Category: Articles

[New report from the Snowden leaks by Barton Gellman and Ashkan Soltani][1]. The main points are:

> During a single day last year, the NSA’s Special Source Operations branch collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, according to an internal NSA PowerPoint presentation. Those figures, described as a typical daily intake in the document, correspond to a rate of more than 250 million per year.

And:

> The NSA has not been authorized by Congress or the special intelligence court that oversees foreign surveillance to collect contact lists in bulk, and senior intelligence officials said it would be illegal to do so from facilities in the United States. The agency avoids the restrictions in the [Foreign Intelligence Surveillance Act][2] by intercepting contact lists from access points “all over the world,” one official said, speaking on the condition of anonymity to discuss a classified program. “None of those are on U.S. territory.”

They want the contact lists so that they can do network analysis, as they do with PRISM collection. What’s interesting is that this is a bulk sweep that is rather indiscriminate and only approved by the President. Not even a faux-court here, just the office of the President.

At the very least, the NSA could take care of the SPAM problem for all of us:

> Spam has proven to be a significant problem for NSA — clogging databases with data that holds no foreign intelligence value. The majority of all e-mails, one NSA document says, “are SPAM from ‘fake’ addresses and never ‘delivered’ to targets.”

They took out a nuclear reactor with code, and they can’t take out the fucking spammers for us?

[1]: http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html
[2]: https://www.fas.org/irp/agency/doj/fisa/

[Thomas Hawk has lost, something, sanity? Maybe. This post is so ridiculous that I am forced to walk you through almost the entire thing.][1] Now, it is fair to say that I am predisposed to disagree with people that would think this is a good idea, but Hawk’s argument is so thin that it’s just ridiculous.

He begins (after a brief intro):

> Because Google gives everyone an opportunity to opt out of shared endorsements, it’s easy to dismiss a lot of the criticism by simply pointing folks to how easy opting out is.

No, we could dismiss it if it was opt-in, but turning something on after people sign up, and are not expecting it, is a douchebag move plain and simple.

> Some people are very anti-advertising though and certainly this new advertising channel will naturally be met by some with healthy skepticism. It’s also worth noting that these ads are not going to appear on Google+. Google+ will remain ad free. The new ads simply will use Google+ data to advertise in places where Google is already advertising, like search.

Oh, well shit, if they aren’t on Google+ then *no one* has anything to worry about. It’s not like Google Search has more traffic than Google+ — oh it does? So Google is pulling your endorsements from Google+ and *not* showing those endorsements on Google+, instead showing them where the *rest* of the world looks *every* day? Nothing to worry about there.

> Personally speaking, for myself, I embrace change. In general I’d rather see more change, than less. I think change represents innovation (usually) and I probably tend to look for the positive in change rather than the negative. I’m a glass half full sort of guy when it comes to change.

Here Hawk is really saying: you are only against this if you are a negative person. To disagree with Hawk’s points must prove you to be a nasty negative person, because Hawk *is* an “glass half full sort of guy”. Me? I’m a *flask* half full sort of guy.

> I think most of us see how today’s announced change in the TOS is good for businesses who advertise. Personal endorsements by our friends are incredibly powerful motivators. Ads which feature personal endorsements by people we know, trust and respect, will be far more effective than other ads that an advertiser might come up with.

I don’t think anyone disagrees with this.

> I think we can also see where this new product would be good for Google.

Ok, but why is this good for the user? We all get it is good for advertisers and for the people that make money off those ads, we get that. No dispute here.

*(Skipping a bit of redundant shit.)*

> Social media is the future. By increasing the value of our possible endorsements through advertising buys, companies will spend more time, effort and money to court social influencers.

Right, but *most* users, like more than 90%, don’t fit that category of “social influencers”. So why is this good for them?

*(Fast forward through some crap that he loves and want’s to be paid for loving.)*

> If you consider yourself a social media type, this will be one more important reason why you’ll want to devote time to building out your presence on G+.

Uhh, what now?

> There will be a risk of course that some influencers will be bought off by brands for positive endorsements, but I think most of the time this stuff is pretty easy to sniff out.

Bullshit. Utter bullshit. They absolutely *will* be bought off — that’s the entire premise of linking an “influencer” with a *braaand*.

> It’s the true, authentic, natural posts (available for purchase after the fact as ads) that will be most valuable.

He’s kidding, right? There’s no such thing of true/authentic posts in an environment where people know they *could* get paid after the fact for that post. That leads to more favorable posts. It’s why most large media companies separate the writers from the people selling ad spots. Bias would be rampant otherwise.

