Year: 2013

[Khoi Vinh looking at an Instagram shot of his in the square crop, and how he would have cropped it for portrait][1]:

> I’m not arguing that Instagram should allow portrait images. I’m just saying the world is more interesting than just squares.

There’s a lot that is great about the square crop, but it’s also not a very useable image crop. You rarely see frames for square crops, and your displays are rectangular. In my house I can often be heard, rather rudely, barking at people: “why don’t you shoot that picture/video in an *useable* orientation.” Meaning: stop shooting video in portrait and stop taking group photos in portrait. I try to shoot 95% of all my photos in landscape, with only an odd few in portrait.

I simply find that every time I take a good shot in portrait, there isn’t much I can do with that shot that I actually want to do with it. It’s doubly annoying for square images. They can look great, but then what the hell do I do with a square image? It looks great on my iPhone screen, but outside of that it just looks like: where did the rest of the picture go?

[1]: http://www.subtraction.com/2013/08/26/square-v.-portrait

[Bruce Schneier, in **2010**, for CNN][1]:

> In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

This was written before we knew about 90% of the NSA dragnet, Yet here is [Google’s statement, from CEO Larry Page, on PRISM (circa 6/2013)][2]:

> First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.

Perhaps Page needs to clarify that just the Chinese have direct access to that backdoor? ((By the way, why are you still using Gmail?))

[1]: http://edition.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html
[2]: http://googleblog.blogspot.com/2013/06/what.html

[Dan Goodin on the coming iOS secure texting app, TextSecure][1]:

> Moxie Marlinspike, the pseudonymous security researcher, cryptographer, and developer of the TextSecure and RedPhone privacy apps for Android, has devised a simple trick that iPhones can use to respond to another phone’s key requests even when the app is inactive. The technique relies on “prekeys” that are generated and sent to a server when TextSecure is first registered. When a separate TextSecure user wants to send a message, he’ll no longer have to wait for the other party to respond with her key. Instead the sender will be able to download her prekey and so the ephemeral key can be generated right away.

I read about this a few days ago, but was holding off posting to see if anyone would shoot holes in this method. I have yet to see anyone complaining about it enough to warrant suspicion, but there are a couple things I really don’t like here:

1. “the pseudonymous security researcher” — that doesn’t make me feel all warm and fuzzy about the developer, let alone trust this person.
2. From what I can tell your pregenerated keys sit on a remote server, are then fetched, and used to pair and encrypt the message. This is a neat trick, but my fear is that your keys could be compromised *before* you even get the message. So yes, it would be hard to *go back* and decrypt your old messages, but if the server that holds the keys is compromised then all of your new messages could be decrypted in real time (I would assume) and thus you need to trust the server your keys are on. Which brings me back to point one.

I regularly use Silent Circle and Wickr. Wickr is an odd beast that I have talked about before and the security of it is questionable due to the same server issue. I’ll take you back to [this post][2] where Matthew Green looks through secure messaging apps.

Green can’t even weigh in on Wickr, which is concerning. He is in awe of the code for TextSecure (I wasn’t using the pre-key method at the time of Green’s writing), and as for Silent Circle they have been independently audited at a code level and nothing sounds any alarms. TextSecure seems to actually be secure.

I personally think the best bet is Silent Circle for these reasons:

1. They shut down their email service preemptively instead of having any of their users privacy violated — they did so on the notion that they may be forced to turn over everything instead of waiting to be forced into it.
2. I know who they are (not personally). Using your real names, establishing a real company, and showing your credentials goes a long way to establish trust with me.
3. They claim the message key are stored on the device, never leave the device and are not on any servers.

For those reasons I am sticking with Silent Circle to talk to, uh, myself with — man I wish more people took this seriously enough to get accounts on these services. Ultimately, I think TextSecure will stand a good chance because it will be free and secure-ish.

[1]: http://arstechnica.com/security/2013/08/in-surveillance-era-clever-trick-enhances-secrecy-of-iphone-text-messages/
[2]: http://blog.cryptographyengineering.com/2013/03/here-come-encryption-apps.html?m=1

Dave Winer (no link because I refuse to link to sexist douchebags):

> Now, I’m sure there is sexism, probably a lot of sexism. But I also think there’s something about programming that makes many women not want to do it. Here’s a theory why that might be.

