HP Ink

I guess I could format this post in a "Cheers and Jeers" style, but that seems a little clichéd. See I was replacing the ink cartridge in my HP J5780 printer (which is a fine unit, I might add). So on the one hand I was miffed that the "starter" ink cartridge was so tiny. But to my surprise I discovered that the replacement cartridge came with a prepaid return envelope for sending the empty cartridge back to HP.

Recycling cartridges isn't anything new. Office stores have been doing that for a long time. They refill them with ink and sell them to you again (at outrageous prices). But what is impressive is that HP took a step to make it so darn easy. I'll shamefully admit that I've never recycled my cartridges before because I just never remember. I rarely go to office stores and even then I never remember to take the empties. So they just end up in the trash, which isn't good. This obviously is better.

The one question I have though is whether shipping this cartridge to Nashville, Tennessee is better for the environment than either A) sending it to the local landfill or B) dropping it off at the local Staples and sending a whole bunch of cartridges to Nashville. I imagine B is more efficient, but I'm not sure about A. But since I lack the resources and/or willpower to research it, I'll just send off this old cartridge in this handy dandy green envelope and assume that I'm helping the planet. Helps me sleep better at night, you know.


VoIP QoS With Wondershaper

Hans and I were discussing QoS the other day, specifically regarding using Wondershaper from the LARTC. I had managed to mess mine up and I subsequently noticed a horrible turn for the worse in my VoIP calls. Wondershaper has to be adapted for use by OpenWRT and in the process I misspelled sch_ingress.o as sch_insmod.o. Too much insmodding that day, I think. The net effect was that download speeds were not shaped at all.

Once I got it corrected, I decided to do a few tests just to confirm that using Wondershaper actually made a difference. I'll cut to the chase for the lazy: it did. I made 45 second calls to music on hold from my softphone, Twinkle. In the background I had Wireshark running. I used the RTP analyzer in Wireshark to look at the statistics after all was said and done. I used both versions of Wondershaper, the CBQ and HTB. I had a single download running the whole time eating up all spare bandwidth.

With no shaping: 4.4% loss (95 packets), 60ms jitter
With CBQ Wondershaper: 0.2% loss (5 packets), 35ms jitter
With HTB Wondershaper: 0.3% loss (6 packets), 28ms jitter

So my unscientific conclusion is that both versions of Wondershaper work about the same and they both make a huge difference. I could easily hear the packet loss on the first call, but not so much on the other two calls.


More On Net Neutrality

Another great opinion on Net Neutrality which closely (if not exactly) mirrors my own. For those too lazy to go and read for themselves, here's a quick snippet.

We need policy to help cut a path for more competition, rather than protecting incumbents -- a Bandwidth Competition Act of 2008, not bogus net neutrality. All takers should be allowed access to poles or underground conduits. This is where neutrality should be enforced, instead of being a choke point.

As I've long said, a government bureaucracy isn't going to solve the problem. It's going to create less incentive for Internet companies (like mine, full disclosure) to even toss their hat in the ring. Try forming your own telephone system and you'll know what I mean. The rules are ridiculously complicated and it takes an army of lawyers to sort through them. Please please please don't turn the Internet into the phone system.


Taste Test: Maple Syrup

For Christmas my aunt and uncle, with help from my sister, sent me a bunch of assorted items they picked up around town. One thing my sister picked up was a bottle of 100% maple syrup from Trader Joe's (which we don't have around here). I've been wanting to buy some real maple syrup for a while but thus far my wife has balked at the price which is at least 4 times as much as the corn syrup + artificial flavoring kind. The question then has to be, is the flavor worth the added cost? Naturally, a test test was in order.

Since flavors from pancakes, french toast, etc. can add to or mask the flavor of the syrup I decided to taste them on a spoon. I had about a teaspoon of each. Due to a risk of spilling the viscous liquid, I wasn't able to randomize the spoons but in the end it didn't matter much. The difference was readily apparent.

