Sometimes I can hear my bones straining under the weight of all the lives I’m not living

September had no business travel, so of course October had to make up for it. Combined with a 3-stop speaking tour, I had a trip to our LA headquarters and another to Seattle for a meeting on the Microsoft campus. Sprinkled in-between were some wonderful personal trips in Ontario and Pennsylvania. I’ve lost track of how many miles were spent in the air, but 2,226 miles were spent in a car. Tonite will be the first night in my own bed in 3 weeks.

Travel creates lots of time for reflection — especially when it has you re-treading old paths. In Seattle, I got an afternoon to visit the sweet spot we used to call home in the foothills of the Cascade Mountains. The event I spoke at in New York was 20 minutes from the apartment where our oldest two kids were born. I also circumnavigated Lake Ontario for the first time ever, and got to enjoy breath-takingly beautiful views of the Thousand Islands — a place I am resolved to visit again with the family.

A particularly interesting stop was at a conference in Pennsylvania with ABWE, a missions organization with a long history of enabling incredible good, and briefer history of hiding incredible evil. We were interested to see what had become of the folks that sent my family to Bangladesh in my youth, and after reading many books on the topic, learn a little more about what’s happening in that still-troubled country. Some things have definitely changed: their website and missionary training now contains clear and unequivocal information on the safety and protection of children, and they’ve launched a tech ministry that has the stated purpose of partnering with, and enabling, nationals to reach their own people. Some things have not changed: I spoke to a missionary who felt over-worked on the field and that his family suffered as a result, and we heard from an executive team that is still 90% old white American dudes — not exactly a diverse crew. Still, even the white dudes were espousing some progress: that our families are our most important work, and that Americans might not always be God’s premier messengers in some parts of the world.

Each of the stops had a certain percentage of “what if” to them. We’d probably be a good deal more wealthy if we still lived in Seattle. Things might be easier if we lived somewhere in Ontario. I spoke at a really cool college in New York, maybe I could have made a career path out of that, if we’d stayed there. And of course an organization like ABWE could launch us almost anywhere in the world. We don’t really have any data to suggest that any other option would be better than the one we’ve selected, but the weight of other possibilities is sometimes overwhelming. We turn 40 next year — have we done everything we should have by this point? Our oldest becomes a teenager in just a couple months — are we doing a disservice to our kids by giving them such an easy, comfortable life?

Travel is expensive with a family of five. Banking miles on business travel takes me far away from my kids, but buys us opportunities to take them on little adventures. The next few we have planned will be fun and easy ones, but I wonder if its time to show them a little more of the world.

Housekeeping – on HTTPS

Related to my previous rant on Internet security, the latest trend is to force a move to HTTPS — the encrypted version of the web’s primary protocol. In my opinion, this is largely silly: its security theater, since most scam sites can easily provide a certificate, and it gives browser makers even more leverage over little content developers.

I find it offensive in a different way, too: it breaks compatibility on the Internet. A whole generation of devices that have older versions of SSL, that can’t easily be upgraded, get cut off from today’s web.

There’s a place for HTTPS — namely, anywhere you submit data to a server. I don’t argue the importance of that. But lots of content is just there to be consumed, and the whole transaction with the server is “give me the content.” For a browser to claim that transaction is unsafe, just because the request and response weren’t encrypted, is dumb. Its perfectly safe to read this website without encryption — and there’s millions of sites where that is true.

That said, it irks me to see my own website marked as insecure, so I did what probably every other “little guy” should do, just to keep up with the times, and added a SSL cert for free through Lets Encrypt. However, my implementation does not break compatibility with older devices: you can still access this site without HTTPS by sending an uncommon user-agent. This will happen automatically if you’re, say, in Netscape Navigator on an old Performa, or visiting from a HP TouchPad. Only if a modern OS is detected will my main site meta-redirect to the HTTPS version, and you can over-ride through your browser’s Developer Tools. Otherwise, if you visit via HTTP, you’ll see a brief flash while the content re-loads over an encrypted connection.

