Year: 2013

[Kip Hawley, former TSA head, writing for CNN][1]:

> The “prohibited items” list needs to be radically reduced to ban only real security threats such as explosives and toxins. As far as carrying knives, the FAA should make it a serious federal offense to intimidate a member of the flight crew or another passenger with a blade — and then TSA can remove blades from the prohibited list. Blades represent virtually no threat to the aircraft at this point. And the baggie rule should be dropped. Current technology allows threat liquids to be detected when they are taken out of the carry-on and scanned in a bin.

[1]: http://www.cnn.com/2013/08/06/opinion/hawley-tsa/index.html

[Reuters on the DEA’s “legal” database on American phone calls][1]:

> The DEA database, called DICE, consists largely of phone log and Internet data gathered legally by the DEA through subpoenas, arrests and search warrants nationwide. DICE includes about 1 billion records, and they are kept for about a year and then purged, DEA officials said.

So the DEA and NSA have phone record databases, but the DEA’s is apparently legal — though how an agency gathers a billion records in a year while getting warrants for each person leading to those records eludes me… No the real shame in the DEA DICE database is this:

> A 350-word entry in the Internal Revenue Manual instructed agents of the U.S. tax agency to omit any reference to tips supplied by the DEA’s Special Operations Division, especially from affidavits, court proceedings or investigative files.

This program is secret, but legal, *but* we don’t get to know when it was used against us, **but** other U.S. agencies get to use it. *Hmmm*.

[1]: http://www.reuters.com/article/2013/08/07/us-dea-irs-idUSBRE9761AZ20130807

[Dialogue is a very cool Mac app][1], which pairs your laptop with your phone, allowing you to send and receive your calls through the Mac. I’ve been using it for half-a-dozen phone calls today with my Apple EarPods and it works really well.

A nice screen appears to allow you to accept or decline calls, and the menubar app allows you to place calls. Very simple, very clean.

I *really* like this app, however, the complaints I have:

1. I’d like menubar-less modes so that I can use it just to receive calls.
2. I’d like to be able to initiate a call via a keyboard shortcut. (Thus allowing full functionality without needing a menubar icon.)
3. I want the button on the EarPods to end the call, instead it launches iTunes — which is more annoying than you could imagine.

Overall: very neat app, and a must buy in my book.

[1]: http://www.getdialogue.com/

[Benjamin Plackett][1]:

> If a quantum communiqué has changes in the slightest, it’s a telltale sign that the line has been tapped and someone who shouldn’t be is listening in. In other words, the delicate nature of a qubit allows it to act as a highly sensitive and sophisticated detector of security breaches.

That’s almost comical in a sense. At this point it seems like every U.S. communiqué would come back as “tapped”. Then again, I don’t think the NSA would be able to actually get any of the information with this level of technology — so suck on that NSA.

[1]: http://www.theconnectivist.com/2013/05/declassified-the-governments-quantum-internet/

Speaking of Shawn Blanc [he released a new ebook][1] which is all about designing details — it’s a spin-off (if you will) of a series he did for his members only podcast about the same topic.

I haven’t read the entire book yet (it takes me months to read books), but here’s a line that I really love:

> A simple, well-written application that delights is far better than a feature-rich one that overwhelms.

A lot of people ask me for the secret to getting a blogger “like me” to write about their apps. I tell them there is no secret, just make an app that I like. Of course, that’s just a bullshit answer so that I can get back to whatever I was doing, but Shawn dives deep into that subject.

> Rather, the focus is on addressing the finest goal a person in our industry can have: to create substantive work that delights and excites our audience.

*Disclaimer: Shawn is a friend, but you knew that.*

[1]: http://shawnblanc.net/thedetails/

[An all new plugin from Jonathan Christopher called SearchWP was just launched today][1]. I had the good fortune of getting a copy of this plugin from Jonathan yesterday afternoon, and I promptly installed the plugin (and shifted the live search results to it).

