June 27, 2013
Target your recruiting
If you find digging around in stuff like this fun, you might want to take a look at our job page: http://prezi.com/jobs/ :)
I have to wonder if they find anyone this way, but given how specific it is—it’s unlikely this message reaches anyone who wouldn’t be at least a little qualified—and how low the cost, it’s a pretty efficient recruiting message.
June 5, 2013
The application uses Rails 3.2 (actually 3.2.13 at the moment). I made a false start using the
jasmine-rails gem, but in the end I had two big problems with that: the
rake task which was supposed to run the tests couldn’t find the Jasmine library, and while Rails was able to mount the Jasmine engine, it wasn’t loading the scripts I intended to test.
I dumped that branch and went back to master and started over. Following the tip on the Jasmine page linked above, this time I tried using
jasmine-gem. (It was v1.3.0.) I installed it as directed on the gem’s README page, specifically by adding
gem 'jasmine' to the project’s
bundle install, and then
rails g jasmine:install and
rails g jasmine:examples.
(In the end I didn’t commit any of the code generated by the
jasmine:examples generator, but it was illuminating.)
The gem then suggests starting a server with
rake jasmine, and sure enough, that worked. It took a bit to get the server seeing the code to be tested, however. This involved tweaking the
src_dirvalue needed to be
public/assets. This Stack Overflow question pointed me in the right direction. I had to add a manifest file (i.e.
assets/application.js) to the
src_filesarray as well in order to include the script containing the code I wanted to test.
- I needed jQuery to be available to Jasmine.
jasmine-jqueryturned out to be the solution here, not because it itself is useful (although it is) but because it pointed out that I needed to add jQuery to my
src_filesfile. (It isn’t in my manifest because I’m loading it from a CDN.)
Now I had running Jasmine tests. (Once I wrote the tests, of course, within the
For this I wound up installing
guard-jasmine. (This was v1.16.0.) Once that was in my bundle (add to
bundle install, rinse, etc.) I ran
guard init jasmine and it added a block to my
Running this was a little trickier, however, because once again I needed to train it to find the code I wanted to test against. This required me to install
jasminerice (v0.0.10), even though I don’t need that gem’s primary function. Once I had that in my bundle and had created a
Now, about that test code:
May 16, 2013
Running the 118th Boston Marathon
If you want to run the 2014 Boston Marathon (a.k.a. the 118th), you have a tough road in front of you. I’ve had a few people ask for advice for getting in. Until we hear more from the BAA, it boils down to: first, get a BQ. Second, get the best BQ you can. Third, pay attention.
There is a lot of discussion about the B.A.A. making allowances for the 118th, relaxing the standards or raising the entry cap. I’ll address this later. Until an official announcement is made, we’re playing by the usual rules, except that there are several thousand runners—those who weren’t able to finish the 117th when the finish line shut down—who will be offered automatic entry, thus beginning to fill the field before registration even opens.
If you already have your BQ, that makes things easier. If you don’t have a BQ, you’ll need to chase one (and if you do have one, you may still want a better time; I’ll get to that later too).
Chances to chase standards are pretty sparse right now. The reason is pretty simple: in most of the country, it’s already too hot to run a fast marathon, and if it isn’t, it will be soon. Entry is scheduled to open in September, so there may be a chance to run a BQ in September (the actual opening date hasn’t been announced yet), but October is almost certainly too late.
It sounds like relatively few people are trying to jump in marathons right away, which is sound; it may be possible to finish a marathon on a month’s training, but running a BQ is not that easy for most.
If you can be ready within six or eight weeks and can travel anywhere, some options open up. There’s Grandma’s in Minnesota, if that hasn’t filled; that’s in mid-June. Likewise the Mayor’s Midnight Sun Marathon in Anchorage, Alaska. There are plenty of races on the calendar but many of them are e.g. trail marathons, actually known for being challenging due to heat, or otherwie tough qualifiers. (There should be extra points for anyone who gets a BQ at the Johnny Miles Marathon.)
Even if you’ve got a BQ under your belt already, the increased demand for the 118th may pose a challenge. It’s been a few years since a BQ meant your entry was assured; more recently, faster is better. Essentially, the faster your BQ, the earlier you get to register, and the more likely your registration will be successful. Therefore, there are BQs, good BQs (5-10 minutes faster than cutoff) and really good BQs (10+ minutes faster than cutoff).