Utility and classic sub-domains will remain on HTTP until all these young hippies get off my lawn…

Apple 2 Forever…

AtariComputerAlthough our first family computer, and my first attempt at programming, was an Atari 800XL (for which I collected every peripheral and game I could find), my first computer was a Macintosh 512k — which I rescued from a garbage can outside our church. Its display had collapsed to a thin vertical line, but that didn’t stop me from turning it on, and pretending to type on its keyboard or explore with its mouse. Eventually my parents found someone who could repair it, and it became a useful, slightly more modern family computer. At some point, long after it was obsolete, we traded it in for an also-obsolete Mac Plus, and added a hard drive. After a few years in service, we got a Compaq Presario 486, and the Mac Plus got relegated to storage.

Software was always my main skill set (most attempts at hardware hacking led to cut fingers — I’ve left my blood stains on many a motherboard) and after 20 years in the industry, I no longer feel like too much of an imposter when I call myself a software professional. On hardware, though, I remain a novice — it’s a hobby, not a profession.

I’ve carried that Mac Plus with me from job-to-job, keeping it setup on my desk, or a bookshelf, to remind me where I started and, on the rough days, how much I love what I do. I fired it up occasionally, but the display was beginning to degrade, and it was trending toward a thin vertical line. Recently I decided I was ready to try the same repair my parents had funded so many years before. A PDF copy of the Dead Mac Scrolls revealed the secrets that had eluded my 12-year old self: common failure points in solder and weak or aged capacitors made for an accomplish-able project. With a healthy respect for high voltages, a few YouTube tutorials, and more than a little trepidation, I put the old Mac Plus under the knife, and restored it.

Shortly afterward, I got a handful of other dead Macs, and found there was something of a market for vintage machines that have been lovingly restored. I managed to repair, clean and flip another Mac Plus, in beautiful platinum gray, a Mac SE, and an original 128k. I did not turn a profit, but I did manage to almost break even. In trade for one of those, I was given a couple other retro gems.

Apple ComputerThe Apple //c was the 10-year old computer my dad had in his classroom in Germany in the mid-90s, and the Apple ][gs was the last of the Apple 2 line up, and something of a unicorn that I never really had the chance to play with. The C lacks a power supply and may need some other repairs, but the GS booted up, and I couldn’t resist the challenge of figuring out how to connect it to my home network. Here’s the MacPlus and the IIgs talking to a range of newer devices — including a very new Raspberry Pi.

Here’s what was needed to pull that off:

  • LocalTalk PhoneNet is an adaptation of Apple’s old serial networking protocol, expanding its range using 4 pin phone cabling —- which was cheap and common at the time. I ringed the basement rec room with phone line to connect my Mac Plus, so adding an extension to the IIGS was easy.
  • The LocalTalk Bridge control panel was an unsupported Apple offering that allowed mid-90s Macs with a serial port and an Ethernet port to connect LocalTalk to EtherTalk. Technically both these networks are AppleTalk, with different names for the different connection types. An middling Macintosh Performa serves bridge duty.
  • A Raspberry Pi running a modified Netatalk install, thanks to the A2SERVER installer (and a lot of tinkering) talks AppleTalk over WiFi, and is reachable by the bridge, providing a modern file share for very old computers. The topology looks like this:

I’ll do a full-write up and post it on our vintage-computer friendly companion site: http://classic.jonandnic.com for those who want more details.

Internet Safety – a moving target

When you visit a webpage, you might think of its address, like www.cnn.com. That address isn’t really an Internet address though. It’s a domain name — a friendly and memorable shortcut for an Internet Protocol (IP) address. That kind of address is made up of four groups of numbers, called octets. CNN’s actual address (today) is 151.101.1.67. That’s what your browser really goes to.

The mechanism the browser uses to look up the number from the shortcut is called DNS, or Domain Name System. One of the most resilient and important parts of the Internet, DNS is often provided by your Internet service, whose own servers sync with other DNS servers around the world, providing a distributed system of record — a phone book, if you’d like, for instant address look-ups.

