HBS-700 sound quality on Mac OS X

I was recently looking for a pair of Bluetooth headphones to isolate myself from the world without a cord tethering me to my laptop. I ended up settling on LG’s HBS-700 headphones due to spectacular reviews on Amazon. The cost of selecting the HBS-700, rather than its newer cousin, the HBS-730, was missing out on the apt-X codec, which is reportedly much better than the standard SBC codec that most Bluetooth devices use. But the HBS-730 noted terrible range and poor reliability, which really doesn’t work for me when I’m shipping these headphones 12 timezones away from the retailer. So I chose the HBS-700.

Despite the occasional typo in the user manual (yes, I do read user manuals for fun), first impressions of the device were pretty good. The device is light, well-built, and comes with a charge. The only problem I noticed was that sound quality was substantially lower than my cheapo Acoustic Research ARE-09s. Turns out that there is an easy fix for this; disconnect the headset, open Terminal and run this:

defaults write com.apple.BluetoothAudioAgent "Apple Bitpool Min (editable)" 53

For the HBS-700, 53 is the highest bitpool supported. By default my headset had previously negotiated a much lower bitpool, which corresponds a much lower bitrate. Interestingly, setting the minimum bitpool to 51 actually resulted in worse performance, because of the mismatch of sampling rates between the encoded audio I was listening to (at 48 kHz) and the SBC encoding (at 44.1 kHz). You can examine the negotiated bitrate using this command:

defaults read com.apple.BluetoothAudioAgent

According to the A2DP specs you can get a rough idea of how bitpools correspond to bitrates using the following table:

Table 4.7: Recommended sets of SBC parameters in the SRC device
SBC encoder settings* Middle Quality High Quality
Mono Joint Stereo Mono Joint Stereo
Sampling frequency (kHz)
44.1 48 44.1 48 44.1 48 44.1 48
Bitpool value
19 18 35 33 31 29 53 51
Resulting frame length (bytes)
46 44 83 79 70 66 119 115
Resulting bit rate (kb/s)
127 132 229 237 193 198 328 345
*Other settings: Block length = 16, Allocation method = Loudness, Subbands = 8

Happy listening!

Posted in Pub | Leave a comment

A theory about UAE’s internet connectivity

Ever wondered why internet in the UAE sucks? I have a theory…

  1. Etisalat runs a Great Firewall of UAE for HTTP traffic, and is overloaded and/or buggy.
  2. Commonly accessed files are sometimes cached by the Great Firewall, and can be delivered/inspected/passed through quickly. However, less common files need to be fetched by the Great Firewall before being delivered to the end user. Because the Great Firewall is overloaded or buggy, it can sometimes inspect and deliver the first bytes of a file quickly before slowing to a crawl. For example, this could manifest as downloading a file at 300 KBps for a few seconds before dropping down to 50 KBps for the remainder of the file, or producing a sawtooth-like bandwidth graph. If it’s a large file, it could end up taking hours. Sometimes the Great Firewall is unable to do any caching due to cache settings on the web server, in which case it has to inspect the file each time it is downloaded (you will see this with the results from speedtest.net).
  3. Encrypted data cannot be inspected and seems to be ignored by the Great Firewall. This suggests a few ways around the firewall: the most commonly used one is to VPN out. Another way is to use HTTPS. This is particularly useful with Google Maps, for example (http://maps.google.com/ vs. https://maps.google.com/). You can also see a pronounced difference when using Speedtest over an encrypted connection or not (https://dustin.li/tmp/st/ vs. http://dustin.li/tmp/st/ – this is my server in North Virginia). In my own testing, direct encrypted (e.g. HTTPS) connections outperform VPN encrypted connections, which in turn outperform unencrypted HTTP connections. We’re talking almost an order of magnitude – 4.83 Mbps HTTPS vs. 0.64 Mbps HTTP.
  4. Etisalat’s DNS service occasionally slows to a crawl, which introduces non-bandwidth related latency. I have sometimes worked around this when I am at home by switching to Google’s DNS servers or my personal DNS server.
Posted in Pub | Leave a comment

UMNR 2012

We’re organizing the 1st UAE Meeting on Neurorehabilitation (UMNR) here at Khalifa University! Come hang out with all the cool people. It’s on March 9-10, 2011.

Posted in Pub | Leave a comment

Scooba: meh

After correcting a minor incident of exploding capacitors, I was able to charge my Scooba 330 and set it free on the tile floors of my new apartment. In short: meh. While it’s really cool from a geeky perspective, it just doesn’t do a great job. For example, it gets stuck on the transition from the tile to the marble. It doesn’t do a good job sucking the water back up (probably a defect/maintenance issue), leaving behind puddles as if someone had cleaned the floor with a dripping mop, getting an optimistic 30% of the water it layed down. It doesn’t self dock, requiring you to manually plug it in every time. It doesn’t do a great job of picking up hair off the floor. It looses traction quite a bit. There are no infrared sensors on its bumpers, causing it to slam into things at full speed. Its bumpers aren’t terribly sensitive, making it bash into things and spin its wheels, not realizing that it’s not moving. It requires maintenance of the brushes, vacuum port, and filter after every cleaning, and rinsing of both the dirty and clean tanks. I’ll keep using it because I’d never mop my own floors, but they could do much better… iRobot has released an updated Scooba but the reviews are also universally “meh”. In comparison, my Roomba 535 is awesome – requires almost no maintenance, and always gets back to its docking station on its own.

