text/plain

Q4 2022 Races

I finished the first section of Tommy Rivers’ half-marathon training series (in Bolivia) and have moved on to the second section (Japan). I ran two Austin races in November, notching some real-world running experience in preparation for the 3M Half Marathon that I’ll be running at the end of January.

Run for the Water

On November 6th, I ran the “Run for the Water” ten miler, a charity race in support of providing clean water sources in Burundi.

Fortunately, everything that could’ve gone wrong with this race didn’t– the weather was nice, and my full belly had no complaints. This was my first race experience with music (my Amazon Fire phone to one Bluetooth headphone) and a carried snack (GU chews), and I figured out how to coax my watch into providing pacing information every half mile.

I had two goals for the race: To run the whole thing without stopping, and to beat 1:30 overall.

I achieved both, with a finishing time of 1:28:57, a pace of 8:53 per mile, and 1294 calories expended.

As predicted, I started at a faster pace before leveling out, with my slowest times in the hills around mile six:

The mid-race hills weren’t as bad as I feared, and I spent most of mile 6 and 7 psyching myself up for one final big hill that never arrived. By mile 8, I was daydreaming about blazing through miles 9 and 10, but started lagging and only sprinted at the very end. With an eye toward the half marathon, as I crossed the finish line, I asked myself whether I could run another 3.1 miles in thirty minutes and concluded “probably, but just barely.”

Notably, I managed to keep my heart rate under control for almost the whole race, running nearly the entire thing at just under 85% of my max:

The cool-but-not-cold weather undoubtably helped.

Turkey Trot

On a drizzly Thanksgiving morning, I ran the Turkey Trot 5-miler and had another solid run, although I didn’t take it as seriously and I ended up missing both of my goals: Run the entire thing, and finish in 42 minutes.

After the Capitol 10K in the spring, I was expecting the horde of runners at the start and was prepared for the temptation to join others in walking the hills early in the race. I wasn’t expecting the challenge of running on wet pavement, but I managed to avoid slipping. Alas, after topping the hills at mile 2, I then walked for a tenth of a mile to get my breathing and heart rate back under control.

Despite the shorter distance, my heart rate was considerably higher than during the ten miler earlier in the month:

I ended with a time of 44:06, an 8:49 pace just a hair faster than the ten miler, burning 673 calories in the effort:

So, a set of mixed results: I’m now considering whether I should try running a slow half marathon in December just to prove to myself that I can cover the distance without stressing about my time.

Driving Electric

While my 2013 CX-5 is reasonably fuel-efficient (~28mpg in real world driving), this summer I watched in dismay as gas prices spiked. Even when my tank was almost full, watching prices tick up every time I drove past a gas station left me unsettled. I’d been idly considering getting an electric car for years, but between months of fuel price anxiety and upcoming changes in tax credits (that will leave me ineligible starting in 2023) this fall felt like the right time to finally pull the trigger.

On October 24th, I picked up a new 2023 Nissan Leaf.

I originally shopped for plug-in hybrid SUVs with the intent of replacing the Mazda, but none of the brands seemed to have any available, with waitlists stretching well into next year. So, instead I decided I’d look for a pure-electric to use for daily driving, keeping my CX-5 for family vacations and whenever I need to haul a bigger or messier load. (I worried a bit about the cost to have two cars on my insurance, but the new car initially added only $30 a month, which feels pretty reasonable.)

I got the shorter-range version of the Leaf (40kWh) which promises around 150 miles per charge. While it’s compact, it makes good use of its interior room, and I have plenty of headroom despite my long torso. The backseat is very tight, but my sons will still fit for a few more years. In the first 25 days, I’ve put about 550 miles on it, and the car has yielded slightly better than the expected 150-mile range. It’s fun to drive. The only significant disappointment is that my Leaf’s low-end “S” trim doesn’t include the smartphone integration to track charging and enable remote start/AC (which would’ve been very useful in Texas summers). Including tax and all of the assorted fees, I paid sticker at $32K (17 down, 15 financed at an absurdly low 2.25%), before discounting the soon-to-expire $7500 federal tax credit.

