Category Archives: General Tech Stuff

2018/11/26 · 09:56

Fixing dual-SIM provisioning for T-Mobile and GigSky

When Apple announced dual-SIM support for the new iPhone XS, I immediately decided to buy one instead of the iPhone XR that I really wanted. My reasoning was simple: both the XS and XR had a much improved camera, but the XS would allow me to provision a data-only SIM for my international travel. I ordered one and happily started using it, even knowing that dual-SIM support wouldn’t be available at launch.

It’s important to understand what Apple actually supports: you can have one or two SIMs in your iPhone XS or XS Max. One of them may be a physical SIM; the other is a virtual SIM called an eSIM. There’s no requirement that the eSIM be data-only; you can have two phone numbers, provided by two different carriers from two different countries, if you want. All I wanted was international data, so I planned to buy an eSIM from GigSky. Keep in mind that, as of this writing, only a handful of carriers support eSIM. For example, T-Mobile in the US won’t sell you an eSIM, but T-Mobile in Austria will.

It’s also relevant that this phone came from Apple’s iPhone Update Program (IUP). IUP phones aren’t locked to a particular carrier, or at least they aren’t supposed to be.

I downloaded the GigSky app, bought a plan, and tried to flip the switch that enables the secondary SIM. No dice– when I did, the phone screen briefly flashed up the “Hello!” activation screen, then I got a dialog that said, simply, “Actication required.” Not super helpful.

After trying a few random things, like rebooting the phone, I filed a support ticket with GigSky. “Your phone must be locked,” they said. “Contact T-Mobile.”

So I did; TMO looked up my IMEI and said “nope, we don’t have it locked. Call Apple.”

So I did. Apple fooled around for a bit, had me try removing the existing GigSky eSIM and readding it (which you can’t do; I had to buy another one), then told me to verify that T-Mobile supports eSIM. As I mentioned earlier, they support using eSIMs on phones locked to them (which this one wasn’t anyway), but T-Mo US can’t sell you one– not relevant in this case.

I then called Apple back and spoke to a very helpful gentleman named Matt. He suggested that I back up the phone and erase it, then reactivate it, to force it to get a new activation profile. I dutifully did this, whilst sitting in my Swiss hotel room. After a long cycle of reset-related stuff (new FaceID, resyncing with my Apple Watch, &c), I bought a third GigSky eSIM and was able to activate it without error. The picture below tells the story: I’m roaming on Swisscom (through T-Mobile’s normal international roaming for voice and SMS) on my primary SIM (thus the small “P” icon) and using GigSky for data.

Long story short, Apple still has some work to do to make this process work more smoothly, but I am hopeful they and their carrier partners will file down the rough edges to make it less painful in future.

Leave a comment

Filed under General Tech Stuff

Tagged as , ,

2018/05/07 · 11:08

Azure Portal search: a tale in 4 pictures

Sorry that my first blog post in a while is a complaint, but, hey, at least you’re not paying a subscription fee for it.

We ran into an odd problem with our work Microsoft Teams environment. (I’ll blog more about the details once I confirm that it’s fixed; we’re still troubleshooting it.) Thanks to valiant efforts by Tony Redmond and the Teams engineering team, the root cause was tentatively identified as one of the Teams microservices being disabled. I needed to re-enable it.

First stop, the “Enterprise Applications” blade of the Azure portal. Note the list below is the default view, and it’s all you get– a naive user might assume that the list shows all applications in the AAD tenant because the filters are set to “application status any” and “application visibility any,” and the list appears to go from A through W.

portal-01

But noooooo. Notice that there’s no entry for “Microsoft Teams,” which I know perfectly well is enabled. OK then, let’s try setting the “Show” pulldown to “Microsoft applications.” Set that filter, click “Apply,” and check out the results.

portal-02

Huh. Still no entry for Teams. This time I notice the text in the search field: “First 20 shown, to search all your applications, enter a display name or the application ID.” All right, fine, I’ll try searching for “Teams”. Type that in, hit return, and…

portal-03

Well, that seems wrong. Let me try “Microsoft”. That produced a good-sized list of results, very few of which showed up in any of the preceding screenshots.. but only one entry showed up with a name of “Microsoft Teams.”

Finally, Vasil Michev took pity on me and told me to search for “Microsoft Teams.” Et voilà…

portal-04

There’s the problem child. A couple of clicks later, the service was enabled as intended.

Now, sure, in the grand scheme of things this is a minor issue. There’s so much stuff in the Azure portal, and so many great Azure services, that I can understand that maybe search in this one little corner of the portal isn’t a priority.

Having said that: this is an embarrassing thing to get wrong, and it’s emblematic of similar problems across other Microsoft properties (let’s not even talk about how bad content search is in the Teams client, or why I can’t search Exchange Online archive mailboxes on the Mac Outlook client).

Seriously– fix it, Microsoft.

 

 

 

 

 

 

 

 

 

1 Comment

Filed under General Tech Stuff, UC&C

Tagged as ,

2017/12/11 · 15:51

Viewing events for Windows 10 Controlled Folder Access

I wrote about Controlled Folder Access not long ago. Since then, I’ve seen it throw a few dialogs telling me that a particular application was blocked from doing something, but I generally didn’t pay much attention unless I found something that didn’t work. The desktop notification doesn’t show the full path of the blocked executable if it’s anywhere in \program files or \users\appdata. There just isn’t enough room.

