I require "5. A decent web interface". Thus it's not for me.

SaluSafe and its apparent sister service Cryoptoheaven also both use a Java-only interface so I didn't consider either of them.

All the rest of the providers I signed up for an account and used it to evaluate how it worked.

Mailfence has some positive reviews online but the bottom line is there was no feature to meet requirement "4. Send a secure message to a normal insecure email user". The only way to send a secure email is to manually configure a key exchange with your interlocutor and if they don't use encryption you're just out of luck.

All the rest of the services had some sort of feature for brokering a secure or "secure" message to a normal email user. This is an important feature, maybe the most important, so I want this feature to be well implemented in the service I choose. Most people use insecure email and most of my email will be exchanged with such people so it is my responsibility to assure an acceptable level of protection.

To start out the comparisons of this feature, take a detour back through SaluSafe which I actually got an account for and tried out this feature and it was really disappointing: you send a "secure" email to the recipient who receives a link to read the message. Wut!? What is secure about that? First, there is no apparent encryption used and if there is any then SaluSafe must hold the key; that means they can read the message, so it doesn't meet my definition of secure. Second, sending a plaintext link to a recipient with no credential exchange is exactly as secure as just sending them the message. The email containing the link says something about a "question and answer" so that may be an optional feature that I missed, but my test email didn't use it.

A similarly weak implementation comes from StartMail from the privacy-friendly people at StartPage (which I like). When you send a "secure" message to an outside email address, you set "questions" and "answers" which StartMail then uses to challenge the recipient, then they can read the message. The message is either unencrypted or is encrypted by a key known to StartMail, making it accessible to their employees, hackers, and subpoenas. StartMail is out.

Hushmail uses the same system as StartMail: a rinky-dink question-answer pop quiz which means the message isn't a secret. Hushmail is out.

Let's talk about Mailbox.org in a little bit more detail. This service is far more feature-rich than many of the others. Many of these services offer Contacts and some offer Calendar, but Mailbox.org also offers Tasks, Drive, Text and Spreadsheet. The Drive feature offers optional per-file encryption. The  other services, however, apparently don't have any encryption features which is too bad. It is difficult to make things like that truly secure but it would be really nice. Many users may find essential value in these additional features but they should not think of Mailbox.org as a fully encrypted suite.

Their feature to send secure emails to external recipients is less bad than the previous examples but it still came up short. When such an email is sent the system appears to encrypt it using a random password which it picks and doesn't even bother to show you. In addition you can optionally accept to require a four-digit code which it picks and displays to you. Mailbox.org then sends a message to the recipient containing the password but not the code. If you opted for the code, you transmit the code in secret to the recipient through some other channel. This protects against a malefactor compromising the recipient's email and thus accessing your secret message.

That approach isn't good enough, though, because Mailbox.org picks and knows the encryption key and the code. If they know the secrets then they can read the email. If they can read the email then bad actors can read the email. They are so close to doing it right that I wouldn't be surprised if they change to allow you to set your own code -- but for now they can read my messages so they aren't secure so they're out.

This brings us to, finally, the two services that appear to get it right: Tutanota and ProtonMail. Only these two services passed the technological tests for sending secure emails so I will compare them in detail starting with a chart. These show valuable features in my personal priority order with comparable details marked in green or red to show level of support; color saturation indicates importance to me.


TutanotaProtonMail
Multiple users/organizationYesNo ("early 2017")
ContactsEncryptedEncrypted
Catch-allYesNo
Used as clientNoNo
Two-factor authenticationNoOAuth
Open sourceYesYes
Own domainsYes, unlimitedYes, unlimited
Android AppGoodGood
Web AppGoodGood
Price12 euros per user per year48 dollars per user per year
Separate mailbox passwordNoYes
Group emailsYesYes
PGPNoCan receive, must encrypt yourself to send, can download key
AliasesUp to 5Up to 5
NotificationsSimpleAdvanced
Rich Text EditorOnly bold and italicYes
Sorting emailsRulesAdvanced Filters, Labels
Time-limited emailsNoYes
SignaturesYesYes
Keyboard shortcutsNoYes
Interface customizationA tiny bitA medium amount

In my opinion it is not obvious which of these two is superior, so my bottom line conclusion is that both Tutanota and ProtonMail are winners. In general ProtonMail tends to have more features, or more advanced features, but it costs more. For instance, Tutanota has some simple 'rules' for automatically routing emails to certain folders; while ProtonMail has an advanced 'filters' feature including labels.