> I bet brands spend more time showing us their cool new tech and products as the value of these ads become apparent and more of their budgets are spent on promoting products to G+ users.

I forget, do they try *not* to show use cool new products right now?

That was all just point one, here we go on point two.

*(Skip some stuff that is filler.)*

> One of the reasons why I never change my avatar is that I believe having a strong avatar that is consistent over the years with your brand helps you build recognition.

Uhh, ok?

*(Skip some stuff about Robert “Ego” Scoble.)*

> For about 2 months every time I logged into Facebook, I was seeing another brand that Robert liked. Were the brands paying Facebook for that? Probably. But it also constantly reminded me of a good friend and also linked back to him in the like. I have to admit that I ended up liking a lot of the same brands Robert did, when it was something I really liked.

Here’s the point Hawk is missing: did Robert like the brand because he likes the brand, or because he was paid *to* like the brand? Did Facebook take a like out of context, like perhaps because Scoble visited a page for those brands and by default “auto” liked those pages?

In this type of setup, you never know the answer to these things because it is in the best interest of the brand and ad company to hide this truth and make it as favorable as possible.

Point three (two was a real dud):

> Let’s say I’m in the market to buy a new filter for my camera. Wouldn’t it be a positive for me to know that another photographer I respect (like Joe Azure) seems to like his Lee Big Stop Filter? Isn’t that a lot better than just a generic ad? Especially if I see a lot of my friends endorsing one product, this may be a good signal to me that this product is worth checking out more than others.

Now *this* is a strong point. However, if you are in the market, wouldn’t it be far more helpful to see that your pals like this product on the product page instead of an ad? If you are looking for a particular product, do you really look for it in ads?

> I saw a report earlier today that said that by 2014 10-15% of online reviews will be fakes. With all the fake reviews and astroturfing out there, I’m more inclined to trust the word of a friend on a product or service, than a stranger.

And how many Facebook/Google “likes” do you think are fake, or severely outdated?

And lastly:

> Oh, and by the way, if you were wondering whether or not those sea salt and vinegar chips in the dark blue bag by Kettle Chips were the BEST CHIPS IN THE ENTIRE WORLD? Yep, they pretty much are — and if Kettle Chips wants to send a few bags of those over to our place, my daughters and I would totally be down with that. 

*Exactly…*

What should we have expected from someone that has this on their sidebar: “Google+ is for WINNERS!”.

I get that some people don’t mind this. That for “influencers”, brands, and Google this *will* be a good thing. But for the average user this will either be nothing of importance, or shitty. The idea that it would be good is laughable.

[1]: http://thomashawk.com/2013/10/id-plus-one-that-why-i-think-googles-shared-endorsements-are-a-good-thing-for-social-media-influencers-and-consumers.html

[Gabe Weatherhead][1]:

> So that seems normal, but it is a discounted price, as promised. FTP on the Go for iOS 7 is $10. This upgrade is $5. That seems pretty good, so I went with it. I use the app several times a week. If I get notified of a typo on this blog, I usually fix it from my iPhone or iPad with their app. I’m happy to kick them a few extra bucks. But, what the hell is going on here?

Very interesting solution to a tough problem. Ultimately I think it will work for them because their target market is very nerdy people who will not be confused by multiple versions (or more accurately who will *un*-confuse themselves easily). For most apps this would be a disaster. (I would guess, can you imagine three versions of something mainstream, like Angry Birds?)

[1]: http://www.macdrifter.com/2013/10/an-interesting-ios-app-store-upgrade-example.html

[Charlie Stross][1]:

> Nor is Microsoft Word easy to use. Its interface is convoluted, baroque, making the easy difficult and the difficult nearly impossible to achieve. It guarantees job security for the guru, not transparency for the zen adept who wishes to focus on the task in hand, not the tool with which the task is to be accomplished. It imposes its own concept of how a document should be structured upon the writer, a structure best suited to business letters and reports (the tasks for which it is used by the majority of its users). Its proofing tools and change tracking mechanisms are baroque, buggy, and inadequate for true collaborative document preparation; its outlining and tagging facilities are piteously primitive compared to those required by a novelist or thesis author: and the procrustean dictates of its grammar checker would merely be funny if the ploddingly sophomoric business writing style it mandates were not so widespread.

Fantastic read.

[1]: http://www.antipope.org/charlie/blog-static/2013/10/why-microsoft-word-must-die.html

[Garrett Murray][1]:

> Completely agree with all of this. In daily use, Touch ID fails for me about 25% of the time, often three or four times in a row. I’ve removed and rescanned my fingerprints several times but it doesn’t appear to make a difference.