If you’ve got a really good BQ, you’re probably in. If you’ve got a good one, I wouldn’t make promises, but you’re probably OK. If you don’t have a good BQ, you might want to think about improving it. For that, you’ll want to look deep into the summer, even into early September, with the idea of getting into great shape in the summer and hitting one out of the park as close to the registration opening date as you can. You could do worse than to look at Clarence DeMar for this one. (Someone needs to come up with a circuit of races named for Boston champions.)
Finally, pay attention and be ready to change plans if things come up which help you. I’ve already heard of one pop-up marathon scheduled for late summer expressly to give people a shot at qualifying; odds are there will be more. Look for one with a speedy, certified course (I can’t emphasize this point enough), chip timing, and an early-morning start (or other accommodations for heat). It may even be a good idea to have a Plan A and a Plan B.
Now, about the BAA: One thing they understand is that while they own the Boston Marathon on paper, in practice it’s a sort of public trust. They are going to do whatever they can for the 118th, and I expect they are exploring the option of a one-time raising of the entry cap. (The idea of a lottery, the way they ran it in 1996, has been floated as well, but in my opinion that’s not going to go over well if they can’t first allow in all the BQs who wish to run, so if I wanted to run I would be looking for a BQ before I put my hopes in a lottery.)
The hangup is that the field limit is not set arbitrarily by the BAA; it’s a limit more or less imposed on them by the towns the course passes through, principally Hopkinton, which has to support the starting area. Hopkinton becomes the running community’s public urinal for a few hours every April and bears it with remarkable good grace, but they have much less open space now than they did in 1996. Staging 30,000 or 40,000 runners through that town, if it’s allowed to happen, will take a lot of time and patience.
If the cap is lifted for the 118th, we will all owe the towns, especially Hopkinton, a greater-than-usual debt of gratitude. So watch where you relieve yourself, please, and where you toss that empty gel packet. (I am still finding empty gel packets on the Natick roadsides a month after the race.)
The BAA is still clearing up the mess from the 117th, and they have a half-marathon to think about in October. I would not expect an announcement about the 118th until late June at the earliest, and July or August is more likely. Stay tuned, and if you want to run, start staking out that really good BQ.
February 23, 2013
"Vehicle Protection Center": stay away!
Paper spam, today. An official-looking mailer (fold side edges, then remove top stub to open) starting with bold, underlined text, “THIS LETTER IS TO INFORM YOU that if your factory warranty has expired, you will be responsible for paying for any repairs.”
Read that sentence again, because I did. Rephrase it: “If your umbrella is closed, you will get wet when it rains.” When I read obfuscation like that, I get suspicious immediately. All caps PLEASE CALL IMMEDIATELY in the next block of the letter really raises my hackles, just because I get ornery when I feel like I’m being herded.
Sure enough, despite including the make, model (Honda) and year of one of our cars, this mailing had nothing to do with Honda, and probably not with any other manufacturer. In fine print at the bottom, “Vehicle Protection Center is an independent nationwide company marketing vehicle service contract on behalf of leading third party administrators.” Which means nothing. Third sentence of that paragraph: “Vehicle Protection Center is not affiliated with any auto dealer or manufacturer.”
Here’s the thing: I never had any intention of purchasing an extended warranty. I turned it down when we bought the vehicle. Our history is of driving cars for years—decades, now—beyond their warrantees, and if they break, we pay for it. (Revolutionary, I know.) So I looked these folks up online. Sure enough, I don’t have to scroll too far down in the search results to find a page titled “Don’t be fooled by this vehicle extended warranty mailer from Vehicle Protection Center”.
This mailer is sleazy, and I’m posting this not because I think my regular readers would be fooled, but because I want that link above to come up closer to the top of search results.
December 8, 2012
The webmaster's guide to passwords
Here’s the short summary: if you’re storing user passwords unencrypted anywhere, you’re doing it wrong. If you don’t understand why, you should stick to using free open-source packages like Drupal and not roll your own login system. Also, if you’re not a webmaster, and you ever get an email from a website which provides your unencrypted password, you should know that this site is probably not doing a good job storing your password securely.
The problem is this: sites get hacked, and databases get compromised. Encrypting the connection (your SSL certificate, the https in the address bar, and all that) just protects the customer’s communication with your server. It’s nice that they’ve stopped crackers from harvesting passwords one by one as their users provide them, but what’s the point if a successful compromise of the server means everyone’s passwords are available to the cracker?
The first thing you need to know (if not understand) is that there are certain functions which are one-way; that is, the input cannot be determined by the output. Some of these are called hash functions. If you run a sufficiently strong hash function on a password, it is not possible to determine the password from the hash. (The output of a hash function is sometimes called a hash.) (Hash functions are like padlocks: some are stronger than others. But even a weak lock is better than none at all.)
