The sad truth about technology writers (sleep-tracking edition)

For an article in the New York Times, technology writer Brian X. Chen wore a sleep-tracker for a couple of weeks. He reports:

Ultimately, the technology did not help me sleep more. It didn’t reveal anything that I didn’t already know, which is that I average about five and a half hours of slumber a night. And the data did not help me answer what I should do about my particular sleep problems. In fact, I’ve felt grumpier since I started these tests.

Source: The Sad Truth About Sleep-Tracking Devices and Apps

Breaking news: Looking at your power bill every month does not cut your electricity consumption! Checking your speedometer does not slow down your car! Tracking your spending does not make you rich!

I’ve been using a sleep tracker (the Oura ring) since December. Neither wearing the ring nor checking the reports I get has increased the amount of sleep I got. However, I have learned a lot about how to get more and better sleep.

Probably the most useful thing I’ve learned is that the standard advice that you should have supper at least three hours before bedtime isn’t sufficient for me: I sleep much better if I finish supper at least four hours before I lie down to go to sleep.

That’s actually a specific example of my larger point: A sleep tracker makes it easy to run little experiments and quickly see the results.

My intuition as to whether I got a good night’s sleep is an excellent guide (as I suspect it is for most people). But even a good intuition isn’t always enough to run a good experiment, and this is an example of that. Although the Oura ring’s report isn’t better than my own intuition, it provided some specific information that led me to that particular insight: On days when I had a late supper, my sleep quality was quite poor for the first couple hours of sleep, a pattern that I didn’t see on days when I had an early supper.

I’ve used it to run other experiments. For example, it appears that I get more deep sleep on days when I have only one drink than on days when I have two. (This is very sad news, and will have to be confirmed by many more experiments before I use it to modify my behavior—but at least I can run the experiments.)

After a rough patch last fall (which is what prompted me to order the Oura ring), I’m actually sleeping pretty well now, so I’m not aggressively running new experiments to try and improve my sleep. I am, however, paying attention when a natural experiment presents itself. For example, we generally sleep with the windows open all summer. Over the next two nights that will probably produce sleeping temperatures in the 70s, whereas over following several nights I’ll get to enjoy sleeping temperatures in the 60s. I know from experience that the cooler temperatures will produce better sleep, but the Oura ring will give me detailed metrics that will let me investigate if there’s an optimal temperature—information that may be very useful in the winter for deciding how to adjust the thermostat.

That’s the value of the ring for me: It lets me run experiments of specific sleep interventions, and gives me results that are more fine-grained than just a general sense as to whether I slept well or not.

Here’s one more natural experiment. I observed decades ago that I need more sleep in the winter than I do in the summer. I can now put a couple of numbers on that.

Here’s my total sleep each day in January and February this year. The report from the Oura ring lets me see that I averaged 7 h 50 min of sleep each night:

Here’s my total sleep each day from June 1st through last night. I can see that I averaged 7 h 03 min of sleep each night:

I’ve perceived each period as being roughly equally good in terms of getting “enough” sleep, so I’m inclined to think of the 47 minute decrease in sleep as being a decrease in the amount of sleep I need when the days are long and sunny and I’m getting plenty of fresh air and exposure to nature. In the winter I need darn near 8 hours of sleep per night. In the summer I can get by fine on just over 7.

That information doesn’t make me sleep better, but it’s still useful (even if it just confirms something I’ve known for a long time).

In other breaking news recently published in the science journal “Duh!”: Stepping on the bathroom scale every morning neither increases your muscle mass nor reduces your fat mass!

Running my own server again

A year and a half ago, my brother gave me a Raspberry Pi 3 as a birthday present, suggesting that I should use it to run my own server.

I used to run my own server. A friend who liked to build such things had built it. It had two ethernet ports, one connected to my cable modem and the other connected to my WiFi router, and it was running OpenBSD (then the most secure OS easily available) and was configured to serve as a firewall.

I used it as a server in other ways. I put an extra disk drive (40 GB!) in it where I could store files that I might want to access from elsewhere. (In particular, when I went to Clarion I copied my latest draft of my current story there each evening, in case of catastrophic computer failure.)

It didn’t require much upkeep, but it required more than none—which turned out to be more than I wanted to devote to it. At some point a serious security flaw was discovered in the OpenBSD release I was running. By then most desktop machines had built-in firewalls as did most routers, and I had Time Machine as a backup solution. It seemed safe to give up my server, and easier than updating it.

