Operation: Crappy Sewing Machine commences

This weekend, I went to a bra-making workshop and won a sewing machine in a raffle. It isn’t really crappy, but I spent a couple of hours un-jamming it, so I’m bitter.

The interesting thing about this machine is that it has a built-in camera, so you can take photos and video of exactly what you’re sewing and see them on the app. You can also buy new stitches from your phone and transfer them to your machine, so I started getting curious: what protocol is my sewing machine using? Could I write my own client?

I took a look at the manual, but there was nothing more technical than how to install the app in there. I checked the website, no other documentation there. I debated contacting customer service, but if I liked talking to people I wouldn’t be a programmer, so I fired up Wireshark and took a look at the network. I’m not too proficient with Wireshark, though, so I couldn’t figure out how to make it capture anything useful.

After a couple hours of fighting with it, I gave in and emailed customer support. I figured maybe they’d just forward me to a developer who would be happy to tell me about their protocol. Nope:

As far as the communication from the sewing machine to the app goes, I don’t know all the nuts and bolts but I do know it is proprietary information and is one of the features that makes the Spiegel 60609 so unique!

Bleh.

I realized that it would probably be easier for me to decompile the app, rather than sniffing the network, so I downloaded the APK using a sketchy service (I’m not sure if this is the best one out there, but it’s the least-offensive one I found) and undexed it using dex2jar:

$ chmod +x *.sh
$ ./d2j-dex2jar.sh path/to/Spiegel Social Sewing App_v1.0.4_apkpure.com.apk
dex2jar ../sewing-machine/Spiegel Social Sewing App_v1.0.4_apkpure.com.apk -> ./Spiegel Social Sewing App_v1.0.4_apkpure.com-dex2jar.jar

I opened it up in Intellij and boom, source code. Unfortunately, Intellij’s built-in decompiler choked on the one most interesting class (com.spiegel.android.spiegel.app.ui.settings.SpiegelMachineFacadeImpl). I tried to debug why (it could open every other .class file), but realized it would probably be easier to try another decompiler. I fired up JD-Gui and out popped the source!

Screen Shot 2016-04-12 at 9.13.51 PM

Turned out my sewing machine is running a PHP server, which is easy enough to communicate with. I think there are ~20 of these machines in the wild, so this is unlikely to be of any use to anyone, ever, but I look forward to writing my own client.

Here’s a video from it of it jamming the first time I attempted to use it:

The Joy of Programming

Last weekend I volunteered at Black Girls Code, an organization that encourages black girls to enter STEM fields. I was a teaching assistant for the “Build a Webpage in a Day” workshop, which basically covered some HTML and a tiny bit of CSS.

The problem is, HTML isn’t very interesting. After a few hours some of the girls started complaining about how this was boring and one told me, “I thought we’d be making games.” Nope, you’re formatting documents for six hours, enjoy.

HTML is also a terrible first language because it has all sorts of weird quirks. We were using Thimble so the girls could code on one side and see the results on the other, which is pretty cool. However, imagine that you’ve gone to this site and you’re seeing HTML for the first time:

Mozilla Thimble

Okay, now ignore the first line, that’s way too deep for us to get into. Now everything in the <html> tags is your webpage. Except the <head> isn’t actually displayed on your page. Except for the <title>, which isn’t a title on your page, it’s a title for your page. Then you see how the end tags have this extra, easily-missable, “/” character? That “closes” the tag. Got all that?

There were two groups and I was working with the younger one, 30 kids age 7-10, most of whom had to learn copy/paste and where and how to type the <, >, and / keys. Repeatedly. I didn’t mind, but boy did the kids get frustrated trying to type < and > and looking up a few seconds later to see “,” and “.”.

Most of the girls seemed to be most excited about showing their families what they had done after the event. To actually have a webpage to show, the girls had to log into Thimble and hit the “Publish” button. The head teachers told everyone to use IE, but they hadn’t actually run through the curriculum beforehand and so they didn’t realize that Thimble doesn’t let you log in from IE.

So all of the girls spent hours working on a webpage before I tried logging one in. I let the teacher know about the problem and then she tried to explain to 30 7-10-year-olds that they had to open another browser and cut-and-paste their work into it. Many of them ended up getting really frustrated, confused about which browser they had open, and never ended up logging in at all. At the end of the day, one of the girls on her way out was begging me to add one more thing to her webpage so it would look impressive when she showed her folks later. After she was gone, I went over to her computer and she wasn’t logged in. She had no webpage to show her folks at all.