Some features are clearly distinct. ProtonMail doesn't support catch-all which might be a deal-breaker for some people, and I myself do require catch-all, but I can get it it before the emails are forwarded to my secure mailbox.

For me, however, the essential feature is the first one listed: my email setup is for my family so I must have a way to organize multiple users with individual mailboxes. With ProtonMail a user with a custom domain can only set up himself with addresses, not other users. ProtonMail promises to implement this feature in early 2017, and right now it's late 2016, so maybe I will soon be re-evaluating my decision but for now I'm going to sign up for the premium Tutanota service. Future blog posts may chronicle my adventures in encrypted email.

Thursday, September 1, 2016

(608) 412-4895 is a spammer scammer

Got a robocall about "my insurance payment". I hung up. I just don't have time today.

Monday, April 18, 2016

Will The Circle Be Unbroken

On the floor underneath the window I sat with Dolly and I played
All the adults there were gathered because grandma had passed away
Outside the doorway, they met a stranger and they spoke with voices low
Then my mamma called out to me saying that it was time to go
And we all loaded in the car and my daddy told me to behave
But my mamma put her arms around me and she told me to be brave
After the service we went back home but I'd lost Dolly, she was gone
All my aunts and unclescried with me -- we all felt so alone
Then they gathered us children round them and they led us in a song
Words of joy that grandma taught them so that we could all be strong
Will the circle be unbroken by and by oh by and by
On the earth and in the ocean and in the sky oh in the sky

I was standing by the window on a cold and cloudy day
When I saw the hearse come rolling to carry my mamma away
So I said to the undertaker, undertaker please drive slow
For that body that you're hauling, oh I hate to see it go
Then I followed closed behind them tried to hold up and be brave
But I could not hide my sorrow when we laid her in her grave
I went back home but home home was lonesome missed my mom but she was gone
All my brothers, sisters crying, what a home so sad and alone
Then we gathered the children round us and we led them in a song
Words of joy that mom had taught us so that we could all be strong
Will the circle be unbroken by and by oh by and by
On the earth and in the ocean and in the sky oh in the sky

Now I'm staring out the window at the end of a sunny day
But I can see the clouds are gathering and they look grey
I feel ill but am I in danger? will I die soon? I don't know
But if today is my last day then I'm prepared to go
It's hard to swallow the cold reality that my vitality can't be saved
What will the tally be on my humanity when they lower me into a grave?
After the eulogies, after the pleasantries, when the sad goodbyes are done
Once my sons and daughters have cried for me then we can all go home
I hope they gather the children round them, and lead them in the song
Words of joy I passed down to them to keep them strong
Will the circle be unbroken by and by oh by and by
On the earth and in the ocean and in the sky oh in the sky

Sunday, March 6, 2016

The Ordinary Layout for the Ergodox EZ, a familiar and powerful layout

The Ordinary Layout, a familiar and powerful layout


I bought an Ergodox EZ keyboard and it's pretty sweet. With advanced keyboards like this users can reprogram how the keys behave -- what keystrokes are sent when buttons are pressed.

The default layout which the keyboard comes preprogrammed with was, in my opinion, a bit discombobulated. It was hard to understand and many keys were in locations that felt foreign to me. Working on my own layout, I put almost all the keys back in their ordinary positions. I call it The Ordinary Layout and full documentation is included with it over on Github.

Thursday, March 3, 2016

Ergodox EZ Keyboard Review

The Ergodox EZ is the newest and most accessible iteration of the Ergodox keyboard. Previously the keyboard was only available as a kit, requiring the purchaser to solder together the pieces and assemble the unit. The EZ is the end result of an Indiegogo campaign to take the open-source design and mass produce it -- or, if not quite mass produce it, at least deliver it as a single finished product.

The bottom line is that this is a wonderful keyboard. The short time I have spent with it has placed this input device above my previous favorite keyboards, the Fingerworks Touchstream and the Truly Ergonomic Keyboard.

Design


The EZ is split into two separate pieces with a large cluster of keys underneath each thumb plus a few extra buttons in the middle. This arrangement will look strange to people who use common keyboards, but to users of the Touchstream or TEK it will feel familiar.



For now, though, forget about the extra buttons and focus on the arrangement: the keys are arranged in columns instead of the staggered arrangement of common keyboards. Columnar layout is the essential feature of any keyboard that I will consider using, or which I would describe as ergonomic. Users of traditional keyboards think it's weird, but those users are wrong: columnar arrangement is the only way any keyboard should ever be designed. The Touchstream, TEK, and Ergodox keyboards all use columnar arrangements.

