Category Archives: Uncategorized

The winding road to a code-signing certificate

Are you interested in software code signing? If so, here’s the twisting tale of my recent interaction with Symantec, in the hope that it is useful to someone.

Extending a valid certificate with the same credit card and still valid passport? Someone might be impersonating me, so a notary is required (again) to confirm my identity. Somewhat understandable.

The notarization (seal/stamp) is to be scanned and sent by email (upon hearing this, the notary was shocked – anyone could forge it). So the whole process is a farce known as “security theater”. So be it.

The notary’s commission expired the same day I came. Bad luck, but I made sure to send off the document that same day.

Symantec objects: when using a German passport for identification, the notary’s address must be in Germany. The case of an expat living aboard is only allowed if they use secondary ID documents issued by the current country (though no mention is made of this).

Symantec reconsiders: they can accept a Singaporean notary if I cancel the order and create a new one.

Symantec finds fault with the now-expired notary commission. Although it proved my existence on that day, the expired stamp is now considered worthless. Another notarization is needed. As a compromise, they offer to absorb the cost of the second notarization into the purchase price. This seems fair!

I re-notarize the document. Some days later, Symantec sends word that the order is “complicated” and their senior team is investigating.

A few days later, I am contacted by a Symantec employee who wishes to confirm my place of residence and whether all the data are correct.

Soon after, the certificate is issued and works!

However, the agreement has changed [Darth Vader style]. There will not be a further rebate because the discounted price of $173 is already much lower than their usual price.

If such Kafkaesque bureaucracy and flip-flopping is a regular occurrence, I can actually understand why they might want to charge > $400 per year to issue a certificate. After all, this odyssey involved no less than 5 Symantec employees.

However, Comodo seems to be able to do it for much less (around $80 per year). Under German law, there is a case to be made for Symantec’s full price being illegal price gouging, because its cost is “noticeably disproportionate to the services rendered”.

That very interesting point aside, perhaps there are more hassle-free alternatives (this undertaking cost several hours). If you’ve dealt with any other vendors for kernel-mode code signing certificates, I’d love to hear your story via email. If dealing with Symantec in future, beware of the country-of-residence issue. Hope that helps!

Tip #384: A simple fix for mosquito bites

I am grateful that mosquitoes are not much of a problem in downtown Singapore – perhaps they cannot fly high enough. Their vertical flight range is reported to exceed 21 stories above ground [http://www.nea.gov.sg/cms/sei/ehi1slides.pdf], but I have not seen any at 34 or above.

When traveling, though, it’s a different story! Despite repellent, we end up with all these itchy bumps. Perhaps we could view them as opportunities for mindfulness, but it would be much easier if they would just go away. Is that actually possible?

Long ago, I learned (through a slip of the soldering iron) that heat seems to make the bites disappear as if by magic. To understand why, let’s take a step back.

Blood from injuries generally clots, so the mosquito’s `needle’ would soon become clogged. To prevent that, they inject various proteins with several nasty effects:

– suppressing T-, B-cell and cytokines (immune response)
[http://onlinelibrary.wiley.com/doi/10.1111/j.0141-9838.2004.00712.x/abstract]

– interfering with platelets (blood clotting)
[http://www.jbc.org/content/282/37/26928.full]

– even increasing mortality from West Nile Virus
[http://www.ncbi.nlm.nih.gov/pubmed/23236530]

Yikes! The itching aside, it sure seems useful to undo these effects. We know from basic cooking that (e.g. fish) protein denatures at fairly low temperatures.

Indeed, someone recently asked on reddit [sic] “Can putting a hot spoon on a mesquito bite denature the protien to lessen the allergic reaction”? The replies there seem unnecessarily negative:

“immunoglobulins .. start to denature at around 60C”
Perhaps the ill-posed question led the responder astray, but we are not interested in denaturing the IgG. It suffices to attack the mosquito saliva itself, not our desirable immune reaction to them.

“it would take between less than one to 25 hours (depending on the temperature) to fully denature the antibodies”
In addition to focusing on the wrong protein, this view is overly pessimistic because we do not need to fully and irreversibly denature the protein. Perhaps it is enough to unfold them, which happens more quickly and at lower temperatures.

“alboserpin (the anticoagulant in mosquito saliva that our bodies react to).. are only sensitive to denaturation at temperatures above 60C”
Maybe so, but it actually comprises only 1% of the proteins in mosquito saliva. [https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3151045]

“Its remarkable the disinformation regarding this out there; if you think critically about heat-mediated mosquito protein denaturation being the mechanism for itch reduction, it just doesn’t make any sense.”
Sounds like ill-informed and closed-minded dismissal of a valid observation. It is more understandable if coming from a school that claims the only salvation lies in anti-histamines and other drugs. “It is hard to fill a cup which is already full.”

Let’s turn this around and look from the perspective of researchers who want to store mosquito saliva. Potency roughly halves when storing at 21C vs 4C. [http://www.parasitesandvectors.com/content/4/1/33] Sounds potentially useful!