For the first few weeks, I was trickle-charging the car using a regular 120V (1.4kWh/h) household socket. While 120V takes more than a day to fully charge the Leaf, even slow charging was much more practical for my needs than I had originally expected. Nevertheless, I spent a total of $2550 on a Wallbox Pulsar Plus 40A Level 2 charger ($550 for the charger, a higher-than-expected $2000 for the new 240V high-amp socket in my garage) to increase the charge speed to the full 6.6kWh/h that the car supports. My current electrical panel only had 30 amps available, which is the max the Leaf will take, but I had the electrician pull a 50 amp wire to simplify things if I ever upgrade to a car and panel with higher capacity. My local electric company will reimburse me $1200 for the charger installation, and there’s also a federal tax credit of 30% capped at $1000. So if everything goes according to plan, L2 charging will only have a net cost of $600.

While I’m enjoying the car, it’s not for everyone– between the small battery and the nearly nonexistent public fast-charging support, the practical range of the Leaf is low. The Leaf only supports the losing CHAdeMO standard that seems likely to go away over the next few years, and the Austin metro area only has two such chargers today (Update: Wrong). It’s also not clear that the Leaf model line has much of a future; the 2023 edition might be the last, or at least the last before a major redesign. (Update: The 2024 Leaf appears to be basically identical to the 2023 model; Nissan’s electric SUV, the Ariya, has arrived in America).

Nevertheless, for my limited needs, the Leaf is a good fit. In a few years, I expect I’ll replace my CX-5 with a hybrid SUV, but for now, I’m stressing a lot less about gas prices (even as they’ve fallen back to under $3 a gallon in Austin 🤷‍♂️).

-Eric

Update: I wrote about my Leaf ownership, one year in.

Thoughts on Twitter

When some of the hipper PMs on the Internet Explorer team started using a new “microblogging” service called Twitter in the spring of 2007, I just didn’t “get it.” Twitter mostly seemed to be a way to broadcast what you’d had for lunch, and with just 140 characters, you couldn’t even fit much more.

As Twitter’s founder noted:

…we came across the word “twitter”, and it was just perfect. The definition was “a short burst of inconsequential information”, and “chirps from birds”. And that’s exactly what the product was.
https://en.wikipedia.org/wiki/Twitter#2006%E2%80%932007:_Creation_and_initial_reaction

When I finally decided to sign up for the service (mostly to ensure ownership of my @ericlaw handle, in case I ever wanted it), most of my tweets were less than a sentence. I hooked up a SlickRun MagicWord so I could spew status updates out without even opening the website, and spew I did:

It looks like it was two years before I interacted with anyone I knew on Twitter, but things picked up quickly from there. I soon was interacting with both people I knew in real life, and many many more that I would come to know from the tech community. Between growing fame as the creator of Fiddler, and attention from improbable new celebrities:

…my follower count grew and grew. Soon, I was tweeting constantly, things both throwaway and thoughtful. While Twitter wasn’t a source of deep connection, it was increasingly a mechanism of broad connection: I “knew” people all over via Twitter.

This expanded reach via Twitter came as my connections in the real-world withered away from 2013 to 2015: I’d moved with my wife to Austin, leaving behind all of my friends, and within a few years, Telerik had fired most of my colleagues in Austin. Around that time, one of my internet-famous friends, Steve Souders confessed that he’d unfollowed me because I’d started tweeting too much and it was taking over his timeline.

My most popular tweet came in 2019, and it crossed over between my role as a dad and as a security professional:

The tweet, composed from the ziplock bag aisle of Target, netted nearly a million views.

I even found a job at Google via tweet. Throughout, I vague-tweeted various life milestones, from job changes, to buying an engagement ring, to signing the divorce papers. Between separating and divorcing, I wrote up a post-mortem of my marriage, and Twitter got two paragraphs:

Twitter. Unquestionably designed to maximize usage, with all of the cognitive tricks some of the most clever scientists have ever engineered. I could write a whole book about Twitter. The tl;dr is that I used Twitter for all of the above (News, Work, Stock) as well as my primary means of interacting with other people/”friends.” I didn’t often consciously think about how much it messed me up to go from interacting with a large number of people every day (working at Microsoft) to engaging with almost no one in person except [my ex] and the kids. Over seven years, there were days at Telerik, Google, and Microsoft where I didn’t utter a word for nine workday hours at a time. That’s plainly not healthy, and Twitter was one crutch I tried to use to mitigate that.