Today I saw a message pop up that had some Chinese characters in it– you’d better believe that got my attention. I wanted to see what CFA had blocked. A little digging around led me to an article that explains how to easily create a custom view that shows CFA events. Sure enough, here’s what it showed:

Someone’s up to no good

Since I don’t use Internet Explorer, it’s pretty clear that something is on my machine that shouldn’t be, but, at least for now, CFA has prevented it from doing anything too nefarious. Off to the malware scanner I go!

Leave a comment

Filed under General Tech Stuff, Security

Tagged as ,

2017/11/28 · 07:31

Quick impressions of the Harman Kardon Invoke Cortana speaker

I’m an early adopter. This is both a blessing and a curse.

Thanks to John Peltonen, I installed some X-10 home automation gear back in the early 90s and have long wanted a more automated home, so when Amazon started shipping the Echo I bought one and threw together an ad hoc home automation system. My “robot girlfriend” Alexa can control various devices, including the kitchen and master bedroom, floor and desk lamps, my security system, and my thermostats (a Nest downstairs and an el cheapo Honeywell upstairs). I have a mix of LIFX bulbs (wouldn’t buy them again), WeMo switches, TP-Link smart plugs, and Lutron Caseta dimmers/switches, plus a GoControl garage door controller. It all works pretty well.

The Alexa devices have pretty quickly blended into my normal home workflow. I use the one in my bedroom like a clock radio, and to control the temperature when I’m in bed; the one in my office gets frequent use for adding items to my grocery list when I remember them, and the kitchen unit is an all-around music player, news source, multi-function timer, grocery-list keeper, and audiobook reader. Overall I’m well pleased with the Alexa devices and ecosystem.

But.

Alexa as an assistant is far behind both Microsoft’s Cortana and Apple’s Siri. (For another time: my thoughts on what each smart-assistant platform is good and bad at, e.g. Siri is dumb and has poor voice recognition, for example, but has a few idiot-savant skills that are useful and both benefits, and is limited by, Apple’s strong emphasis on on-device processing). It’s safe to say that Alexa is mostly a portal to Amazon’s services, which is fine; as a heavy consumer of Amazon services I’m OK with that.

However, I got spoiled by the quality of Cortana’s assistant functionality on Windows Phone and have continued using it on Windows 10, so when I saw that Microsoft and Harmon Kardon were partnering to make the Invoke, a Cortana-powered competitor to the Amazon Echo, I was intrigued. For Black Friday, Microsoft was selling the Invoke for $99, and I had a $50 Microsoft Store credit, so I figured for $50 it was worth taking a flyer. The Invoke got here yesterday and I spent a few hours setting it up and playing with it. Here are my initial short-term impressions.

  1. The device build quality and packaging are excellent. I prefer the physical design and finish of the Invoke to the Echo. They are similar in size.
  2. The Invoke has a power brick instead of a wall wart. That is inappropriate for kitchen use.
  3. The out-of-box-experience and initial setup for the Invoke are very smooth, better than the initial experience for an Alexa device. All I had to do was power on the device and tap “set up my speaker” in the Cortana app. Whereas the Echo/Dot require you to manually switch wifi networks, the Invoke just magically figures out how to set itself up. (The Invoke immediately had to download an over-the-air update but this was painless and fairly fast.)
  4. The sound quality of the Invoke is much better than that of the original Echo. The new Echo 2 supposedly sounds better. The Invoke produces rich, clear highs, solid midrange, and decent bass for such a small unit and it seems louder than the Echo at max volume.
  5. The Dot and Echo have an LED ring around the top that lights up to indicate when the device is listening. The Invoke has a small touch-sensitive screen on the top. The ring is easier to see from a distance (and can be used to indicate when there are notifications, etc) but the touch-sensitive screen is an easy way to interact with the device. I’ll call this one a draw.
  6. Cortana functionality seems to be on par with the iOS Cortana app, and somewhat behind the Win10 app’s functionality.
  7. Cortana has very few skills compared to Alexa’s skills library. On both platforms, many of the skills are either stupid (I don’t need a skill to play the Notre Dame fight song, thanks) or not useful to me (I’m not a Capital One customer so their skill doesn’t do me any good).
    1. Cortana doesn’t have skills to control TP-Link smart plus, LIFX light bulbs, or WeMo switches– all of which I use heavily.
    2. It is completely non-obvious how to add or manage skills. Some skills are built into the device, like Spotify and Skype. Some require you to install an app or to authorize an external service. The process is much more consistent for Alexa devices.
    3. Obviously the Invoke doesn’t have any Amazon skills. I use those heavily too. Being able to reorder cat food, or check on the whereabouts of a package, or listen to an Audible audiobook is very handy.
    4. You enable smart home skills through the Cortana notebook. This isn’t obvious. None of the skills I have seem to recognize individual devices, e.g. the Wink skill just ties Cortana to the Wink hub, and there’s no way I can find to tell Cortana to find new devices through the hub.
  8. Within the first 30 minutes, I ran into a bug– the device would say it couldn’t understand me, no matter what I said. I’ve seen other people mention this online so it’s a legit bug.
  9. I couldn’t get the Wink skill to control my garage door. This might just be because I didn’t know what to say to it; the same skill works fine with my Caseta dimmers and switches though.
  10. You can only set one kitchen timer at a time. Multiple concurrent timers is a key Alexa feature for me because I lack the skill to coordinate cooking multiple dishes without timers.

