#Hothchester strikes back: the “terrorist” windshield threat on Rochester’s highways

We’ve been getting bombarded by reports over the last few months, at an ever-increasing rate: another reported incident of suddenly cracking windshields on 390, then 490 then even as far out as 104 in Ontario. Is there some lunatic waiting in the bushes, some wondered, waiting for their moment to do malevolence upon an unsuspecting car? Maybe someone with a near-silent air gun that might elude detection?

To test this particular hypothesis – that a pellet or BB gun might be able to shatter tempered glass – I started looking into the ultimate test case. That turns out to be a British-made pellet gun called the Daystate Air Ranger, a .22 calibre pellet rifle capable of firing at 1020 feet per second. Using the heaviest and therefore most destructive pellet I could find in that calibre, 32 grain, and an online impact force calculator, I came up with the following:

(2mv)/t or (2*0.00208kg*310mps)/1sec = ~1.29N

The tensile strength required by Federal Specification DD-G-1403B, which governs the definition of tempered glass, is 120 to 200N per square millimeter. In other words, while crazier things have happened, it is extremely unlikely that even the most powerful pellet gun will crack a windshield. And weighing in at $2000 for a single gun, it’s safe to say Daysiders are probably not that common in Rochester. Your kid’s Daisy plinker is woefully inadequate to the task, and not likely to be a suspect in this case, at all.

So, when all else fails, the best thing to do is look for the most obvious answer. And that answer is: weather.

Our winter was epic, as we all well know. Those of you who are on Twitter (and why aren’t the rest of you?) will be familiar with the great fun we all had with the #Hothchester hashtag:

Temperatures never seemed to go above zero for a month. Then, after an extraordinarily long, cold early spring, we suddenly shot up into the 80’s and 90’s, with barely a moment’s transition. This kind of weather plays havoc with all kinds of materials, but your car has probably borne the brunt of the abuse, spending all of it’s time out doors in the deep freeze.

And the thing is: tempered glass is very strong, but only because it is inherently unstable. The tempering process involves laying thin layer after thin layer of glass in an ever-thickening mat, in such a way that the tension lines in each layer oppose one another at odd angles. The result is that, since one layer wants to split in a direction directly opposite of another, the faults cancel each other out. In the event that something large enough hits the glass and shatters it, those tension lines will cause the glass to shatter into small, smooth-edged pellets that will only cause minor skin lacerations at best.

However, those tension lines get stressed by the shrinking that happens in extreme cold. Follow that up with the beating sun of an unexpectedly intense summer, and you’ve got a recipe for a whole lot of shattered windshields. Any small stone or nut from an overhanging tree could be enough to cause a crack. In fact, the window may spontaneously crack all on its own, as has been frequently reported in the past. Rest assured that when the crack happens, however it happens, it will be loud

Considering the fact that no one has observed a man by the side of the road; a bullet-shaped hole in a windshield; anything more major than a small crack in the windshield. Considering the fact that we can safely rule out pellet guns as a non-lethal, whisper-quiet means to shatter glass. Considering the fact that cracked windshields rarely make headlines in any other circumstance; that a whole industry is built around repairing minor cracks (Safelite, anyone?). Considering all these facts, it really begins to look like a jumpy police force and an overeager media community are making a very obvious problem into a self-propelled mystery.


Happy 1.4 Billion Day!

As of 5/13/2014 12:53:20 PM, here in the Eastern timezone, we pass an interesting milestone: the UNIX timestamp passes the 1400000000 mark.

And what, you ask, is the UNIX timestamp? It is the count of every second between 01/01/1970 at midnight, UTC and this moment. Calculating time and date is kind of a challenge. You’ve got 60 seconds in a minute, 60 minutes in an hour, 24 hours in a day.. how many days in a month? Well, that depends. How many days in a year? Again, that depends.

This presents a challenge for developers looking to calculate, say, how many users have logged on to a system in the past year. The solution is to rely on this Base-10 number, which was presented as a means to keep UNIX systems coordinated across timezones and locations. It’s a great way to calculate time, because it is  just like our normal counting system. What happened a year ago? Well, subtract 31,536,000 from the current timestamp and have a look.

