Fazal Majid's low-intensity blog

This blog now supports the HTTP/2 protocol, courtesy of nginx 1.9.5 (PDF).

In the process, I was stymied by an “ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY” error from Google Chrome. HTTP/2 mandates TLS de facto, if not in the strict letter of the specification, and it also forbids a number of obsolete or weaker SSL/TLS ciphers to only permit ones that are truly secure. After some considerable digging, I found out the issue is Google Chrome on Mac and Android (presumably Windows as well) does not support 256-bit AES in HTTP/2, and my server was set up to only accept 256-bit encryption (only the best will do for my readers!). The error message was misleading: it’s not the server but Chrome’s crypto which is lacking.

It seems the cryptographers at Google feel 128-bit AES in Galois Counter Mode is good enough, and they did not want to be too far apart from Firefox (which does not support it either, and just fails without even the courtesy of an error message). In contrast, Safari on Yosemite supports AES-256-CBC (not ideal, I know, but that’s also what Chrome supports if HTTP/2 is turned off) and AES-256-GCM on El Capitan and iOS 9. Here are the settings your browser uses:

This is disappointing. AES-256-GCM is supported in hardware on most Intel hardware nowadays (all but lowest-end chips have the AES-NI instructions) and in the ARMv8-A architecture supported by most smartphones and mobile devices today, where the extra CPU load would matter most. I wonder how much of this is driven by Google’s fondness for Dan Bernstein’s ChaCha20+Poly1305 algorithms. Excellent as they may be, they are not implemented in hardware on the most common platforms, nor implemented at all in OpenSSL. It is quite disconcerting that my phone has better crypto than my desktop browser.

I ended up resolving the issue by loosening my cipher list from AES256+EECDH to EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH, but Chrome really should catch up and not let itself be hobbled by the increasingly irrelevant Firefox and its hoary NSS crypto.

I probably sound harsher than I intended towards the Google crypto team. The backward compatibility issues they have to deal with, from poorly designed TLS standards to broken web server software, intrusive anti-virus or corporate proxy servers mean a lot of their energy goes into exception cases, rather than implementing the latest and greatest in crypto algorithms.

Update (2017-01-18):

It looks like Chrome silently added AES256-GCM support last year, as it now negotiates the ECDHE-RSA-AES256-GCM-SHA384 cipher on aes256gcm.majid.org.

Professional Organizers will wax lyrical about label-makers, file folders, and the like, but one unheralded gizmo I have found surprisingly effective is a heat sealer, in my case the AIE-200C. It’s made right here in California, and very robust, although if I were to buy one again, I would probably spring for the 12″ version. You put stuff in a polyethylene bag (up to 6 mil or 0.15mm thick, but 4 mil seems like the optimum for robustness while remaining flexible and see-through), put the open end under the sealer, set the thermostat, press and cut the excess bag with the built-in cutter. It makes a 1mm wide heat weld in the bag, which is now airtight and water-proof. You can also buy rolls for massive capacity, but that seemed like overkill.

The great advantage of a heat sealer over ziploc bags is that you cut the bag to size, instead of having items floating around in an oversized bag, which means it’s much tidier, and also takes up less space. Cables are much more manageable when individually bagged so they cannot tangle together, for instance. They are also perfect for infrequently used supplies, random parts for the house or appliances, or infrequently used tools.

My current approach to organizing random stuff is to bag it, optionally include a description written on an index card if it is not immediately obvious what it is, seal it then dump it in a Rubbermaid plastic bin. When the bin is full, I will take an inventory in a spreadsheet (more specifically OmniOutliner and Delicious Library). In a year’s time, I will cull them as needed.

This system is close in spirit to my paperless workflow: do not exhaust yourself attempting to physically organize the long tail of stuff that doesn’t fit in an established category with a well-defined home. Just put them in numbered containers and keep an index on a computer where they are much easier to search. There are also smartphone apps to streamline this inventory task like Home Inventory Photo Remote.

TL:DR Avoid them.

I seldom print photos any more. When I do, I prefer to make photobooks, as the format is way more convenient than loose prints, takes little space, and looks more polished than a traditional photo album.

Unfortunately, most photobooks are printed on HP Indigo digital presses, which use a technology somewhat similar to a laser printer, but capable of better quality photo reproduction. Indigo presses were originally designed to produce personalized junk-mail, not high-quality photo reproduction, and the quality, while decent, is not at the same level as that of true RA-4 photo paper exposed with a laser or LED light source as done by most digital minilabs (e.g. Fuji Frontier or Noritsu QSS) or higher-end imaging systems like the Océ/Cymbolic Lightjet or Durst Lambda.

There are higher-quality options. AdoramaPix has a good reputation for its albums, which are printed on RA-4 paper and bound in a lay-flat binding without a gutter, a technique that lends itself specially well to panoramic prints. They also have a “Hudson” line of premium albums where the photos are laminated on thick cardstock for a more luxurious feel. In researching this flush-mount process, I discovered a company called ArtisanState. It is based here in San Francisco (manufacturing is in China), their pricing seemed attractive, so I decided to give them a try.

I used a selection of my panoramic prints and ordered a 6×8 album bound in genuine leather. They offer two grades of paper, Fuji Crystal Archive Lustre and Fuji Crystal Archive Pearl Metallic, and I opted for the latter. Metallic paper, first introduced by Kodak under the Endura brand, has mica particles embedded in the RC paper base under the photographic emulsion. The photo looks as if it is painted on metal, which can be spectacular, specially with specular highlights (although I would not recommend it for portraiture such as a wedding album, the fashion industry seems to be quite fond of it). The Fuji lustre has a grainy finish that resists fingerprints, but I don’t find it attractive, and would much prefer a satin finish without an obvious texture like the one Moo uses in its business cards.