Also, West Nile Virus “is thermolabile and .. inactivated rapidly by heat”. “At 28C the titer of the virus decreased by a factor of 10^3”. [http://www.karger.com/Article/FullText/353698] Very doable. These low temperature thresholds indicate we can measurably reduce mosquito effects at temperatures far short of really hurting our skin. Bring on the heat!

Apparently there is an FDA-approved gadget for the purpose: [http://gizmodo.com/5935350/therapik-bug-bite-relieving-gadget-review-we-cant-believe-this-actually-works] I’ve never tried it, the underside of a mug containing boiled water works well enough. Around 30 seconds seem to do the trick. I’d estimate that temperatures around 45-50C are required.

Please don’t go and get third-degree burns, but some pain is involved.

For completeness, let’s mention the theory that heat merely (temporarily) overloads the nerve that signals itching. That is still possible, but I offer anecdotal evidence that heat-treated mosquito bumps entirely disappear within a few hours, which is not the usual experience.

I hope this helps!

Crunch mode, sleep, and infinite bugs

Summary: We’re shooting ourselves in the foot with sleep debt and accumulated bugs
Action needed: avoid all-nighters, get 8 hours of sleep, fix bugs sooner

Up, periscope! The time before a trade show is of course a busy one. Let’s look at the topic of productivity. There is a great article on why “crunch mode” (working longer hours) doesn’t work. Although written from the experience and perspective of a software manager, its lessons can be applied to just about any salaried job. I recommend reading it in full; of its excellent points, we will cover two (sleep and bugs) in more detail.

  • Total (!) sustained work output is highest at 40 hours / week, as found by numerous industry-conducted studies;
  • Sleep matters, even one additional hour;
  • Longer work times can only yield short-term gains for a few weeks;
  • Implementation errors can cause NEGATIVE productivity. [1]

Fatigue

In my opinion, the root cause is that us humans get tired: “fatigue is arguably one of the most persistent threats to mission success during sustained or continuous operations” [2]. The armed forces have therefore conducted studies on the extent of the problem. Ever wondered how drone aircraft are operated? Shockingly, “40% of the study sample reported a moderate to high likelihood of falling asleep [..] while operating a weaponized, remotely piloted aircraft” [3]

In a systematic study of prolonged sleep deprivation, measured performance relating to reaction time, logical thought and vigilance drops by 20-30% within 18 hours and 50-60% within 42. [4] Similar results are observed for self-reported fatigue, negative mood and sleepiness. [4]

The only conclusion that can be drawn is that all-nighters are silly, self-defeating mistakes, yet they persist in the form of hackathons.

Let’s move on to the more common case of chronic sleep restriction, in which we get too little sleep per night over long durations. In a more recent study, groups for which sleep was restricted to 3, 5 or 7 hours/night saw increasing reaction times, the more so the less they slept. Those allowed to sleep 9 hours experienced no such decline. [5] Even after only a week of 7-hour nights plus 3 recovery nights, performance remained 10% lower than the 9 hour control group. [5] Unfortunately, only the 3 and 5 hour groups reported higher subjective sleepiness values. [5]

My takeaway is that 7 hours of sleep are not enough for most people, that there are measurable consequences, and that we may not be able to notice them.

Bugs, bugs, bugs

The second point concerns bugs – design/implementation mistakes will always be made (though more frequently when tired, per the above). How we deal with them makes a big difference.

Microsoft apparently learned this with the first version of Word for Windows, as reported by Joel Spolsky. [6] Programmers were working very long hours (see above), but throughout it all the managers stuck to an unrealistic schedule. This encouraged rushing out incomplete and shoddy code, knowing that testers would find, puzzle over and report the missing behavior. However, the problems were already known and would have to be fixed before shipping anyway, so all this did was waste everyone’s time. Worse, the schedule devolved from a reliable and accurate instrument to a “checklist of features waiting to be turned into bugs”. After major stress and a much-delayed release, Microsoft did some serious soul-searching and realized this “infinite defects methodology” is unworkable. Instead, priority would be placed on fixing known bugs before writing any new code. This has several advantages:

  • fixing bugs is faster/cheaper when the logic is still fresh in mind;
  • the schedule becomes much more predictable (bug-fixing time varies, and shouldn’t be carried forward as a burden on future schedule items);
  • the product is always nearly ready to ship and can easily react to external circumstances.

Sounds pretty compelling. By contrast, a brief look at the horrible internal Word data structures lends support to the theory that the infinite bug methodology does not produce good results. That mistake has echoed throughout three decades. Let’s do better, by planning time into the schedule for bug-fixing and doing things right the first time.