The worst part of the design of common keyboards, other than the staggered buttons, is that they assign all the important special keys to the weak pinky fingers, and assign the singleton spacebar to both of the strong, dextrous thumbs. The EZ largely corrects this by explicitly assigning a bunch of keys to the thumbs -- different keys for each thumb. Certainly at least the four big keys in the thumb areas are intended for touch typing with the thumbs, but also the buttons on the bottom row of the main button area. With my layout, I can touch type twelve buttons with my two thumbs.

Also, there are the four large extra buttons in the middle of the layout. Some EZ users have modifier keys there, but I put the extraneous symbol characters there (slashes and brackets). Whatever characters are put there, they increase the utility of the dextrous index fingers.

I love the key arrangement. I think it is close to perfect.

Build


One critique of the Ergodox kits was that the cases were often 3D-printed which resulted in a chintzy look and feel. No such problem exists with this keyboard. It feels solid, the manufacturing lines are clean, the plastic looks good.

The keyboard uses a standard mini-USB cable to connect to the computer, and a standard TRRS cable to connect the two halves. If one of the cables fails over time it can be replaced with an inexpensive commodity one. Compare this to the Fingerworks and TEK keyboards, which each used a hardwired USB cable. If that cable failed, you would have to discard the whole keyboard or resolder a new cable. The EZ has no such downside.

The EZ can be purchased with little legs which allow users to tilt the keyboard to any comfortable angle. I did not buy those so I can't review them. If I had to do it again, maybe I would buy them, but I feel comfortable with a flat keyboard.

The keyboard uses standard MX switches which are well known with a good reputation. I got the printed keycaps which means I got "DSA" caps, which all have an identical shape. I had no trouble getting used to the shape of the caps immediately.

Purchasers have a choice of keyswitches. I have two keyboards with brown and blue switches, but for the EZ I close clear switches. This is purely personal opinion, but I wish I'd stuck with brown, which require a little bit more pressure to push down. The clears are a bit flaccid for my immediate appreciation, but perhaps over time I will come to love them best. In any case, the switches work perfectly as intended, so there is no problem with their quality.

I consider the build quality to be very good.

Layout


The kind of person who is interested in a three-hundred dollar two-piece keyboard is also likely to be interested in modifying the layout of the keys. I sure was! I will detail my personal layout in another blog post, but let me say that the process of changing the layout was easy. There's a little piece of software to download, available for Linux and Mac and (also Windows, if you have Windows for some reason). I ran the software on both Mac and Linux. It worked fine with the caveat that on Linux you should run the software as root or else configure your environment to allow the software to have the permissions it needs. If you don't do that, it will just quietly ignore the EZ.

Anyone comfortable with git and a text editor can follow directions and have whatever layout they want.

The keyboard ships with an extra couple keycaps so that you can put blanks into places where printed caps previously were.

Because it is easily programmable, I give the EZ an A+ for layout, but I don't actually like the default layout very much at all. There didn't seem to be a coherent overall plan to where the keys went, but I changed mine to work exactly how I think it should.

Room for improvement


So I really love this keyboard but is it the last keyboard I can ever imagine wanting? Is it absolutely perfect? No. Here are my wishes for improvement:


  • Backlit keyboards are more useful than dark keyboards. I wish all keyboards were backlit with individual LEDs underneath each key.
  • Instead of a TRRS cable connecting the two halves it should be a USB cable because USB cables are easier to find than TRRS cables.
  • The EZ ships with sturdy, high-quality plastic cables. I agree with another review I saw which said braided cables would lend a classy feel to the whole product.
  • While we're talking about cables, I think it's awesome when keyboards sport a pair of USB ports too. We had that in the 1990s, why don't we have that anymore?
  • Many keyboards have an Escape key which is physically separated from the rest of the layout, usually way up and to the left of the top left of the main button area. The EZ lets you put Escape anywhere you want, and that's awesome, but where I want it to be in that far away place. I would also ship the keyboard with a bright red button for Escape.
  • Although they sent me two blank extra keycaps, I ended up needing four. I wish I had a couple extra blanks or had single-size keys with printed text for Home, End, Page Up, Page Down. Right now I have keycaps printed with brackets where my Page Up and Down keys are.
  • The default layout really leaves a lot to be desired. It has some innovative and useful features, but then falls flat in placement.


Conclusion


Like I said at the top, the bottom line is that this is a really good input device, instantly my favorite compared to the Truly Ergonomic Keyboard which I have been using recently. I like it so much at the office that I might buy a second one (with the tilt feet and brown switches) for home.

Recommended.