J a Bit

These days it is almost a common knowledge that J standing alone has a meaning of a smile. What you see as a J on the desktop suddenly becomes a letter J when viewed on (Android) phone. But why is that?

Answer lies in the dark times before the Unicode when only possibility to introduce new symbols was to actually swap some characters for them. It was quite a common practice to make fonts that consisted purely of symbols.

One of such fonts were Wingdings family. These fonts were then used in anything from Word to many custom programs. If your platform doesn’t support fonts or contains no Wingdings font (as Android), you would see symbols substituted for the letter characters.

Probably most commonly used in the emails are smiley symbols: J (J), K (K), and L (L). As Unicode became standard in communication, only smiley and frowny face survived. Other Wingdings characters remained just a curiosity and something you would get from Outlook users.

But maybe they will be coming back into fashion soon as Unicode 7.0 will contain most of them. Who knows, maybe even somebody makes an effort and J-weirdness becomes a history.

Getting a Visa

Three years ago I applied for US L1 visa. After getting all company paperwork in order, I had to fill DS-160 form before I could even come to the embassy.

Application process threw me down the memory lane since it required annoying precision when it came to education and previous work engagements. I usually know a year when most of important events in my life took place, for quite a few I even know a month. But this was probably first time in my life that anybody asked me about exact start date of my high school and college.

Then questionare took a stupid turn. I am sure that other country’s questionnaires are probably as dumb but I was surprised that anyone would include “Do you seek to engage in espionage, sabotage, export control violations, or any other illegal activity while in the United States?” as a question on their form. Maybe you could catch world’s-most-stupid-criminal this way but even that is probably farfetched idea. I would enjoy seeing statistics on this question. How many people ever answered yes?

Questions following that one were no better. I had to read most of them twice just to be sure I was not hallucinating and it took a super-human strength to answer them “no”. For example, one that asked about my involvement in genocide just begged for a description of my crimes toward pig population (hams, sausages, bacon; you name it, I did it). But alas I was a coward.

One explanation that I’ve heard about the purpose of these questions was that they allow legal system to stick Visa Application Fraud in addition to other convictions if you do naughty things you promised not to do. While this has a ring of truth to it, I personally find it silly at best.

After filling that again for my wife and for my kids I was ready for an interview process in the embassy…

This post is intended to be a light read and hopefully draw a few smiles here or there. Don’t take anything you read too seriously. It is intentionally overly generalized, takes into account only my personal experience, information might be stale, and I won’t be above lying for the comedy effect. Be warned!

Curious USA

I am a fairly new to States, just counting my third year as a resident. I have only ever lived in the Virginia and the Washington state and traveled through another fifteen or so. My experience is not only incomplete but heavily skewed toward north. Even worse, it is limited only to small towns with big IT companies around.

Historically I come from quite a small town within even a smaller country (Osijek, Croatia). I have traveled decent amount but almost always within Europe. In other words I have really limited experience of other countries and their customs.

Maybe it is all those factors together or maybe it is my confused person, but I found living in the USA full of interesting peculiarities and customs. Since most of my wonder happened at the very beginning of my life in USA I caught myself forgetting some details and even outright understanding a thing or two.

Since I will be on blog hiatus for a next few weeks as far as technical content goes, I might as well write some overly generalized easy going opinions. I plan to keep it light and hopefully readable.

Death of the Desktop Mapping

After a long time Microsoft is discontinuing its MapPoint and Streets and Trips offerings. On one side I didn’t expect this move - I even recommended using MapPoint to a friend just a few weeks ago. But I cannot say it was really a surprise. Considering its overlap with the Bing maps it probably had a good stretch.

I cannot say anything about Streets and Trips since I really haven’t used them although I know few people who swear by it. MapPoint is completely different story and a program I will miss a lot. Well, not really the program - I will miss its API.

