Open source
  • Bandwidth benchmark
  • TouchWidgets UI lib
  • Diviner big number math
  • Documentation
  • x86 instructions ref
  • GIT quick ref
  • GPG quick ref
  • Avoid Ubuntu
  • Android malware risks
  • iOS malware risks
  • OS/X security tips
  • Who blocks Tor
  • Software engineering
  • BASH aliases
  • I.B. pro/con
  • Nutrition
  • Other apps
  • Blog
  • Contact
    1 at zsmith dot co

    An unassuming tech blog

    © by
    All rights reserved.

    A series of random observations organized in reverse chronological order. Why unassuming? Because egotism is a learning disability, of course.

    Are the backups corrupted?

    January 2018

    As a frequent user of flash memory I've found their reliability can be imperfect. So how then to best verify that a backup hasn't gotten corrupted? This is where the checksum comes in.

    function getsums {
        find  . -type f -exec shasum {} \; | tee .mySums.dat
        grep -v \
           -e"\.TemporaryItems" \
           -e "\.Spotlight" \
           -e "\.fseventsd" \
           -e "\.DS_Store" \
           -e "\.Trashes" \
           -e mySums.dat \
             .mySums.dat > mySums.dat
        rm .mySums.dat

    Simply compare the checksums of the copied files and the original files using diff.

    Safety ratings for banking apps

    December 2017

    When I go to a restaurant, I make sure that I check its rating. I'd prefer to see an A.

    When I buy milk I similarly assess the risk level; I find its sell-by date to gauge its freshness, making sure it's not past-due to near it.

    But when I download a banking app, there isn't any kind of safety rating to let me confirm that it is safe to use and was audited and double-checked.

    Why worry? Because:

    1. The data that people put into a banking app is highly sensitive and if stolen, damaging.
    2. Small banks like credit unions never ever have actual app developers on staff, and they may outsource the work to far-flung locations to cut costs.

    This combination is potentially a prescription for disaster.

    But let's identify what there is to fear. Lacking any safety rating or a security auditor's stamp of approval, what specifically do we not know?

    We cannot know:

    1. Whether (or how well) anyone at the bank code-reviewed the source code to identify obvious security risks and ensure that the app does not expand the attack surface due to programmers having cut corners or over-engineered the thing.
    2. Whether it was someone at the bank who compiled the source code and submitted the app to the App Store or whether they outsourced that part.
    3. Whether programmers foolishly used precompiled libraries that contained malware, spyware or vulnerabilities.
    4. Whether the programmers' machines were infected with malware e.g. XcodeGhost which injected malware into the app.
    5. Whether there was a separate, protected, malware-free build machine or just any random computer was used.
    6. If the bank only received object code like an IPA file for testing, whether anyone did a security audit of that e.g. running a packet sniffer to make sure customer data is not being sent to criminals.
    7. Whether the app has vulnerabilities that are easy to exploit e.g. the coders misconfigured AFNetworking allowing man-in-the-middle attacks.
    8. Whether the source code for the app was stolen from the programmers by criminals who can use it to find vulnerabilities.
    9. Whether the bank did any in-house testing to make sure the app does what it is supposed to and no more or did they just outsource the testing too?
    10. Whether the programming was done by people who are connected to any criminal enterprise, or to a not-so-nice government etc.
    11. Whether the programmers live in a country without an extradition treaty.
    And so on.

    In summary:

    1. Chain of responsibility is unknown.
    2. Code-level security is unknown.
    3. System-level security is unknown.
    4. Human security is unknown.
    5. Security mishaps are unknown.

    What we do know, based on the lack of a rating or seal of approval, is that the bank didn't pay for a formal security audit, which they should have done and which they'd be reckless if not crazy not to do.

    In theory the App Store should ensure a very basic level of safety, nothing fancy, but in recent weeks scamware has made it into the App Store and risen to the Top 10 even while Apple has aggressively and recklessly attacked harmless spam apps, many of which are patently not spam. Clearly Apple's priorities are askew and they are missing obvious abusers.

    Summary: Don't use a banking app, especially not a small bank's.

    They own your data

    November 2017

    As explained in the neat summary linked-to hereunder, tech companies own most everything you put online. That means it's not yours anymore.

    You might call it theft by lawyer.