That last line? He went back and struck it, as in strike-through, but even without the last line that’s a pretty fucking sexist comment. There’s been a lot of responses. So many comments that Winer has been deleting comments on his blog (many with merit) and writing piece after piece trying to win back credibility, or something, trying to convince himself he is a good guy? I don’t know, I don’t care.

I personally like the response from [Faruk Ateş, who says][1]:

> If there *was* any specialization in the genders, programming would still, to this day, be utterly dominated by women, because they were the first software programmers (hell, they *invented* programming). As today’s programming environment is dominated by men, and this is a recent development as well as a complete turnaround from how it used to be, which is, being dominated by women, the entire foundation of your belief is a lie, and your belief rests on you deluding yourself over these facts.

“Why are there so few women programmers?” Perhaps because of thinking like Winer’s.

[1]: http://farukat.es/journal/2013/08/694-dear-dave-winer-you-cant-silence-truth

[Mari Yamaguchi][1]:

> Now, 2 1/2 years later, experts fear it is about to reach the Pacific and greatly worsen what is fast becoming a new crisis at Fukushima: the inability to contain vast quantities of radioactive water.

Let’s see: leaking tanks of radioactive water, contaminated ground water, and radioactive water spilling out of underground reservoirs — all headed towards the Pacific Ocean.

Question: why isn’t this the top priority of, well, *everyone*?

[1]: http://talkingpointsmemo.com/news/fukushima-vast-amounts-of-radioactive-water-creeping-towards-sea.php

[Mr. Supersite on the announcement of Ballmer’s retirement][1]:

> On a personal note, I’ll just add that Ballmer was one of the good guys. Though he was relentlessly mocked for his over-the-top public appearances in years past, Ballmer was also relentlessly pro-Microsoft and it’s very clear that the troubles of the past decade were at least in part not of his making: Ballmer inherited a Microsoft that had been driven into an antitrust quagmire by Mr. Gates, handicapping its ability to compete effectively or respond to new trends quickly. While many called for his ouster for many years, I never saw a single leader emerge at Microsoft who could fill his shoes or the needs of this lofty position. Looking at the available options today, I still don’t.

What a fucking shill. As I have [shown before][2], Ballmer inherited a Microsoft on the rise, not on the fall. The anti-trust stuff did little to stymie the company and had Ballmer been competent it would have had zero effect on Microsoft.

You don’t see viable replacements today at Microsoft because Ballmer [booted anyone][3] he saw as a threat to his job. Ballmer ran the company scared of losing Windows and Office dominance, and ran his firings of executives scared for his own job. That’s not someone who is “relentlessly pro-Microsoft” — that’s someone who is operating in pure self-interest.

[1]: http://windowsitpro.com/paul-thurrotts-wininfo/microsoft-ceo-steve-ballmer-retire-2014
[2]: https://brooksreview.net/2011/05/ballmer/
[3]: http://www.moneycontrol.com/news/world-news/key-microsoft-executive-departuresrecent-years_855477.html

[Microsoft press release][1]:

> Microsoft Corp. today announced that Chief Executive Officer Steve Ballmer has decided to retire as CEO within the next 12 months, upon the completion of a process to choose his successor. In the meantime, Ballmer will continue as CEO and will lead Microsoft through the next steps of its transformation to a devices and services company that empowers people for the activities they value most.

*Finally*. I’ve gone over already a [couple](https://brooksreview.net/2011/05/ballmer/) [of times][2] how bad I think Ballmer has been.

[1]: http://www.microsoft.com/en-us/news/press/2013/aug13/08-23AnnouncementPR.aspx
[2]: https://brooksreview.net/?s=ballmer

[The Economist][1]:

> Creative people’s most important resource is their time—particularly big chunks of uninterrupted time—and their biggest enemies are those who try to nibble away at it with e-mails or meetings. Indeed, creative people may be at their most productive when, to the manager’s untutored eye, they appear to be doing nothing.

This is a great article, but certainly nothing new for anyone at this point. Email and meetings waste far too much time — everyone’s time. I think the title of the article is inaccurate — it’s not so much laziness, but focus that is needed. Those two can be mistaken for each other, but they certainly are not the same.

Staring off into a window thinking is focus, but can be seen as laziness. But if staring is serving a purpose, then it really isn’t laziness. Doing less is not laziness either, so long as by doing less you do better work. But doing less becomes laziness if you are simply doing less for the sake of doing less work.