Posted in Pub | Leave a comment

EC2 spot prices vs. reserved instances

I wrote a stupid little script that was designed to figure out whether it is more cost effective to run my server on spot instances or on reserved instances. It calculates cumulative spot cost over the last 90 days and also charts the spot price, and projects that cost to a full year.

My server must be up 100% and cannot tolerate downtime, so I can compare the projected cost to reserved instance cost. Historically, the spot price has been pretty stable (so stable that one commentator called the market a flop) and almost equal to the reserved instance hourly price, without the overhead of the reserved instance one time fee. However, spot prices have been fluctuating greatly in the last few months (Q3 2011) so it is now more efficient to buy a reserved instance (especially since Heavy Utilization instances became available).

If we project the cost of running a micro spot instance in us-east-1b for an entire year, we would have to pay $621.20/yr for CPU time. Compare the Heavy Utilization reserved micro instances in the same region, which would cost $100/33 + 365*24*$0.005 = $77.13 (3 year term). Yeah. I know which one I’ll be getting.

Posted in Pub | Leave a comment

Moving a WordPress install to a subdomain

Hi kids! Today we’re going to learn about moving WordPress to a subdomain. Why would you want to do that? Well, let’s say that you want to have SSL over the subdomain (only), or that you want the subdomain to be an internal address that no one else can access. This became an issue for me when I decided to transition to the CloudFlare infrastructure, which supports SSL on a domain only if you pay them. I am way too cheap for that.

The obvious thing to do is to go into General Settings (/wp-admin/options-general.php) and modify the “WordPress address” to add the new subdomain. For example, mine originally read https://dustin.li/word/, but now reads https://secure.dustin.li/word/. After clearing caches, the Log In link on the blog now correctly directs to the secure subdomain for login, and I am able to see the administration dashboard on the subdomain. There is a problem, however: the public site does not reflect that you are logged in! This means that your users will not be able to use any features of being logged in, and you will not see the administrative features on the public site.

There is an easy fix for this, though. In your wp-config.php file, add a line like this:

define(‘COOKIE_DOMAIN’, ‘.dustin.li’);

This tells WordPress that your cookie should be set and read in the “.dustin.li” domain, which any of the subdomains in dustin.li (including secure.dustin.li and dustin.li itself) can read. Problem solved! Huzzah!

Posted in Pub | Leave a comment

International money transfer from the UAE to the US

I was once told that a good rule of thumb to calculate your salary in the UAE is to take your US salary and multiply it by 2-3. Add free housing (or a housing allowance), and decent benefits, and a standard 8.3% bonus at the end of each year. This means that most people here, from the labourers to execs, are sending money back to their home countries at some point. The poor, uneducated construction workers send money to their families on a regular basis as they work to pay off their expenses incurred just to get to this country. The white collar workers are more likely to stockpile their cash and transfer it out of the country when they leave on their plush repatriation allowances. Whatever the reason, expatriates in this country need a means to move money out of here.

We get a pretty good deal as US expats. In addition to controlling the world’s reserve currency (making it way cheaper for us to borrow money), many countries, including the UAE, have pegged their currency to the US dollar. This may not always be good for business, but it’s great for expats who don’t have to worry about currency fluctuations and the resulting loss from the currency spreads.

I’ve obtained some of the exchange rates of banks and money changers around here and tabulated them below. I included all the sending fees charged to obtain a “bottom line”: how much money do you loose on a transaction of sizes $100, $1000, $10000, and $100000. I included several methods of exporting money including wire transfers, demand drafts, and straight up cash exchange (i.e. carry your cash to the US… but don’t forget to declare it!). Note that there are two types of wire transfers offered: SHA (“shared fees”), where the intermediary banks take a random cut of the money, and OUR (“our fees”), where the receiving bank receives all the money you originally wired. OUR carries a premium of 100 AED. Intermediary banks can take somewhere from US $25-$50, and some occasionally take a percentage as well. There is no way to find out what these intermediary fees are prior to the transfer. I think OUR is the way to go if you must do a wire transfer. Note that the table does not include fees charged by the intermediary or recipient banks.

Spreadsheet in a new window

The numbers indicate that the best way to go is to exchange money for cash at a good rate here in the UAE and carry it to the US, unless you’re sending amounts of well over $100k. The SHA wires appear to have comparable fees as higher quantities are transferred, but they belie the previously discussed hidden intermediary bank fees. Shop around for a good exchange rate by calling the exchanges up. Here’s a list of them in Abu Dhabi.

Happy transferring!

Update: I am now using RAKBANK’s Evantage account, which gives you 1 free international transfer each month. For OUR transfers, they charge a 30 AED fee. I have verified that all the money makes it to the destination account for OUR transfers. For SHA transfers a $25 fee was taken out at the destination by the intermediary bank (Citibank), which is much greater 30 AED. The maximum transfer amount is 100,000 AED per day. The OUR transfers are still not as inexpensive as carrying cash over, but for security, expediency, and convenience I prefer wiring.