    If you hire a felon to break into someone's house and steal their photos, you get to become a felon too. Boo-ya!
    If you hire a lawyer to write some legal fine print to steal someone's photos, you get to become a tech millionaire.

    Terms of Service Didn't Read

    Tech companies are:

    1. Getting to know you intimately.
    2. Not telling you a thing about themselves, in most cases not even their names.
    3. Giving you precious little in return except a worthless dopamine boost.

    It's basically data rape.

    How the iPhone X disappoints

    September 2017

    Not every egg that Apple lays is golden.

    With the iPhone X, Apple has misstepped in 3 ways that Steve Jobs likely would have vetoed. Every moment that you use the X, your awareness of these missteps will grow. This will erode your initial enthusiasm and coagulate into a remorseful, gnawing worry -- a worry that in fact, your purchase was quite foolish.

    1. The Notch:
    • It is ugly. It is ever-present. You cannot stop looking at the ugly Notch. It looks especially awful in landscape mode -- forget about watching wide aspect ratio videos.
    • That odd shape: Surely the screen's odd shape to accommodate the notch made it more expensive to manufacture than a square screen, and raised the overall cost. The X could have been an $800 phone without the Notch. Therefore you paid more for something worse.
    • To make things worse still, the X's Notch requires software changes in most existing apps but many developers will take forever to update those apps. What a drag.

    2. Facial recognition... why?

    • It is unnecessary. It is super-creepy. Face ID electronics are elaborate and surely raised the cost of the phone as a whole. Everyone was just fine with Touch ID. Touch ID works 99% of the time. 1% failure is not a crisis. Why did they not simply just put a Touch ID on the back, out of sight and mind?
    • Why not wait for something better? Just a few months later, Synaptics got under-display Touch ID working.
    • Face ID is a huge privacy risk. Unlike the infrared face-ID that appeared in Samsung phones and Windows laptops recently, Apple's actually works. If you live in a country where crimes include being the wrong ethnic group or having evidence-based beliefs or anything else that powerful people do not like, your Face ID data can be used to persecute you. Can you really trust that Apple, which participates in NSA's PRISM program, won't send your super accurate face-print to the spooks?
    • When Apple inevitably uploads faceprints to its servers, despite claiming it will not, you must realize it is also inevitable that their cloud will get hacked. It has happened before at least twice. Senator Al Franken expressed similar concerns.
    • What if your phone gets hacked? The Secure Enclave that would protect your faceprint was recently compromised.
    • As for animated emojis, who will use them for more than 5 minutes? Animojis are a useless novelty, like curvy mirrors at an amusement park.

    3. Priced at $1000, the X feels more like a test of maturity.

    • Do you lack self-control? Buy it!
    • Do you crave the admiration of others? Buy it!
    • Do you seek entry into some cool crowd? Buy it!
    • Do you need to make foolish people feel envious? Buy it!
    Meanwhile there is a far better Android phone, the Razer, that is available for $700.

    So what should Apple's executives have done?

    1. Apple should have made a phone that is 100% screen on the front: no Notch.
    2. They should have made the rear Apple logo into a Touch ID sensor. Maybe one that lights up.
    3. For the users who need the selfie camera and front speaker (not everyone does) just put them in a protrusion -- not the awkward intrusion of the Notch.
    4. The gimmick of facial recognition comes at a large cost, so it should have been optional, not forced on customers.

    Now that would have been revolutionary.

    But wouldn't a protrusion look goofy? Only if it's done wrongly, without an obvious workaround that any competent innovator will hit upon.

    Time to abandon x86?

    September 2017

    With Intel recently gaining notoreity for putting a secondary spyware CPU inside every x86 CPU that it has produced since 2006, specifically the Intel Management Engine and variants, even if they never officially intended it for spying (yet it can transmit sound from your microphone even when the power is off) a feeling of repulsion and nausea would be understandable whenever the name Intel comes up. It is a natural response to betrayal.

    The fact that AMD has put a similar secondary CPU (named PSP) inside their processors since around 2013 is disturbing, too.

    One could argue that these two data points provide reason enough to contemplate a permanent switch away from the x86 architecture. But how would that work? For a GNU/Linux user, it would seem trivial, so long as a safe and sufficient ARM-based solution exists. But what about Windows users, whose software may never be recompiled for ARM?

