Month: August 2013

[Benjamin Plackett][1]:

> If a quantum communiqué has changes in the slightest, it’s a telltale sign that the line has been tapped and someone who shouldn’t be is listening in. In other words, the delicate nature of a qubit allows it to act as a highly sensitive and sophisticated detector of security breaches.

That’s almost comical in a sense. At this point it seems like every U.S. communiqué would come back as “tapped”. Then again, I don’t think the NSA would be able to actually get any of the information with this level of technology — so suck on that NSA.

[1]: http://www.theconnectivist.com/2013/05/declassified-the-governments-quantum-internet/

Speaking of Shawn Blanc [he released a new ebook][1] which is all about designing details — it’s a spin-off (if you will) of a series he did for his members only podcast about the same topic.

I haven’t read the entire book yet (it takes me months to read books), but here’s a line that I really love:

> A simple, well-written application that delights is far better than a feature-rich one that overwhelms.

A lot of people ask me for the secret to getting a blogger “like me” to write about their apps. I tell them there is no secret, just make an app that I like. Of course, that’s just a bullshit answer so that I can get back to whatever I was doing, but Shawn dives deep into that subject.

> Rather, the focus is on addressing the finest goal a person in our industry can have: to create substantive work that delights and excites our audience.

*Disclaimer: Shawn is a friend, but you knew that.*

[1]: http://shawnblanc.net/thedetails/

[An all new plugin from Jonathan Christopher called SearchWP was just launched today][1]. I had the good fortune of getting a copy of this plugin from Jonathan yesterday afternoon, and I promptly installed the plugin (and shifted the live search results to it).

There’s a lot of really great things about SearchWP that make it a no-brainer for any WordPress user that loves their readers, not the least of which are:

1. You can weight the results based on how *you* want to weight them. If you want to match titles above all else, you can. Your slug above all else? Done.
2. You can exclude categories from the search. Which for me means I can exclude *all* of those old sponsor posts from showing up — I cannot tell you how much I love that. (I urge people to do the same on their sites.)
3. The search results stay on *your* site. I previously went with DuckDuckGo because it was the best solution at the time, but over the last few months I have noticed DuckDuckGo “missing” some of my posts when I am searching. This is not good, especially when you are directing traffic out of your site in hopes they come back.
4. Keyword stemming is an option, so that searches like `backpack`, `backpacks`, and `backpacking` returns the same results. I love that, it’s just a little nicety that is user friendly.

I still have tweaking to do with how the search results are displayed on this site, but this is a fantastic plugin. There’s even an extension (I have it installed) to add the Boolean minus attribute. So you could search `Shawn -Blanc` and find every instance that I reference “Shawn”, but not “Blanc”. Just compare the search for `Shawn Blanc` ([here][2]) and `Shawn -Blanc` (again, [here][3]).

The one thing I have been trying to do since I launched the paywall is to make this site better *for* the readers of the site. I believe SearchWP does just that because it’s weighted how I know it needs to be weighted, keeps you on the site that you want to search, and is *more* user friendly.

Amazingly, SearchWP is only $24.99 for a single site license *and* you get support, *and* you get extensions. There’s a lot of WordPress plugins for sale, but you typically don’t get a lick of support. [Go buy it][4], [install it][5], [love your readers][6].

[1]: https://searchwp.com/
[2]: https://brooksreview.net/?s=Shawn+Blanc
[3]: https://brooksreview.net/?s=Shawn+-Blanc
[4]: https://searchwp.com/buy/
[5]: https://searchwp.com/docs/
[6]: http://bukk.it/carlton.gif

[Paul Rosenzweig has a fantastic article][1] about the different types of encryption and what each means from a legal standpoint. There are a lot of services that will tell you your data *is* encrypted, but if the service is still holding the keys to that encryption then your data *may* not be encrypted from legal bodies who could compel that service provider to turn over your encryption keys.

I think this is of utmost importance to understand right now. Far too many people, not only don’t understand the difference, but they are misled by marketing bullshit on “cloud” service providers websites when they refer to encryption. At the end of it all, right now, the only stuff that is truly encrypted are the things that are also a big pain in the ass to use. ((As a rule of thumb.))