This afternoon at 12:53:20, we will have passed the nice, neat number of 1.4 billion seconds since the very beginning of 1970. The next such milestone – 1.5 billion seconds – will happen 7/13/2017 10:40:00 PM. So, you know, set you clocks and get ready to party!

SECURITY Technology

WTF is #Heartbleed? And should I hoard gold?

There doesn’t seem to be a tech, a hacker or a tech-savvy food service employee out there who isn’t sounding the alarm about a threat called Heartbleed. I’ve been doing a lot of liveblogging of my discoveries re: various institutions and companies and their preparations for Heartbleed. But I’ve not yet had the opportunity to sit down and summarize what we know about the threat so my audience can understand it.

First and foremost, Heartbleed is not a virus, malware or spyware. It’s not a “bug” in the sense that we discuss various threats these days. Running McAfee on your system will not help. Instead, Heartbleed is a vulnerability in the fabric of what allows for confidential communications over the Internet. In other words, those websites you access with https:// in the address, rather than http:// When exploited, Heartbleed has the power to render visible the information that was supposed to be confidential, including usernames and passwords, confidential data and worst of all, the keys a given service uses to make all future communications secure.

Well, damn. That certainly sounds bad. And it is: Heartbleed attacks a form of communication that is nearly ubiquitous on the modern Internet where security is a concern.

But before you go to all the trouble of refreshing the potpourri and washing the doilies in the bomb shelter, let’s talk about what it can and cannot do, and how you can protect yourself without going broke on duct tape.

The Whole Internet is Not Busted

When a security vulnerability like this comes around, often people find themselves trapped between blase attitudes and hair-on-fire panic of their friends and neighbors. But to be clear: only websites that you browse using https:// are affected, and not all of them, either.

An example of an https:// website.
An example of an https:// website.

Any site you browse using http:// is the same as it ever was. What makes the difference between the https sites that are and are not affected? Well, let’s talk about that.

How Heartbleed works

The heart of the problem is something called Secure Sockets Layers (SSL), which creates encrypted “tunnels” of information between you and the service you are connecting too. When communicating through these tunnels, all information is scrambled in a way that is unreadable to a would-be snoop. Examples of SSL tunnels would include https sites, SSH shells, FTPS and the ubiquitous VPS connections many employees have to their employers’ systems.

Heartbleed is a vulnerability in one common Open Source implementation of SSL, called OpenSSL. In this implementation, there is a means for completely unauthenticated users – complete strangers on the Internet – to be able to read the information held on the memory of servers that deliver SSH content. Worse than simply seeing the actual confidential data you meant to hide, this new vulnerability provides the “keys to the kingdom,” allowing an attacker to see the username and password of a legitimate user and also the keys by which the server provides secure content. That means any further connections to that server using those keys will be compromised.

So, yeah. Its pretty damned serious, indeed. And because use of OpenSSL is so ubiquitous, the potential harm to the online community is pretty vast and staggering.

There’s Good News, Too

But there are many more sites that do not use the OpenSSL system to encrypt their data, and as of the time of this writing, those SSL systems remain unaffected by Heartbleed. In particular, your bank, PayPal and anyone dealing with PCI-compliant eCommerce (which should be just about everyone doing eCommerce, we hope) are all unaffected by Heartbleed.

There are many more encryption algorithms that are not related to OpenSSL and do not require any kind of patching or security fixes. And the fix for OpenSSL is also freely available; most credible services are already locking down their SSL connections. Therefore, even a site that is currently using OpenSSL isn’t any less secure by nature than any other.

What is the Solution?

Because the fix for OpenSSL’s Heartbleed bug, server admins are busily patching their systems and where necessary, reissuing keys for affected systems. And you can bet that OpenSSL’s next build will come with the patch already implemented.

However, once a server has been patched, the next step is to reissue keys and have users encrypt their passwords with those new keys. That’s why you may have gotten emails from stuff you do online recommending you reset your password.

Should I Just Start Resetting Passwords, Then?