One feature I really like and can see myself using a lot is the integrated Skype calling. A simple “Hey Cortana, call person” is all it takes. I’m not 100% sure where Cortana is getting contact data from. If I say “call Delta Airlines,” it calls the local Delta Cargo office instead of the number in my contacts. If I say “call Walmart,” the device looks up the nearest Walmart and calls it, which makes sense because I don’t have Walmart in my contacts list. If I name a person in my contacts list, it calls them. Alexa has a very similar feature, along with the ability to send voice or text messages directly to other Alexa devices, but I never got in the habit of using them. (It doesn’t look like Invoke calls show up in my Skype history; I’m not sure if that’s a feature or a bug).

(Fun side note: if you call either device by the other name, it tells you about the upcoming Microsoft-Amazon partnership.)

For now, the Invoke is definitely a second-class citizen here at the fortress of solitude– with limited smart home integration, I can’t do a 1:1 replacement of any of my Alexa devices yet. But it sounds great, and Microsoft has a long history of rapidly improving their 1.0 releases, so I am optimistic that it will get better rapidly. I’ll keep it.

 

 

1 Comment

Filed under General Tech Stuff, Reviews

Tagged as , , , ,

2017/11/01 · 10:18

Using Windows GitDesktop with Windows 10 Controlled Folder Access

The Windows 10 Fall Creators Update has a very useful new feature that can dramatically reduce the impact of ransomware: Controlled Folders. You should turn it on (Ed Bott’s article tells you how). Once it’s on, any attempt by an unauthorized program to modify files in controlled folders (including your OneDrive and OneDrive for Business folders and your Documents folder) will fail with an error message like this:

Controlled Folders doing their thing

The problem is, sometimes you want an application to have access to those folders. No problem: you can get there by opening the Windows Defender Security Center app, clicking “Virus and threat protection”, then clicking “Virus and threat protection settings,” and then finally selecting the “Allow an app through Controlled folder access.” It’s an easy enough process.

Unfortunately, you may find that the app you added to the list isn’t the app that actually runs when you try to do something. For example, when you run GitDesktop you’ll see a message like the one above because that app is actually a bundle that includes several binaries. You might think you can just add the binaries themselves, and you should be able to, but instead I got an error saying that the path I had entered wasn’t valid. That’s probably because I (lazily) installed the GitDesktop client on my… desktop… so its binaries are tucked away in my Users directory.

I spent some time scratching my head trying to figure out what to do, then discovered that you could enable Controlled Folder Access with the Set-MpPreference cmdlet. Of course, where there’s a Set- cmdlet, there’s usually a Get- cmdlet, and sure enough…

Get-MpPreference is your friend

A little more digging turned up the Add-MpPreference cmdlet and the associated ControlledFolderAccessAllowedApplications switch. A little digging to figure out which actual copy of git.exe  was being run and I was all set… until I started writing this post and found that SnagIt has the same problem!

Adding a new application

Thus I ended up solving two problems (“why doesn’t GitDesktop work?” and “why won’t SnagIt work?”), learning something new (*-MpPreference), and, at least hopefully, protecting myself and others against ransomware. Onwards!

 

4 Comments

Filed under General Tech Stuff

Tagged as

2017/10/06 · 16:21

My screen went gray: how to turn off Windows 10 color filter mode

I like to think I know my way around Windows after using it daily since Windows 3.1. Sometimes it still surprises me, though.

Today I was working on a blog post for the ENow blog (stay tuned, you’ll see it shortly). I went to copy a quote from a press release and, suddenly, this is what I saw:

Grayscale Windows screen

Where’d my color go?

I couldn’t figure out what the hell had happened, but my screen was suddenly gray. It was at the correct resolution, and everything looked the same except it was gray. At first I thought I’d mistakenly turned on high contrast mode (which you do with left Alt+left Shift+PrtSc) but nope.

A little digging led me to the dialog shown in the image above. Apparently Windows has a “color filter” mode that, when invoked, makes it easier to see certain colors. It’s intended for people with color-vision deficiencies. For ease of use, Microsoft tied it to a key combination: the Windows key + Ctrl + C. I must have accidentally bumped the Windows key while copying my quote.

Now you know.

119 Comments

Filed under General Tech Stuff

Tagged as

2017/10/02 · 13:16

Clearing the Windows 10 external monitor cache

I bought a Surface Book on day 1 of its availability, 2 years ago this month. It’s been an excellent machine. I almost never use it with the clipboard undocked so I’m not sure I’d buy another one, but it’s been good.

Recently, though, it has developed a displeasing habit of failing to recognize external monitors. For example, last week when I was at Ignite, I had to borrow Richard’s laptop to do my product demos because mine wouldn’t talk to the monitor we had available. When I got back from Ignite, it was worse– I couldn’t use an external monitor either through the Surface Dock or the built-in DisplayPort. It didn’t matter what monitor or adapter I used, either. The only way I could make an external display light up was to undock the clipboard and plug the dock connector into it.

I tried a large variety of things to fix it, including updating the firmware on the Surface Dock, reverting to an older preview build of Windows, sacrificing a chicken, and loud cursing. Nothing.

Then I posted on Reddit. Within an hour or so, a user posted a link to this thread, and I found the magic solution. I unplugged the dock, deleted HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Connectivity and HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Configuration, plugged the dock  back in, and boom! The external monitor now works normally.

My theory is that a bug in Windows 10 and/or the Surface dGPU driver and/or Windows Insider upgrades caused the problem. I’m not really interested in figuring out the root cause now that I know how to fix it.

Hopefully this will help future generations who may have this same issue…

3 Comments

Filed under General Tech Stuff

Tagged as ,

2017/06/30 · 09:24

Office 365 Hybrid Configuration Wizard won’t launch

I recently ran into a bizarre problem with the Office 365 Hybrid Configuration Wizard, and solved it after a bit of trial and error. Hopefully this article will be a useful breadcrumb for future hybridizers.