Ditto. My hands were dry one evening (like lacking natural moisture) and I couldn’t unlock my iPhone. My hands were wet one afternoon from rainy weather, and I couldn’t unlock my iPhone. I found that if you add your thumbs when they are dry, you get a better success rate, but that is lame.

I really love Touch ID, but when it doesn’t work it is maddening. Like Murray, that’s about 20% of the time for me. But of that 20% that it doesn’t work, it means spending a long time trying to get into my iPhone.

Again, *maddening*.

Don’t even get me started on that “renew Touch ID purchases” dialog — I want to punch whomever made that decision in the face.

[1]: http://log.maniacalrage.net/post/63505022839/michael-tsai-iphone-5s-first-impressions

[Christina Warren on app store price sensitivity][1]:

> It’s no longer enough for developers to make the top 10 the first week of release. Now they need to stay in the top 10 for weeks on end if they want to make the same amount of revenue. As a result, developers of paid apps are going to have to look at freemium and other IAP models to supplement their costs.

I’m fairly skeptical that IAP and freemium, hell even outright paid, models are the right answer for making any money in the app store. [I think Marco Arment is closer to what makes for actual success][2]: something not just better, but a lot better, than the existing apps.

No matter what the business model of your app, if it is good and you can get the word out about the app, then rest assured you can make money. But making an app much better than the existing apps and getting the word out are not easy things — not even remotely easy.

There are, I have to believe, a lot of great apps hidden in the dungeon of the app store — apps that I would probably love. But how do you find out about them? If you can answer that, I think you can find success in the App Store.

[1]: http://mashable.com/2013/10/08/state-of-paid-apps/
[2]: http://www.marco.org/2013/10/08/sherlocking-myself

[Marco Arment][1]:

> The Protect follows the apparent Nest mission of premium, “smart” updates to widely hated, “dumb” household devices, but I don’t think it’s providing a big enough benefit to a big enough problem for many people to upgrade. If your smoke detector has too many false alarms, moving it is going to be a far more effective upgrade.

Agreed. After the fiasco that came of my Nest, ((It stopped working and charging, even though I meet all the requirements. They shipped me out a “resistor” to be installed, but never had someone install it. I followed up 4 months later and they told me “Oh, we don’t have any technicians in your area, we would pay about $85 to any company you choose to install it.” Great, I can install it, just give me the wiring diagram. “We can’t do that sir.” Why? “You are not licensed.” Neither would any company not on your list be to work on this, it’s just a resistor. “Sorry.” Well, fuck you to Nest.)) not sure I am interested in these products any longer.

[1]: http://www.marco.org/2013/10/08/nest-smoke-detector?utm_medium=App.net&utm_source=PourOver

[Shawn Blanc on DSPTCH straps][1]:

> I’ve been using both of the DSPTCH straps for quite a while now and they are fantastic. The build quality and materials used are just great; they are comfortable; and DSPTCH uses interchangeable connectors to attach their straps to the camera’s lug mounts.

I love these straps. I have been using them for quite a while and it is awesome to be able to easily switch between the two strap types. My only complaint about the shoulder strap is that it is a bit slick — other than that I have no issues with the straps whatsoever.

[1]: http://shawnblanc.net/2013/10/dsptch-straps/

[The award goes to John Casasanta of taptaptap for the Camera+ release notes](http://taptaptap.com/blog/look-over-there-pal-its-camera-4-2/):

> And then we thought about jumping on the bandwagon where we put Camera+ out as a whole new app and let existing customers pay for it all over again. And of course there’d be the ensuing sh__storm where those customers felt cheated and we’d have to backpedal and reverse that shortsighted decision.
> So it was Clear that that would’ve been a knuckleheaded move, so instead we decided to treat our lovely customers fairly and make Camera+ 4.1 a free update as we’ve always done. But then we felt like it was all give and no take… so to make us feel better about giving-in too easily, we chose to call it version 4.2. That’ll teach you to mess with us.

*Really?*

[Randy Rieland, with a][1] honestly I don’t even know how to preface this, so here you go:

> In August, Google was awarded a patent to allow for the use of something known as “pay-per-gaze” advertising. In its application, the company noted that “a head-mounted tracking device”—in other words, Google Glass—could follow where the person wearing it was gazing, and be able to send images of what they saw to a server. Then, any billboards or other real-world ads the person had seen would be identified and Google could charge the advertiser. As noted in the New York Times’ Bits blog, the fee could be adapted based on how long the ad actually held the person’s gaze.

*Finally*.