There’s a lot of really great things about SearchWP that make it a no-brainer for any WordPress user that loves their readers, not the least of which are:

1. You can weight the results based on how *you* want to weight them. If you want to match titles above all else, you can. Your slug above all else? Done.
2. You can exclude categories from the search. Which for me means I can exclude *all* of those old sponsor posts from showing up — I cannot tell you how much I love that. (I urge people to do the same on their sites.)
3. The search results stay on *your* site. I previously went with DuckDuckGo because it was the best solution at the time, but over the last few months I have noticed DuckDuckGo “missing” some of my posts when I am searching. This is not good, especially when you are directing traffic out of your site in hopes they come back.
4. Keyword stemming is an option, so that searches like `backpack`, `backpacks`, and `backpacking` returns the same results. I love that, it’s just a little nicety that is user friendly.

I still have tweaking to do with how the search results are displayed on this site, but this is a fantastic plugin. There’s even an extension (I have it installed) to add the Boolean minus attribute. So you could search `Shawn -Blanc` and find every instance that I reference “Shawn”, but not “Blanc”. Just compare the search for `Shawn Blanc` ([here][2]) and `Shawn -Blanc` (again, [here][3]).

The one thing I have been trying to do since I launched the paywall is to make this site better *for* the readers of the site. I believe SearchWP does just that because it’s weighted how I know it needs to be weighted, keeps you on the site that you want to search, and is *more* user friendly.

Amazingly, SearchWP is only $24.99 for a single site license *and* you get support, *and* you get extensions. There’s a lot of WordPress plugins for sale, but you typically don’t get a lick of support. [Go buy it][4], [install it][5], [love your readers][6].

[1]: https://searchwp.com/
[2]: https://brooksreview.net/?s=Shawn+Blanc
[3]: https://brooksreview.net/?s=Shawn+-Blanc
[4]: https://searchwp.com/buy/
[5]: https://searchwp.com/docs/
[6]: http://bukk.it/carlton.gif

[Paul Rosenzweig has a fantastic article][1] about the different types of encryption and what each means from a legal standpoint. There are a lot of services that will tell you your data *is* encrypted, but if the service is still holding the keys to that encryption then your data *may* not be encrypted from legal bodies who could compel that service provider to turn over your encryption keys.

I think this is of utmost importance to understand right now. Far too many people, not only don’t understand the difference, but they are misled by marketing bullshit on “cloud” service providers websites when they refer to encryption. At the end of it all, right now, the only stuff that is truly encrypted are the things that are also a big pain in the ass to use. ((As a rule of thumb.))

[1]: http://www.lawfareblog.com/2013/08/encryption-keys-and-surveillance-2/

I’ve mentioned a few times now that I use the Digg app on the iPhone pretty regularly. I like that I can browse some articles that are typically interesting, and send those articles to Instapaper with a swipe… Well actually send them with one of half-a-dozen swipes. You see, my iPhone with iOS 7 on it, apparently hates the Digg app (or the other way around). ((Could be fallout from the Digg podcast’s terribleness.))

[Here’s what happens with the latest Digg app running on iOS 7](https://vimeo.com/71755406):

Let’s be clear: I place zero blame on Digg, Apple, or the developers of either for those swiping issues. *I* am running beta software, and I included Digg not to chastise them, but to talk about a larger point: interaction matters.

While the fact that I cannot reliably swipe the table off the screen to see the hidden actions is incredibly annoying, almost more annoying is how small the tap zone is for Instapaper. Yes, I hit the icon 9 times out of 10, but given the fact that it takes me a maddening amount of swipes to get to that view, if I miss that tap even once — I am so pissed I almost throw my phone.

## My Point

My point isn’t that developers should support beta software — I don’t care about that. My point is that if you require a gesture to reveal a tap zone(s), then make sure that the tap zone(s) are easy to, uh, *tap*. Having to repeat a gesture once is annoying enough, having to repeat it because you missed a tap is downright maddening.

That is all.

*(Side note: I didn’t realize what that Ke$$$$Ha article was about until I watched the video — it’s rather fitting.)*

[Pete Yost for the Boston Globe][1]:

> For the first time, NSA Deputy Director John C. Inglis disclosed that the agency sometimes conducts what is known as three-hop analysis. That means the government can look at the phone data of a suspected terrorist, plus the data of all of the contacts, then all of those people’s contacts, and all of those people’s contacts.

