Web dev in DC http://ross.karchner.com
604 stories
·
15 followers

(Spread)sheet Music: Making a Simple Music Sequencer using CSV Spreadsheets

1 Share

On Friday night, I put together a little hack that I found quite amusing. It’s a music sequencer that uses CSV spreadsheets to loop and sequence beats. It has the useful feature that you can save the spreadsheet, and it will periodically reload it, so that you can edit and jam with your sequences live. Best of all, it’s around 100 lines of Python code, comments and all. I posted a video I recorded on twitter, and the reception was very positive, so I thought I would provide a short writeup, and make the source code available as a gist for anyone interested.

You might wonder why I wrote this program, besides the humorous and attention-grabbing aspects. Clearly, there are already a variety of sophisticated programs (DAWs, Digital Audio Workstations) such as Ableton Live out there which can do much more complex things. Part of the motivation is that I like to play with music programming, and by writing my own code to sequence music, I can write a program that will have exactly the workflow and features that I want.

One of the things that I wanted to play with, here, was the ability to create melodies using only the notes in a given scale. Ableton Live Lite, or at least the version I have here, for all its powerful features, doesn’t have a mode that will highlight a given scale (at least not without plug-ins). I think there is a lot of value in being able to write software with an interface that is fully customized for the things you want to play with, and in this case, writing a music sequencer is trivially easy, so why not?

IMG-4036.JPG

The spreadsheet sequencer uses the mido package to send MIDI output to hardware synthesizers that I have at home, namely a Novation Bass Station II and an Arturia Drumbrute. These are directly connected to my Linux PC using USB. Note that you do not need to own hardware instruments to play with Python and MIDI. I play with hardware synths because I enjoy having physical knobs I can turn, but there are many free software programs that will connect via the MIDI protocol, both synthesizers and samplers.

It’s also possible to use MIDI for input. There are devices called MIDI controllers which can connect to your computer via USB. These can be keyboard, or boards with physical knobs you can turn to adjust parameters as you jam live. You can try searching for MIDI controller on eBay if that’s something that interests you. There are some used ones you can get for very cheap.

To conclude, I will note that although I came up with the idea on my own, I wasn’t the first to think of using a spreadsheet program to sequence music. I hope that this post has encouraged you to explore your musical creativity, or just to program something fun :)





Read the whole story
rosskarchner
11 hours ago
reply
DC-ish
Share this story
Delete

On Plastic in Time

1 Share

Two recent articles worth reading in each other’s context explore the unexpected long-term morphological behavior of plastic.

[Image: Photo by Benjamin Chelly, courtesy Albin-Michel/Galerie47, via The New York Times].

In one, Popular Science looks at the curatorial difficulties posed by plastic objects. Today, we read, “chemists and curators are in near-constant collaboration, working to preserve the world’s modern and contemporary art collections with methods derived from the field of heritage science. The thing is, no one’s actually certain what the best course of action is.”

For example, “museums are still stumped by plastics. Little is known, [University College London chemist Katherine Curran] says, about how plastics degrade, let alone how to stop it. But perhaps most surprising is the fact that most museums don’t even know the type of plastics in their collection. ‘Things often get classified as “plastic,”’ Curran says, ‘and that’s not that helpful.’”

The entire article is worth reading, especially for architects committed to using novel materials in their work without a clear sense of how those materials will behave over time (in particular, when novel materials are used as exterior cladding).

The other article to throw into the mix here describes the behavior of plastic furniture over multiple years and decades as a kind of open-air materials science experiment, unfolding in real time.

“One famous designer chair is oozing goop. Another has exploded into puffs of foam. A bookcase’s shelves bubbled as gases formed within,” The New York Times writes. “The culprits? Plastic. And time.

Like the article linked above, this one looks at plastic’s surprising mutability, given the material’s otherwise notorious, planet-threatening ability to outlast human civilization. It specifically discusses the work of designer Gaetano Pesce, including a cabinet of his that “bulged and warped as gases formed in its depths.” Pesce’s giddy response to his worried client? “The cabinet is alive and beautiful,” he allegedly said. “I so wish I was there to see my work evolving.”

That article also introduces the great phrase “furniture components with questionable futures,” writing that these sorts of “experimental objects are falling into mysterious decay” and that this fate is already visible with 3D-printed artworks, for example, made using materials whose long-term performance is completely unknown.