    Microsoft is preparing the imminent launch of Windows 10 for (Snapdragon) ARM-based laptops, but this switch-over to ARM now seems legally quite risky if they include x86 emulation that supports SSE. Perhaps recompilation for ARM is required after all. Or machine-code translation?

    It helps to question assumptions. Namely, is an ARM CPU automatically safe? I assert that to assume ARM is safe is wishful thinking. A hardware backdoor surely exists in some ARM-based devices. Who knows if an affected device is from MTK, Qualcomm, or inside the much-promoted Raspberry pi?

    Careful analysis is always necessary.

    • We learned that lesson when Windows Vista was caught contacting servers from DoD and Halliburton when it first booted up.
    • We learned that lesson again when Nuance was caught sending voice-prints to the Pentagon.

    Perhaps in the short term, a downgrade would be wiser. Not a break with x86, but a pivot to older hardware, like a pre-2013 AMD-based computer. Perhaps the urge to always upgrade to yet higher-end computers was always foolish.

    Why so little innovation in laptop keyboards?

    July 2017

    Notebook computer manufacturers often play follow-the-leader, but when it comes to keyboards the situation is worse: They delegate to non-leaders. They mostly just buy standard keyboard parts from standard keyboard manufacturers and then forget about the keyboard, as if keyboards were commodities like instant ramen or roofing tiles.

    The two things a consumer touches first when they try a computer at the store are the keyboard and touchpad. But each is typically a afterthought. Does that seem like good planning to you? No wonder that Apple has become popular. They excelled (until recently) at perfecting the tactile experience.

    The result is an avalanche of PC laptops with chiclet keyboards that feel awful and are unhealthy to use for even a few hours.

    Apple, which is considered a leader of sorts, has ironically produced their butterfly keyboard, in so doing hijacking the name of a famous IBM Thinkpad keyboard, but unlike IBM's masterpiece Apple's thing is unhealthy to use for even a few minutes. Only the Onion could have predicted something worse:

    Cherry continues to produce interesting keyboard switches for office computers and gamers, and their keyswitches have made one appearance unmodified in the very heavy MSI Titan laptop. They seem unwilling to allocate brainpower toward actually improving laptop keyboards however.

    Now some unknown keyswitch maker may have innovated. It has produced mechanical backlit keyboard switches for the Lenovo Y900, reviewed in Laptop Mag. Let's hope they can make a difference.

    If we recognize that typing all day is as rough on the body as:

    • Standing all day
    • Walking all day
    then perhaps we can see deduce what the solutions to the problem of improving the laptop keyboard might involve.

    If someone who stands all day needs sturdy shoes, perhaps someone who types all day needs a non-flimsy keyboard, which is not a $5 part. (Both Thinkpads and Apple's pre-2016 laptops are known to have sturdy keyboards.)

    If someone who walks all day needs gel-cushioned soles, perhaps someone who types all day needs a keyboard that does not cause a hard impact when it clicks nor when it hits bottom but instead touches down on rubber or dare I say, gel?

    Finally, if someone has a crooked posture all day, the solution is to switch to a natural posture. Let us ask then: Why does a wide 15" or 17" laptop not already in 2017 have any correction for ulnar deviation? A straight row of keys makes no sense if there is room for an ergonomic V-shape layout.

    Product quiz

    July 2017

    Guess which business strategy is the fake one:

    1. American beer manufacturers added MSG (a brain toxin) and propylene glycol (antifreeze) to beers because no regulation or law required them to list the ingredients of their beers.
    2. American pizza chain Pizza Hut decides to add inedible silicone to their pizza cheese as a filler because it has great shelf life and it simulates the mouth feel of cheese.
    3. American bank Wells Fargo decides to load up customers with invented bank accounts for which those customers did not ask and which incurred unwanted fees and penalties.
    4. Apple decides to put a home button in its expensive phones that does not move when pressed but rather vibrates to simulate a click sensation, even though no users requested such a button.
    Surprise! They are all real examples of fakeness.