If it was my workshop…

If I had to redesign this, I would have started with JavaScript. You can get a “web app” started in three lines:


alert("Hello, world")

It’s not actually correct HTML, but it gives you immediate feedback and you can start playing with it. And I got the distinct impression that these girls wanted something to play with.

To create a webpage they could show their folks and use later, I’d have the kids install Dropbox. Then they could save files to the Dropbox folder and Dropbox would serve them.

And I’d run through the curriculum before I taught the course.

Summer Reading Blogroll

What are some good ops blogs? Server Density does a nice weekly roundup of sys admin posts, but that’s about all I’ve found. So, anyone know any other good resources? The more basic the better.

In exchange, here are my top-10 “I’m totally doing something productive and learning something new” blogs:

Programming

Daniel Lemire’s Blog
Articles on databases and general musing on CS and higher education.
Embedded in Academia
Everything you ever wanted to know about debugging compilers.
Preshing on Programming
Bring-a-tent-length articles about advanced programming concepts.
Sutter’s Mill
C++ puzzlers.

Security

Schneier on Security
The best general security blog I’ve found.

Science!

How to Spot a Psychopath
General science Q&A, as well as justification for why every household needs 1kg of tungsten, 10,000 LEDs, and temperature-sensitive polymer.
In the Pipeline
A professional chemist’s blog. Sometimes way over my head, but generally pretty interesting.

10gen

On a less technical note, many of my coworkers write excellent blogs, here are two:

Max Schireson’s Blog
10gen’s president, writes about running a company and working at startups.
Meghan Gill’s Blog
10gen’s earliest non-technical hire, who deserves the credit for a lot of MongoDB’s success. Her blog is a really interesting and informative look at what marketing people do.

Whoops, that’s only nine. For the tenth, please leave a link to your favorite tech blog below so I can check it out!

Also, I artificially kept this list short, but there are ton of terrific blogs I read that didn’t get a mention. If you’re a coworker or a MongoDB Master, I probably subscribe to your blog and I’m really sorry if I didn’t mention it above!

10 Kindle Apps for the Non-Existent Developer API

The Kindle should have a developer API. Ereaders could be revolutionizing the way people read, but right now they’re like paperbacks without the nice book smell.

I’ve heard a lot of people say, “the Kindle isn’t powerful enough for apps.” Poppycock. I’m not talking about using it to play Angry Birds, I’m talking about stuff a calculator could zoom though and would actually improve the reading experience.

So I present 10 apps that would be super-useful, require few resources, and (in some cases) increase profits:

  1. A “more content” button for magazines. If I’m reading a good magazine, I’d love to be able to get $10 more of content when I’m done. It’d be like giving a rat a lever that dispenses pellets. Yum, reading pellets.
  2. Renaming books. Apparently my workflow is defective, because I’ll often end up with 6 titles named “Imported PDF”, and there is no way to distinguish the one I want other than opening each PDF until I find it. If I could just rename the damn things…
  3. Support for other organizational schemes. Some people like tags (like whoever wrote Gmail, apparently) and everyone else likes hierarchical folders. I hate tags, I want things neatly tucked away in Sci Fi/Nebula Awards/Short Stories, not a franken-tag like “Sci Fi – Nebula Awards – Short Stories” (okay, it’s equivalent, but I hate tags).
  4. In technical books, how often is there a diagram that you keep flipping back and forth to for the next 10 to 15 pages? It would be nice to be able to “pin” it to the top of the screen as you read all of the text related to the diagram.
  5. Goodreads integration. When I finish a book, I want to rate it and have it automatically added to my “read” shelf in at Goodreads.
  6. Related to above: recommendations when I finish a book and rate it. If I just rated it five stars, show me other books people who loved this book liked. If I rated it one star, show me books people who hated this book liked.
  7. Related to above (again): list my Amazon recommendations inline with my list of books. This would be a money-spinner for them, I think, because Amazon’s recommendation engine is freakishly accurate (except when it gets thrown out of whack by holiday shopping). If I was looking at my Kindle and saw a list of books I really wanted to read a click away… well, I’d be much poorer.
  8. Make looking up words plugable to different search engines (Wikipedia, Urban Dictionary, D&D Compendium, etc). I was recently reading “Crime and Punishment” and came across the term “yellow ticket.” The built-in dictionary knew what “yellow” was, and it knew what “ticket” was, but that didn’t help a whole lot (answer: an id given to Russian prostitutes).
  9. Update support. Technical books especially can benefit from this: O’Reilly has been working to do multiple quick releases of ebooks so that they can be updated as the technology changes. Imagine if you’re opening up your well-thumbed copy of Scaling MongoDB and a dialog pops up: “Version 1.2 of Scaling MongoDB is available, covering changes in MongoDB 2.2. Would you like to download? [Yes/No]”. However, the support just isn’t there on the device side. (And a new version of Scaling MongoDB isn’t available yet, sorry.)
  10. Metrics. As an author, I would love to know how long it took someone to read a page, how many times they came back to it, and when they put the book down and went to do something else. Authors have never been able to get this level of feedback before and I think it would revolutionize writing. Basic user tracking would be amazing.