Importantly, DNS is first provided by your computer (or mobile device) that forwards DNS requests from the browser, to your router or modem, which forwards the request to your Internet provider, etc… If you don’t like your Internet provider’s answers (or the speed with which they answer), you can choose a different DNS provider by making a configuration change downstream (eg: on your router, or on your computer.)

This “chain of trust” allows organizations to filter the Internet within the network they provide internally. If an organization doesn’t want its members to visit a website (like pornography) they can insert DNS records locally that prevent the request from actually finding that website.

This is also the basis of many parental controls systems. They keep a list of addresses kids probably shouldn’t go to, and all you have to do is configure your local environment to use the parental controls DNS server, rather than a public unfiltered one. This chain, and the ability for administrators to control the chain, is a part of how the Internet was designed: the browser asks the computer, the computer asks the router, the router asks the network provider, the network provider asks the rest of the Internet.

Last year, Mozilla (makers of the FireFox browser) decided to experiment with breaking that chain of trust. Instead of the browser asking the PC (and so on), they decided maybe the browser could go around the chain, and just ask someone that Mozilla decided to trust. They claim this makes people safer, since they can encrypt that request, using a non-standard approach called DNS over HTTPS (DoH). The effect is that intentionally crafted trust chains will be broken. Fine as an experiment, but this month they decided this behavior would be the default for all FireFox users. If you don’t know how to work around it, your parental controls are effectively disabled.

And working around it is possible — but not easy. Because this is not a standard, or even an accepted RFC (the process by which the Internet is evolved through review and consensus), Mozilla gets to impose arbitrary hoops you have to jump through to disable it. The easier they are for you to implement, the easier they are for someone to defeat.

And Mozilla isn’t the only browser maker messing with trust on the Internet. I’ve written before about Google’s attempts to re-make the ‘Net in their own image.

So, how can you filter the Internet at home while bigger groups than you and me are hard at work funneling all traffic through bastardized versions of the Internet where they can monetize your queries? As of late 2019, here’s what still works — and my best guess about how long it will continue to work…

Circle with Disney – another 1-2 years
Circle is a device that you put on your WiFi network that filters actual traffic. Below DNS is the actual routing of data from a website to a device. This path is managed via ARP (Address Resolution Protocol) tables, which tell your router how to get traffic to a given device. Circle needs to know which devices on your network belong to a child (which is a bit of a pain to setup), then it can stop traffic that’s not appropriate.

Unfortunately, Circle is abandoning the one-time purchase device, in favor of a device+service model that will cost you more. If you can still find them, the original Circle is less than $100, and really works well. It also lets you set time limits and curfews from a reasonably friendly app on your phone.

PiHole + OpenDNS – 3-5 years
PiHole is a tiny service that runs on a Raspberry Pi. In total it’ll cost you about $50 to set this up on your network. Once the Pi is built and running, you can install PiHole in a couple seconds, and tell it to use OpenDNS as your upstream DNS provider (instead of your Internet provider.) Then tell your router to use the Pi as a DNS server — your own chain of trust. You can then use the OpenDNS website to determine what kinds of web pages should be allowed within your home network.

It sounds complicated, but its really not too hard, and because its actively being developed, they’ve been able to stay on top of changes, like Mozilla just made. As of today, they’ve implemented one of the work-arounds for DoH, that tells the browser not to trust any other DNS provider. Eventually Google is going to realise there’s an untapped data source here, and move to eliminate competition from parents who want to protect their kids. But for the near future, this works well.

Mobile Device Parental Controls – constantly changing
The best phones for parental controls are iPhones… personal preference aside. The Screen Time feature lets you set a PIN and access control for many things on the device. Unfortunately, you need regular physical access to configure and change these settings, which appear and disappear through different OS versions. This obviously requires parents to keep a certain amount of hands-on with their kids devices.