[1]: http://www.economist.com/news/business/21583592-businesspeople-would-be-better-if-they-did-less-and-thought-more-praise-laziness

[Wolf Richter reporting on a Die Zeit article][1]:

> Now there is a new set of specifications out, creatively dubbed TPM 2.0. While TPM allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. In short, users of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time.

> It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers.

This is going to be an interesting one to watch. The report mentions that Linux cannot use this system and that Apple phased out the chips in 2009 — a good reason not to own an old Mac if you ask me.

The links to the NSA seem to be speculation and hearsay, but I don’t think it is a big leap to make. It’ll be interesting to see the Microsoft response to this… If they even do respond, but Microsoft seems to be taking the negative NSA feelings seriously enough to be fighting to reveal what they were perhaps “forced” into doing.

Either way this stands to be the biggest hit to a U.S. business yet. If it can be proven that the NSA can access those chips directly, then I don’t know why a single person would want to buy such a computer — let alone a corporation or government.

[1]: http://investmentwatchblog.com/leaked-german-government-warns-key-entities-not-to-use-windows-8-links-the-nsa/

Last week App.net celebrated its one year anniversary. App.net, of course, started as a response to Twitter’s stupidity and hostility towards developers. Since App.net launched it has become so much more than just a Twitter clone — App.net is a platform.

But the real problem with App.net is that it’s too difficult to explain to non-geeks. Mat Honan illustrates this in his so-so [Wired article on the anniversary of App.net where it takes him more than 700 words to get to this][1]:

> In simple terms, App.net is a tool that affords you control of your data and network. It lets developers write apps and tap into users’ existing social graphs and stored files. Its first app was a Twitter-esque status updating service.

Once you use the term “social graphs” you have failed to explain something. Honan seems like a sharp guy, but 700+ words to explain App.net? Yikes — that doesn’t bode well for the service. I know I couldn’t do better.

Explaining the product is only part one of the issue, part two is that App.net failed to capture the “top” nerds. Yes John Gruber, and Marco Arment are on App.net, but they don’t actually use it. I suspect they pop in from time to time and they stay on Twitter. ((I suspect this, but can’t confirm, because fuck Twitter.))

As of this writing Gruber is the second most followed account on App.net (trailing only the official App.net account) and the last time he posted was two weeks ago and then a little over two weeks before that. It’s safe to say, Gruber is not an active user. Why should any of his followers on Twitter follow him over to App.net, when it’s clear they aren’t missing much? Marco Arment is in the top five followed users too, and he’s not using App.net much more than Gruber.

This is the problem. ((Don’t make the stupid argument that the ‘App.net’ name is the issue here. I’ve seen much stupider names be successful. For example, ‘Sennheiser’ is a successful brand name that most people can’t even spell properly on the first try.))

App.net is hard to explain to geeks that tolerate Twitter and even those geeks don’t use the service in full-force. Personally, I love App.net and use it daily, but I am clearly an outlier. There’s some very cool stuff happening with the App.net service and I look forward to seeing it, but I can’t quite shake the feeling that Honan may be right and in a couple of years we will be thinking, “App.net? What was that again?”

[1]: http://www.wired.com/gadgetlab/2013/08/the-great-app-net-mistake/

[Ryan Tate on the Internet.org project][1]:

> The problem is that this isn’t enough for the company. It {Facebook} has to be solving “one of the greatest challenges of our generation,” with nary a mention of the big financial upside — and there is one, believe me, for Facebook. This is part of a broader pattern in which the company habitually acts like it’s more akin to a charity than a business.

It was hard to stop my eyes from rolling around in their sockets when I heard about the project. I still haven’t taken the time to read the webpage, it doesn’t render without — well — without whatever I have turned off in Safari.

[1]: http://www.wired.com/business/2013/08/facebooks-selfish-gift/

[Jeff Jarvis writing about how American and UK media seem to largely be ignoring the NSA debate, while Germans are up in arms over it][1]:

> In the NSA story, we are seeing both traits but, of course, we are mostly seeing the political side in open anger about American and British government attacks on their privacy. Germans held protests in almost 40 cities — dwarfing the turnout in a few American cities (I attended the one in New York and was saddened by the sparseness of it). German media — led strongly by Der Spiegel — are holding politicians’ feet to the fire over any allegations of cooperation with American and British spies. They have already made the NSA a big issue in the upcoming national election. It is a major story there.