The HCW used to be a standalone Windows executable that you’d download. The Office 365 team (hi, Tim Heeney!) made the wise decision to turn it into a Click-To-Run (C2R) executable. The biggest benefit to using C2R is that whenever you click the link (which downloads the application’s manifest file) you get the latest version of the HCW, streamed directly to you from Microsoft’s servers. This ensures that everyone always gets the most up-to-date version, but it also introduces a few potential stumbling blocks.

C2R application manifests aren’t executable themselves; they’re just XML files that provide some metadata about the application. With that said, on a properly configured Windows box, as soon as you download the manifest, the C2R helper application does its thing; it reads the manifest, streams the application, and launches it.

In my Exchange 2016 lab, that’s not what was happening. When I clicked on the HCW link in Internet Explorer, the little “Scanning..” infobar would flash across the bottom of the window, but that was it. Same thing in Chrome. Downloading the HCW manually using the Start-BitsTransfer PowerShell cmdlet got me the manifest file, but it couldn’t be launched. Of course, since the C2R launcher itself wasn’t launching, there were no log files to use to troubleshoot the problem. By contrast, when I downloaded the HCW onto my Windows 10 desktop, it would fail because I didn’t have the right prerequisites installed, leaving me a log file full of juicy details. All of the machines in my lab had the same problem, perhaps not surprising since they were built from the same Amazon Web Services AMI.

I spent some time doing the usual things: trolling the TechNet forums, searching random posts by people who had problems with the HCW (all of which were problems with what it did after launch, not problems getting it launched), and asking my smart MVP friends. Nada.

Then I had a hunch and opened the Default Programs control panel. For the “.application” file type, this is what I saw:

Looks plausible, but it’s totally wrong

I changed the “.application” file type to be opened with Internet Explorer. Then I went back to the HCW link, clicked it, and was rewarded with a properly functioning copy of the HCW. Filed for future reference…

16 Comments

Filed under General Tech Stuff, UC&C

Tagged as , ,

2017/06/26 · 21:04

Office 365 Engage wrapup

Last week, I had the privilege of presenting at the first Office 365 Engage conference. Billed as a practical, no-marketing-content conference, and chaired by Tony Redmond, the conference offered a pretty impressive lineup of speakers from across the Office 365 world, mostly from Europe. One big drawback to the way that Microsoft and Penton have organized their respective conferences is that it’s often difficult to get European experts and MVPs here to speak, so I was looking forward to seeing some fresh material presented by people I don’t usually get to hear from, and I was not disappointed.

I arrived midday Tuesday after changing planes in Reykjavik (more on that later). A quick train ride got me to the Haarlem Centraal station, after which I grabbed an Uber to the hotel. The conference was booked into the Philharmonie Haarlem, and I must say it was the nicest conference venue I’ve ever been in– a far cry from the typical US conference facilities located in echoing, soulless conference centers or noisy, smoky Vegas hotels. The location was excellent as well– Haarlem is a beautiful city and quite walkable. The conference hotel was a mere 3-minute walk from the Philharmonie and the area contained a wealth of restaurants and shops.

One of the meeting rooms at the Philharmonie

After I got registered, I wandered around talking to attendees and speakers. My first session (on monitoring Office 365, big surprise!) wasn’t until Wednesday morning so I got to drop in on a couple of sessions, which was nice. Unfortunately, I spent most of my time Tuesday either working on my slides and demos or on the phone with folks back in the USA– that’s the big downside to being in Europe. Tuesday night I met a group of MVPs for dinner, at a Mexican restaurant, of all places.

Wednesday I had my monitoring session in the morning, along with more work on my third session’s slides. I got some good attendee questions that I’ll use to make the presentation better for the next time– as Microsoft is always changing the monitoring and reporting functionality in Office 365, this is definitely an evolving area. In the afternoon, I was able to go to Tiago Costa’s session on Office Graph development, which I found quite valuable. Wednesday night the organizers had set up a canal cruise for the speakers, which was a lovely treat– Haarlem looks even better from the water.

Canal ahoy

Obligatory windmill photo. This was the only one I saw the entire trip.

Thursday was a big day. I had two sessions: one on Skype Meeting Broadcast and one on Windows Information Protection. Fellow MVP Brian Reid was kind enough to help salvage my demo; I filed a support ticket with Microsoft about an hour before my session because my tenant didn’t work, but his did. We even got to demonstrate the real-time automated closed captioning feature that Skype Meeting Broadcast now includes, which resulted in quite a few laughs from the audience. It works surprisingly well, better with Brian’s English accent than my own American one. Then it was back to the speaker lounge for still more work on my information protection slides, which I delivered to a curious audience without a hitch. (I had a great side conversation with a lady who works for, shall we say, an allied power and had a lot of interesting questions about ways to use the Information Protection features in what might euphemistically be called a nuclear bunker.) The afternoon sessions were accompanied by a loud, heavy thunderstorm that wouldn’t be out of place in Alabama– I think some of the locals were a little surprised by its ferocity. The rain had cleared and left the air cool and clear afterwards, perfect for the closing session, after which I jumped in a taxi to get to Schiphol for my flight on to Reykjavik.

A quick note on logistics: the venue’s Internet connection worked well for nearly everyone, seating was comfortable and plentiful, and the snacks, coffee, and lunches were good. Overall the logistics were far better than average, especially for a freshman offering. I believe that reflects the experience of the event team, all of whom have put on many such similar events in the past.