I’m not sure why Amazon doesn’t have a dev API, but I’d imagine that part of the reason is that most publishers would not like it. However, I think Amazon is big enough to crush them into submission. I hope that they will hurry up and do so.

If anyone has any ideas on how to get Amazon to implement a developer API, please comment!

P.S. I know about the API here, but that’s essentially for Angry-Birds-type apps. I’m looking for an API that lets you mess with the reader.

Debugging Sexism

Photo by Steven Fettig, some rights reserved

The word of the day is sexism: Shanley Kane tweeted the CTO of Geekli.st, asking them to take down a video of a woman in a Geekli.st top and underwear dancing around. The subsequent tweets were captured in a long Storify and Geekli.st subsequently issued a public apology.

The interesting thing about this, to me, is how often well-meaning geeks react badly when someone says that they did something sexist, racist, homophobic, etc.

Let’s say someone says to you, in a public forum, “This thing you did is sexist.” What should you do?

First, if your immediate reaction is to say, “No it’s not!” don’t give in to your immediate reaction. That seems to be what most people start off with and it doesn’t help anything.

The reason you’re probably so eager to say it’s not sexist is because you’re not sexist. (Let’s assume, if you’re reading this blog, that you are correct: you are not sexist.)

So, if you aren’t sexist, why can’t you flat-out say “You are wrong”? Well, for starters, just because you’re not sexist doesn’t mean you never do anything sexist. Besides, they’re saying “This thing you did is sexist” but what they mean is “I feel this thing you did is sexist.” And even if you’re Simone de Beauvoir and Margaret Atwood and Buffy the Vampire Slayer rolled into one, you cannot tell them their feelings are wrong (well, you can, but you’ll look like an ass). What should you do, then?

You should try to make them feel better and try to avoid hurting them in the future.

  • Step 1: try to make them feel better. The best way to do this is through an apology. A real one, not an “I’m sorry this offended you”-type apology. A better choice: “I’m sorry that I did that.” Now follow up with, “What can I do to make this better?”
  • Step 2: try to avoid hurting them in the future. Obviously, everyone makes mistakes. You can’t never make one again, even if you and your company were publicly humiliated the first time around. The important thing is to try to learn from it. Google around and read about the issues women and minorities are concerned about in geek culture. Even if you don’t agree with everything everyone writes (I certainly don’t), you will at least know what the issues are.

If someone tells you they’re offended, you should take that seriously. If they’re speaking up, there are probably many others who are silently offended.

Lorenz University: I can has degree?

Click on the image to see the original (full size) version in a new window. Big thanks to Wondermark for allowing people to post their comics!

Misadventures in HR (an hilarious blog about… HR) mentioned Lorenz University, a degree mill. I’d never heard of a degree mill before, so I wanted to see how legit it looked from a computer scientist’s point of view.

whois

Every site on the internet has to register contact information the king of the internet, so you can see who’s behind a website. Anyone can look up this info by running “whois domain” on their computer. For example, here are some legit universities’ info:

$ whois nyu.edu
Registrant:
   New York University
   ITS Communications Operations Services
   7 East 12th Street, 5th Floor
   New York, NY 10003
   UNITED STATES
$ whois mit.edu
Registrant:
   Massachusetts Institute of Technology
   Cambridge, MA 02139
   UNITED STATES
$ whois ufl.edu
Registrant:
   University of Florida
   Computing and Network Services
   Space Sciences Research Building
   Gainesville, FL 32611-2050
   UNITED STATES

Most businesses, higher learning institutions, and pretty much any large, legitimate site has their actual address listed there. What does Lorenz U have?

$ whois lorenzuniversity.com
Registrant:
   Domains by Proxy, Inc.
   DomainsByProxy.com
   15111 N. Hayden Rd., Ste 160, PMB 353
   Scottsdale, Arizona 85260
   United States

Domains by Proxy is a service where you can pay them to keep your contact info a secret. It’s good for privacy, but it’s a bit unusual for a university.

Also, protip: most universities are not .com addresses.