When I received my album after 2 weeks, I was impressed by the reproduction quality and the metallic effect, but there was also a very visible texture on the pages, similar to an orange peel. After some research, I found that mounting metallic papers seems to cause orange peel unless done very carefully using a low temperature on the mounting press, and they are the exception to the general rule of thumb that Fuji products are superior to Kodak’s (although true to form, Kodak’s bean counters degraded the quality of the product by cutting corners to shave costs).

At the price they charge ($104 list, but I got it at 40% promotional discount), you can rightfully expect perfection. I wrote to ArtisanState to complain, got the run-around, and reviews online suggest my experience with unresponsive support is far from unusual. I am going to try again with AdoramaPix: they may be more expensive, but the product won’t be made in China and in the end you get what you pay for.

Divine Chocolate is owned by a Ghanaian cocoa farmers’ cooperative. All the profits go back to the farmers, unlike the “Fairtrade” scam where the expensive certification primarily benefits self-aggrandizing Western auditors and marketers. For that reason alone it is a brand I would like to love. Unfortunately, my experience with their products to date has been underwhelming—not bad per se, just very ho-hum.

I experienced chocolate cravings today and stopped by the SF SOMA Whole Foods despite its mediocre range (Whole Foods’ selection is mostly abysmal, but they are the only grocery within walking distance of my office). They had a new bar by Divine, and I tried it out. This tuned out to be good call.

The bar itself is really a dark chocolate gianduja, I guessed they dumbed down the name to “truffle” to avoid confusing the mainstream consumer. I personally prefer a lighter, milk chocolate based giandujas, my benchmark being the Venchi Blend bars and the Callebaut blocks meant for bakers, but this bar has a clean taste, and the hazelnut taste comes out well.

It is not as good as the Poco Dolce Bittersweet Hazelnut bar, but is also significantly cheaper at $4 each. I am not sure how long they can keep the price, given the bar is 20% hazelnuts by weight, and that the price of hazelnuts on world markets has jumped by 60% due to poor Turkish harvests (Turkey produces 70% of the world’s supply of hazelnuts, and 25% of the world’s hazelnuts are snapped up by Ferrero, makers of Nutella).

I have been an Amazon Prime customer since it was introduced, almost a decade ago in 2005. They recently raised the price to $99, which is not unreasonable given inflation and the rise of fuel and shipping costs. Unfortunately, the service has also degraded, and I am considering dropping it for that reason.

It really hit me this week. I ordered a bunch of loupes from eBay last weekend, as Schneider stopped manufacturing them 2 years ago and they are now officially listed as discontinued, and old-new stock of other reputable makers like Leica, Cabin/Mamiya or Rodenstock are starting to dwindle. At the same time, I ordered a few items using Amazon Prime (5 orders in all, 3 from Amazon themselves, 2 from third-party vendors but fulfilled by Amazon). All my eBay items have already arrived, including some shipped all the way from Canada that arrived yesterday, but only one of the Amazon items has arrived. Something is seriously wrong when Amazon’s vaunted logistics cannot match individual sellers on the fleabay.

The problem cannot be laid at the door of the shipping companies, the problem is that Amazon is taking longer to ship the items in the first place. It is an open question whether that delay is intentional (as seems to be the case for Amazon free super shipping orders, or when Netflix delays heavy customers’ DVDs to rate-limit them and thus reduce its shipping costs).

One other factor that has decreased the value of the service is the increasing proportion of items that are part of Amazon’s obnoxious add-on item program. Contrary to Amazon’s statements, many of the items downgraded to add-on status are not ones that were unavailable previously, but rather items that were previously eligible for Prime but no longer are. If I have to accumulate $25 in orders, I might as well go back to the free super saver shipping.

To sweeten the sticker shock, Amazon is bundling streaming video and music, and the Kindle lending library. Those services have essentially zero value for me, as the movie selection is as dismal as Netflix’s (mostly C-list or really old movies, hardly anything you might want to watch), streaming does not have good classical music coverage, and I refuse to use Kindle due to their predatory practices.

I find I am buying considerably less from Amazon these days:

• Since they introduced sales tax, they are often not competitive with bricks-and-mortar retailers like Target (which will give you an extra 5% discount for using their REDcard) or B&H.
• I refuse to buy books from Amazon (eBooks from iBooks or straight from the publisher like O’Reilly).
• I buy my classical music from ArkivMusic (for CDs and SACDs, and they have their own $20/year equivalent of Prime) or FLAC sites like B&W Society of Sound, Linn, eClassical and Chandos.
• I get my photo gear, computers and other electronics from B&H whenever possible, and that probably accounts for the bulk of my former Amazon dollars.

What’s left?

• Oddball items hard to source otherwise
• Tools
• Household supplies (although I get most of these from Costco or Soap.com, admittedly an Amazon company now).
• Very occasionally some specialty grocery items and clothes.

I used Amazon’s handy order history export (temperamental, it fails if you have Amazon Honor System transactions in the selected date range) to calculate how much I spend with them (removing Adorama as they are a big outlier), and the trend is clearly unfavorable to Amazon since the high water mark of 2011. Their changes to Prime (pay more for worse service) are certainly not helping.