References

[1] http://www.igda.org/why-crunch-modes-doesnt-work-six-lessons
[2] http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA405012
[3] http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA477976
[4] http://pubs.drdc-rddc.gc.ca/BASIS/pcandid/www/engpub/DDW?W%3DSYSNUM=47733
[5] http://onlinelibrary.wiley.com/doi/10.1046/j.1365-2869.2003.00337.x
[6] http://www.joelonsoftware.com/articles/fog0000000043.html

Two simple ways to improve sleep and wakefulness

Summary: We produce our own sleepiness hormone, but only in darkness
Action needed: Avoid bright lights in the evening; try to see natural light in the morning

It was a rainy morning here in Singapore, which makes me glad to have a source of 480 nm light. Let’s see why..

Slaves to the clock

The existence of daily (“circadian”) rhythms is well-known. There are documented downsides to running out of sync with the environment for some species: later flowering and reduced viability for plants, and small (< 20%) lifespan reductions for hamsters [1]. Amazingly, this clock system mechanism is present in individual cells, but they must be synchronized via input from a master clock in the brain [2]. It is therefore important to keep the master clock in sync with the environment.

Reprogramming

Besides interference from chronic alcohol intake [3], the main external influence is the light-dark cycle. A hormone called melatonin is heavily involved; it attenuates the wake-promoting signal of the circadian pacemaker [11], thus leading to sleepiness. Its synthesis is dramatically affected by light exposure to the eyes; levels are very low during the day [4]. They peak around 0400 [11], when wakefulness and alertness are minimal (useful for raids, hence the term “KGB hour”). Light exposure causes a phase shift in the rhythm whose direction depends on the current perceived time [6].

Evening

Unfortunately, we are constantly delaying our internal clock by exposure to bright light in the evenings [12]. This is the source of the mistaken belief that our preferred day length is 25 hours – test subjects were allowed to use electric lighting before sleep [5]. In fact, our timer periods are remarkably close to 24 hours, with an error of only 0.7%. [5]

More exposure to light causes corresponding melatonin inhibition; ordinary fluorescent lamps are sufficient, and the maximum is reached after an hour of bright light [7] (easily exceeded by computer monitors). To avoid desyncing our clocks and affecting sleep, we should dim lights in the late evening, avoid computer and TV screens, and possibly even wear sunglasses.

This reminds me of Edison’s poster with bold claims of being “in no way harmful to health”. Something to reflect upon: how many of our current practices will viewed as ignorant/hubristic/naïve by future generations?

Morning

Conversely, bright light in the morning is helpful for increasing wakefulness, for example by simply gazing into the dawn sky [9]. If natural sunlight is lacking, how can it be emulated? Maximum responsiveness for the relevant photoreceptors (which interestingly are separate from the well-known rods and cones) is reported at 480 nm [8,10], which corresponds to blue light. In fact, there is a broad peak between 450 and 500 nm [9]. However, other photopigments with absorption maxima closer to 420 nm also play a part [10]. Lights with a bluish tinge will therefore be more effective than green.

Melatonin

We have seen that light affects melatonin in both undesirable and potentially helpful ways. There is also the option of melatonin supplements. When taken close to the target bedtime after long flights, it does indeed decrease symptoms of jet lag [11], but probably only because it increases sleepiness [12]. However, beware: “Oral doses (1 to 5 mg) [..] result in serum melatonin concentrations that are 10 to 100 times higher than the usual night time peak”. To maintain concentrations within the normal range, the dose must be much lower – 0.1 to 0.3 mg [7].

Other clocks

Rounding out the discussion, there exist other clocks, for example in the liver [2], that are not directly synchronized to the master clock [14]. A hormone called leptin acts as a feedback signal from adipose tissue (fat deposits) to the brain that too much energy has been consumed [13]. The leptin rhythm can be shifted independently of the circadian rhythm by simply altering meal times [13]. To ensure the feedback works as desired, we should maintain regular meal times and avoid midnight snacks.

References

[1] http://www.plantphysiol.org/content/129/2/576.full
[2] http://166.111.93.130/~jzlei/teaching/sysbio2009/Reppert_Nature_2002.pdf
[3] http://integrativehealthconnection.com/wp-content/uploads/2011/11/Alcohol-Consumption-and-the-Bodys-Biological-Clock.pdf
[4] http://www.vivo.colostate.edu/hbooks/pathphys/endocrine/otherendo/pineal.html
[5] http://news.harvard.edu/gazette/1999/07.15/bioclock24.html
[6] http://www.cdb.riken.jp/lsb/jpn/publications/20071111.pdf
[7] http://www.scoliosisjournal.com/content/2/1/6
[8] http://bioweb.usu.edu/neuro/pdfs/melanopsin%20-%20panda%20et%20al.pdf
[9] http://www.neurosci.umn.edu/courses/4151/4151-papers/Clark_discussion.pdf
[10] http://www.jneurosci.org/content/22/1/RC191.full.pdf
[11] http://www.chronobiology.ch/publications/2003_09.pdf
[12] http://ajpregu.physiology.org/content/282/2/R454.long
[13] http://www.ncbi.nlm.nih.gov/pmc/articles/PMC508375/pdf/1001882.pdf
[14] http://njc.rockefeller.edu/pdf2/StokkanScience01.pdf