Thursday, October 12, 2017

Visualized: Philippine Presidential Elections 2016

Visualizing data helps people to quickly find patterns and trends in the numbers. Here are statistics from the 2016 Presidential Elections.

Monday, October 9, 2017

mBot arduino navigation

The mBot is an Arduino-based rover robot. This video shows how it navigates away from obstacles using the ultrasonic sensors up front. The challenge in programming the obstacle avoidance was to find the a) best distance at which the mBot rover should stop moving and b) by how much it should reverse-drive to change course.

Make (a) too short and it will get trapped in tight spots (there's a point in the video that this happens). Make (a) too long and it will not move at all especially in smaller places. Make (b) too short and it will go nowhere. Make (b) too long and it could back up into other obstacles.

The sensors look like cylindrical eyes. They emit ultrasonic waves that bounce off obstacles. Because of this, the sensors could actually measure distance.

I verified the distance measurements using a tape measure. Not that a tape measure is very accurate, but the distance the ultrasonic sensors reported were actually quite good. I lost my notes on this one, but I will soon reactivate this robot and post the measurement experiments here.

Wednesday, April 5, 2017

Bad UX design could lead to security holes (BPI Express Case)

How bad UX design could lead to security holes (BPI Express Online Case Study)

Like most banks in the Philippines, the Bank of the Philippine Islands (BPI) is a major cause of migraine for customers. Its user experience design (UX) is badly done and the web service is unreliable. Both of these headaches lead to a third, much bigger problem: security holes. This probably explains why some BPI customers recently fell victim to phishing scams where unwitting victims divulged their passwords to a website pretending to be the BPI's online service. 

BPI's UX design problems 

Due to a badly designed user experience, the BPI website creates problems that punish the user. Forgot your password? You would have to call customer service to get a password reset. Maybe they think that this is more secure than doing the password reset online, but really, it's the same thing or even worse -- the human to whom I'm giving my details could jot down my credentials.

Let's discuss the first issue: bad UX. By this I mean not only the clunky design of its user interface that confuses users but also the general lack of empathy with the customer especially in times when the site is down.  

As I write this, the BPI website is, yet again, under maintenance. The screenshot below is the usual message that customers get when that happens (and all too frequently at that, if I may add).


There is no information on how long the maintenance will take. Should I just keep clicking the refresh button?

In the homepage, it turns out that there's an inconspicuous and cryptic message saying "Electronic Channels Upgrade Advisory":



Does the extra click I spend give me more helpful information? Nope. Check out the resulting page:

It's just telling me what I already know. At least tell me how long I should wait or when to try again. The message is as helpful as a flood warning a day after the flood has submerged the town. 

My retries produced a more problematic error message that gives away database details:


Maybe I stumbled upon a critical procedure during the maintenance. But shouldn't the BPI team be cautious about this and prevent this kind of sensitive error message to be published? 

UX design problems create security holes

The examples above are just one aspect of BPI's UX design issue. What's more problematic is that the UX design could lead to major security holes. For example, BPI requires users to change passwords once in every three months. You cannot repeat passwords so you have to create a new one every quarter. 

Can you imagine the burden of remembering a new password every three months, especially since your password cannot be a string of letters? This unreasonable policy forces people to write down their passwords -- which defeats the purpose of a strong password in the first place. 

Another consequence of frequently changing passwords is that people will forget their passwords and would have to call customer service, which leads us to another security hole. BPI does not have an online password reset service. If you forget your password, you have to call a customer representative to reset your password for you. Adding a human introduces a weakness in the security chain. Before the customer representative resets your password, you must answer security questions that force you to divulge private details to a stranger. 

In forcing users to call a human instead of offering an online password reset service, BPI probably thought it was creating tighter security. Yet this did not prevent users from giving away their passwords from a phishing scam, did it? 

Many know that UX design is important to any piece of software to improve usability. But as I explained above, UX can also lead to security problems that could be exploited by online criminals.   

The case I outlined above also shows how corporations build their security measures based on outdated assumptions. But that is for another blog which I will be writing soon. 

Saturday, March 25, 2017

Yummy Filipino Adobo

Filipino Adobo stores well and gets better as you keep it for several days. Store it in the fridge and fry/heat it up as you consume. The recipe/s below combines different recipes I've learned from friends and relatives. If you're new to cooking adobo, try the Basic Prep instructions first.  

The Kapampangan adobo recipe varies from the one I record here. When I get the time, I'll also write that one down. There are many variations of Filipino adobo, as much as there are Filipino families, I bet. The word adobo is Spanish for sauce or marinate, so don't be confuse Filipino adobo with the Mexican version.  

Got some tips? Share them in the comments below. 