Apple has an app called Apple Configurator that allows you to setup a number of Supervision controls over the device remotely — but they’ve intentionally limited that capability so only organizations (schools or businesses) can use it. They actually research you to determine if you should be allowed to Supervise users before you can use the feature with kid’s devices — presumably they’re monetizing this somehow, because there’s no reason this shouldn’t be free to everyone.

Amazon has a number of features for parental control and monitoring on their tablet devices (yours truly was responsible for some of them), but with each version of their OS, they make those harder to find and use.

Our kids don’t have their own phones…yet. We have one “kid phone” that they can check out if they’re going to an event where we’re not with them — but its locked down tight. Still, their friends all have phones, and the pressure is on. Soon enough, I guess I’ll be trying out some parental control apps, to see what works best outside the home. Any suggestions?

Summer 2019

Summer did not unfold as planned. We’d originally talked about spending some time in Europe, but as discussions about a job change progressed, we thought it best to stay closer to home base. So we modified our travel plans to those that could be tackled by road trip. We had dreams of taking our new SUV east across the U.S, then up to the Maritimes. But immigration considerations for the new job suggested it was wise not to leave the country — at least not for long. In the end, our range was limited to trips that could be tackled by car in a day (or less, if the need arose.)

Still even with that limit, we managed to pack a fair bit in. A result of the job change delay was that I got to spend another couple weeks at a company that holds a customer event in Orlando every other year. Last time the kids enjoyed Disney World, so this time, Nic and the kids did Universal Studios. This lined up well, since my employer put us up at a Universal hotel property, affording us easy trips to the parks, and Express Passes through the lines. I performed my close-to-final duties, with our plans still mostly unannounced, while the family enjoyed the rides — especially the Harry Potter themed ones! On the final day, I got to join them and visit some of their favorites.

A week later I submitted my two-weeks notice, at the end of which, we headed to Family Camp at Beulah Beach — a newer tradition now in its 3rd year. We enjoyed Lake Erie, some solid teaching, and the many activities that the Christian Missionary Alliance provides there. The giant rope swing, zip line and Seadoos are recurring favorites. But we especially enjoyed the time with some friends.

The end of Family Camp kicked off 6 weeks of near non-stop travel for me (and 4 unexpected weeks without a pay check) in my new job. The new leadership title carries with it a new level of responsibility — both within the relatively small organization, and with the membership. Partner companies provide much of the technology, but aren’t necessarily set-up to integrate or work together. Charting that ambiguity, against some fairly intimidating deadlines, has provided sufficient challenge for the near future.

Once the Visa paperwork was done, we were free to visit with family in Canada. Nic and the kids were fortunately able to stay a bit longer in Ontario than I was, so got some extra cousin time, while I hopped around the continent. We met up again in New York, where we went “glamping” with some old friends from Canada at a Six Flags amusement park and campground — a mid-point of the summer for them, but almost the end of ours.

The final days of freedom were spent around home, kayaks, bike rides and enjoying our pool membership at a nearby swim club, as well as some activities for the kids: horse-back riding for Abi, and robotics camp for Ben. Eli had a sports camp earlier in the summer. We even made it to a re-creation of Noah’s Ark, in Kentucky!

School starts early in Ohio, so supplies were purchased, back-packs were packed, and new teachers were met. The first two weeks of 3rd, 6th and 7th grades have started well, and all the teachers seem nice. Labor Day weekend brings the Great Geauga County fair, and a little time to relax after the stress of a new school year.

More photos in the usual location…

So long, and thanks for all the fish!

Four years is the longest I’ve worked anywhere. Usually, I follow a rule of three: one year to learn a job, a second year to rock it, and third to hand off to someone else and start looking for the next growth opportunity. I’m proud of what got accomplished my first 2 years at this job, and I re-upped long enough to see the sequel through, but personal growth has slowed, opportunities have been constrained, and as has happened in the past, there’s nothing on offer that would make it worth sticking around any longer. I accomplished what I set out to do, so its time to move on.