    Source Source Source

    Innovation quiz

    July 2017

    Which of these product decisions feel like a visionary leader gave them his eager thumbs-up approval?

    iPhone missing the headphone jack.
    No. It was removed to add space for a haptic response buzzer, which was itself put in based on dubious justifications.
    Macbook Pro dongleitis (excessive dongle disease)
    No. It is just a scheme to force unwanted purchases of dongles.
    Butterfly keyboards
    No. Its insufficient key travel is guaranteed to cause repetitive stress injuries, and some models have an unrepairable problem wherein keys become super-tough to press down.
    Haptic feedback home button
    No. You press an unmoving button that vibrates instead of moving? It is a fake button.
    The awkward and useless touch-bar
    No. It feels unnatural and takes your eyes off the screen. It was meant to placate users to wanted a touch screen but instead only offended them.
    Macbook 12-inch
    No. It is a computer for which no one asked and it is not better than the Air.
    Endless Swift changes
    No. Perpetual twiddling is a tacit admission of having no vision and no plan. If Kotlin gets ported to iOS, Swift will be in trouble.
    $180 iPad keyboards
    No. An overpriced second-rate solution is not visionary.

    Where is the genius in dongles?

    Where is the genius in stealing a product name? Check out the original butterfly keyboard

    Print recent disk mountings/unmountings on macOS

    June 2017

    Are you paranoid that someone plugged a USB flash drive into your computer? Here's how to scan the last four hours of the log for mounts and unmounts.

    log show --last 4h | grep -e ": mounted " -e ": unmount " 

    A tree command for macOS

    May 2017

    macOS doesn't include a tree command, unlike GNU/Linux, which means you either have to install the official tree program. There are three basic approaches:

    1. Install tree from source code: a laborious process.
    2. Install homebrew, then install tree through it, which puts you at risk because it means installing untested binaries from strangers.
    3. Simulate tree with a BASH function.

    Here's my version of option 3:

    function tree {
        for s in `find . -type d`; do
            A=`echo $s | sed "s/[^\/]//g" | sed "s/\//.   /g"`
            B=$(basename $s)
            echo "$A"$B

    How to print out the reason for your computer waking up

    May 2017

    Are you afraid your landlord is sneaking into your apartment when you're gone? Does your keyboard suddenly feel sticky one day?

    Print the last 8 hours' Wake reasons:

    log show --predicate 'eventMessage contains[d] "Wake reason"' --info --last 8h

    Object-oriented assembly language (OOA)

    April 2017

    My new article on how to write object-oriented code in x86 asm is here.

    To offer a high level assessment, the basic problem is that while there are several ways to do OOA, the easiest is the most limiting, and once you commit to one approach it may be time-consuming to switch to another.

    For this reason, a computer language that is just slightly more sosphisticated than assembly might be the best solution, if code speed is the goal. This was the major point of my C@ compiler project.

    iOS: Areas for improvement

    April 2017

    While some like to hold Apple above criticism, because for whatever reason they think Apple is perfect, it has become obvious that some aspects of iOS hardware and software need a rethink.

    Realists on this topic can be found everywhere:

    • Reviewers and ranters on Youtube
    • Retail salespeople in Apple stores
    • Bloggers
    • And anywhere else that the Svengali trance of Apple has no hold.
    iOS imperfect? Let us count the ways...
    1. iOS devices really do need SD slots that can read and write files. For a tool to be useful it has to be fit for purpose and a computing device without a serious storage option (iCloud is not that) is not an effective tool.
      • A photo editor running on iOS has to be able to save an edited file somewhere useful like an SD card from where it can then be efficiently archived. The iCloud or Dropbox solution is not ideal for privacy or speed (upload speeds being generally slow). Regarding sensitive photos, uploading to the cloud may be fine for trivial photos but anything at all sensitive or important needs to go somewhere safer than iCloud.
      • The same goes for critical business files like contracts, customer lists and sales data. No business manager worth his salary is going to accept putting important and confidential business documents into the cloud where a hacker or a government operative can steal them, corrupt them, or delete them and thereby disrupt the smooth operation of his company. Files need to be saveable to a physical medium like SD flash and then put into private backups.
      • The fact that an SD card slot is needed is only half the problem. iOS needs the ability to write to SD cards that have encrypted file systems (like macOS can) to protect user data before it is archived.
    2. The app launch screen (Springboard) is no better than it was in 2007. Android's home screens have useful gadgets of various types like a search bar, a calendar, and concise news headlines. It is quite bizarre that Apple, which fanboys claim is a fount of innovation, is clearly being out-innovated by its imitator.
    3. Apple's obsession with streaming sounds very clever to fanboys, who argue that the age of physical media is already over. But there is a problem: WiFi frequencies are in the microwave range and as such they do go straight through your body and they do cook you slightly. While industry scientists claim this is harmless, that is not true according to some research. Microwaves are officially non-ionizing radiation unlike Xrays so genetic damage should not be observed but the problem is, it has been observed nevertheless. Thus WiFi microwaves may be the new smoking: safe only if you trust the industry and ignore the evidence.
    4. Touches too precise? The premise of the touch screen is that tapping is so easy that it is hard to screw it up. Unless you are in motion. Anyone who has been a passenger in a car or bus or just walking down the street knows that taps are harder to get right while in motion. There are several reasons why this is so, but one is that Apple seems to be encouraging user interfaces that require more and more precise taps. Perhaps Apple bigwigs only ride in super-smooth transport like shuttle buses and let their retinue take the bumpier road. But for the Rest of Us there is an obvious solution that at least Apple could embrace for its apps. What is that solution? My secret.
    Certain types of businesses capitalize on bad decisions.
    • Alcohol and tobacco vendors.
    • Junk food manufacturers.
    • Casinos and lotteries.
    • Payday lenders.
    • Narcissism-boosting social media.
    • Subprime mortgage providers.
    Apple, by encouraging cloud storage instead of physical storage to SD cards, by encouraging streaming and electromagnetic radiation exposure, has effectively joined the ranks of these predatory businesses that capitalize on poor reasoning, pretending all the while to be somehow embracing the future. Is anyone besides the fanboys buying it?

    Safari not included with OS/X?

    March 2017

    On iOS, I can open Safari by saying Siri, open Safari. Such is not the case on macOS. Siri disclaims any knowledge of Safari.

    If macOS were free/open-source software, or a hobby project, this kind of obvious bug might be understandable. But it isn't written by volunteers. It's not a hobby project. What is wrong at Apple?

    How to fetch a file through TOR

    February 2017


    1. Run the TOR browser.
    2. On OS/X use this command: curl --socks5 $url -o $name
    On GNU/Linux or Windows the port may be different.

    If Apple is against computers with touch screens...

    February 2017

    Why is it making this then?

    Are they taking a page from Magritte?

    Ceci n'est pas un écran à toucher.

    The meaning of Magritte's painting is the pedestrian observation that a word is not the thing. But in order to think, we need accurate words to describe a thing. If Apple makes a touch-screen computer but then says they don't believe in making touch-screen computers, what are they saying? What is the iPad with keyboard then really? A surveillance device? Without an SD card slot or a USB port, it certainly isn't a serious tool for productivity.

    Consumers want solutions to problems, not doublespeak. Their money is hard-earned. They are not idiots and you treat them like idiots at your peril.

    Common QA mistakes

    November 2014

    Testing is, in a sense, like making a hamburger. It is not terribly difficult but it has to be done right.

    • As with making hamburgers, doing testing wrongly can result in a tragedy.
    • As with making hamburgers, some people should not be doing it.

    Some common mistakes:

    • Failing to report obvious bugs therefore letting bugs pass through to the customer.
    • Not reporting critical facts or circumstances about a defect e.g. that Wifi has to be on, that it only occurs right after midnight etc.
    • Not providing any evidence of a defect e.g. screenshot, videos taken with a phone, or log files.
    • Not being knowledgable enough about the product that you are testing to know how it is supposed to behave, leading to the response that is how it is supposed to work.
    • Not taking the effort to write down what happened at the moment when it happened. Instead trying to remember much later.
    • Not wanting to check everything that needs to be checked and/or not prioritizing.
    • Not testing the latest product. Wasting time testing code whose defects are already fixed.
    • Accepting second-hand information (hearsay or rumors or lies) as totally legitimate instead of speculative.
    Some red flag mistakes that may indicate you should not be working in QA:
    • Declaring that something doesn't work but refusing to say how or why or when.
    • Doing QA because you just enjoy complaining and would do it for free.
    • Being opposed to learning a new platform in order to test software on that platform e.g. I don't do iOS. (Yes; I have heard that.)
    • Having a passive-aggressive personality or otherwise being unable to be direct.