MapPoint as a mapping program was quite humble. Not too bad albeit not really any better than all other offerings. I must confess that I rarely used it to search anything - for that web-based maps are God-given. But I did adore option of using MapPoint as cheap local Bing/Google maps alternative. It had it all: search for coordinates, conversion from coordinates to address, map image… It was a perfect tool for quick one-time mapping work. You buy it and do whatever you want to it on your local computer (or server) and, unless you need newer maps, there is no additional expense.

Its replacement, Bing maps, might be better but it does come at the cost. Licensing for Bing maps is ridiculously difficult and costly. For just a basic mapping application you are looking at steady monthly expense that can easily get into thousands of dollars. Compared to one-time cost of $400 for MapPoint, price hike is definitely noticeable.

Yes, Bing maps has a free offering for small project doing under 125,000 transactions but only if you are not using GPS functionality and you plan to create a Windows Store App. As soon as you utter Desktop usage, you are looking at the death by a thousand cuts.

Big business will probably live with this change just fine. They haven’t used MapPoint to start with and cost of Bing maps license is cheap enough for them. Small independent software developers will be affected the most with this change and there is no full replacement for MapPoint.

While there are some alternatives on the web, MapPoint was an unique flower that worked just fine without an internet connection. It will be missed.

No New Post Here

I had the every intention of writing April Fools’ post here. But then I noticed a prank that was so much better than what I have planned.

Source of History

If anything, Microsoft likes to keep its source code well hidden from a public view, even to the level of reading other people mail while mocking Google’s privacy policy (the pot calling the kettle black :)).

So it came as a surprise that Microsoft released MS-DOS 1.1 and 2.0 together with Word 1.1a source code to the The Computer History Museum. While these sources are far enough in past to be completely useless for anything competitive, I find them a precious part of history and very well worth checking.

MS-DOS source is particularly dear to my heart because it shows just how much functionality can be fitted in just 28 KB. Assembly code is quite annoying to follow (things tend to look a bit ugly when optimized) but it is well worth reading because of the comments. Not only they will help you understand code but, if you are old enough to have any DOS experience, they will also bring you on a memory lane stroll.

Since I was a stubborn WordPerfect fan at the time of Word 1.1a, its source didn’t evoke same level of emotions in me. But I definitely found some parts amusing to see. Especially document titled 86fun.doc that lists some facts only programmer can think of as a fun.

I find both programs miniatures well worth checking and remembering. Thanks Microsoft!

In the Year 2013

As always, first post of a year is reserved for a bit of statistics.

This year I have slowed-down posting a bit with only 74 posts since January. As usual 40% of posts is programming related, followed by 25% of Windows posts. Rest is such a mishmash of everything that I wont even go into analyzing it.

Traffic-wise it was a fantastic year - another 25% increase is greatly appreciated. Unfortunately huge 66% of traffic comes from places unknown so it is really doubtful whether it is even worth tracking this. Assuming same distribution of unknown locations as ones that were recognized, USA leads with 60% of visits. After that there is 20% visits from Germany and 15% from India. Other 216 countries cover the rest.

Google Chrome leads the pack with 40% visitors. Next one is Internet Explorer with 25% followed closely by Firefox. All other browsers are in traces. Mostly users came with desktop browsers (more than 95%).

Vast majority of search traffic to blog came in search for Windows 8.1 product key, probably because of my Installing Windows 8.1 (or 8) without a product key post. Another huge chunk were ones searching for VHD Attach and MagiWOL.

Pingdom claims 99.93% uptime (6h down) which is definitely helped by CloudFlare. While free CloudFlare account is not a perfect solution, it is definitely helping with site’s speed. For next year I will need to think of some other improvements.

And that’s all folks!

Installing KitKat on Nexus 4 From a Factory Image.

Nexus 4 owners are a bit itchy these days. KitKat is out but nobody got it as an update yet. However, we are step closer to that since Google posted official factory images. If you are prepared to lose all your data, you might as well update OS yourself. I will describe this procedure on Windows and on non-developer’s computer.

NOTE: THIS PROCEDURE WILL DELETE ALL THE CONTENT ON YOUR PHONE.