Update to the Update: I switched to using Al Ansari exchange. While this was motivated largely by RAKbank being annoying, also for the amounts I was transferring, the losses incurred were lower. The downside is that this is less convenient, and you have to get money to the exchange somehow. I was nervous about my cash disappearing somehow, so I wrote a check to maintain a money trail. Using a check is supposed to result in a 3 day clearance delay, but in reality I received my money in the US the next business day. Be aware that you will need to spend some time with the teller putting in all your bank information. Double and triple check that all the information is correct (especially the SWIFT code and account number, which my teller got wrong). They save this information so that you can look it up with your telephone number the next time. You will need to bring your Emirates ID or passport.

Posted in Pub | Leave a comment

Installing NeoRouter on Lion

NeoRouter 1.5.0 will not install on Mac OS X 10.7. The installer package searches for /dev/tun to verify that the TUN/TAP drivers are installed, but the search always fails in Lion. To work around this, I created a package with the check removed:

P.S. TUN/TAP is causing more kernel panics than it ought to (once every few days).

Posted in Pub | 10 Comments

Can we trust CloudMagic?

My Google Mail account is over 8 GB in size (thanks, attachment whores!), and includes over 70,000 conversations in my Inbox (ignoring the Archives). Unfortunately, this means that most search queries normally take 5-10 seconds, and this sucks, especially when you’re searching your email for that crucial information and your co-worker is looking at your personal email over your shoulder. I thought Mail.app or Thunderbird would be a solution to this with a local, SSD-backed index, but those programs search even more aggravatingly slowly (guys, can we fix this please?).

Enter CloudMagic, an extension for Chrome and Firefox that downloads and indexes your mail your for you. It will also index your Google Docs, Spreadsheets, and has plenty of other shiny features, but I’ll let you watch their demo video with the disturbingly generic narrator yourself. But can we trust this small company from Bangalore with our username and password? Will they misuse our data? Let’s take a look…

All Chrome extensions are distributed as .crx files, which are really just glorified .zip files with a little bit of Googley information tacked on. This lets us peruse some of the code of the extension, including the javascript and markup used to manage the extension’s basic functions. Poking around, the only interesting bit is where an innocuous-looking javascript file is downloaded from https://www.cloudmagic.com/res/2_71_Beta/php/initapp.php and used to inject a script into Gmail, Google Docs, and Google Calendar to provide a custom search box on those pages. There’s a good reason for this – if Google’s web interface changes, the company needs to be able to quickly update the script to prevent things from breaking, even if the Chrome Extension hasn’t been updated yet. Unfortunately, this is also a weakness – if the CloudMagic server ever gets compromised, replacing the script would allow an attacker to gain access our data as well. The question then becomes how much you trust CloudMagic to keep their server secure. Considering how big a target it is (thousands of Google accounts) and how small of a company it is, I’d rather play it safe and prevent the extension from loading any javascript remotely. A similar situation exists for the autoupdate mechanism, which allows the extension to update itself without any user intervention (and also passes a unique identifier to their website).

Another problem: you are required to enter your Google Account credentials into the extension preference page. This provides the extension with unlimited access to your account, and how much do you trust them with the password? Fortunately, this password appears to be stored locally only and is transmitted only over secure channels. A better alternative would be to use OAuth, wherein you give your password directly to Google, whose servers in turn provide an authentication token to the extension. The authentication token would only provide access limited to what is required by the extension.

Finally, there’s all the hidden code that’s compiled specifically for each platform via the NPAPI plugins. The Google Chrome developer page says it best:

NPAPI is a really big hammer that should only be used when no other approach will work.
Code running in an NPAPI plugin has the full permissions of the current user and is not sandboxed or shielded from malicious input by Google Chrome in any way. You should be especially cautious when processing input from untrusted sources, such as when working with content scripts or XMLHttpRequest.

There’s not much to find out or do here without the source code. However, we can look at the behavior of the extension with Little Snitch and Charles. The result: the traffic between the extension and its website appears innocuous (just the aforementioned update queries and script requests). It seems that the NPAPI plugin is doing its business entirely locally.

I should acknowledge that Chrome and all other Chrome extensions also use an autoupdate mechanism, so many of the issues pointed out here also apply to that software. However, in many cases those plugins are completely open source and reviewable, have a larger user base, have less access to my data, or I simply trust the vendors more.

Let’s recap the potential security issues:

  • Remote Javascript injection
  • Autoupdates
  • No OAuth
  • “Public” NPAPI plugins

I’ve modified the plugin to solve some of these issues, but it’s no Panacea.

Posted in Pub | Leave a comment

UAE climbing information

I felt the need to collect the information I’ve been gathering about climbing in the UAE into one place. It’s been hard to find information about where to buy climbing gear, indoor climbing walls, etc. One geeky afternoon I threw together a Google Site with ever-so-useful maps and more.

Check it out: http://uaeclimbing.dustin.li/.

Posted in Pub | Leave a comment