No. First of all, while it’s always recommended that you update passwords on a regular basis and I’ve even given you a handy guide to creating secure ones, doing so en masse promises to create confusion. There’s no sense making the situation worse by forgetting new passwords or creating a bunch of duplicates.

But secondly and much more important in this case, resetting your password will only be effective after the SSL keys are regenerated. So if Company X is affected by Heartbleed – and hasn’t yet secured their servers – resetting your password changes nothing. And after they’ve secured their servers, they’re just going to ask you to change your password again, because that’s exactly what is required.

Your best bet if you’re concerned about your security online is ask, ask, ask. Find out if your bank or social network is affected by Heartbleed by asking them. Check your list of sites you frequent and find out what you should do about them.


Oh. So you’re “carpooling?” Xerox just wants to be sure…

As gaga as a lot of people are for urban planning and easing traffic congestion on our nation’s highways, I’m pretty sure most of those so affected are less pleased to usher in another of Big Brother’s snooping machines. Yet here we are, in 2014, with Xerox out selling our nation’s highway administrators on what you might call a “Carpool Nanny.”

Yes, somewhere along the way, The Document Imaging Company has become the Traffic Violation Documenting Company. A few years ago, Xerox announced plans to put cameras on school buses. Now, they’re excited to get cameras on highways to monitor the carpooling lane:

Unlike competing solutions, the Vehicle Passenger Detection System identifies the number of occupants in a vehicle with better than 95 percent accuracy at speeds ranging from stop-and-go to 100 mph.

Using patented video analytics and geometric algorithms the roadside detection unit can distinguish between empty and occupied seats. When a violation is detected, the information can be reported to the relevant enforcement agency in real time so an officer can visually confirm the information and potentially issue a citation.

Generous of them to include an actual officer of the law. Or a fig leaf, because who thinks carpool tickets wouldn’t become as ubiquitously automated as red light tickets?

Either way, the “patented video analytics and geometric algorithms” will no doubt come in handy when law enforcement needs to identify an individual in the car, somewhere down the line. The Xerox carpool camera makes snooping inside your vehicle commonplace and soon, a hum-drum old story. A camera is a camera.


Breathalyzers and diabetes: how do breathalyzers work?

Breath testing of drunk driving suspects has been such a commonplace practice for so many decades, most of us hardly think to consider how they work. “Breathalyzers” are just a ubiquitous part of our understanding of police work. But in light of Rochester’s Deputy Mayor Redon’s DWI arrest, it’s worth considering the technology behind the most common field science instrument in modern police work. Can they really be tripped up by something so common as diabetes? How do breathalyzers work?

The first thing to know is that “Breathalyzer” is like “Kleenex,” in that it is a brand name that has become shorthand for all products of a type. The original Breathalyzer was invented in the 1940’s by a Dr. Bob Borkenstein (giggle) for the Indiana State Police. The brand and the technology are much less used today. New technologies have pushed this most basic field unit aside in favour of more admissible evidence.

The Theory

Regardless of the technology, all breath tests are based on very simple principle. Alcohol does not break down in the body and does not get digested. It passes through the blood stream and eventually into the alvioli in the lungs, where it evaporates when it comes into contact with air. As your body takes in oxygen, it expels a tell-tale quantity of alcohol. The rate of evaporation is directly proportional to the rate of concentration in the blood, based on an 1800’s constant known as Henry’s Law.

Simply put, by measuring the amount of alcohol on your breath, police can correctly identify the amount of alcohol in your blood stream. It is a simple ratio of 1:2100, or 2,100 milliliters of breath containing the same alcohol as 1 milliliter of blood.

However, it has also been well-established for decades that certain types of blood alcohol measurement can be thrown off by the introduction of other chemicals. Specifically, acetone which is commonly found on the breath of diabetics has been shown to inflate BAC measurements.

The question is: how do you measure the amount of alcohol in the breath? Broadly, there are three types of alcohol test in common usage: chemical catalyst, infrared spectroscopy, and fuel cell technology.