Accreditation

At first glance, Lorenz University seem to have some good proof that they’re a valid, accredited institution:

Lorenz University holds valid accreditation from reputable accrediting agencies including IAAFOE and ACTDE. These agencies have clearly mentioned on their official websites that Lorenz University is fully approved by their evaluation committee.

But wait, I’ve never heard of the IAAFOE or the ACTDE. A quick Google search turns up the International Accreditation Association for Online Eduction and the Accreditation Council for Distance Education.

Okay, Lorenz University is accredited by someone, but let’s take a look at who.

$ whois iaafoe.org
Registrant Name:Registration Private
Registrant Organization:Domains by Proxy, Inc.
Registrant Street1:DomainsByProxy.com
Registrant Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Registrant Street3:
Registrant City:Scottsdale
Registrant State/Province:Arizona
Registrant Postal Code:85260
Registrant Country:US

Huh, Domains by Proxy. Again.

$ whois actde.org
Registrant Name:Registration Private
Registrant Organization:Domains by Proxy, Inc.
Registrant Street1:DomainsByProxy.com
Registrant Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Registrant Street3:
Registrant City:Scottsdale
Registrant State/Province:Arizona
Registrant Postal Code:85260
Registrant Country:US

And again! What are the chances?!

Now, let’s take a closer look at these accreditation sites. I used wget to download the entirety of both sites (somehow, I had the feeling that they wouldn’t be that big). Indeed, one site was 10 files and the other was 11:

$ wget -r http://iaafoe.org/
$ wget -r http://actde.org/

Looking at these files, we can see certain similarities:

$ ls actde.org/
ACTDE  CSS  index.asp  index.html  PDF  robots.txt
$ ls iaafoe.org/
IAAFOE  index.asp  index.html  PDF  robots.txt
$ 
$ # is robots.txt non-trivial?
$ wc -l iaafoe.org/robots.txt
30 iaafoe.org/robots.txt
$  diff -s iaafoe.org/robots.txt actde.org/robots.txt 
Files iaafoe.org/robots.txt and actde.org/robots.txt are identical

Also, there’s a funny “Members Login” link on the ACTDE site that—whoops—isn’t actually a link. How hard is it to make a login page that doesn’t log anyone in?

Conclusion

Lorenz University seems to have “accredited” themselves by creating two accreditation websites, and are trying to take advantage of people who think this will help them get a job.

What I’m really curious about is if they’ll accredit other bullshit. The accreditation sites seem to be non-interactive, and don’t have any way of taking money.

P.S. As long as I’m just picking on them… Lorenz University also bought the site lorenzuniversityscam.com, to defend against people calling them a scam. The scam site has a link, “Click here[sic] to visit the official website of Lorenz University and find out all the details about Lorenz University and the application process to get an accredited degrees.” They misspelled “university” in a link to their own site.

Edit: the

Wireless dongle review

A dongle is a USB thingy (as you can see, I’m very qualified in this area) that lets you connect your computer to the internet wherever you go. It uses the same type of connection your cellphone data plan uses (3G or 4G).

A few months ago, Clear asked if they could send me a free sample dongle, as I am such a prestigious tech blogger. And I, being a sucker for free things (take note marketers) agreed to try out their dongle. And I have to say, it’s been pretty cool having free wifi wherever I go. The good bits:

  • It is very handy, especially when traveling. Waiting for hours in cold, smelly terminals become much more bearable. If I traveled more, I’d definitely get my own dongle (or try to get work to get one for me).
  • I could use the dongle on multiple laptops. I was worried about this, it seems like a lot of companies grub for money by binding devices like this to a single machine so you have to buy one for each computer you have (and who has just one computer?). It only supported Mac and Windows, though, so minor ding for that.
  • Andrew and I watched Law and Order (Netflix) using it and there was no noticeable difference in quality from our landline. I didn’t do a proper speed test, partly because I’m lazy and partly because I didn’t care. (If you know me IRL and want to do one, let me know and I’ll lend the dongle to you.)

But… there aren’t a whole lot of places I go where I don’t have free wifi already. Almost all of the coffeeshops and bookstores (and even bars) I go to already advertise free wifi. I used the dongle maybe once a week. I’ll miss it when my free trial runs out, but I won’t miss it $55-per-month-worth.

Also, I should be able to get the same sort of behavior by tethering my cellphone–if Sprint didn’t cripple their cellphones to prevent you from tethering. I actually don’t like having a phone, period, so when my contract runs out I’ll probably get a phone with just a data plan and a less douchey carrier.

So, my conclusions are: it’s super handy, but my cellphone should really be able to serve the same function. But that’s just me, and it is really cool being able to go online anywhere.