We’ll definitely need to download Google’s USB drivers. Once you download and unpack the archive, you’ll need to go to Device Manager and find your Nexus device with an exclamation point next to its name. Right-click, Update Driver Software, and select location where you unpacked the driver zip file. Your device should then be named Android ADB Interface.

And we definitelly need ADB and Fastboot tools. While we can get them in Google SDK, I found that Minimal ADB and Fastboot works nicely and it is less fuss to install on a non-developer computer. Just execute installation and do standard Next, Next, Finish dance routine.

Last, but not the least, we need factory image itself. Once downloaded, I usually just unpack it in same directory as Minimal ADB and Fastboot (C:\Program Files (x86)\Minimal ADB and Fastboot on my computer) to avoid setting up the paths (yep, pure laziness).

Next order of business is enabling USB debugging. This means going to Settings, About phone and clicking Build Number 7 times. Your Nexus 4 will pronounce you a developer and you will get additional Developer options in Settings. There you must turn on USB debugging. As soon as that is done, device will ask you for confirmation.

Once allowed, we can go start Minimal ADB and Fastboot command line (or just reuse one automatically started after setup). There we will first check whether device is visible:

adb devices
 * daemon not running. starting it now on port 5037 *
 * daemon started successfully *
 List of devices attached
 04caa50d9f0c7784        device

Assuming device is visible, we’ll reboot into bootloader:

adb reboot-bootloader

Device will go down and you will be presented with a nice screen that probably says LOCK STATE - locked in the last line. We can change that with a simple unlock command:

fastboot oem unlock
...
OKAY [ 30.008s]
finished. total time: 30.009s

Moment of truth is upon us. Now we run update itself:

flash-all.bat
 sending 'bootloader' (2203 KB)...
 OKAY [  0.072s]
 writing 'bootloader'...
 OKAY [  0.333s]
 finished. total time: 0.409s
 rebooting into bootloader...
 OKAY [  0.003s]
 finished. total time: 0.005s
 < waiting for device >
 sending 'radio' (45537 KB)...
 OKAY [  1.437s]
 writing 'radio'...
 OKAY [  2.578s]
 finished. total time: 4.018s
 rebooting into bootloader...
 OKAY [  0.002s]
 finished. total time: 0.003s
 < waiting for device >
 archive does not contain 'boot.sig'
 archive does not contain 'recovery.sig'
 archive does not contain 'system.sig'
 --------------------------------------------
 Bootloader Version...: MAKOZ30d
 Baseband Version.....: M9615A-CEFWMAZM-2.0.1700.97
 Serial Number........: 04caa50d9f0c7784
 --------------------------------------------
 checking product...
 OKAY [  0.002s]
 checking version-bootloader...
 OKAY [  0.003s]
 checking version-baseband...
 OKAY [  0.002s]
 sending 'boot' (6336 KB)...
 OKAY [  0.202s]
 writing 'boot'...
 OKAY [  0.365s]
 sending 'recovery' (6884 KB)...
 OKAY [  0.238s]
 writing 'recovery'...
 OKAY [  0.411s]
 erasing 'system'...
 OKAY [  0.568s]
 sending 'system' (700500 KB)...
 OKAY [ 22.124s]
 writing 'system'...
 OKAY [ 42.031s]
 erasing 'userdata'...
 OKAY [  0.810s]
 formatting 'userdata' partition...
 Creating filesystem with parameters:
     Size: 14129561600
     Block size: 4096
     Blocks per group: 32768
     Inodes per group: 8144
     Inode size: 256
     Journal blocks: 32768
     Label:
     Blocks: 3449600
     Block groups: 106
     Reserved block group size: 847
 Created filesystem with 11/863264 inodes and 95427/3449600 blocks
 sending 'userdata' (137438 KB)...
 writing 'userdata'...
 OKAY [ 12.716s]
 erasing 'cache'...
 OKAY [  0.043s]
 formatting 'cache' partition...
 Creating filesystem with parameters:
     Size: 587202560
     Block size: 4096
     Blocks per group: 32768
     Inodes per group: 7168
     Inode size: 256
     Journal blocks: 2240
     Label:
     Blocks: 143360
     Block groups: 5
     Reserved block group size: 39
 Created filesystem with 11/35840 inodes and 4616/143360 blocks
 sending 'cache' (10984 KB)...
 writing 'cache'...
 OKAY [  1.042s]
 rebooting...

 finished. total time: 80.594s
 Press any key to exit...