Enjoy!

Yummy Filipino Adobo

Ingredients

  • 2 lbs - pork (belly and/or ribs is great, but any cut is okay)
  • 1 cup - soy sauce
  • 1 cup - white vinegar (rice vinegar is okay)
  • 4-6 pcs - bay or laurel leaves
  • 1-2 tbsp -  ground/cracked black pepper
  • 1-2 bulbs - of garlic - with cloves crushed, peeled, and sliced (the more garlic, the better)
  • 1 bulb - onion, sliced (optional, see Instructions for Tastier prep, below)

I. Basic prep

  1. Rinse pork and drain away water.
  2. Put pork in a pot and mix in the crushed sliced garlic cloves with the pork.
  3. Pour in soy sauce and vinegar.
    1. Note: If you want the sauce on the saltier side, add more soy sauce.
  4. Add black pepper.
  5. Crumple/crack the laurel/bay leaves and add them to the pot.
  6. Put in stove, bring to a boil, then lower the temp to a slow boil for 1.5 to 2 hours (the longer the cook time, the more tender the pork will be).
  7. Continue the slow boil until the meat is tender, has soaked in the sauce, and the sauce is reduced to a thicker consistency.
  8. Taste and keep cooking until you’re happy with the taste.
  9. Serve with rice.

II. Tastier prep options

Try each of the following options separately, from top to bottom or do them all at the same time. 
  1. Marinate the meat in the soy sauce-vinegar sauce for 1-3 hours before putting on the stove. This will help the meat absorb the sauce even more.
  2. When the meat is tender and has started to absorb the sauce, take it out and fry it. Drizzle some sauce with cooked garlic on the meat while frying. Meanwhile, let the sauce simmer and reduce further in the pot. When the sauce is ready, put the meat back and serve.
  3. Instead of frying the meat, try baking, broiling, or grilling it.
  4. Substitute 1 lb of chicken instead of pork. Note: chicken softens faster than pork, so you can add the chicken later. Marinate the chicken in the sauce so it absorbs the sauce (see II-1). 
  5. Fry some potato wedges (season lightly with salt and pepper) and add them to the pot when the adobo is ready.
  6. Onion - make a bed of sliced onions in the pan before adding the meat. This makes the adobo even tastier, but you’ll need to reduce the sauce even more as the onion waters down the sauce if not cooked well. To fix this, just reduce the sauce some more. The onion will dissolve and thicken the sauce. Try also putting some of the cooked onions with the meat when frying/baking. 
  7. After a few days, fry the meat with some sauce. As you fry it, pull the meat apart. This makes for some great tasting pulled pork/chicken. 



Friday, June 3, 2016

What's a fake news site?



What’s a fake news source? 

This question is important especially in the aftermath of the 2016 elections in the Philippines. What I'll discuss is a very simplistic view, just enough to frame an answer. It will not be sufficient in many ways and is just a tiny tip of the prod-user/prosumer iceberg. 

To me, a fake news site or source is a website or Facebook page -- social media in general -- that is not backed by a real news organization. Here's a simplistic and minimalist checklist, based on a traditional view of media (because this will help us form a simple definition of "fake media source"):
  1. A genuine news organization will have a trained team. 
  2. That team adheres to a vetting process. Trained writers and editors verify the info they receive from interviewees and sources. 
  3. A standard practice for verifying investigative pieces is to cite sources and cross-validate a story using a second, independent source. 
Again, that list is the bare essentials. So, halimbawa -- Get Real Philippines. Two of its biggest claims are that Marcos was the greatest president and that the youth are realizing this. 

Do they cite sources on this? Their claim that the economy was best during Marcos’s time has been debunked by so many independent sources -- by economists, historians, not just from the Philippines but abroad. 

Back to Get Real. Where’s the proof that Marcos was greatest? Get Real's claim about the youth needs statistical support. Nasaan? How do they define "a lot of youth"? Is it 80%? 51% Maybe they interviewed Bongbong Marcos. Or maybe the are citing sources controlled by Marcos in Martial Law, which is like USSR quoting Pravda to talk about their "glory" days. 

When researcher and professor Leloy Claudio asked Get Real operators to cite a peer-reviewed source, here was its response: 
"What I read in my own time is my business. What I publish via http://GetRealPhilippines.com  is all u got.” 
In short, benign0 is saying, “Hey, I can’t cite sources because I made it all up." Ergo, fake, unsubstantiated claims. 

Get Real’s response automatically cannot satisfy checklist item 3: citing and using a reputable source to cross-validate a claim. Since they failed on item 3, they most probably do not have a trained team (Item 1) that adheres to a vetting process (Item 2). No reputable news organization will fail this checklist. Otherwise they could get sued and lose credibility. 