Overall, this was a solid first-year conference. With only a couple hundred attendees, it preserves the small-group feel that was formerly so attractive about first MEC and then Connections, but with a great deal of attention paid to ensuring that the content was relevant, unique, and practical. I’m looking forward to next year’s version!

2 Comments

Filed under General Tech Stuff, Travel, UC&C

2017/05/21 · 17:14

Removing a bad Windows driver, the hard way

From the “don’t touch what isn’t yours” department…

Yesterday I wanted to do some administrative chores related to a large stack of bills that were cluttering the dining room table. I grabbed my Surface Book from my laptop bag and plunked it on the table. My son’s Dell laptop was nearby, with his fancy Razer gaming mouse plugged into it. “Hey, free mouse,” I thought. I plugged it in to the Surface Book, opened it up, and went to get a diet Coke. By the time I came back, Windows and/or Razer had managed to install some kind of evil driver from hell™ that rendered every USB device plugged into the system inert.

That includes the built-in keyboard and trackpad, BTW, as well as anything plugged into the Surface Dock. The clipboard still worked great, though.

I tried rebooting and that didn’t help. Trying to search for a solution with just the on-screen keyboard slowed me down a bit, and I had other stuff to do last night, so I let the broken machine sit forlornly overnight and went back to it this morning.

The touch screen functioned normally, which was helpful so that I could open apps. When I looked at the “recent updates” list, I saw that a Razer device driver had been installed when I plugged the mouse in– but it was a version labeled as being from 2012. Why this happened, I don’t know. This was clearly the culprit… but Windows 10 doesn’t give you a way to remove an individual device driver update from the settings interface. Nothing relevant appeared in the add/remove programs list. There was no “undo the last update” button, and I didn’t have a recent backup. Device Manager didn’t show any driver at all for a Razer HID device of any kind… so back to the search I went.

First I tried installing Razer Synapse, their all-in-one utility. All that did was invite me to sign up for a Razer account. No thanks. Then I poked around various arcane parts of %systemroot% but didn’t find anything suspicious. Re-running Windows Update didn’t force a new version of the driver either.

To make a long story short, the answer is here: I had to run pnputil.exe -e to figure out which driver store package had the bad driver, then remove it with pnputil.exe -d -f. Once the offending driver was removed, all of my USB peripherals miraculously resumed their normal operation.

Moral of the story: don’t plug in your son’s gaming peripherals. Lesson learned.

Leave a comment

Filed under General Tech Stuff

Tagged as ,

2017/03/17 · 09:33

Setting up run intervals on Garmin watches

(Disclaimer: I am not a coach or even especially knowledgeable; in fact everything I say in this post could be completely wrong. Don’t blame me if you create an interval that causes you to inadvertently run an ultramarathon.)

If you want to be a faster runner, you have to run faster. Unlike many other areas of endeavor, though, the best way to get faster is to train in intervals. Instead of going out every day and knocking out the same distance on the road, almost every runner can benefit from mixing those steady-state runs in with shorter-distance, higher-intensity work. For example, my coach might give me this: “2 mi WU, 6 x (2:00 @ 10K, 2:00 slow), 1mi CD.” Translated, that means “2 mile warmup at an easy pace, 6 intervals where each interval starts with 2 minutes at your 10K pace and then a 2 minute slow run, followed by a 1 mile cooldown.”  Tracking intervals is a pain in the butt, though, which is why many runners use a track– then they know to run 440, or 880, or whatever. Distance-based intervals are OK but I find track running to be even more boring than treadmill runs; I’d much rather do my intervals outside. Luckily, Garmin has my back: you can build a structured workout, then send it to your watch. When you’re running, the watch will tell you what to do. It’s magic! Because I am a nerd, I was excited when I found this feature a couple of years ago, but I find that lots of my running friends don’t know that it exists.

Garmin lets you build structured bike, run, or swim workouts that include an optional warmup, zero or more individual steps, zero or more repeats (which is the actual interval– you do X, then you do Y, repeated Z times), and an optional cooldown. Once you create the workout, you can send it to your device and it will guide you through the workout. Note that there are a lot of differences between run, bike, and swim intervals and how they are presented on various devices; for now I want to focus on the simplest case, setting up a simple run interval.

Let’s say that you want to do a simple interval workout: a 10-minute warmup, then 6 intervals at 5K race pace, then a 10-minute cooldown. I’ll pretend that you want 2 minutes at race pace and a 2 minute cooldown in each interval. Here’s how you’d set that up.

Start by logging into the Garmin Connect website. Once you’re there, click on the hamburger menu (3 parallel lines in the upper left corner), then and scroll down until you see “Workouts,” then click it. That will bring up the workouts page.

the workouts list in Garmin Connect

Click the “Select a workout type…” menu and choose “Run,” then click “Create a Workout.” You’ll see the workout creation page. Garmin helpfully assumes that you’ll have a warmup, a single run step, and a cooldown. Each of these items is color-coded.

A new blank workout for you to customize

Delete the single run step by clicking the “X” at its right edge, then edit the warmup and cooldown to include the times you want. You can also specify distance– wherever you see “select a duration”, you can choose to base the length of that item on distance, time, speed, pace, or just pressing the lap button. Use the pull-down menus in each section to fill out the workout you want.

Start with the warmup and cooldown

Now for the magic: click the “Add a Repeat” button and a new section will appear.