What’s so compelling about both of these articles for me is the basic idea that something perceived as nightmarishly eternal is, in fact, subject to deeply flawed mundane transformation, and that artificial objects supposedly facing near-geological lifespans actually perform, behave, and decay in semi-biological ways. What’s more, museum curators are ironically being tasked with stopping the decay of a material that, in almost other ecological context, cannot degrade fast enough.

This is not to suggest that we can therefore be cavalier in our use of plastic, but simply that the world of immortal things will not last forever after all.

Read the whole story
rosskarchner
1 day ago
reply
DC-ish
Share this story
Delete

Bureau of Consumer Financial Protection Seal Decision and Rebranding

1 Share

This record is about the Bureau’s seal decision and rebranding emails.

Read the whole story
rosskarchner
4 days ago
reply
DC-ish
Share this story
Delete

Fortnite and the Fermi paradox

1 Share

This is a piece written for the Atlantic.

Read more…

Read the whole story
rosskarchner
9 days ago
reply
DC-ish
Share this story
Delete

Think You’ve Got Your Credit Freezes Covered? Think Again.

2 Shares

I spent a few days last week speaking at and attending a conference on responding to identity theft. The forum was held in Florida, one of the major epicenters for identity fraud complaints in United States. One gripe I heard from several presenters was that identity thieves increasingly are finding ways to open new mobile phone accounts in the names of people who have already frozen their credit files with the big-three credit bureaus. Here’s a look at what may be going on, and how you can protect yourself.

Carrie Kerskie is director of the Identity Fraud Institute at Hodges University in Naples. A big part of her job is helping local residents respond to identity theft and fraud complaints. Kerskie said she’s had multiple victims in her area recently complain of having cell phone accounts opened in their names even though they had already frozen their credit files at the big three credit bureausEquifax, Experian and Trans Union (as well as distant fourth bureau Innovis).

The freeze process is designed so that a creditor should not be able to see your credit file unless you unfreeze the account. A credit freeze blocks potential creditors from being able to view or “pull” your credit file, making it far more difficult for identity thieves to apply for new lines of credit in your name.

But Kerskie’s investigation revealed that the mobile phone merchants weren’t asking any of the four credit bureaus mentioned above. Rather, the mobile providers were making credit queries with the National Consumer Telecommunications and Utilities Exchange (NCTUE), or nctue.com.

Source: nctue.com

“We’re finding that a lot of phone carriers — even some of the larger ones — are relying on NCTUE for credit checks,” Kerskie said. “It’s mainly phone carriers, but utilities, power, water, cable, any of those, they’re all starting to use this more.”

The NCTUE is a consumer reporting agency founded by AT&T in 1997 that maintains data such as payment and account history, reported by telecommunication, pay TV and utility service providers that are members of NCTUE.

Who are the NCTUE’s members? If you call the 800-number that NCTUE makes available to get a free copy of your NCTUE credit report, the option for “more information” about the organization says there are four “exchanges” that feed into the NCTUE’s system: the NCTUE itself; something called “Centralized Credit Check Systems“; the New York Data Exchange; and the California Utility Exchange.

According to a partner solutions page at Verizon, the New York Data Exchange is a not-for-profit entity created in 1996 that provides participating exchange carriers with access to local telecommunications service arrears (accounts that are unpaid) and final account information on residential end user accounts.

The NYDE is operated by Equifax Credit Information Services Inc. (yes, that Equifax). Verizon is one of many telecom providers that use the NYDE (and recall that AT&T was the founder of NCTUE).

The California Utility Exchange collects customer payment data from dozens of local utilities in the state, and also is operated by Equifax (Equifax Information Services LLC).

Google has virtually no useful information available about an entity called Centralized Credit Check Systems. It’s possible it no longer exists. If anyone finds differently, please leave a note in the comments section.

When I did some more digging on the NCTUE, I discovered…wait for it…Equifax also is the sole contractor that manages the NCTUE database. The entity’s site is also hosted out of Equifax’s servers. Equifax’s current contract to provide this service expires in 2020, according to a press release posted in 2015 by Equifax.

RED LIGHT. GREEN LIGHT. RED LIGHT.