“But wait,” the inexperienced webmaster says, “how can I tell if my user is providing the correct password when they return to the site?”
Well, think about it. They’ve stored a hash produced by running a hash function on their password. Why not run the same hash function on the password provided at login time and see if the resulting hash is the same as the one in the database? Problem solved.
(N.B. You might also want to read up on “salt.”)
November 19, 2012
Tally another rodent
Most of my public internet trail recently has been about little girls, and Izzy has not been getting his proper attention.
Therefore, I should announce that this morning he presented for tagging his first mouse of the season. (Mouse hunting season in most of the states he’s lived in runs from September 1 to August 31.) This is his first mouse of his second decade of hunting.
I was thinking about his record today, and unless I’m forgetting some, of the six places we’ve lived with him, he’s caught mice in three, and in a fourth he caught three bats(!) which I count as mice with wings. He also caught a mouse once while visiting A’s parents, so I make his total somewhere around eight non-flying mice and three flying mice.
I have a hunch he’s not done in this house, either.
November 12, 2012
An example: a recent piece on the probability of electoral ties compares the odds of nine swing states all producing equal vote totals for the top two candidates with the odds of some fairly unlikely events, including being struck by a bale of cocaine dropped from an airplane, a tornado, and a meteorite strike. (Along the way we learn that a typical location in Florida “…experiences an average 1.4 picotornados per second … a Florida resident suffers an average of 0.64 femtodeaths per second from meteorite impacts … the average person in Florida is struck by an average of 29 zeptobales of cocaine per second” and the average income of a typical acre of Florida land derived from falling bales of cocaine.)
So if you like the absurdum part of reductio ad absurdum, you’ll like What If?
October 25, 2012
Now I know a little more about rake-pipeline
rakep for short) which is just some sugar layered over
rake which is really just ruby scripting.
If you haven’t glazed over yourself by now, bear with me.
(Aside: All of this stuff has been generated by a culture of companies, mostly but not exclusively on the West Coast, building tools for their own use and then publishing the good stuff—whatever’s not central to their real business—free, open-source, for everyone else’s benefit. It’s pretty awesome and I try to contribute my own tweaks back when I can.)
If you haven’t used Ruby but are familiar with software, Rake is just
make in Ruby.
rakep reads an
Assetfile which is the equivalent of
Rakefile in Rake or
make. I hadn’t seen the syntax before but I could sort of suss out what was going on.
I’ve been using
First I looked at Flame.js, a widget library for Ember which I’ve contributed to several times over the last few months. Flame generates a version constant by generating a temporary
version.js file in ERb, Ruby’s built-in template language, using Ruby to send
git describe --always --dirty --tags to the shell and planting that in a temporary .js file. Flame, however, uses its own Rake tasks to build its distribution versions, and runs Sprockets over all the input files to handle Sass, and
rakep uses neither Sprockets nor Sass, (at least not explicitly). I couldn’t just borrow stuff from their
Rakefile, nor could I drop an
.erb file into my code directory and expect it to Just Work.
I looked at the filters that were included, and discovered that Yehuda Katz’s
match 'lib/version.js.erb' do filter WebFilters::TiltFilter do |input| input.sub(/.js.erb/, '.js') end end
What that wound up doing was taking my
version.js.erb file and generating a temporary
version.js file which was then included along with the rest of the files as though it had been there all along. It’s not in with my regular code, so it doesn’t get committed to git itself, but it’s included in all the build files. And because the
Assetfile is part of the project itself, anyone who builds the project (and has included all the requisite gems, has the right versions of Ruby, etc. etc. which they probably do if they’re building this) will get the appropriate version string in the application.
It’s a little thing, but I’m sort of proud of it. I could probably make that first line
match 'lib/*.js.erb' and have it work on any
.erb file in the directory, but it’s not needed so I won’t bother.
September 15, 2012
Which do you believe, the map or the GPS?
If you read my last grumpiness regarding Nike+, you probably know that the answer to the above question is, “It depends.”
It turns out Strava has the same problem as Nike+ when it comes to using the GPS in the iPhone to track runs. Simply put, both apps trust that the GPS track from the phone is 100% reliable; once a run has been tracked, there is no option to correct the track or replace it with something generated from a map.
This would be wonderful if the GPS track was, in fact, 100% reliable. But for some reason in the last few weeks, my GPS tracks have been consistently bad. I’ve had seven-mile runs marked as two and a half, two-and-a-half mile runs marked as three… it goes on and on. I don’t know if the problem is the phone hardware, the apps, local topography, local weather, solar weather, or some combination, but it’s pretty consistently bad.