Oh noes, this is all jacked up

There are several things wrong with this, though: the repeat is in the wrong place, it’s for the wrong number of reps, and the intervals we want aren’t there. Luckily, this is easy to fix:

  1. Use the + and – icons at the top of the repeat block to set the correct number of reps.
  2. Use the “Select a duration…” pulldowns in the “run” and “recover” sections to set the right durations.
  3. Use “Add More…” in the “run” section to add the correct pace:
    1. Click “Add More…”
    2. The “Select an intensity target” pulldown will appear.
    3. Click it and select “Pace”, then fill in the target pace range you want. (Note that you can also set intervals based on heart rate zone and a bunch of other metrics).
  4. Repeat step 3, but this time for the “recover” section.
  5. Click and drag the little grabby thing (next to where you see “Repeat N Times” in the repeat block) to drag it into the correct position.

When you’re finished, here’s what your workout will look like:

All done! (Bonus points if you notice the one other change I made)

Now you can save the workout.. but before you do, use the pencil icon next to the “Run Workout” title to change the name of the workout so you’ll be able to identify it. Once that’s done, click “Save Workout.” At this point, absolutely nothing useful will happen when you look at your watch, because there’s another required step: you have to transfer the workout to the watch. The easiest way to do this is with the Garmin Connect mobile app, although you can plug your watch in with a cable if you prefer. As I write this, you can’t create interval workouts in the app, which is too bad. Here’s how to perform the sync: (These instructions are for the app on iOS; I don’t have an Android device so I have no idea if the UI is the same or not.)

Start the app, then click on the “More” icon (the three little dots) in the bottom navigation bar and tap “Workouts”. You should see the new workout you just created in the list:

The new workout is available to sync

Tap the new workout, and you should see the workout itself. In the upper-right corner of the screen, there’s a little icon showing an arrow pointing into a phone. That means “sync,” although why it shows a phone and not a watch is a mystery. Click it, then you’ll see a page showing all the devices your app knows about.

Here’s your workout, nearly ready to go

Select the device you want and tap “Send”.

Select the target device

Wait a minute, then check to see if the workout’s on your watch. On the Fenix3 HR, you do this from Training > My Workouts > Running. Scroll through the list until you see your workout, then hit the “start” button and you’re all set.. happy running!

Ta da

2 Comments

Filed under Fitness, General Tech Stuff

Tagged as ,

2016/02/09 · 12:52

Training Tuesday: IoT insecurity, fitness division

There’s lots of hype about how the Internet of Things (IoT) will make our lives better, and much of it is true. For example, my house has two Internet-connected thermostats that I can use to see and change temperature settings— that way I can keep the house uncomfortably cool or warm when I’m not there and adjust the temperature remotely so it’s comfy when I get there. Fitness devices are definitely a well-established part of the IoT; companies such as BodyMedia and Garmin have been making devices that can connect, either on their own or through a PC or smartphone, to Internet services for a while. That market has been growing very rapidly over the last few years (some estimates put it as $3 billion in 2015), so some bright folks at Open Effect (funded in part by the Canadian government) decided to take a look at the security of IoT-connected fitness devices.

The results (full report here) are pretty horrifying:

  • Many devices transmit their Bluetooth MAC IDs at all times that the device isn’t pried, and those IDs never change, so it’s easy to track someone through rudimentary Bluetooth beacon monitoring.
  • The Jawbone and Withings fitness services don’t do a very good job of data validation; the researchers mention telling the Jawbone service that their test user walked 10,000,000,000 steps in one day, and the service happily accepted that. Worse still, they were able to inject fake data, generating records of “a person taking steps at a specific time when no such steps occurred.” Given that this data has been used in both criminal and civil trials in the US and Canada (see the extensive footnotes in section 1.4 of the report), this is pretty awful.
  • Garmin and Withings don’t use HTTPS to protect data in transit. Given that I wear a Garmin watch and use a Withings scale daily, I have a problem with this. The researchers only studied the Garmin Connect app on iOS and Android, but if I had to bet, I’d guess that my Garmin watch (which has Wi-Fi) isn’t using HTTPS either.

Apart from calling Garmin to yell at them, I’m posting this mostly to point out yet another case where the rush to get things on the Internet may have unintended consequences. While my individual fitness data is not necessarily something I mind being visible, I don’t like that these manufacturers have been so sloppy. I can understand not wanting to implement HTTPS on a very low-power device but there’s no excuse not to implement it in a mobile app, for crying out loud.

Meanwhile, if I ever need to, now I know how to challenge any fitness-related data that may be introduced in court.

Leave a comment

Filed under Fitness, General Tech Stuff, Security

2016/01/08 · 07:25

Flying Friday: the avionics brain transplant begins

I fly a 41-year-old airplane. Not that there’s anything wrong with that. As I’ve said before, there’s something to be said for mature technologies, and the economics of general aviation are such that there’s no chance I’ll be buying a new airplane any time soon when even an entry-level Cessna 172 costs north of $400K. Because new aircraft are so expensive, there’s a lively market in refitting and upgrading existing airframes. The engines, paint, interior, and avionics on an airplane can all be replaced or upgraded at pretty much any time, and the longevity of the basic airframe means that I can comfortably expect to get another 20-40 years out of my existing plane if I take good care of it.

With that said, newer airplanes have some major advantages, many of which (built-in cupholders, leather seats, ballistic recovery parachutes) aren’t available for my plane. After flying 706 for about a year, getting my instrument rating, and taking more and longer cross-country trips there were a few things that I wanted to add to make instrument flight easier and safer. My co-owner Derek and I spent a lot of time hashing out what we wanted vs what we could afford vs what we could live with. Here’s what we decided.