The artificially flavored syrup, this one from Great Value (Walmart store brand), was sweet and had a nice round flavor. I suppose I would describe it as maple although to that point in my life I had never tasted real maple flavoring. The Trader Joe's syrup, on the other hand, had an extremely rich set of flavors. There was not just one. There were a hundred flavors hitting my mouth at the same time. It was quite pleasant. It didn't seem quite so sweet. That's probably due to the corn syrup in the artificial syrup. It had some vanilla flavors, even some coffee flavors. The range was just extraordinary.

It's going to be difficult (to say the least) to go back to the plain stuff. I'm not sure how or if I can do it. This real stuff was, well, really good.


Lookit That Snow Fly! or Global Warming?

Over the last week here in Idaho Falls we've received a lot of snow. I'm too lazy to track down official numbers, but I know there's about 18" of snow on the table in my backyard. That's an accumulation over the last 3 weeks or so. It's been great since we need the water. My one concern of course is that the spring will warm up too quickly and we'll have floods and avalanches.

That all brings to mind something that's been bugging me for the last year or more. Every now and again I'll hear somebody mention "sure is hot today. Must be the global warming," or "see how cold it is? Global warming must be a fraud." Well you know what? Just stop it. Stop it, stop it, stop it.

Global warming is not marked by a particularly hot day in the summer nor by an especially cold day in the winter. As the earth gradually warms, there will be plenty of each. It's all about the averages, baby. According to the latest IPCC report, global temperatures will rise by 1 to 6 degrees C over the next 90 years. 90 years! Humans just aren't geared to that sort of sensitivity. The earth is, of course, but that's getting away from my original point.

And that point is that just because it's hot today doesn't mean global warming is trying to kill you. And just because my son's school was canceled today due to snow, doesn't mean global warming isn't happening. Both will continue to happen, albeit with slightly different frequencies.



My bud Hans and I tonight tested out encrypted VoIP with ZRTP. I noticed a while back that Twinkle supports it and have wanted to test it out, but none of my desk phones support ZRTP.

It was fun. When the call terminated, Twinkle displayed a cute message about verifying the SAS (short authentication string). It was 4 character (hprj, if you're curious) that represented our encryption key. It's the way ZRTP verifies that a man-in-the-middle attack is not underway. There was a padlock icon which we both clicked to verify that the SAS was correct. I'm not sure what if anything happened because of that, except that we both verified that our SIP phones have not been tapped by the feds.

In the SDP, ZRTP is advertised with "a=zrtp". It's not a separate protocol per se. The actual codec was selected through the normal means (we used speex/16000). Looking at the RTP data, I see a whole bunch of "AES256", "SHA256" and "DH4096". Presumably that's part of the ZRTP negotiation. I didn't delve further. What I see though is that the encrypted data is simply represented as Speex RTP, but the actual data has been scrambled so it would be meaningless to a passerby.

Based on this testing, I predict good things for ZRTP. It was quite painless to use as a caller. As long as it's enabled by default in the phone, there's really nothing else that a user has to do to use it. The SAS is short and you only have to verify it if you care. Phil Zimmerman says that you don't even have to verify the SAS every time. Just once in a while is good enough. And obviously anytime you're conducting private business (which is not the same thing as illegal business). The simple fact that ZRTP is used every time means that you can't tell whether a call is valuable or not just based on it being encrypted.

The one possible failure of ZRTP is that it doesn't hide any of the signalling data, so a spy would be able to see who you were calling. That problem would be quite hard to solve. I'm not sure of the benefit either as the cost to mask that information is much higher. You pretty much have to know all the routing information ahead of time. Even then, an eavesdropper could still see the two IP addresses involved, which will give away some amount of information. So for now, ZRTP is a good solution.


Deal or No Deal

Deal or No Deal is a fun show to watch for really only one reason, at least to me. It shows me why so many people waste so much money at casinos: because they never paid any attention in math class.