And it highlights the problem with using GPS tracks to get run distance (or much other run data): GPS as a technology is much more precise than it is accurate. Put another way, like email, GPS is a “best effort” technology (much like email). It can be wrong, and if it’s wrong it will not apologize nor necessarily admit the error.
So why don’t either of these logging systems accept an alternative? All they need is an option—it can be on the website, it doesn’t need to be right in the phone app—to indicate for a given run if the GPS track is actually correct. The user could have the option to upload a
.gpx file with a better map track if they want to generate one with another app. (It’s hypothetically possible to use the Gmap-pedometer to create a
gpx file, and use that to record a new run with Strava, but so far the
gpx files I’ve tried uploading to Strava have failed.)
Introducing this option of human oversight is a simple way of accounting for GPS’s lack of accuracy. I’m sure most of the app developers want to avoid that degree of complication, but in doing so, they’re placing more trust in a fallible technology than it really deserves.
ETA: So the issue with my GPS inaccuracy turned out to be the iPhone and not the apps. Still, how do I correct the logs?
September 7, 2012
For the last year, I’ve been using the Nike+ running iPhone app to log my running. This was somewhat against my better judgement, as I tend to worry about consigning my data to warehouses out on the ‘net without some means to keep a copy in my own control, but I started when the girls were infants, and I needed something shiny to keep me motivated to get out the door on a regular basis. I have also become terrible at keeping up my paper logs (much like this weblog) and something which would automatically record my data sounded like a good idea.
However, a phone app has its pitfalls. I ran into two cases in the last few weeks which led to messy data in the log:
During a run, I “paused” the app, but then inadvertently “finished” the run (a different tap). I had to start a new one to track the rest of the run. Not only were my numbers a little goofy, but Nike recorded this as a double workout.
More recently, running on Battle Road I had a sketchy GPS signal. As a result, the hour-and-a-quarter run was logged as two and a half miles rather than seven and a half, warping the data quite significantly.
Both of these things should be pretty easy to fix given a little data tweaking, but it turns out Nike doesn’t support such things. What comes from the phone is considered Truth. I contacted tech support asking how I could fix these runs, and their answer was to delete the runs from my activity and email them the details of the actual runs to be re-inserted in my record.
Needless to say, this seems like a cumbersome approach.
So I’m shopping for a better logging solution. At the moment, I’m looking at Strava which comes well-recommended. But first I need to liberate my data from Nike+ (sound familiar?), and it looks like even that is problematic. I wonder if this shouldn’t be a standard part of how people evaluate online services: “How hard will it be to download everything I upload to this site?”
May 28, 2012
If there is omniscience, there is a ranked list somewhere of ridiculous things fathers have done to make their daughters happy. I am probably not ranked terribly high on that list, but I am on it.
One of the girls’ treasured toys is a small stack of musical greeting cards. This is the variety which play a song when opened—a small ROM and a tiny PCB connected to an equally tiny speaker with two cheap wires—sold by Hallmark at about $5 a pop. The first two came at their birthday and play “Winnie the Pooh” tunes. They got such a great reception their grandparents found two others, one of which plays a banjo tune and the other the finale of Tchaikovsky’s “1812 Overture”.
They’re taking a beating; all four have been folded, spindled, and mutilated in ways the post office could only manage with machinery. They’re fundamentally three-panel cards, with the third folded over the second to form an envelope for the electronics, and most have had that concealing panel pulled loose so the guts are exposed. (One of them had the third panel removed completely.) But one of the Pooh cards actually had one of the wires from the PCB to the speaker come loose this week, rendering it mute.
So yes, Daddy broke out the soldering iron and re-soldered a wire on a $5 greeting card.
April 20, 2012
Turning off the baby monitors
Our baby monitors beep annoyingly when they can’t establish a connection to the base units in the girls’ rooms. Sometimes turning them off and back on again will re-establish a connection, but last night I turned off the one for the yellow room because it wouldn’t pick the connection back up.
This morning I discovered the reason: the cord for the base unit runs under the crib and plugs into an outlet in the wall the crib sits against. The plug had been pulled out just enough to shut off the base unit.
I’m pretty sure it wasn’t intentionally unplugged, but it reminded me of all the questions I would see in security forums about how to limit kids’ internet access. The conventional wisdom was that when the kids were smart enough to get around your filter, you should just shut it down rather than escalate. Now I’m wondering if it’s time to turn off the baby monitors now that at least one of the girls is capable of shutting hers off on her own, or if I should just plug it in to a socket she can’t reach from the crib.