Chemical Catalyst

This is the Breathalyzer system, also sometimes referred to as the “wet method,” because it relies on chemical reactions between the alcohol on your breath and potassium dichromate. Alcohol turns the normally orangeish potassium dichromate greenish, then a photocell compares the mixed chemicals with a “control group” of unmixed potassium dichromate. Officers are required to dial a knob to measure the change between the two vials and determine a driver’s blood alcohol.

This system is scientifically sound and unaffected by acetone, but legally suffers from the amount of human interaction. Since an officer is required to do the measurement, DWI cases in the past have been thrown out on suspicion of tampering. For this reason, the Breathalyzer has often been given the derisive name “Dial-a-Drunk.”

Infrared Spectroscopy

When light hits a molecule, the bonds between the various atoms vibrate. As they vibrate, they emit light, the color of which depends on how far apart the bonds get as they go back and forth. The higher the bounce, the further up that ROYGBIV scale we all know and love. By hitting an unknown substance with a predictable wavelength of light, the color change can be measured and, based on prior research, pegged to specific chemicals with known vibration rates.

This is the basis for all spectroscopy. And because these sub-microscopic light shows are so consistent and don’t require any operator interaction, they make a perfect field sobriety test. Hence IS blood alcohol testers are in extremely common use the world over.

However, it was identified in the 1970’s that acetone can interfere with a BAC test that uses spectroscopy. That is because acetone and alcohol have very similar vibration rates that can easily be confused with one another. It is estimated that the inflation can be as great as .06 BAC, which is significant.

The solution to this problem for law enforcement has long ago been to use multiple wavelengths of infrared light. Because while the single rate of vibration between alcohol and acetone may be similar, the difference between their reaction to two different wavelengths is not. Thus most modern BAC testers such as the Datamaster DMT are at least theoretically immune to this line of defense.

The New Frontier: Fuel Cell Testing

The last type of testing seems for now to have the best of both worlds: it is unaffected by interfering chemicals in any way, and requires no human measurement. That technology is a fuel cell, which like it’s budding use in automobile power, works to separate electrons from a substance. In this case however, it separates the subject’s breath and instead of using the electrons to power a car, it measures the number to determine if alcohol is present.

The only trouble, as recently as two years ago, with using this type of technology is that the fuel cells may not last very long or very consistently. In Minnesota, defense lawyers effectively halted their use because of these problems.

So, diabetes and DWI? No luck?

Sorry, no. While it is certainly true that the single most commonly-used technology in BAC testing by law enforcement is the one technology that is subject to this flaw, the kinks have long-since been ironed out. The New York State Troopers that pulled Mr. Redon over use Datamaster DMT breathalyzers for the court-admissible sobriety test and those devices definitely use multi-wavelength testing.


Whoops! Twitter contractor accidentally double-pays survey takers.

Because I’ve done a small amount of advertising on Twitter, I’m part of their Twitter for Business mailing list. On that list, they asked me to be part of a survey about how I do my business and how I interact with social. You know, the typical stuff. In exchange for participating in the survey, I was offered a $10.00 payment to my PayPal account. Awesome! A little extra change, maybe for a little extra advertisement.

Today, I received my payment. And then, shortly thereafter, I received my payment. Again.

Being away from the office, I didn’t have a chance to check my balance to see if I’d just gotten the email twice or had, in fact, gotten a double payment. Then I just received this email:


We need your help!

You may have accidentally received two $10.00 payments for the Twitter Businesses’ Social Media presence study from March 3rd to March 7th. If you have received a duplicate payment, if you could please refund it back to us that would be great! We made a mistake here and really appreciate your help. This was sent by If you have any questions or need help, please e-mail us at Thank you so much for your help here and have a great day!


The OneOpinion Team



So, does Hugh still have a job, or what? There’s got to be a lot of advertisers, and that’s a lot of money to double pay. Lucky for all involved, I’m an unnecessarily honest man. Besides, who needs that kind of bad Karma?