My Twitter use got worse when it became clear that [my ex] wasn’t especially interested in anything I had to say that wasn’t directly related to either us or the kids, either because our interests didn’t intersect, or because there wasn’t sufficient shared context to share a story in fewer than a few minutes. She’d ask how my day was, and interrupt if my answer was longer than a sentence or two without a big announcement. Eventually, I stopped answering if I couldn’t think of anything I expected she might find interesting. Meanwhile, ten thousand (mostly strangers) on the Internet beckoned with their likes and retweets, questions and kudos.

Now, Twitter wasn’t all just a salve for my crushing loneliness. It was a great and lightweight way to interact with the community, from discovering bugs, to sharing tips-and-tricks, to drawing traffic to blog posts or events. I argued about politics, commiserated with other blue state refugees in Texas, and learned about all sorts of things I likely never would have encountered otherwise.

Alas, Twitter has also given me plenty of opportunities to get in trouble. Over the years, I’ve been pretty open in sharing my opinions about everything, and not everyone I’ve worked for has been comfortable with that, particularly as my follower count crossed into 5 digits. Unfortunately, while the positive outcomes of my tweet community-building are hard to measure, angry PR folks are unambiguous about their negative opinions. Sometimes, it’s probably warranted (I once profanely lamented a feature that I truly believe is bad for safety and civility in the world) while other times it seems to be based on paranoid misunderstandings (e.g. I often tweet about bugs in products, and some folks wish I wouldn’t).

While my bosses have always been very careful not to suggest that I stop tweeting, at some point it becomes an IQ test and they’re surprised to see me failing it.

What’s Next?

While I nagged the Twitter team about annoying bugs that never got fixed over the years, the service was, for the most part, solid. Now, a billionaire has taken over and it’s not clear that Twitter is going to survive in anything approximating its current form. If nothing else, several people who matter a lot to me have left the service in disgust.

You can download an archive of all of your Tweets using the Twitter Settings UI. It takes a day or two to generate the archive, but after you download the huge ZIP file (3gb in my case), it’s pretty cool. There’s a quick view of your stats, and the ability to click into everything you’ve ever tweeted:

If the default features aren’t enough, the community has also built some useful tools that can do interesting things with your Twitter archive.

I’ve created an alternate account over on the Twitter-like federated service called Mastodon, but I’m not doing much with that account just yet.

Strange times.

-Eric

Update: As of November 2024, I’ve left the Nazi Bar and moved to BlueSky. Hope to see you there!

“Not Secure” Warning for IE Mode

A customer recently wrote to ask whether there was any way to suppress the red “/!\ Not Secure” warning shown in the omnibox when IE Mode loads a HTTPS site containing non-secure images:

Notably, this warning isn’t seen when the page is loaded in modern Edge mode or in Chrome, because all non-secure “optionally-blockable” resource requests are upgraded to use HTTPS. If HTTPS upgrade doesn’t work, the image is simply blocked.

The customer observed that when loading this page in the legacy Internet Explorer application, no “Not Secure” notice was shown in IE’s address bar– instead, the lock icon just silently disappeared, as if the page were served over HTTP.

Background: There are two kinds of mixed content, passive (images, css) and active (scripts). Passive mixed content is less dangerous than active: a network attacker can replace the contents of a HTTP-served image, but only impact that image. In contrast, a network attacker can replace the contents of a HTTP-served script and use that script to completely rewrite the whole page. By default, IE silently allows passive mixed content (hiding the lock) while blocking active mixed content (preserving the lock, because the non-secure download was blocked).

The customer wondered whether there was a policy they could set to prevent the red warning for passive mixed content in Edge’s IE Mode. Unfortunately, the answer is “not directly.”

IE Mode is not sensitive to the Edge policies, so only the IE Settings controlling mixed content apply in this scenario.

When the IE Mode object communicates up to the Edge host browser, the security state of the page in IEMode is represented by an enum containing just three values: Unsecure, Mixed, and Secure. Unsecure is used for HTTP, Secure is used for HTTPS, and Mixed is used whenever the page loaded with mixed content, either active or passive. As a consequence, there’s presently no way for the Edge host application to mimic the old IE behavior, because it doesn’t know whether IEMode displayed passive mixed content, or ran active mixed content.