In the years since then, the use of cloud services has become ubiquitous, to the point that practically everything I do ends up in the cloud—my photos go to both Flickr and Google. I also use Dropbox (where I have Scrivener stash a backup copy of everything I’m writing) and I stash some amount of my music at both Google and at Amazon.

That’s all great—those services are well backed-up, and the servers are very likely running the latest security patches—but I really like the idea of having my own data on my own machines. But I want that without giving up the advantages of having my data in the cloud. Hence wanting to have my own server.

All that as prequel to my brother coming to visit this past week, and helping me get my Raspberry Pi server up and running.

Once the basic install of Raspbian was up and running, I went ahead and ordered a bit of hardware for it. I got a short ethernet cable to connect it to my router, so that it doesn’t have to do WiFi for basic connectivity (although WiFi and Bluetooth are built in). I also got a slightly more powerful USB power supply for it, mainly because I also got a portable USB hard drive that takes its power from the USB port, meaning that the power needs to be available to the Raspberry Pi. Finally, I got a case for it, so that I don’t just have a naked circuit board sitting on my dresser.

This time the hard drive is 1 TB rather than 40 GB.

For cloud functionality I’m following my brother’s example and running syncthing, which has the advantage of being able to handle being behind a NAT and not having a port exposed to the outside world. I’m running it on my Android phone as well and sharing my photos with a third place: my server. The server then shares them with my desktop machine, so they’re available to use. (That’s how I got the photo above: Taken with the phone and then transferred to the desktop within about a minute.)

I’m still sorting out my sharing strategy. I don’t want to share my whole Music folder with my phone, because it would use all the space there. (I’ll probably end up making a folder with an “essential subset” of my music to share with the phone.) I don’t think I want to share my whole Documents folder on my desktop machine, but I’m not sure yet. For the time being I’m sharing a folder I call “Active writing” with the files I’m currently working on, on the desktop, the server, and my laptop. That way they’ll be available wherever I want to work on them.

Other things are tougher. I’d like to have my own calendar server, but that doesn’t seem easy. I should go back to my post on the google-free option and see what else I was thinking about that I might now be able to implement.

For now, though, I’m pretty happy.

My previous server was rack mount width and maybe four or five inches tall, about the size of a stereo component. This one is maybe 3 inches by 5 inches, rather smaller than the hard drive it’s sitting on.

Facebook now supports PGP email!

In an interesting post (with the tediously link-baity headline “Facebook just made a move that will infuriate law enforcement”), Business Insider reports that Facebook will now let you add your PGP public key to your profile, and that Facebook can be configured to use that key when they send you email.

This has the potential to make Facebook much more secure: The email to reset your password will be encrypted with your public key, potentially defeating the standard attack on a social media account (hijacking an email address and then getting the site to send that address a password reset message). As long as your private key stays under your control, the attacker can’t get at the password reset URL, even if they can get at your email.

As a bonus, any email alerts from Facebook remain somewhat private. (Not that I’d share anything I wanted kept private with Facebook, or expect that anything anyone else shared with Facebook would remain private—but keeping the contents of my email private seems worth doing just for its own sake.)

Of course, as Facebook warns you, if you lose your private key and access to Facebook at the same time, you may well be completely screwed.

I think it’s a risk worth taking, and have already added my PGP key to my Facebook profile.

Thinking again about my own server

Student-built supercomputer at the National Petascale Computing Facility
Student-built supercomputer at the National Petascale Computing Facility

I ran my own server for a while. It was an OpenBSD box running on a cheap 386 board in a re-purposed PC case with an extra ethernet card. It sat between my cable modem and my home network and acted as a firewall. It also provided a few services to me in the outside world. In particular, it ran a little program for tunneling ssh traffic through the http hole in the corporate firewall, so I could get into my home network from work. (It was not, let me be clear, the supercomputer shown in the image to the right.)

I turned it off several years ago. Desktop computers got more secure, so the firewall was no longer necessary. I quit working at a regular job, so I didn’t need to tunnel my ssh traffic any more. But the main thing was that external firms started providing the sort of services that had previously made it seem worth going to the trouble of running your own server.

I use a bunch of those services. I share photos at Flickr. I host this website at Dreamhost. I post things on Facebook, Google+, and Twitter. I read RSS feeds using The Old Reader (and share things there as well).