I'll skip the overview and just point you to the writeup on Wikipedia if you're not familiar.

The heart of my rant is this, when the contestant gets down to a few cases left they start saying things like "33% chance that his case contains $1,000,000". But when you get down to the math of it, that just isn't so. I know that because I actually learned something in my statistics class in college. I took it twice so I should hope so!

Here's the problem, when the contestant makes his initial pick from the unmarked cases, he has a 1/30 chance that it contains $1,000,000. That should be pretty obvious, right? What people don't understand is that those odds don't change during the course of the game. When there are just three cases left, the odds that the lucky contestant's case has $1,000,000 is still 1 in 30!

I find myself hoping that the contestant opens the big money and has to settle for $500. So in that way, I do have fun watching the show. Probably not the sort of thing the person playing the game would hope for, but what do I care? But do yourself a favor and read about the Monty Hall problem until you understand how it works. You might be surprised how often it will come in handy.

And if you ever get on Deal or No Deal and want to go for broke, that's fine. It might be fun for you. Just don't expect probability to be on your side. But when you win, do remember who tried to help you. :)

Leads Online

I ran across a site today named Leads Online. It's a tool for law enforcement to collaborate with pawn shops and the like. Essentially the pawn shop uploads all of its transactions at the end of the day and then if a law enforcement agency is looking for some stolen stuff, they search through the database. Leads Online tells how it's such a convenient and easy service, and helps good guys catch the bad guys.

My first thought was substantially different. I don't really relish in the thought of law enforcement having carte blanch access to business records, possibly without warrants. There's some good potential for abuse there. I recently read through all the Idaho Falls city ordinances (yes, it was actually interesting) and I'm aware that pawn shops are required to keep records of purchases for 2 weeks (IIRC), just in case a question of ownership arises. But there is not a requirement for them to proactively send those details to the police department. That seems to be a fair trade.

One immediate concern I have is that being a private company, they are not subject to laws that courts and police would be. They don't have to answer Freedom of Information Act responses. They aren't subject to public oversight. I don't think we should be outsourcing our key public infrastructure to private industry whose primary motivation is the almighty buck.

Even more than that, what really scares me isn't the intended uses but the ways the system could be expanded. There are all sorts of ways the database could be reused for marketing purposes, thus invading the privacy of sellers and buyers alike. There are pathetic privacy laws in the country, so it's hard to believe that anyone would have any recourse.

And what if law enforcement decided they wanted to browse through the database? The obvious abuse would be looking for religious material. Yeah, it seems pretty unlikely but the point isn't that we trust good people. I know a few law enforcement people and I would have no qualms with them using something like this. The point is that just as there are unscrupulous citizens, there are unscrupulous police. We need to make sure the system fails gracefully and I don't believe this one does.



I had the dubious honor the last couple days of breaking up an argument between a Linksys PAP2T and a Linksys WRT54G. You might think they would work well together, coming from the same family and all. Well not really.

The problem was caused by the WRT54G (version 5, btw) which refused to route SIP traffic back to the PAP2T. It was allowing HTTP and DNS traffic just fine, but it balked at SIP for some reason. The symptoms were that the PAP2T kept sending REGISTER requests without a WWW-Authenticate header. For a long time I thought it was a setting on the PAP2T, but instead it was because the PAP2T never got the WWW-Authenticate challenge, so it obviously couldn't respond. A dead giveaway should have been that the PAP2T would send 5 REGISTER requests in a row. It must have figured there was network congestion or something, so it was retransmitting.

The solution was to upgrade the WRT54G from version 1.00.0 to 1.02.2. Some bug in the 1.00.0 firmware caused the issue and now it's resolved. I haven't looked at the release notes to see what it was, and frankly I probably won't. I've never really liked the version 5 WRT54Gs and this just helps solidify it.



Subscribe to zmonkey.org RSS Subscribe to zmonkey.org - All comments