First off, we knew we’d have to meet Yet Another Unfunded Mandate. Starting in 2020, all airplanes that operate in controlled airspace (meaning the “Class B” and “Class C” airspace surrounding major airports and most cities) have to use a system called ADS-B. The FAA has delusions that ADS-B, which requires every aircraft to continuously transmit its GPS-derived position and velocity, will replace radar. It probably won’t, but that’s a topic for another post. Equipping a plane for ADS-B  requires two pieces:

  • a GPS system that uses the FAA’s Wide Area Augmentation System (WAAS) to provide high accuracy position and location data. The WAAS system combines satellite GPS data with position data from precisely surveyed ground stations to provide sub-meter accuracy.
  • an ADS-B Out transmitter that sends ADS-B data, including the WAAS GPS data

There are lots of ways to get these two parts, ranging in cost and complexity from “absurd” to “merely unpleasant.” The two most popular ways are to install a new transponder that includes a built-in position source or install a separate WAAS GPS and a little box that transmits ADS-B Out without touching your existing transponder. You can also get weather and traffic data using ADS-B In; that requires an ADS-B receiver and something to display the received data on. Right now, I use a Stratus receiver (the original, not the fancy 2S) and ForeFlight on an iPad for ADS-B In… but, as with many other government programs, there’s a huge catch. You get weather data for free, but you only see ADS-B In traffic if there’s an ADS-B Out-equipped airplane near you. This was supposed to be an incentive to get people to add ADS-B Out, but as a practical matter it means that ADS-B In is currently only useful for passive receivers like my Stratus in areas where there are already lots of ADS-B Out airplanes.

Next, we wanted the ability to use WAAS instrument approaches. I love the precision of ILS approaches, and use them whenever I can, but most airports don’t have an ILS, and those that do won’t typically have more than one. However, a growing number of airports have approaches that offer precision vertical and lateral guidance if you have a WAAS GPS. To be more precise (see what I did there?), we wanted to be able to fly LPV approaches so that we’d get precision vertical guidance for approaches where ILS equipment isn’t available. With WAAS equipment, you can also get an advisory glideslope, which gives you non-precision vertical guidance to help keep you from smashing into things.

Finally, we (well, mostly I) wanted to improve the autopilot’s ability to track instrument approaches. The approach phase of single-pilot IFR is a demanding and busy time, and it’s easy to make mistakes. Our existing autopilot can fly a heading, keep the wings level, and hold an altitude, but when you get to a complex approach, being able to let the autopilot turn the airplane based on GPS steering is very helpful because it frees up time and attention for vertical navigation, approach prep, and other critical tasks.

After a lot of back-and-forth, an immense amount of comparison shopping, and lots of head-scratching, Derek and I decided to send 706 to Sarasota Avionics to have the following installed:

  • An Avidyne IFD540 WAAS GPS. I preordered one of these back in 2012, well before I even had my pilot’s license, on the theory that I could always sell it later. The IFD540 is much more capable than the Garmin GNS530 and, to me, is easier to use than the Garmin GTN750. It’s also less expensive to buy, requires less expensive data subscriptions, and provides some much-needed market competition for Big G.
  • An Avidyne AXP340 transponder. The AXP340 transmits ADS-B Out, but it requires a separate WAAS GPS. In our case, that’d be the IFD540. There’s a whole complex mess of rules for which transponders can be legally used with which GPS position sources– basically, only combinations that have been certified by the manufacturer and registered with the FAA can be installed and used, even though other combinations may work just fine. Avidyne’s products are obviously certified to work with each other.
  • An Avidyne MLB100 ADS-B In receiver. Derek talked the Avidyne guys into giving us one of these for free if we bought the preceding two items. With this, the IFD540 can receive and display traffic and weather information. It is extremely useful to see this data overlaid on your primary map, especially because you can “rubber-band” your flight route to deviate around weather and traffic as needed.
  • A DAC GDC31 roll steering converter (which most people just call a GPS steering, or GPSS, adapter). Our autopilot, bless its heart, is the most analog device I think I currently own. It works by sensing voltage output from the directional gyro and course deviation indicator (CDI). To fly a particular course, you twist a knob on the DG to set the heading indicator, or bug, to the desired course; you can also have the autopilot track a VOR or even an ILS localizer, which it does by looking at the voltage used to drive the deflection on the CDI. One thing it can’t do, though, is track an actual GPS course. If the GPS route calls for you to fly a heading of 175 degrees, and the heading bug is set to 95 degrees, guess where you’re going? The GDC31 fixes that by adapting the digital steering commands output by the IFD540 into voltages that the autopilot can understand. I’ve used GPSS in other airplanes before and it’s a great experience– smooth, solid tracking with no “hunting” and accurate turn anticipation.
  • An Avidyne AMX240 audio panel. We’d been talking about replacing our ancient mono audio panel with a nicer unit that would give us better audio quality, and the marginal cost of adding the panel at the same time as the other equipment was considerably lower than doing it later.

The IFD540 + AXP340 combination gives us ADS-B Out, so we’ll be legal. The IFD540 + MLB100 gives us ADS-B In (with the added bonus that the IFD540 has wifi, so it will be able to feed all sorts of useful data to portable devices in the cockpit). Finally, the IFD540 + GDC31 gives us full two-axis autopilot coupling. I think, but haven’t verified, that it will also give us the ability for the autopilot to track altitude changes as expressed by the glideslope. The existing autopilot can track an ILS glideslope, and the IFD540 can provide a glideslope for LPV approaches (and an advisory glideslope for LNAV+V) so I think it should “just work.”

