Bike rack FAILs

For years I’ve been collecting pictures of bike parking (good and bad), but I’ve not written about the racks much.  Recently I came across three excellent reviews of bad bike racks on the One woman. Many Bicycles. blog:

Bike Rack FAIL: The Jaws of Death Torture Rack

Image copied from http://ladyfleur.wordpress.com/2013/07/23/bike-rack-fail-the-jaws-of-death-torture/

Bike Rack FAIL: The Throat Choke Torture Rack

Image copied from http://ladyfleur.wordpress.com/2013/07/30/bike-rack-fail-the-throat-choke-torture-rack/

Bike Rack FAIL: The Ankle Biter Torture Rack

Image copied from
http://ladyfleur.wordpress.com/2013/08/06/bike-rack-fail-the-ankle-biter-torture-rack/

Go read her posts about these poor excuses for bike parking devices. Note: none of these work at all with my recumbent bike.

There is an even worse design out there—various versions of the wheel-bender:

Here is a wheel-bender that I photographed at MIT a few years ago. The main characteristic of a wheel bender is that it holds the bottom of the wheel without supporting the frame. This maximizes the leverage for bending the wheel if the bike is knocked over.

I see variants of these bike-damaging excuses for bike parking all over the place, but have not taken many pictures of them. The wheel benders are very cheap, can be squeezed into very little space, are visually unobtrusive, and are universally hated by bicyclists—those features make them popular with places that are required to put in bike parking but really want to discourage bicyclists—the nearest MacDonald’s has wheel-benders, for example. I do not patronize businesses that use them (unless forced to do so, and then I try to talk to the manager about their anti-bike design).

If readers of my blog are interested in seeing some of the bike parking pictures I’ve taken, let me know, and I’ll try to do posts of some of the more interesting ones.  Mostly I’ve taken pictures of good (or at least adequate) bike parking, but I do have some photos of common design or installation errors.

WEST theater classes fill up fast

Today was the first day of registration for WEST Performing Arts classes, and by 9:00 a.m. one of the teen classes was already full:

WEST Ensemble Players: Inspecting Carol & Much Ado About Nothing
Day/Time: Thursdays, 6:30pm – 8:45pm
Dates: September 12 – May 15 (30 weeks; see website for details)
Location: West End Studio Theatre
THIS IS A FULL SEASON (Sept. – May) enrollment
8 Monthly payments of $120 (see website for payment schedule)

Sorry, this class is full

How, you may wonder, did that happen? Well, WEST classes usually fill up quickly, but this was a special case. Earlier in the week, there had been an e-mail sent out to families of teens who had been in the WEST Ensemble Players last year:

The fall schedule has posted online at WEST. Please note that the official start of registration is Friday, August 30th. Again this year, WEST Ensemble Players will be a small class with an expected maximum of 12 students for the fall and possibly 15 students for the spring. The students expressed a desire to stay together as a group last spring. I know lives and interests and plans change, but I would like to extend a priority registration to the students from last year’s WEST Ensemble Players classes before this class opens to the public. Please note the classes were created keeping in mind a full season curriculum. This year, we are asking for a full September–May commitment. If you don’t feel you can commit to this, we can add you to the class for one semester only if there is space available.

If you are planning on joining the WEST Ensemble Players class, please email me directly so I can secure your place in the class.

We jumped on the opportunity, and it looks like everyone else from last year did also.  There is a slightly different feel for a group that works together often—the difference between a pick-up game and a team.  I’m expecting great things of the WEST Ensemble Players this year!

This is my son’s senior year of high school, so his last year with WEST.  Because he has finished all high school graduation requirements except a year of English, half a year of econ, and half a year of civics, he is taking this year to concentrate on his fun subjects:

• 3 theater classes: WEST Ensemble Players (which filled up before registration opened to the public), Dinosaur Prom Improv (a closed troupe, with the same players as last year) and Page to Stage (a slightly new endeavor for WEST in adapting literature to the stage—with students doing the scriptwriting and directing, as well as the acting). WEST has opened up a couple more intermediate improv classes, probably in the hopes of replacing graduating members of Dinosaur Prom next year and possibly of forming a competing troupe, but since he is already in Dinosaur Prom, he doesn’t need another weekly improv outlet.
  Update—2013 Sept 31: Page to Stage filled up on the first day without any pre-registration, so the teen classes at WEST are indeed in high demand.
• Two computer engineering projects: extending the Arduino Data Logger he wrote last year (many new features) and the Bluetooth light gloves project.
• Group Theory as an online class from Art of Problem Solving

And some not so fun ones:

• AP Chemistry through ChemAdvantage (I won’t be teaching him myself).  This one will not be painful, but is not a big interest.
• Econ at home (Fall semester)  He may be able to work some of the financial planning for the light-gloves project into this course, as he will be doing a fairly detailed business plan and cost estimation for manufacturing the gloves.  Again, not too painful, but he probably wouldn’t bother if it weren’t a high school graduation requirement in California.
• Civics at home (Spring semester) Possibly painful, certainly boring, but a high school graduation requirement.
• English: writing in the fall (a combination of the Page to Stage class, college application essays, and tech writing), dramatic literature in the Spring (with the trip to Oregon Shakespeare Festival).  The writing parts will probably be painful, but we’ll try not to have any make-work writing, but only writing that clearly needs to be done and has a genuine audience.