Because both states are munged together, the code that chooses the UI warning state selects the most alarming option:

content_status |= SSLStatus::RAN_INSECURE_CONTENT;

…and that’s status is treated as a more severe problem:

SecurityLevel kDisplayedInsecureContentWarningLevel = WARNING;
SecurityLevel kRanInsecureContentLevel = DANGEROUS;

Now, even if the Edge UI code assumed the more benign DISPLAYED_INSECURE_CONTENT status, the browser would just show the same “Not secure” text in grey rather than red– the warning text would still be shown.

In terms of what a customer can do about this behavior (and assuming that they don’t want to actually secure their web content): they can change the IE Mode configuration to block the images in one of two ways:

Option #1: Change IE Zone settings to block mixed content. All mixed content is silently blocked and the lock is preserved:

Option #2: Change IE’s Advanced > Security Settings to “Block insecure images with other mixed content”, you see the lock is preserved and the IE-era notification bar is shown at the bottom of the page:

Stay secure out there!

-Eric

Microsoft Employee’s Guide to Maximizing Donations

Perhaps the most impactful perk for employees of Microsoft is that the company will match charitable donations up to a pretty high annual limit ($15K/year), and will also match volunteering time with a donation at a solid hourly rate up to that same cap.

Years ago, I volunteered at a food bank in Seattle, but since having kids I haven’t had time for regular volunteer work (perhaps this will change in the future as they get bigger) so I’ve been focusing my philanthropic efforts on donations.

I donate to a few local charities, but most of my donations are to Doctors Without Borders, an organization that does important, amazing work with frugality and an aim toward maximizing impact.

When I returned to Microsoft, I learned about an interesting method to maximize the amount of money received by the charity without the hassle of trying to send them appreciated stock directly.

It’s simple and convenient, especially if you’re already using Fidelity for your stock portfolio.

Open a “Donor Advised Fund” account at Fidelity Charitable. It’s not free, but at $100 or 0.6% a year, I think it’s worth it.
Fund that account by moving appreciated shares of stock from your portfolio into the Fidelity Charitable account. (Optionally, do this when you think the stock is at a “high”)
Select how the funds from those shares (which will be immediately sold) should be invested (you can pick a low-return bond account, or a higher-return, more volatile index fund)
Whenever you want to donate money from your fund to a charitable organization, use a simple form to “recommend a grant” to that organization from your account.
After your grant is sent, visit the Microsoft internal tool to get a match of the amount granted.

Now, if you’re like me, you might wonder why you should bother with this hassle– wouldn’t it be easier to just sell shares and donate the money? Yes, that’s easier, but there are important tax considerations.

First, if you sell appreciated stock, you’re responsible for paying taxes (hopefully at a long-term capital gains rate with the Medicare surtax, so ~18.6% for most of us) on that sale. Then you give all of the proceeds to the charity — you’ll be able to write off what the charity gets as a donation, but that donation doesn’t include what you’d already paid in taxes.

Second, with the Trump-era tax changes, the Standard Deduction for most of us is now quite high, and the Sales-and-Local-Tax-Deduction cap of $10K means that many of us will barely exceed the Standard Deduction if we donate the MS-Matching-Max of $15000/year. However, here’s where the cool trick comes into play:

The IRS grants you the tax deduction of the full value of your appreciated stock when you move that stock to the charitable account.
Microsoft matches the value of your donation when you direct a grant to a charity.

What this means is that you can be strategic in the timing of your actions. Move, say, $30000 of appreciated stock into your charitable account, avoiding taxes on your gains because you didn’t “sell” the stock. Write that full amount off on your taxes this year. Then, later in the year, direct $15000 worth of donations out of your charitable account, getting Microsoft to match your donations up to the limit. Wait until next year and grant the other $15000. (You’ll hopefully have some left over for year three due to gains on your charitable account’s investments).

In this way, you can maximize the size of your donations to charity while minimizing the overhead paid in taxes. [1]

-Eric

[1]: I am, generally, an advocate for higher taxes, and certainly for paying what you owe. However, I am fully willing to follow these steps to maximize the chances that my charitable money goes to paying to save lives in the world’s poorest countries and not to padding the pockets of yet another defense contractor.