Fortunately, the NCTUE makes it fairly easy to obtain any records they may have on Americans.  Simply phone them up (1-866-349-5185) and provide your Social Security number and the numeric portion of your registered street address.

Assuming the automated system can verify you with that information, the system then orders an NCTUE credit report to be sent to the address on file. You can also request to be sent a free “risk score” assigned by the NCTUE for each credit file it maintains.

The NCTUE also offers an online process for freezing one’s report. Perhaps unsurprisingly, however, the process for ordering a freeze through the NCTUE appears to be completely borked at the moment, thanks no doubt to Equifax’s well documented abysmal security practices.

Alternatively, it could all be part of a willful or negligent strategy to continue discouraging Americans from freezing their credit files (experts say the bureaus make about $1 for each time they sell your file to a potential creditor).

On April 29, I had an occasion to visit Equifax’s credit freeze application page, and found that the site was being served with an expired SSL certificate from Symantec (i.e., the site would not let me browse using https://). This happened because I went to the site using Google Chrome, and Google announced a decision in September 2017 to no longer trust SSL certs issued by Symantec prior to June 1, 2016.

Google said it would do this starting with Google Chrome version 66. It did not keep this plan a secret. On April 18, Google pushed out Chrome 66.  Despite all of the advance warnings, the security people at Equifax apparently missed the memo and in so doing probably scared most people away from its freeze page for several weeks (Equifax fixed the problem on its site sometime after I tweeted about the expired certificate on April 29).

That’s because when one uses Chrome to visit a site whose encryption certificate is validated by one of these unsupported Symantec certs, Chrome puts up a dire security warning that would almost certainly discourage most casual users from continuing.

The insecurity around Equifax’s own freeze site likely discouraged people from requesting a freeze on their credit files.

On May 7, when I visited the NCTUE’s page for freezing my credit file with them I was presented with the very same connection SSL security alert from Chrome, warning of an invalid Symantec certificate and that any data I shared with the NCTUE’s freeze page would not be encrypted in transit.

The security alert generated by Chrome when visiting the freeze page for the NCTUE, whose database (and apparently web site) also is run by Equifax.

When I clicked through past the warnings and proceeded to the insecure NCTUE freeze form (which is worded and stylized almost exactly like Equifax’s credit freeze page), I filled out the required information to freeze my NCTUE file. See if you can guess what happened next.

Yep, I was unceremoniously declined the opportunity to do that. “We are currently unable to service your request,” read the resulting Web page, without suggesting alternative means of obtaining its report. “Please try again later.”

The message I received after trying to freeze my file with the NCTUE.

This scenario will no doubt be familiar to many readers who tried (and failed in a similar fashion) to file freezes on their credit files with Equifax after the company divulged that hackers had relieved it of Social Security numbers, addresses, dates of birth and other sensitive data on nearly 150 million Americans last September. I attempted to file a freeze via the NCTUE’s site with no fewer than three different browsers, and each time the form reset itself upon submission or took me to a failure page.

So let’s review. Many people who have succeeded in freezing their credit files with Equifax have nonetheless had their identities stolen and new accounts opened in their names thanks to a lesser-known credit bureau that seems to rely entirely on credit checking entities operated by Equifax.

“This just reinforces the fact that we are no longer in control of our information,” said Kerskie, who is also a founding member of Griffon Force, a Florida-based identity theft restoration firm.

I find it difficult to disagree with Kerskie’s statement. What chaps me about this discovery is that countless Americans are in many cases plunking down $3-$10 per bureau to freeze their credit files, and yet a huge player in this market is able to continue to profit off of identity theft on those same Americans.

EQUIFAX RESPONDS

I asked Equifax why the very same credit bureau operating the NCTUE’s data exchange (and those of at least two other contributing members) couldn’t detect when consumers had placed credit freezes with Equifax. Put simply, Equifax’s wall of legal verbiage below says mainly that NCTUE is a separate entity from Equifax, and that NCTUE doesn’t include Equifax credit information.

Here is Equifax’s full statement on the matter:

·        The National Consumer Telecom and Utilities Exchange, Inc. (NCTUE) is a nationwide, member-owned and operated, FCRA-compliant consumer reporting agency that houses both positive and negative consumer payment data reported by its members, such as new connect requests, payment history, and historical account status and/or fraudulent accounts.  NCTUE members are providers of telecommunications and pay/satellite television services to consumers, as well as utilities providing gas, electrical and water services to consumers. 