Google Glass in #roc: Rochester Optical hires Tim Moore

According to a press release published on, Rochester Optical has hired Tim Moore and acquired his company simultaneously. The move is expected to merge RO’s continuing development with Venture Glass’s knowledge of wearable tech:

Rochester Optical Manufacturing Company has now acquired wearable technology companies founded by Tim Moore who is known for developing applications and practical uses for Google Glass and other wearable devices. Under the ‘acqui-hiring’ deal between both the companies, Tim Moore and his team will be integrated into Rochester Optical’s research and product development, as well as domestic and international digital vision efforts.

Tim Moore is a contributor to The Next Web and owner of Venture Glass, a software development company for Google Glass. The merger/hiring was announced late last year, but the process now appears to be final, as Venture Glass‘s website now simply points back to Rochester Optical.


I don’t think it’s working out between me and my GPS

It isn’t that we didn’t try. We’re just very different.

She’s really changed my life in so many ways, helping find adventures I might never have seen without her. But with her, it’s “my way or the highway.” Or “avoid highways,” or whatever. The point is: she just isn’t willing to deviate one iota from our trip. And if I choose to stop somewhere? It’s all just nag, nag, nag.


That voice! It just drips with dreary, bored disappointment. Martyrdom in a single word. Like I can help it if I have to pee? If we need gas? C’mon! It’s a long trip and I’m not made of silicon.

I had another GPS a few years ago. She was nice: beautiful British accent and a sunny disposition. Sure, she had an inexplicable habit of mispronouncing seemingly obvious words like “Chil-ee” or “FAY-er-port road.” But she tried. This one? Never mispronounces anything in Rochester. I maintain it’s because she’s from Rochester. That nasal voice. And that sense of entitlement makes me think she’s from Pittsford.


Gah! Why do we always fight on vacation? It isn’t like I don’t know the amount of work it takes to plan an efficient route to some shitty winery on Seneca Lake. And of course, stopping along the way takes time out of our fun at the winery. But maybe if she didn’t plan the route down to the minute and put the time right there on the screen, she could relax a little.

And seriously? What the fuck is the point of silently pointing out my speed? I have a speedometer on the car, thank you very much. How bitchy and passive aggressive can you get with this? She never actually says how fast I’m going. Oh, no. She just silently posts it right on the screen like some fucking infuriating PostIt note on the fridge.

I got a ticket once because I thought I’d just keep going faster until she said something. Fuck you, GPS! I don’t need your judgmental bullshit. But what did she do? After ten minutes of sitting on the side of the road, waiting for the cop to fill out the goddamned ticket, already, she just asked if she should go to sleep.

I’m sure she probably feels unappreciated. Isn’t that always the way? I do my best. I keep her updated and stuff. But when I got her flowers that one time, she just sat there, asking “Where To..” like that’s all our relationship is about.

Anyway, I think it might be time to move on. I met someone. She’s offering me a lifetime of free updates. Free sounds nice. What could go wrong?

SECURITY Technology

Scan tech for ancient paintings at may be the cure for the TSA junk shot

Imagine a world in which your naughty bits are treated with the same loving care by TSA as are the ancient works of the great masters of our species’ art. That world may be coming soon, if tetrahertz scanning technology becomes mainstream.

Tetrahertz spectroscopy uses energetic waves somewhere between the infrared waves your remote control uses and the microwaves you use to cook up your leftover garbage plates. It has the uncanny ability to discern the structures and shapes of materials below the visible surface in a non-destructive fashion.

X-rays, by contrast, would never be used to scan the subsurface of ancient works, because it would be too destructive. But no one at the TSA has any problem aiming a dose straight at the old John Thomas if they think you’ve got a literal rocket in your pocket. And broadcast the resulting nudie pics to some perv behind a desk, no less.

Newly published research, funded by the Department of Homeland Security, aims to eliminate this problem – and direct scanning of passengers, altogether – by using tetrahertz technology to scan the whole room at once:

Researchers now report in ACS’ The Journal of Physical Chemistry Letters a more precise and direct method for using that “terahertz” (THz) technology to detect explosives from greater distances. The advance could ultimately lead to detectors that survey a wider area of an airport without the need for full-body scanners.