I’d previously thought that it would be best to have my own server for all these things—in particular sharing stuff I wanted to share—my writing, my pictures, my calendar items, etc. But the commercial services were better than what I’d have had if I ran my own server. Flickr provides a much better gallery than I’d have managed to put up, if I’d had to host my own. (The idea of serving—and owning—your own data was the impulse behind Diaspora as well, of course.)

Just lately, though—especially since Google announced that they were shutting down Google Reader—I’ve begun to rethink things.

If I ran my own server, I wouldn’t have to worry that some giant company would abruptly decide that providing some service I was using “no longer aligned with corporate priorities.”

I’m not in any hurry to move from this new thinking to actually running my own server again. For one thing, it wouldn’t make any sense to try to run a public-facing server at home over a consumer-grade home network link. (Although maybe one of the higher-grade packages through UC2B would be good enough.) But I am thinking about it. I don’t like any of the calendar services out there; maybe running my own calendar service, just for me and my family, would be just the thing.

In any case, running a server would be a lot easier now than it was back when I did it before. The hardware is cheaper and faster. The software is more reliable and easier to use. Before, I had to painstakingly build everything. Now I could just do a quick install on a Raspberry Pi, maybe with Freedom Box software.

I’ve always known that with “free” corporate services I’m not a client; I’m a commodity being pimped out to advertisers and others. I’ve tolerated it, because the “free” services are often pretty good—better than I could manage if I had to roll my own. But it’s always bugged me. Now, between the hardware and software for rolling my own getting cheaper and better, and the increased visibility of the consequences of going with free services that get can get turned off on corporate whim, maybe I’ll get it together to make the jump to my own server once again.

The Google-free option

Zen Habits has a fresh post up on becoming Google-free. It’s a pretty good look at the key resources that Google provides—Gmail, Google Docs, Google Reader, Google Calendar, Picasa, etc.—and for each one provides Leo’s choice for a replacement, along with mentioning a few other alternatives.

On the one hand, this is just the sort of thing I’m a bit too prone to worry about. For me, security, privacy, and reliability are right up there with functionality. On the other hand, it had scarcely crossed my mind that I’m so reliant on Google that becoming Google-free was an important issue. So, seeing Leo’s article prompted me to give it some thought.

To me, the more fundamental issue is choosing to keep your data on your own hardware or to keep it in the cloud.

It used to be that the cloud was a loser on all four issues (security, privacy, reliability, functionality). In just the past few years, the cloud has made great strides in the latter two. I haven’t seen a careful analysis, but my sense now is that the cloud is about as reliable as your own hardware, albeit with different failure modes (less chance of a bad disk drive losing a bunch of data, more chance of the provider deprecating the tool or simply going bust). Functionality is a different kind of question—all you care about is whether the tool provides the functionality you need—but my sense again is that tools like Google Docs do fine at providing the most important functionality.

On issues of security and privacy, though, it seems to me that the cloud can never win. Well, maybe in one narrow sense: Servers in the cloud can be professionally managed with security in mind, so there’s a better chance that security patches will be applied promptly and less chance that they’ll be configured in an insecure way out of carelessness or ignorance. Except for that, though, all the cloud can offer is an unenforceable promise of security and privacy—and it rarely offers even that.

Because of that, I’ve always ended up choosing to keep mission-critical work on my own hardware. I use various cloud services, but they’re all in some way either publishing or else secondary.

Where what I’m doing is publishing (such as this blog, my account on Flickrmy account on Twitter, and so on), the privacy issues are moot—I’m explicitly making the stuff public. I still care about security, but my security interests are closely aligned with the provider’s security interests, so I feel reasonably comfortable relying on the provider to get security right.

All my uses of cloud-provided tools are non-critical. I have a Gmail account, but it’s a backup account for use when my main email account is unavailable for some reason. I have a Google Docs account, but I only use it occasionally to view a Word document or make a graph with the spreadsheet facility. I don’t use Google Calendar (I use iCal). The one Google tool that I’d really miss if it disappeared is Google Reader which I use every day, but even losing that wouldn’t be a catastrophe. I could go back to reading blogs on the websites themselves (!) until I picked out a new RSS feed reader. My latest backup of my subscriptions was really old (I just now grabbed a current one), but I’d be able to recreate the important ones easily enough.

The upshot is that going Google-free seems to be a non-issue to me. I could do it in five minutes and scarcely feel the loss. I’m glad to have been prompted to think about it, though.