·        This information is available to NCTUE members and, on a limited basis, to certain other customers of NCTUE’s contracted exchange operator, Equifax Information Services, LLC (Equifax) – typically financial institutions and insurance providers.  NCTUE does not include Equifax credit information, and Equifax is not a member of NCTUE, nor does Equifax own any aspect of NCTUE.  NCTUE does not provide telecommunications pay/ satellite television or utility services to consumers, and consumers do not apply for those services with NCTUE.

·        As a consumer reporting agency, NCTUE places and lifts security freezes on consumer files in accordance with the state law applicable to the consumer.  NCTUE also maintains a voluntary security freeze program for consumers who live in states which currently do not have a security freeze law. 

·        NCTUE is a separate consumer reporting agency from Equifax and therefore a consumer would need to independently place and lift a freeze with NCTUE.

·        While state laws vary in the manner in which consumers can place or lift a security freeze (temporarily or permanently), if a consumer has a security freeze on his or her NCTUE file and has not temporarily lifted the freeze, a creditor or other service provider, such as a mobile phone provider, generally cannot access that consumer’s NCTUE report in connection with a new account opening.  However, the creditor or provider may be able to access that consumer’s credit report from another consumer reporting agency in order to open a new account, or decide to open the account without accessing a credit report from any consumer reporting agency, such as NCTUE or Equifax. 

PLACING THE FREEZE

I was able to successfully place a freeze on my NCTUE report by calling their 800-number — 1-866-349-5355. The message said the NCTUE might charge a fee for placing or lifting the freeze, in accordance with state freeze laws.

Depending on your state of residence, the cost of placing a freeze on your credit file at Equifax, Experian or Trans Union can run between $3 and $10 per credit bureau, and in many states the bureaus also can charge fees for temporarily “thawing” and removing a freeze (according to a list published by Consumers Union, residents of four states — Indiana, Maine, North Carolina, South Carolina — do not need to pay to place, thaw or lift a freeze).

While my home state of Virginia allows the bureaus to charge $10 to place a freeze, for whatever reason the NCTUE did not assess that fee when I placed my freeze request with them. When and if your freeze request does get approved using the NCTUE’s automated phone system, make sure you have pen and paper or a keyboard handy to jot down the freeze PIN, which you will need in the event you ever wish to lift the freeze. When the system read my freeze PIN, it was read so quickly that I had to hit “*” on the dial pad several times to repeat the message.

It’s frankly absurd that consumers should ever have to pay to freeze their credit files at all, and yet a recent study indicates that almost 20 percent of Americans chose to do so at one or more of the three major credit bureaus since Equifax announced its breach last fall. The total estimated cost to consumers in freeze fees? $1.4 billion.

A bill in the U.S. Senate that looks likely to pass this year would require credit-reporting firms to let consumers place a freeze without paying. The free freeze component of the bill is just a tiny provision in a much larger banking reform bill — S. 2155 — that consumer groups say will roll back some of the consumer and market protections put in place after the Great Recession of the last decade.

“It’s part of a big banking bill that has provisions we hate,” said Chi Chi Wu, a staff attorney with the National Consumer Law Center. “It has some provisions not having to do with credit reporting, such as rolling back homeowners disclosure act provisions, changing protections in [current law] having to do with systemic risk.”

Sen. Jack Reed (D-RI) has offered a bill (S. 2362) that would invert the current credit reporting system by making all consumer credit files frozen by default, forcing consumers to unfreeze their files whenever they wish to obtain new credit. Meanwhile, several other bills would impose slightly less dramatic changes to the consumer credit reporting industry.

Wu said that while S. 2155 appears steaming toward passage, she doubts any of the other freeze-related bills will go anywhere.

“None of these bills that do something really strong are moving very far,” she said.

I should note that NCTUE does offer freeze alternatives. Just like with the big four, NCTUE lets consumers place a somewhat less restrictive “fraud alert” on their file indicating that verbal permission should be obtained over the phone from a consumer before a new account can be opened in their name.