[1]: http://www.lawfareblog.com/2013/08/encryption-keys-and-surveillance-2/

I’ve mentioned a few times now that I use the Digg app on the iPhone pretty regularly. I like that I can browse some articles that are typically interesting, and send those articles to Instapaper with a swipe… Well actually send them with one of half-a-dozen swipes. You see, my iPhone with iOS 7 on it, apparently hates the Digg app (or the other way around). ((Could be fallout from the Digg podcast’s terribleness.))

[Here’s what happens with the latest Digg app running on iOS 7](https://vimeo.com/71755406):

Let’s be clear: I place zero blame on Digg, Apple, or the developers of either for those swiping issues. *I* am running beta software, and I included Digg not to chastise them, but to talk about a larger point: interaction matters.

While the fact that I cannot reliably swipe the table off the screen to see the hidden actions is incredibly annoying, almost more annoying is how small the tap zone is for Instapaper. Yes, I hit the icon 9 times out of 10, but given the fact that it takes me a maddening amount of swipes to get to that view, if I miss that tap even once — I am so pissed I almost throw my phone.

## My Point

My point isn’t that developers should support beta software — I don’t care about that. My point is that if you require a gesture to reveal a tap zone(s), then make sure that the tap zone(s) are easy to, uh, *tap*. Having to repeat a gesture once is annoying enough, having to repeat it because you missed a tap is downright maddening.

That is all.

*(Side note: I didn’t realize what that Ke$$$$Ha article was about until I watched the video — it’s rather fitting.)*

[Pete Yost for the Boston Globe][1]:

> For the first time, NSA Deputy Director John C. Inglis disclosed that the agency sometimes conducts what is known as three-hop analysis. That means the government can look at the phone data of a suspected terrorist, plus the data of all of the contacts, then all of those people’s contacts, and all of those people’s contacts.

> If the average person calls 40 unique people, three-hop analysis could allow the government to mine the records of 2.5 million Americans when investigating one suspected terrorist.

I was [looking for these numbers][2] a while back, and I finally found the article I was thinking of.

[Here’s Sean Gallagher for Ars Technica][3]:

> The Internet has blown the level of interconnectedness though the proverbial roof—we now have e-mail, social media, and instant message interactions with people we’ll never meet in real life and in places we’ll never go. A 2007[ study][4] by Carnegie Mellon University machine learning researcher Jure Leskovec and Microsoft Research’s Eric Horvitz found that the average number of hops between any two arbitrary Microsoft Messenger users, based on interaction, was 6.6. And a [study of Twitter feeds published in 2011][5] found the average degree of separation between random Twitter users to be only 3.43.

Three hops is essentially *everyone* when your “suspected terrorist” pool parameters are essentially anyone who Googles the wrong thing from a non-US computer. Two hops is a lot of people, three hops is basically anyone — that’s how a “Foreign Intelligence Surveillance Court” authorizes *domestic* spying. If FISC rules that it *is* constitutional to spy on these enemies, **and** to follow those that they are spying on through three hops of communication, then FISC (which authorizes foreign spying) has essentially authorized domestic spying.

And this is the problem with only one side presenting information to the court — we can’t be sure that FISC judges were presented the right math. Maybe they thought it effected hundreds of thousands of Americans, not hundreds of million Americans. Maybe, or maybe they don’t care, shouldn’t we be allowed to know one way or the other?

[1]: http://www.bostonglobe.com/news/nation/2013/07/17/nsa-spying-under-fire-you-got-problem/Ev73I1XwPYtvD2WFZ6idGK/story.html
[2]: https://brooksreview.net/2013/07/three-hops/
[3]: Sean%20Gallagher
[4]: http://arxiv.org/pdf/0803.0939v1.pdf
[5]: http://www.aaai.org/ocs/index.php/SOCS/SOCS11/paper/viewFile/4031/4352

[Steven Aquino, in a post with Josh Centers, about the Solarized color theme (with a Nitti Light font equivalent)][1]:

> After using this setup for the last couple weeks, I can say with confidence that the combination of Cousine and Solarized Light is great for writing. More importantly, as a visually impaired person, I find the combination to be extremely comfortable for my eyes. Between Cousine’s clean design and the contrast of the background, I’m experiencing considerably less eye strain than normal.