This seems like a huge list of expensive stuff (and it is)– one question that immediately comes to mind is “why bother with all this stuff when you could just use an iPad?” The problem is spelled F-A-A. First, there are no portable ADS-B solutions that are approved to meet the 2020 mandate in Part 23 aircraft. That’s a fancy way of saying that an experimental or homebuilt airplane can use equipment that’s not approved for factory-built airplanes. That also wouldn’t give us WAAS approach capability; even though there are portable WAAS receivers (including this watch!) you can’t use them to fly approaches. While there’s been lots of flailing in the aviation press about the need for cheaper, better-integrated ADS-B solutions, it’s also true that we’re getting a lot of other capability out of the upgrade that we’d miss if we went with a simpler ADS-B-only installation.

Along with the avionics themselves, of course, there are lots of little things– antennae, cables, and so on– that have to be installed and tested. That’s why we expect the upgrade to take an eye-popping four weeks– and that’s assuming everything goes well. Stay tuned!

2 Comments

Filed under aviation, General Tech Stuff

Tagged as , ,

2016/01/02 · 07:19

Garmin Fenix 3 drops data from Stages power meter

I’ve been ignoring this problem for a while, hoping that it would be fixed in a firmware update, but it persists, and I finally got aggravated enough with it to write this post (and to engage Garmin support). The problem is simple: my Garmin Fenix 3 triathlon watch will not reliably record data from the Stages power meter I have on my bike.

A quick digression: there are two major standards for wireless exercise sensor connectivity, Bluetooth Low Energy (aka BLE and Bluetooth 4.0) and ANT+. Some devices support one or the other, and some devices support both. For example, my heart rate monitor (the excellent Scosche Rhythm+) simultaneously transmits both ANT+ and BLE signals, but my Wahoo speed/cadence sensor is ANT-only. When I ride, I usually use two devices: my old iPhone 4 on the handlebars, in a Wahoo case that has a built-in ANT+ adapter, plus my Fenix 3. The iPhone is too old to use BLE, and turning on BLE on the Fenix 3 dramatically drops its battery life, so I’m using ANT for all the sensor data. Having two devices means that sometimes I forget to start or stop one device or the other at various points, so I often have mismatched data between the two.

A picture will illustrate the problem most clearly. When I use the Fenix 3, I end up with ride data that looks like this:

Bad power data is bad

As you can see, the power graph has a few spikes with lots of flats– and an average power of only 23W. (I’ll get to why the average is important in a minute). By contrast, here’s what the ride looked like when captured with the Strava app on my iPhone 4. Note that the power data much more closely tracks the speed, cadence, and HR data.

That's more like it

So why is this important? First of all, as a techie, it annoys me when two things that are supposed to work together won’t. More importantly, I actually use the power data from these rides in two ways. While I’m on the bike, I use it to gauge and adjust my level of effort. For example, yesterday’s ride was pretty windy, so I tried to hold a steady 190-210W while riding into the wind, keeping my level of effort constant and accepting whatever speed that gave me. After a ride, my coach and I use the power data to plan my recovery time and to identify areas where I need more practice (e.g. climbing hills). Having inaccurate or dirty data makes both of these uses impossible.

The Stages power meter support FAQ suggests moving the watch around, but I haven’t tried that yet. My troubleshooting efforts so far have been limited to changing the battery in the Stages and making sure the Stages and Fenix both have the latest firmware. I’ll see what Garmin support has to say. Hopefully they have a magic fix; I have a very early-model Fenix 3 so maybe they’ve made some improvements since launch. Until then, I’ll keep recording each ride twice and keeping the cleanest data.

17 Comments

Filed under FAIL, Fitness, General Tech Stuff

Tagged as , ,

2015/12/18 · 18:00

iOS charging woes

I have been meaning to write a long article about why I moved from Windows Phone back to iOS, and the good and bad parts of the transition, but I’ve been too busy to bother. I do have time for a quick rant, though: damn, I am tired of having charging problems.

See, Apple has this logo certification program called “Made for iOS.” Join it, and your devices (which might include chargers, cables, etc) can be certified as compatible with Apple devices, and you get a cool logo. Sure, it costs you a few bucks to sign up and get certified, but it’s cheap insurance. Nice line of chargers and cables you’ve got there. It’d be a real shame if anything happened to it.

On my last two road trips, previously-working cables have suddenly started producing the infamous “this accessory may not be compatible” message. Once that happens, it’s game over. The phone (or iPad) will no longer charge from that cable. If you happen to be on a road trip, well, too bad. Luckily I had a spare, but I am now nearly out of working cables, and there’s no guarantee that the name-brand cables I bought from Amazon (all of which were from vendors who claimed to be MFi certified) will keep working. Of course, because it’s Apple, there’s no way to override this dialog, ignore it, or force the device to talk to a tainted cable– once the cable is blacklisted, it’s no longer usable with that device at all.

The worst part? I’ve seen many reports of this happening to people who bought cables and chargers from the Apple store. Since I am unlikely to ever do that I’m not too worried, but I hate the precedent, and the inconvenience factor has been pretty stunning compared to my easy prior life of using micro USB cables with my Lumias. While I understand Apple’s desire to protect the IP embodied in the Lightning interface, and while I even believe that part of the rationale behind blocking non-certified devices is to prevent bad customer experiences, the whole thing has left an unpleasant taste in my mostly-discharged battery.

5 Comments

Filed under FAIL, General Stuff, General Tech Stuff