Here is a primer on freezing your credit file with the big three bureaus, including Innovis. This tutorial also includes advice on placing a security alert at ChexSystems, which is used by thousands of banks to verify customers that are requesting new checking and savings accounts. In addition, consumers can opt out of pre-approved credit offers by calling 1-888-5-OPT-OUT (1-888-567-8688), or visit optoutprescreen.com.

Oh, and if you don’t want Equifax sharing your salary history over the life of your entire career, you might want to opt out of that program as well.

Equifax and its ilk may one day finally be exposed for the digital dinosaurs that they are. But until that day, if you care about your identity you now may have another freeze to worry about. And if you decide to take the step of freezing your file at the NCTUE, please sound off about your experience in the comments below.

Read the whole story
rosskarchner
11 days ago
reply
DC-ish
Share this story
Delete

Yes, No, Maybe

1 Share

I’ve been a Product Manager at GitHub for a number of years now, but recently, @gnawhleinad and @nayafia introduced me to a framework for responding to feature requests that has changed how I talk about upcoming features (both internally and externally) and that I’d like to share here (in slightly modified form). As misleadingly simple as it sounds, I call it “Yes, No, Maybe”. It looks a little something like this:

  • Yes - We have committed to implement it in the next three months
  • No - We have no plans to implement it in the foreseeable future
  • Maybe - We might implement it down the road, but either need more information or plan to, but can’t commit to it right now

When it comes to feature development, I’ve always been a fan of “under promise, over deliver”. The worst place you can find yourself as a Product Manager is promising something to stakeholders (again, internal or external) that you’re unable to deliver, especially if they rely on you for it.

While customers shouldn’t make purchase decisions based on forward-looking statements, customers nonetheless take comfort in better understanding a product’s direction, your vision, and what they might be able to expect down the line. At GitHub, we often run into this in the form of “are you going to build that, or should we?”-type questions from customers, for example. At the same time, most sufficiently sophisticated engineering organizations either formally think about Product work in terms of quarters, or have a rough idea of their product roadmap that extends at least three months out.

Those two factors combined lead to three possible answers when responding to feature requests:

Yes - “we’re doing that”

This three month mark creates a good bright-line where it’s safe to say “yes” we’re doing that (or are going to soon). Often projects are in flight at this point (or planned and committed to), and even if the exact ship date is unknown, it’s likely the project will eventually ship in one form or another. At this point, you should have high confidence that you can say “yes” without risking that you may violate the customer’s expectations down the line. “Yes” is a verbal contract between you and the customer that you will do the thing you say you’ll do.

For those features not on a team’s short-term roadmap, you have two choices:

No - “we’re not doing that”

If it’s something that doesn’t make sense for your product strategically, the answer is simple: “No” or “we’re not planning on building that in the foreseeable future”, more verbosely (ideally with the reason why). While there are many reason to say “yes”, and “no” is often the harder choice to convey to customers, if you truly have no plans to implement the feature “no” gives the customer the opportunity to pursue other ways to fix the problem (workflow, policy, tooling, etc.), and shows them that you’re being honest and transparent about your product vision and direction, even if the news is unpopular in the short-term.

Maybe - “we might do that”

If it’s something you’d like to do but haven’t yet committed to (e.g., 4+ months out), or something that might make strategic sense but you haven’t yet looked into, you give the best answer you can: “maybe”. I like to always follow up “maybe” with as much context as I can provide, e.g., explaining that it’s on our medium or long-term roadmap, but that you can’t yet commit to it, or explaining that it’s a great idea that you should (genuinely) look into (with a promise to get back to them when you do). Maybe isn’t a cop out, but a commitment to follow up with either “yes” or “no” once a decision’s been made.

As with code, I strive to be transparent about upcoming features (and general product direction), unless there’s an overriding business or practical concern not to (after all markets are conversations). Think of “yes, no, maybe” like a “green, red, yellow” stoplight indicating the status of your efforts, and in the inverse, the customer’s need to pursue a workaround (or alternative) to the problem they face.

It sounds simple written out, but if you start from this point, when responding to feature requests, your answer should almost always be in the form of “we’re doing that”, “we’re not doing that”, or “we might do that”, and thus should ensure you consistently meet, or ideally exceed customer expectations when it comes to upcoming features.

Read the whole story
rosskarchner
15 days ago
reply
DC-ish
Share this story
Delete
Next Page of Stories