I love this setup: Ulysses III + Solarized + Nitti Light. I’ve been using it since the moment I had my hands on the Ulysses III beta, and it’s fantastic. I have a few things to add to their post.

First, you can get [Cousine][2] from a non-Google source for free, but I haven’t used the font before so that’s about all I know about it.

Secondly, your font size is almost as important as the font itself. I just checked and Ulysses III is showing that I have Nitti Light selected as my font at about 16.9 points, with a 1.6 line height. I’ve been using that for quite a while and it’s the sizing that seems most comfortable to me — just don’t feel bad making the font bigger, or smaller, if you need it to be.

Lastly, Ulysses III has a bug that I have found with Nitti light. Specifically it seems that selecting the body font as a light weight instead of a normal weight screws with the syntax highlighting a bit. Where light is the body weight and bold becomes the highlighted weight — when I personally feel setting your font to a light weight should make the normal weight the highlighted weight. I don’t know if this is a fix that is coming down the line or not, and for some this might drive them crazy.

*[Ulysses III][3] is $39, and worth every penny — [Nitti Light][4] is (roughly) $78 and is also worth every penny (I bought the whole suite).*

[1]: http://tidbits.com/article/13966
[2]: http://www.fontsquirrel.com/fonts/cousine
[3]: http://www.ulyssesapp.com
[4]: http://www.boldmonday.com/en/nitti

[Good post from Sean Gallagher at Ars Technica,][1] he noticed a few of the things that I thought were surprisingly unreported about XKEYSCORE. Basically the tool can tell you available systems to be hacked, find who was using encrypted VPN sessions, and grab other encrypted items for later decryption. Yikes.

*Side Note: I cannot help but be impressed by how robust these systems are. Truly stuff of the movies, actually more powerful than many movies had imagined.*

[1]: http://arstechnica.com/tech-policy/2013/08/nsas-internet-taps-can-find-systems-to-hack-track-vpns-and-word-docs/

A new document collaboration app is out, called [Quip][1]. It’s an iOS app, and a [web service][2] that gives you a rich-text editor and allows you to not only work on a file with groups, but to comment and see the changes. It’s a lot like [Editorially][3], but seems less writing focused, and more business focused. I downloaded it and started playing immediately, because just this week we ran into a collaboration problem in our office.

The problem we had is that one person used Word with Track Changes to send a document for review and Person 2 made changes and sent it back. Then this time sensitive document sat there, because Person 3 (me) and Person 2 were out of the office and couldn’t see the tracked changes on their iPhones (yes, Pages, but PAGES) and so it was forgotten in email inboxes that were constrained by iPhones and travel. This was annoying, and led to a slowdown in our speed to get documents out, etc, as a business.

Quip seems great for handling that very scenario for two reasons:

1. It has iOS apps.
2. It eliminates email.

Everything else is what you get out of Word and track changes (mostly, but for basic needs is what we are talking). *BUT*, there’s one big gotcha: you can only export to PDF. How stupid is that? *Pretty stupid.*

Christine Chan also has a [nice writeup over at App Advice][4].

[1]: https://itunes.apple.com/US/app/id647922896?mt=8&ign-mpt=uo%3D4
[2]: http://quip.com
[3]: https://editorially.com
[4]: http://appadvice.com/review/quickadvice-quip

Ellis Hamburger over at *The Verge* (no link, it’s The Verge) has a post defending the practice of creating a wait list for new apps (think Mailbox). Hamburger linked to [an old post of mine][1] in order to point out that my solution doesn’t work in practice:

> Even with a thousand servers, one user’s actions can gum up the works. “It’s a complicated system with lots of moving parts,” Underwood says. “We can test each of the pipes between them but we won’t know until we scale it if everything can handle the load.

Me, back in March:

> You know what all these bullshit wait list apps have in common? They are *free*.

The thing is, I don’t know much about scaling apps like this. So, I did what people like Hamburger should do, I asked around to people with experience scaling some large systems — but I asked people I knew who had successfully scaled without a wait list. ((Instead of only ones with a wait list like Hamburger did, I should have asked wait list developers too, but Hamburger has that Press Release, I mean article, already written for you.)) When I sent them the link to Hamburger’s “post” the responses ranged from:

– Yeah, that *can* be a problem. (This dev clearly didn’t want to get involved.)
– That’s bullshit.
– Was he paid to write this for these devs?