In those four years, with the expert help of two tiny but amazing teams, we launched two products unlike anything anyone in our space has ever seen before. Shelby is the “Onboard Diagnostics Scanner” for industrial automation, with a friendly UI and an astoundingly simple setup experience. Sherlock is a legitimate artificial intelligence for manufacturing, invented by some of the nicest PHDs you’ll ever meet, who trusted us to bring it to market. Along the way, I got to form and help lead teams, invent and develop new ideas, and communicate cutting edge technology at the highest levels within my company and without. It was a good run. Worth the extra year, despite occasional emotional trauma.

Up next is my first experience in senior management. I’ve accepted the role of Chief Technology Architect, for an Institute within UCLA’s Office of Information Technology. In that capacity I’ll be working with some old friends, and some new ones, on a platform that has lots in common with Shelby — only at a larger, more impactful scale. Our goal is to plumb entire manufacturing enterprises for automatic information retrieval, while simultaneously funding and enabling academic research to create new value atop that data source.

Although the organization is based in Los Angeles, the Wises will remain stationed in Ohio, where I’ll be in close proximity to important partners and potential users. After nearly 6 months without significant work travel, I’ll be flexing my SkyMiles again with frequent trips to California — and where ever else potential partnerships can be developed.

Update: Press Release for the new gig.

Senior Manager, Entropy Department

Sometimes I think being an adult is just about managing decay. Your body finds new ways to fail. Your house, and the expensive things in it, are all in a gradual decline. Your cars need progressively more repairs until they’re not worth the effort any more. Everything is just getting worse, and your job as a responsible grown up is to manage that, trying to make sure things that will inevitably go wrong don’t all happen at the same time, trying to fend off eventual catastrophe by learning to perform repairs yourself, trying to replenish the bank account faster than you have to spend from it, trying to adjust your activity and food intake for whatever crap your body has going on now… Its like you’re a professional manager of gradually dwindling resources.

This, I think, is why having, or being around, kids is so rewarding. In contrast to adults, their lives are constantly getting better. They’re learning new things, maturing in new ways, growing toward new possibilities – and they’re completely unencumbered by any sort of responsibility for the things in life that fall apart. They never have to fix a toilet, take the car in for a new transmission, or add a new stretch to their morning routine just to get their bodies moving. They get to hop out of bed every day and just absorb new life and ideas and activities. And sure, things can go wrong when you’re a kid, but they’re not inevitable — yet.

In fact, as an adult in the life of a kid, your job is to shape all that constant growth, and ensure it happens in the right directions. So when your kid is having a hard time with their growth, and their optimism is wounded, and their potential seems limited, it’s hard on them – but also on you. You want them to grow fast and fully, before their brains lose their plasticity, their bodies start betraying them, and they have to acquire things that will start falling apart as soon as they buy them. You want them to launch out of childhood at a velocity and trajectory that will make adult life easier. They see punishment as unfair, and schoolwork as onerous, and friend drama as catastrophic. You hope those challenges are opportunities for them to grow, and become better equipped for life. In order to be productive, though, the challenges have to be surmountable ones. Few things are worse than seeing your kid face a challenge and not knowing how to help them through it…

It was a tough school year for our older two. Changes in funding in our school district resulted in an early start to Middle School for both of them. Ben did fine socially, but got caught by surprise academically, going from a dedicated gifted student program with a wonderful teacher who figured out how to get into his clever, but easily distracted brain, to rotating classrooms with a roster of teachers, each with different styles – some more constructive than others. Abi, a more traditional learner, with a conscientious approach to her work, had no academic challenges, but finds herself easily overwhelmed by the fast-changing world of pre-teen social drama. Deeply empathetic and contemplative, she feels for her friends and tries to rationalize often irrational behavior. Both are days away from claiming victory and surviving the year, a little bruised, perhaps, but still on healthy trajectories.