Congratulations! Your device is a KitKat.

After this I prefer to make myself a developer and enable USB debugging once more. In a new Minimal ADB and Fastboot command line (because flash-all batch closed our last one), reboot to bootloader and lock it again:

adb reboot-bootloader

fastboot oem lock
 ...
 OKAY [  0.010s]
 finished. total time: 0.011s

Simple power button press later and our device is exactly where we started; minus lost data and plus an android version.

Rolling Your Own

Probably every programmer had a phase when he started to develop his own encryption algorithm. It was probably early in his professional life when he learnt about XOR and the magic it does. Most programmers soon after realize that they are not cryptographers and that their algorithm is shitty at the best. Those who don’t usually work on DRM later (and those things are never broken, are they?)

Professional programmers know that any person can invent a security system so clever that she or he can’t think of how to break it. They heavily rely on a published standards and make their applications work accordingly. Cryptographers take care of encryption algorithms, programmers take care of implementation part and the world is a more secure place.

But it makes me wonder, are we approaching this all wrong? In a spy-happy world where NSA seems to influence security standards and where bulk decryption seems to be a reality, I would argue that own encryption has some benefits.

Since bulk collection relies on all data being in similar format, anything you can do to foil this actually makes you invisible. Let’s assume that AES is broken (don’t worry; it is not). Anyone relying on standard AES would be affected. But if some wise-ass just did XOR with 0xAA there is high probability that his data would skip the collection.

Mind you stupid encryption is still stupid. And if you are targeted by NSA there is high probability that they will get the data regardless of what you do. If you are using some homegrown encryption, it will be broken. However, they will be unable to take this data in an automatic manner. Enough people doing this would mean they need to dedicate human resources for every shitty algorithm out there. And you are probably not important enough to warrant such attention.

Probably smarter choice would be using two encryption algorithms, back to back. You can use Rijndael to encrpyt data once, then use another key (maybe derived via Tiger) with a Twofish. I am quite comfortable saying that this encryption will not be broken by any automatic means. System might have huge gaping holes, but it will require human to find them.

Of course, once you start doing your “twist” on encryption method you suddenly become completely incompatible with all other “twists” out there. Implementations will become slower (yep, double encrypting stuff costs). Implementing two encryption algorithms will not really protect you against targeted attach where e.g. trojan can get used to steal your password and circumvent all that encryption. Nobody will bother to do cryptoanalysis on your exact combination so you are pretty much flying in the dark. And probably another bad thing or two I forgot.

However, there is something attractive in rolling your own encryption using standardized cipher blocks for data you deem important (e.g. password storage). Not only that it is an interesting defense but it also gives you an enjoyment of doing something you know you shouldn’t.

PS: Never take cryptography advice from a random guy on the Internet.

No More Triple-double

After seven years of www.medo64.com I decided to follow fashion and drop www. I was pleasantly surprised how easy it was.

Since these pages are WordPress-based, first step was simply changing WordPress and Site address. Since I do want all www.medo64.com requests to be redirected, I decided to adjust .htaccess file. For any request with domain other than current one, it will do simple redirect:

RewriteCond %{HTTP_HOST} !^jmedved\.com$ [NC]
RewriteRule ^(.*)$ http://jmedved.com%{REQUEST_URI} [R=301,L]

And that was it. Frankly, I am still shocked how easy everything went.

[2013-08-18: I went back to www.medo64.com; it just looks better to me.]