All I then asked is if you threw money at the problem, could you make it go away. I don’t just mean by adding more engineers, but by adding more people: the consensus was that you could lessen disruption, but probably not stop it completely.

So there seems to be a few ways to handle scaling your service/app:

1. Do what you can. Allow the flood of users and do what you can to manage downtime. This is the worst option.
2. Wait list. Allows people to roll in slowly to manage the growth and complaints if the service does go down.
3. Allow everyone in, hire a massive team with a massive amount of servers — this is unlikely.
4. Charge a reasonable price, which will slow growth, use those funds to [grow the service as the service can afford to grow][2]. If a deluge of users come in, then you are in boat number 3.

You know which option I prefer, but it looks like Hamburger would rather tell you that the *only* option is number two — and his argument doesn’t seem to reflect the reality (why not grab some developers who have successfully scaled, why only one side? Oh yeah, *The Verge*).

The best way to get rid of this wait listing bullshit is to ignore every app that comes out using it. That’s what I am going to do and I hope you do too.

[1]: https://brooksreview.net/2013/03/if-i-wanted-a-wait-list-i-would-get-in-line-for-your-mom/
[2]: https://pinboard.in/about/

I almost feel like summing up the capabilities of the NSA as: “Watch Fox’s TV Show *24*, watch what Chloe does and how fast she does it. Apply that to real life, update it for modern communication methods, speed it up ten times, and make it look like a Google search. That’s what the NSA can do, *right* now.”

We don’t know the whole truth about the NSA’s capabilities, but we *do* know that there’s a massive lack of oversight and control. *Something* is really fucked up.

It’s always been laughable, as a nerd, how fast characters in TV shows “hack” into systems and get all the information they need. Now it looks like the joke was on *us*, because *we* thought any hacking was required. Just flag, store and correlate every bit that passes through a network and you don’t need to hack into servers because you already know everything going into *and* out of the them. In today’s world of “cloud” services, that means you essentially know everything, about anyone, whenever you want.

I’m not writing this to scare you, though you should be worried, what’s more interesting is where we go from here. [Protests are great][1], but you can’t change something without offering an effective alternative solution.

Perhaps the craziest part of XKEYSCORE (logo notwithstanding) is that the NSA doesn’t even [deny its capabilities][2], instead they just focus on the ethics of the tool and training of NSA users. It’s real, it does what was leaked — the only issue up for debate is whether there are proper checks and balances in place. How is this not the *only* story.

[1]: http://1984day.com
[2]: http://www.nsa.gov/public_info/press_room/2013/30_July_2013.shtml?utm_medium=App.net&utm_source=PourOver

[Google’s partnership with Starbucks][1], as described by Kevin Lo on the Google Blog:

> That’s why we’re teaming up with Starbucks to bring faster, free WiFi connections to all 7,000 company-operated Starbucks stores in the United States over the next 18 months. When your local Starbucks WiFi network goes Google, you’ll be able to surf the web at speeds up to 10x faster than before. If you’re in a Google Fiber city, we’re hoping to get you a connection that’s up to 100x faster.

Free WiFi. Hosted — and likely, in part, paid for — by Google at 7,000+ locations in the US. That’s a staggering thought. All your Frappuccino®-fueled internet browsing behavior is now passing through the NSA *and* Google. Who do you trust more with your data? Which has the more palatable mission: fighting crime, or making money?

For all the wrongs the NSA is perpetrating, they’re not doing this to profit financially. NSA contractors are doing it for a profit, but NSA contractors aren’t using your data for profit, they are using the fact that they can create tools to collect your data for profit. Google though? As far as I know, Google doesn’t fight crime: They make money — lots of money — with your data, now siphoned away as you sip your quadruple-shot dissolved sugar, all without you knowing.

Perhaps you think I’m overreacting, and that Google won’t collect a thing because they’re moral, but to that I would ask: Why would they offer free WiFi to begin with?

[1]: http://googleblog.blogspot.com/2013/07/starbucks-wifi-goes-google.html