He’s also looking at some possible community service: being a TA for the Python class gain this year, possibly starting an Arduino/microcontroller club (his consultant teacher wants to see more socialization among the homeschooled computer geeks), and doing a workshop in a few weeks with me to encourage home-schooled middle schoolers and high schoolers to enter the county science fair.  It isn’t obvious whether he’ll enter science fair this year himself—he’d like to have a 7th year at state, just to have done it every year possible, but he doesn’t have any big projects right now other than the data logger (which he took to state last year) and the light gloves (which are an ambitious engineering project, but not the sort of “save-the-world” project that the state judges like—and they generally prefer science to engineering).

We met with our consultant teacher yesterday, and she approved this plan.

Rational rejection of security advice

I’ve just been reading So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users written by Cormac Herley in 2009.  It gracefully captures why the security advice propagated by IT folks everywhere is almost universally rejected and resented by users.

Cormac Herley thesis is a simple one—that users are acting in their own best interest by ignoring most security advice.  The cost and impact for most end users to a security problem are fairly small and fairly rare, so that the on-going cost of remembering and following security advice is large in comparison.

While we argue that it is rational for users to ignore security advice this does not mean that the advice is bad. In fact much, or even most of it is beneficial. It’s better for users to have strong passwords than weak ones, to change them often, and to have a different one for each account. That there is benefit is not in question. However, there is also cost, in the form of user effort. In equilibrium, the benefit, to the user population, is balanced against the cost, to the user population. If observed user behavior forms the scales, then the decision has been unambiguous: users have decided that the cost is far too great for the benefit offered. If we want a different outcome we have to offer a better tradeoff.

I know that I have always hated the web sites that make me change passwords every couple of months and use five different character sets in each password.  The result of needing so many passwords has meant that I can’t remember them, and so I’ve had to record all my passwords in a file, producing a security hole much larger than the one they were attempting to patch by requiring super-strong passwords that change frequently. Some of the statements seem quaint: “Florêncio and Herley estimate that users have an average of 25 password accounts to manage”—I probably have hundreds of accounts, since every web site seems to want a password these days, even though the accounts exist only for the web site to track users (usually to the user’s detriment, so imposing password costs on them is doubly damaging).

This doesn’t mean that large corporations should ignore security—particularly if they are responsible for handling many customers’ credit cards.  The consequences of a security breach can be quite large for the company, not only in direct costs but in reputation damage and lost of customers to competitors seen as less careless. The solution, however, is not to require all customers and employees to have super-secure passwords, but to restrict access to the credit card information so that a stolen laptop does not unlock hundreds of thousands of accounts.

I wish that IT people everywhere would read the paper, if only for the obvious observations like the following:

First, we need better understanding of the actual harms endured by users. There has been insufficient attention to the fact that it is mainly time, and not money, that users risk losing when attacked. It is also time that security advice asks of them. A main finding of this paper is that we need an estimate of the victimization rate for any exploit when designing appropriate security advice. Without this we end up doing worst-case risk analysis, and this can lull us into thinking that we are offering orders of magnitude more benefit than is actually the case.

Of course, the same analysis applies to a lot of the mandates for “training” everyone at the university about FERPA, about lab safety, about fire safety, about earthquakes, about sexual harassment policies, about health services, about signs of depression, about parking regulations, about smoking, about using the online purchasing system, … .  Each individual training may have benefits but the cumulative cost is huge.

I know I was forced to sit through a training session on the online purchasing system a few years ago, but I have never used the system since—I spent all my grant money on student salaries, which didn’t go through purchasing.  The system has since changed, so I wouldn’t be able to use the training even if I remembered it (and had any grant money to spend).  Allowing people who did a lot of purchasing to have direct access to the system rather than having to go through purchasing personnel was a good idea, but requiring that everyone (even those who made less than one purchase a year) to take the training was a total waste of effort.

I have refused to take the online sexual harassment course every 2 years as the University mandates—not because it is an unimportant topic, but because the course is a stupid one that serves no purpose, particularly not after the first time.  Note: I do teach about sexual harassment policies and procedures in the how-to-be-a-graduate-student course, and I have the Title IX officer give a guest lecture—setting up an appropriate culture among the grad students is an appropriate use of time in that course.  TAs do have to know how to deal with sexual harassment by students in their classes and do have to know that the University has support mechanisms for them. The students need to know that we care about them and will not tolerate a hostile environment. (They also need to know the limits on their own behavior, but this has been such a rare problem that spending a lot of time on it would be a waste of time and an insult to the grad students.)