Eli, who just turned 8, has yet to meet a challenge she couldn’t tackle confidently. Whether its reading years above her level, making friends with the new kid in class, or charming present and future teachers with her gregarious personality. Also classified as gifted, she’s had no issues so far with focus in the classroom – provided the focus can be on herself as often as possible!

Nic spends plenty of time in the school with our kids, and others, as a reading helper, PTO Treasurer and Book Fair coordinator. And I got to spend some time in a classroom this year, helping out with a Computer Science program at a High School in East Cleveland – not the easiest neighborhood to grow up in, but there were some great kids on good growth trajectories there too.

Shaw High School – AP Computer Science

The old adage about staying “young at heart” does nothing to change entropy. If it’s not your back or your knees that get you, it’ll be a roof that needs repairs, or a furnace that dies on the coldest day of the year. But I think if we try to act more like our kids – deliberately challenge ourselves to learn new things, go new places, meet new people, and do new things – maybe the inevitable decline can be a slower, more enjoyable one…

Machines Who Think

The practical birth of A.I. dates back to the 1950s, when Frank Rosenblatt developed the Perceptron algorithm. Interestingly, while it was initially conceived as software for the IBM 704 computer, the “productized” implementation was a hardware solution called the Mark 1 Perceptron. Even back then, the best experience was a complete one: hardware and software combined for a specific task; in this case, image classification. A version of that algorithm is still around today – in fact, Shelby uses a Multi-Layer Perceptron for its chat interface.

The point is, there are a countable number of steps, over relatively recent history, in the field of machine learning. Most of what is in-use today is derived from what we knew yesterday. If you narrow that field to manufacturing, the milestones are even more sparse. If you narrow it again to algorithmic learning that runs within the operation, Sherlock is virtually peerless. The release of this product is a markedly significant point in the history of artificially intelligence…

The above is an excerpt from the email I sent my team upon completion of our latest 1.0. I included it because I didn’t think I could write anything better to mark this spot in time. I’ve introduced you to Shelby in the past, and while Shelby observes an operation, its newest sibling, Sherlock, actually learns from it.

I didn’t invent Sherlock (nor was I the only inventor on Shelby!) – in this case, the product is deeply indebted to the research and development of folks much, much smarter than me. But I did lead the effort to productize it, and I’m proud that I got a part in bringing it to life. Launching a 1.0 product in manufacturing is act of sheer willpower; once again, I got lucky to have a small core team of people who believed in an idea enough to pour some of themselves into it with me.

This release was step two in a 3-step strategy I helped put together almost 4 years ago: Device -> System -> Enterprise — our plan to make sense of the data in a manufacturing environment in an automatic fashion. I signed up for step 1, committed to step 2 after-the-fact because of the great partnership, and watched someone else make a total mess of step 3.

Most of the people who worked on that strategy with me have given up, or moved on (although one of them recently came back!) and the leadership that originally endorsed it lost focus, or position, or faith… it’s been a long and bruising haul getting to this point — and often a lonely one.

As proud as I am of what we’ve built, I am also very, very tired…

Weird Science

In general, I find US Patent law to be both abused and abusive. Companies usually amass patents for predatory or defensive reasons. They use their patent portfolios either as a business model, attempting to make money on litigation, or as a defense against those who do. Patents are often frivolous, obvious and meaningless, but companies acquire them anyway, if not for suit, then for counter-suit when they are inevitably sued.

All that said, there is something awful nice about seeing something you invented officially ratified and recognized. I’ve been cut out of the patent process a number of times in my career — once I was even left out of the patent for a system I designed. Rarely do these things have much monetary value for the individual employee (Microsoft is the exception, where royalty payments can be quite lucrative), but there’s definitely an emotional reward to seeing your contribution recognized.

Since Shelby, and to a smaller extent, Sherlock, were very much emotional, as well as intellectual, investments for me over the past 3+ years, to finally have one of the many patents we applied for make it through the long process, recognized both internally and by an official government body, is a milestone worth recording…

US patent 10225216