> But that’s not so much so in the two countries where the story originates, the US and UK (present company of the Guardian excepted, of course). Why not?

I think the explanation is a simple two parter:

1. Reading about the NSA scandals is fatiguing and boring. It’s fatiguing to readers because it is upsetting and complicated. It is boring, because it *is* boring (at least I think it gets boring to read about). That’s not something that most media companies want to run front and center for fear of losing any eyeballs and thus advertising dollars.
2. Many US journalists/media companies fear losing “access” to politicians more than they fear not reporting the most important news. See: [HBO’s Newsroom][2]. And thus this gets shoved to the back corner.

That’s my take on it at least.

[1]: http://buzzmachine.com/2013/08/20/the-nsa-germany-and-journalism/
[2]: http://www.hbo.com/the-newsroom/index.html

[Benjamin Wittes writing about the Washington Post coverage of the NSA leaks][1]:

> The Post, for its part, has managed, in my opinion at least, to completely mislead its readers as to the significance of these documents. The problem is not the paper’s facts. It is with the edifice it has built with those facts.
> On the administration’s side of the ledger, if there were a way to botch more completely a public response to these disclosures, I’m not sure I know what it would look like.

This is a really good analysis that counters a lot of the stuff being circulated around these past two weeks. Good, strong, counter-points — many of the misleading facts are ones that I have been helping to circulate. That’s on me for not fully reading the source documents and taking the Post at its word.

You should read this.

[1]: http://www.lawfareblog.com/2013/08/the-nsa-the-washington-post-and-the-administration/

[Gary Marcus writing about the failure of artificial intelligence][1]:

> In Levesque’s view, the field of artificial intelligence has fallen into a trap of “serial silver bulletism,” always looking to the next big thing, whether it’s expert systems or Big Data, but never painstakingly analyzing all of the subtle and deep knowledge that ordinary human beings possess.

This is an interesting post. Marcus and Levesque are focusing on the fact that most AI systems are designed to game a particular test, rather than trying to actually achieve intelligence.

Sounding smart, instead of *being* smart.

I’m not sure the problem is the researchers, as much as the funders. If the “awards” for AI are a particular test that is easy to game, then the funders want those awards for their mantles — thus you get AI that games those tests, instead of getting actual AI. That’s annoying, but I don’t see how it changes unless you find someone who is more Apple like with their spending on R&D (i.e. Not giving two shits about what others think, and instead trying to make the best system they can.).

With Siri Apple is trying that, but Siri isn’t so much designed to be AI, as it is designed to be a verbal interface to your iOS device right now. In that context Apple is doing OK, but in the context of AI Siri is piss-poor.

For instance, I just asked iOS 7 Siri: “What does my schedule look like for this week.”

What’s the expected answer? What’s the desired answer?

I expected Siri to list out the appointments I had in my calendar, but what I really desire is to know if this is a busy week or not. Siri can’t answer that, because “she” wasn’t designed to answer that query.

Siri told me I had eight appointments, but is that a lot or a little? I don’t know, and apparently Siri doesn’t care to know either. The better solution to that query would be for Siri to look at:

– Current appointments as compared to historical weeks.
– Email count in my inbox (unread, and emails that sound actionable).
– Tasks in my to-do app of choice.

If you compile all that information then you stand a chance at spitting out: “You have quite a bit more appointments scheduled this week — including one on Thursday that keeps you out of the office for the day. Luckily, your inbox and to-do list are fairly light compared to last week.”

That’s helpful, accurate, and *meaningful* information. I know what last week was like, so if Siri compares tasks and emails to last week and appointments to history — that’s great information and easy for me to understand. Highlighting things that keep me out of the office all day are equally great because I *really* need to know those things and likely would stress out if I had forgotten.

To me, that’s AI: the prediction of what my *desired* answer is, and the useful summary of the historical data that most humans would internalize. There’s a lot of companies out there that want to build this, but I don’t trust them. They want my data running through their servers — with Siri this could potentially all be done on the device, with anonymous meta-data sent out for quick analysis.

[1]: http://www.newyorker.com/online/blogs/elements/2013/08/why-cant-my-computer-understand-me.html