So instead of making you stand for a quick porn shot, of which they never have the decency of sending you a few glossies anyway, you can now walk unimpeded through the airport safe in the knowledge that a scanner is looking for bombs everywhere. Of course, that also means that instead of per-person dick pics, you’ve got a whole room full of naked people.

But there’s safety in numbers, right?

Politics SECURITY Technology

Hope you enjoyed the midgets, fellas: the NSA now snooping your porn viewing habits

Congratulations, America! Your high-calibre technology and dread fear of terrorism has yielded the finest vehicle for panty-sniffing the world has ever known.

Not content to simply read your emails or those of world leaders, the Huffington Post now reports that the NSA is using the porn and “online sexual activity” data of targets to discredit them. And not simply the NSA alone, but according to the Snowden-released reports:

The Director of the National Security Agency — described as “DIRNSA” — is listed as the “originator” of the document. Beyond the NSA itself, the listed recipients include officials with the Departments of Justice and Commerce and the Drug Enforcement Administration.

So, if you’ve been thinking about “radicalizing” pot smokers into voting their best interest, you might consider rethinking that daily visit to The NSA snooping porn to advance the agenda of the DHS is bad enough. But what is the interest of all these other players?


Why is Twitter underperforming as a content source?

An article published in Mashable and shared by Tom Proetti on Twitter says that Twitter isn’t performing very well as a content linking source compared to other social networks. Specifically, compared to Facebook. Here is the infographic pic that illustrates this point:


But like most inforgraphics, this doesn’t necessarily tell the whole story. For instance, Facebook is much more popular than the other social networks, making it’s dominance in content linking sort of obvious. But are there really that many more people using Pinterest than Twitter? So I put together a chart of the top most popular social networks to compare to the original list:


What it reveals, in the context of the original infographic, is interesting. The real stand-out here is Pinterest, which drives a shocking amount of traffic relative to it’s popularity in context. And there’s no denying that there seems to be a real traffic gap with Twitter.

Why is Twitter content performing so badly? I don’t have any real answers, since I’ve always relied on Twitter for traffic, to great success. Whatever the answer, it’s the sort of problem that makes raising advertising revenue on the social network more difficult.

Technology Wackiness

Reducto the Absurdum: how your phone is killing comedy

Oh, Christ! Now, you gotta pack an even smaller version of your stuff. Only the stuff you know you’re going to need:

  • Money
  • Keys
  • Comb
  • Wallet
  • Lighter
  • Hanky
  • Pen
  • Smokes
  • Rubber
  • and Change.

Well, only the stuff you hope you’re gonna need!

The above George Carlin quote has been my go-to checklist for leaving the house since well before I should have been listening to George Carlin. But look at that list?

Money? Sure, but I can pay for my Starbucks with my phone, so maybe not. Keys, comb, sure. But the wallet? I’ve got Google Wallet.. on my phone.

Lighter? Smoking is bad for you. Hanky? Seriously, that’s just gross: use Kleenex. Don’t need a pen because I’ve got ColorNote. Smokes… right, bad for you.

Rubber? Maybe for some of you. And change? Again, I’ve got my phone for that.

In fact, modern technology – really, my phone – has obviated four items on Carlin’s Important Ten. Add in our modern culture, and you’re down from an Important Ten to a Handy Three.

Well, that just sucks. But I suppose you’re less likely to forget three than ten.

The thought occurred to me recently, as I’ve been watching a lot of Seinfeld for the first time in a few years. It is painfully obvious: there’s no way kids even get what Seinfeld is about. The human emotion and impulses remain the same as they ever were. But at least two-thirds of the plot devices used in the show are completely, totally irrelevant.

Lost and separated in a mall parking garage? Text your friends. Stuck at a Chinese restaurant with Elaine’s dad, wondering where she is? Check her last check-in or call her. Dating a two-face? Instagram it or it didn’t happen.

Boom. Humor averted.

Even the lowly knock-knock joke is something I suspect kids won’t really get anymore. Why bother knocking on the door when you already texted that you had arrived before leaving the car?

It’s enough to make a chicken just stay the hell on its own side of the road.