Advice I needed

Kevin McMullin, in his blog post For parents: Leaders need to hold it together, has some advice that I needed today:

Parents, how would you feel if you were preparing for the biggest sales presentation of your career and instead of supporting you with reassuring encouragement, advice and confidence, your boss became progressively more stressed and emotionally unglued? You’d feel more pressure and less confident. And you’d probably resent your boss.

If you’re the parent of a student applying to college, don’t be like the anxious boss.

I completely understand why parents feel stress and anxiety during the college admissions process. Nobody is more invested in your student’s success and happiness than you are.

But the most important job for parents of college applicants is to be just that—the parent of a college applicant. The stress of college admissions isn’t happening to you; it’s happening to your kid. Be calm and maintain your perspective. Offer support, guidance and encouragement. Cheer from the sidelines and remind them that you’ll love them no matter what Northwestern or Brown or University of North Carolina decides about their application.

You’re in an important leadership role now. And leaders need to hold it together.

I have been getting a bit stressed about my son’s application to colleges.  As a home-schooling parent, it is my job to put together his transcript, his counselor’s letter, and the school profile.  The transcript is still missing some course descriptions (for the courses my wife did with him—I’ve not been able to get 1-paragraph descriptions from either my son or my wife all summer!), but I have complete drafts of the other documents.  I would estimate that I’ve spent about 20 hours preparing these documents, maybe more.

I’ve also been “encouraging” him to get at least his current top-choice application done before his workload increases.  (So far, only one of his classes has started, the ChemAdvantage AP chem course, though it looks like he’ll be working on the Arduino Data Logger and the Bluetooth light gloves all year as for-credit projects.)

We’ll be doing 4 more college visits starting Sept 6: CMU, Brown, MIT, and Olin College of Engineering.  CMU and MIT are obvious top-rated computer-science schools, Brown has a pretty good CS department and the lack of make-work distribution requirements is very appealing, and Olin has a project-based approach that is appealing.  Last year, the lack of a pure CS major at Olin made it a bit less appealing to him, but over the summer he’s found that embedded systems and computer engineering can be fun, so Olin moved up in his internal ranking.

From what we can tell on the web, CMU may not be a good fit, despite having top-notch CS and theater departments—the problem is that it seems that (like UCLA) non-majors get shut out of most acting opportunities.  We’ll check on this more carefully when we visit.  Acting looks quite feasible at Brown and at MIT, and Olin allows students to register for courses at Wellesley (2 miles away), which has 4 acting courses (though whether Olin students can fit them into their schedules is not clear).  I don’t know whether we’ll have time to visit Wellesley on this trip—we haven’t scheduled it, but if the MIT shadow day falls through, we might have an extra day.

ROI for CS majors

Many students go into computer science not from any particular passion for the subject, but because they see it as a lucrative career.  Since this plays well with the current media bias of college as a private good, there are now “best” lists that look at Return on Investment for colleges in a purely financial way.  For example, AffordableCollegesOnline.org reports in Top Colleges for Computer Science Majors – ROI

Computer science programs at top schools offer tremendous breadth and depth – a wide range of course options with the ability to study at the professional level. And while cutting-edge tech attracts many students, the chance to earn top dollar upon graduation may be a higher priority, especially with tuition and fees on the rise. But which computer science programs have a track record of producing high-earning graduates? Check out our list below to see which programs truly stand out.

I was interested to see that six of the top twenty colleges listed were University of California campuses and 9 of the top 20 were in California (probably because Silicon Valley provides high salaries and a fairly high probability of a windfall from a successful startup).  Some people might be surprised at how high UCSC is on the list, but we have a pretty good CS department, and we’re really close to Silicon Valley.

1. UC Berkeley
2. Stanford
3. University of Pennsylvania
4. Dartmouth
5. UC Santa Cruz
6. University of San Francisco
7. UC Santa Barbara
8. MIT
9. UC Davis
10. Stony Brook University
11. CalPoly
12. Carnegie Mellon
13. UC San Diego
14. UC Irvine
15. Rutgers
16. Rose-Hulman Institute of Technology
17. University of Maryland-College Park
18. Worcester Polytechnic Institute
19. Virginia Tech
20. U. Washington (UW)

Of course, this list does not correspond particularly well with lists that track what undergrad colleges are best at producing students who go on to get CS PhDs or NSF Fellowships.  A PhD is not good for maximizing financial return.

Some colleges appear on both lists (MIT, UCB, CMU, Stanford, UW, UCSD).  We have visited or will visit 4 of those—we’ve not been able to schedule a trip to San Diego or Seattle yet.