    Is the 5.5 inch iPhone {6, 6s, 7} Plus practical?

    September 2014

    I was one of the vocal proponents of a big-screen iPhone, telling anyone who'd listen that Apple needs to make one with a 5.5 or 6 inch screen.

    I expected the 6 Plus was going to prove me right. After owning the iPhone 6 Plus, I believe I was wrong.

    It's not a terrible phone. But the 6 Plus is rather heavy. While the 6 Plus only weighs 1.52 ounces more than the 6 (6.07 versus 4.55 ounces respectively), that is 1.33 times the weight, and the difference is almost alarming when they're side by side.

    The expense and delicateness of the 6 Plus means a rugged case is vital. My preferred case is the Magpul field case, but it's heavy. The Magpul case adds substantially to the overall weight -- 1¾ ounces to be exact -- bringing the total to 7¾ ounces.

    Having also owned the cheaper, lighter, and plasticy $150 LG Stylo 2 Plus, which is 5.1 ounces but has a screen that is 5.7 inches, I can say that the 6 Plus compares quite poorly.

    1. The bare 6 Plus is already 1 ounce heavier.
    2. The 6 Plus's high cost and fragility militates for using a rugged case.
    3. The LG Stylo 2 Plus can be used daily without a case because it is cheap and replaceable.
    4. However the 6 Plus with rugged case weighs nearly 8 ounces.
    Given the weight situation, only software -- iOS -- saves the 6 Plus, because Android is frankly crap. [Update: Android O may finally fix that.]

    So why go with the 6 Plus at all? While a 5.5 inch screen is a good size for web browsing on the go, it's not a great replacement for a tablet or a laptop.

    Let's consider video watching. Perhaps if you are working as a security guard or a librarian, or are idle in a quiet environment, you will be able to watch video outside of the home. A large phone may help you do so. Most people can't.

    Let's consider web browsing. Even a 10-inch tablet can make web browsing difficult. A 5.5" screen will be much worse, and it isn't going to be a great improvement over say, a 4.7" display. But it will be much better than a 4-inch screen.

    I'd say that if Apple cannot make a less delicate, expensive, and weighty phone, it should settle on a smaller size. A 5-inch screen may be the Goldilocks size: Not too large, not too small, not too heavy. Just right for practical use while keeping the weight down.

    A repeat loop kludge for Objective C

    September 2014

    Many a-time there's a need in C and Objective C for a simple repetition loop à la 8086 instruction LOOPNZ. But one doesn't always need access to the loop counter itself. To this end, here's a simple #define that gives you precisely that. It may not work in every compiler, but it seems to be safe when used in Xcode.

    #define repeat(COUNT)  unsigned long x##__LINE__ =COUNT; while (x##__LINE__ --)

    Usage 1: repeat(10) puts ("message");
    Usage 2: repeat(10) { puts ("message"); }

    But why stop there? If you do need the counter value, just provide it like so:

    #define loop(VARNAME,COUNT) for(int VARNAME=0; VARNAME < (COUNT); VARNAME++)
    #define countdown(VARNAME,COUNT) for(int VARNAME=COUNT; VARNAME > 0; VARNAME--)

    The only caveat is that as of Xcode 5, llvm is performing a lot of type checking so you may need to type-cast the variable from the loop and countdown macros.

    Jerry Seinfeld explains why he didn't become a mere TV mogul

    September 2014

    But I didn't take that bait... because I know what it is... You can't pull that over on me.
    I've sat in all those chairs.
    I've been in those rooms. I know what it is.

    What is it? You'll just have to listen to Alec Baldwin's interesting and funny interview of Jerry Seinfeld:
    WNYC link

    Resize images from the command line

    August 2014

    On OS/X there is no need to install ImageMagick in order to resize images from the command line. Let's say you want to generate a new set of icons for an iOS app. You can do it with two commands: cp and sips. Below I offer an example, left as an exercise for the reader, on how you might do this from a script:

    cp iTunesArtwork.png Icon-144.png
    sips -Z 144 Icon-144.png  &> /dev/null
    file iTunesArtwork.png Icon-144.png

    © Zack Smith