> If the average person calls 40 unique people, three-hop analysis could allow the government to mine the records of 2.5 million Americans when investigating one suspected terrorist.

I was [looking for these numbers][2] a while back, and I finally found the article I was thinking of.

[Here’s Sean Gallagher for Ars Technica][3]:

> The Internet has blown the level of interconnectedness though the proverbial roof—we now have e-mail, social media, and instant message interactions with people we’ll never meet in real life and in places we’ll never go. A 2007[ study][4] by Carnegie Mellon University machine learning researcher Jure Leskovec and Microsoft Research’s Eric Horvitz found that the average number of hops between any two arbitrary Microsoft Messenger users, based on interaction, was 6.6. And a [study of Twitter feeds published in 2011][5] found the average degree of separation between random Twitter users to be only 3.43.

Three hops is essentially *everyone* when your “suspected terrorist” pool parameters are essentially anyone who Googles the wrong thing from a non-US computer. Two hops is a lot of people, three hops is basically anyone — that’s how a “Foreign Intelligence Surveillance Court” authorizes *domestic* spying. If FISC rules that it *is* constitutional to spy on these enemies, **and** to follow those that they are spying on through three hops of communication, then FISC (which authorizes foreign spying) has essentially authorized domestic spying.

And this is the problem with only one side presenting information to the court — we can’t be sure that FISC judges were presented the right math. Maybe they thought it effected hundreds of thousands of Americans, not hundreds of million Americans. Maybe, or maybe they don’t care, shouldn’t we be allowed to know one way or the other?

[1]: http://www.bostonglobe.com/news/nation/2013/07/17/nsa-spying-under-fire-you-got-problem/Ev73I1XwPYtvD2WFZ6idGK/story.html
[2]: https://brooksreview.net/2013/07/three-hops/
[3]: Sean%20Gallagher
[4]: http://arxiv.org/pdf/0803.0939v1.pdf
[5]: http://www.aaai.org/ocs/index.php/SOCS/SOCS11/paper/viewFile/4031/4352

[Steven Aquino, in a post with Josh Centers, about the Solarized color theme (with a Nitti Light font equivalent)][1]:

> After using this setup for the last couple weeks, I can say with confidence that the combination of Cousine and Solarized Light is great for writing. More importantly, as a visually impaired person, I find the combination to be extremely comfortable for my eyes. Between Cousine’s clean design and the contrast of the background, I’m experiencing considerably less eye strain than normal.

I love this setup: Ulysses III + Solarized + Nitti Light. I’ve been using it since the moment I had my hands on the Ulysses III beta, and it’s fantastic. I have a few things to add to their post.

First, you can get [Cousine][2] from a non-Google source for free, but I haven’t used the font before so that’s about all I know about it.

Secondly, your font size is almost as important as the font itself. I just checked and Ulysses III is showing that I have Nitti Light selected as my font at about 16.9 points, with a 1.6 line height. I’ve been using that for quite a while and it’s the sizing that seems most comfortable to me — just don’t feel bad making the font bigger, or smaller, if you need it to be.

Lastly, Ulysses III has a bug that I have found with Nitti light. Specifically it seems that selecting the body font as a light weight instead of a normal weight screws with the syntax highlighting a bit. Where light is the body weight and bold becomes the highlighted weight — when I personally feel setting your font to a light weight should make the normal weight the highlighted weight. I don’t know if this is a fix that is coming down the line or not, and for some this might drive them crazy.

*[Ulysses III][3] is $39, and worth every penny — [Nitti Light][4] is (roughly) $78 and is also worth every penny (I bought the whole suite).*

[1]: http://tidbits.com/article/13966
[2]: http://www.fontsquirrel.com/fonts/cousine
[3]: http://www.ulyssesapp.com
[4]: http://www.boldmonday.com/en/nitti

[Good post from Sean Gallagher at Ars Technica,][1] he noticed a few of the things that I thought were surprisingly unreported about XKEYSCORE. Basically the tool can tell you available systems to be hacked, find who was using encrypted VPN sessions, and grab other encrypted items for later decryption. Yikes.