Items 1 and 2 on our checklist speak about the credibility of a news organization, which we could also refer to as the gatekeeper function. You have a structure (the team) and a filtering function to sort out what’s true and what’s unfounded (vetting system). 

Let me emphasize again the importance of a trained team in a well-oiled organization. Trained -- because being a reporter and editor is not a joke. In the age of free blogs and Facebook, people think it’s easy to publish a story. That's a disadvantage of the social media explosion. People most of the time cannot distinguish opinion from evidence-based journalism. It's alarming how Filipinos are now using this ignorance to further erode media -- a freedom we won back after we kicked out Marcos. Andrew Keen warned about the rise of amateurs in blogging. I think he was worried about the erosion of the gatekeeper function of media. If you erode this, you erode an important component of the check and balances in society. Again, that's for a different story.

Let's go back to fake news sources. The second part of a credible news source is you have to have a trained team. In a blog, you write something and that’s it. In a credible news organization, you write something, cross-check the story, and submit to the editor. Your editor makes sure the sources are cited and credible, and the claims are backed by research. If you could do all these functions by yourself, it’s still not enough — you may have personal biases coming out. So you still need at least one other person — an editor — to make sure it’s a fair and balanced reportage. 

Back to identity. Name an established news organization now and we know its owners: ABS-CBN, TV5, Inquirer, GMA, Rappler. Even if you did not know them offhand, you could do a bit of digging to find out. The information is available. Knowing the owners helps us understand the limits of the organization and the agenda that we should expect from the business behind the news organization. (Note that I am not even saying that a real news organization should be free from bias. News objectivity has long been debunked even in journ schools. What’s really important is provenance and veracity of the stories you are publishing. But that’s another story.)

When Amazon owner Jeff Bezos bought The Washington Post, his purchase was highly publicized and Bezos took lots of effort to reassure the public and Washington Post staff that he will not intervene with the current editorial policy. This helped the paper maintain its credibility to its readers. 

Now let's ask: who is behind Get Real? It’s pretty hard to find out. The “About Us” page, and I urge you to read it (for one, it uses a blog post from Manolo Quezon as endorsement) -- the "About Us" page says it was founded by benign0 — no real name. The Twitter account’s profile picture is a blurry image of someone who looks like Jimi Hendrix. Some say he came out as some guy from Australia (the domain name is registered to someone in Arizona, USA). But that information is not in its About Us page.  


Anonymity is good if you’re a fictionalist, but not if you claim to be a real source of news. That’s just irresponsibility.

So okay, let's be kind to Get Real and not call them a fake site, despite their name. At best, they have user contributed opinions, managed by an anonymous entity hiding behind a username.

---
Postscript. Further pursuits:

Again, this is a simplistic view. There are nuances in between that are still being debated by experts (of which I am not one).

  • For example, some will argue that the owners of the media organizations I named above represent the oligarchy. I agree with that view, but that is for another story.
  • Vulnerability of the model I described: in the US, the Koch brothers set up a seemingly legit news agency which started feeding national news releases that were clearly written to protect the interests of their business empire. These news releases eventually found their way in legitimate publications and broadcasting companies. 
  • In the early days of blogging and Wikipedia, news organizations imposed policies not to cite blogs or Wikipedia. As reporters started put up their own blogs, the corporate policies later included some guidelines for their reporters. What emerged was that all official, verifiable information got published, while blogs could contain longer interview transcripts and supplemental material.  
  • Which brings us to a gray area: If a bunch of my friends who used to work for mainstream media decided to put a team blog that also aggregated news from legitimate news sources, are we a genuine news source? Huffington Post started as a commentary blog and news aggregator but seems to be emerging as a recognized news source. 

Thursday, October 22, 2015

Pancake Bot draws stuff using pancake dough, then cooks it

Another popular, fun exhibit at the World Maker Faire 2015 was this robot that draws figures using pancake dough. It's drawing board is a hot surface, ergo, the output is pancakes.

Watch the video below. Listen out for references to MC Escher and tessellated turtles.


#WMF15 #makerfaire

Sunday, October 11, 2015

Kit Rex: a cheap, cardboard dinosaur costume kit

Kids and adults love Kit Rex -- a dinosaur costume made out of cardboard. The makers of the costume say it started as a school project which generated lots of interest.

It was one of the most popular booths in the World Maker Faire and you'll see why in this video (below). Now it's got its own Kickstarter campaign.



‪#‎WMF15‬ ‪#‎makerfaire‬


Visualized: Philippine Presidential Elections 2016

Visualizing data helps people to quickly find patterns and trends in the numbers. Here are statistics from the 2016 Presidential Elections. ...