*Side Note: I cannot help but be impressed by how robust these systems are. Truly stuff of the movies, actually more powerful than many movies had imagined.*

[1]: http://arstechnica.com/tech-policy/2013/08/nsas-internet-taps-can-find-systems-to-hack-track-vpns-and-word-docs/

A new document collaboration app is out, called [Quip][1]. It’s an iOS app, and a [web service][2] that gives you a rich-text editor and allows you to not only work on a file with groups, but to comment and see the changes. It’s a lot like [Editorially][3], but seems less writing focused, and more business focused. I downloaded it and started playing immediately, because just this week we ran into a collaboration problem in our office.

The problem we had is that one person used Word with Track Changes to send a document for review and Person 2 made changes and sent it back. Then this time sensitive document sat there, because Person 3 (me) and Person 2 were out of the office and couldn’t see the tracked changes on their iPhones (yes, Pages, but PAGES) and so it was forgotten in email inboxes that were constrained by iPhones and travel. This was annoying, and led to a slowdown in our speed to get documents out, etc, as a business.

Quip seems great for handling that very scenario for two reasons:

1. It has iOS apps.
2. It eliminates email.

Everything else is what you get out of Word and track changes (mostly, but for basic needs is what we are talking). *BUT*, there’s one big gotcha: you can only export to PDF. How stupid is that? *Pretty stupid.*

Christine Chan also has a [nice writeup over at App Advice][4].

[1]: https://itunes.apple.com/US/app/id647922896?mt=8&ign-mpt=uo%3D4
[2]: http://quip.com
[3]: https://editorially.com
[4]: http://appadvice.com/review/quickadvice-quip

Ellis Hamburger over at *The Verge* (no link, it’s The Verge) has a post defending the practice of creating a wait list for new apps (think Mailbox). Hamburger linked to [an old post of mine][1] in order to point out that my solution doesn’t work in practice:

> Even with a thousand servers, one user’s actions can gum up the works. “It’s a complicated system with lots of moving parts,” Underwood says. “We can test each of the pipes between them but we won’t know until we scale it if everything can handle the load.

Me, back in March:

> You know what all these bullshit wait list apps have in common? They are *free*.

The thing is, I don’t know much about scaling apps like this. So, I did what people like Hamburger should do, I asked around to people with experience scaling some large systems — but I asked people I knew who had successfully scaled without a wait list. ((Instead of only ones with a wait list like Hamburger did, I should have asked wait list developers too, but Hamburger has that Press Release, I mean article, already written for you.)) When I sent them the link to Hamburger’s “post” the responses ranged from:

– Yeah, that *can* be a problem. (This dev clearly didn’t want to get involved.)
– That’s bullshit.
– Was he paid to write this for these devs?

All I then asked is if you threw money at the problem, could you make it go away. I don’t just mean by adding more engineers, but by adding more people: the consensus was that you could lessen disruption, but probably not stop it completely.

So there seems to be a few ways to handle scaling your service/app:

1. Do what you can. Allow the flood of users and do what you can to manage downtime. This is the worst option.
2. Wait list. Allows people to roll in slowly to manage the growth and complaints if the service does go down.
3. Allow everyone in, hire a massive team with a massive amount of servers — this is unlikely.
4. Charge a reasonable price, which will slow growth, use those funds to [grow the service as the service can afford to grow][2]. If a deluge of users come in, then you are in boat number 3.

You know which option I prefer, but it looks like Hamburger would rather tell you that the *only* option is number two — and his argument doesn’t seem to reflect the reality (why not grab some developers who have successfully scaled, why only one side? Oh yeah, *The Verge*).

The best way to get rid of this wait listing bullshit is to ignore every app that comes out using it. That’s what I am going to do and I hope you do too.

[1]: https://brooksreview.net/2013/03/if-i-wanted-a-wait-list-i-would-get-in-line-for-your-mom/
[2]: https://pinboard.in/about/