[Claire Cain Miller on sleezy practices][2]:

> Google, the biggest online advertising company, is considering a new way to help advertisers track people across the Web and consolidate its power in the industry.

Cookies are *so* 2010. Won’t it be great when using Chrome means that Google will be tracking your every move on the web and reporting that back to the NSA, I mean Kellogs, or Viagra, or `___________`.

The best Google related news was this puff piece from Steven Max Patterson’s, now banned by TBR standards, article in Quartz, where he [presstitutes][3] for Google:

> Until now, Google hasn’t talked about malware on Android because it did not have the data or analytic platform to back its security claims. But that changed dramatically today when Google’s Android Security chief Adrian Ludwig reported data showing that less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users.

[I’ll leave the Macalope to clean this one up][4]:

> What about apps that simply ask users to give them permission to harm them? Seems like those are the ones that are more of a problem.

I don’t know what the real malware problem on Android is, but I doubt that Google knows how big that issue is either — and that’s the problem.

[1]: http://blogs.smithsonianmag.com/ideas/2013/10/will-google-glass-make-us-better-people-or-just-creepy/
[2]: http://bits.blogs.nytimes.com/2013/09/19/google-is-exploring-an-alternative-to-cookies-for-ad-tracking/?_r=0
[3]: http://www.urbandictionary.com/define.php?term=presstitute&defid=1621012
[4]: http://www.macworld.com/article/2052307/macalope-weekly-fairness-and-accuracy-in-the-media.html

[Nik Fletcher, writing about IAP and developers complaining about lack of sales, concludes with this bit][1]:

> The majority of customers, I’d argue, see the iPhone a bit like this: the iPhone is a device with little-to-no up-front cost, with payment made for the services that provide value. That sounds familiar…

He’s specifically refuting the “people with $800 phones are complaining about a $3 app” arguments. I’d agree with him on this too. Consumers simply don’t see their iPhone as an expensive thing — it’s not (in that sense) a luxury item.

A cellphone is seen as a necessity by a great many of these consumers, and it’s a necessity that must be replaced (for whatever reason) with regularity. So it’s not a matter of the cost of the phone, but the cost of the phone relative to the other phone choices (keep in mind the “free” iPhone is still in play here). For many, there is no other choice than the iPhone, or the choice is close enough in price for it not to matter.

I’ll admit, I don’t “get” these people, but I never will. What I can understand though is the logic of not thinking an iPhone is as “luxury” as it truly is. With that in mind, the lack of willingness to buy $3 apps makes a fraction more sense to me.

[1]: http://nikf.org/blog/offers-in-app-purchases

[Bruce Schneier:][1]

> To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the Internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target’s browser to visit a Foxacid server.

A very in-depth article on how the NSA is exploiting the Tor network. One part I loved:

> The most valuable exploits are saved for the most important targets. Low-value exploits are run against technically sophisticated targets where the chance of detection is high. TAO maintains a library of exploits, each based on a different vulnerability in a system. Different exploits are authorized against different targets, depending on the value of the target, the target’s technical sophistication, the value of the exploit, and other considerations.

In other words they use their best attacks against the highest value targets, because should those attacks become known, they can no longer use those attacks.

I like to think about it like lock picking. If you get caught breaking into a building, it’s best for you long term (as a person who breaks into buildings, and not legally speaking) to have been found out as picking a lock. If you *have* the key to the door, without permission, you probably don’t want that known — because then they change the key, when the defense against picking a lock is not as clear cut.

Likewise if you have a master key, it’s better to be caught with a non-master key. “Oh, we just change one lock, not all the locks — he doesn’t have a master key.” That’s the same thinking with the NSA exploits — it is riskier to never use the master key, but safer (for the viability of your long-term exploits) if you never get caught with a master key.

[1]: https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

[Rob N on the FastMail blog][1]:

> As noted in our recently updated privacy policy, we are an Australian company subject to Australian law. We are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation, which means a warrant signed by an Australian judge. We do not co-operate with any kind of blanket surveillance, monitoring or “fishing expeditions”, and we do not give out user information to anyone outside Australia.

That’s a strong statement, but it gets even better:

> It might be possible for the US government to lean on the Australian government or other international legal body to compel us to hand over data but this likely to be an expensive, time-consuming and highly visible process. In our opinion those barriers make it extremely unlikely to happen.

All in all, FastMail just made a strong statement that they have no knowledge of active spying on their users, and from the sounds of it they are prepared to make a loud complaint about such requests. Good for them, not sure it matters, but good for them.

[1]: http://blog.fastmail.fm/2013/10/07/fastmails-servers-are-in-the-us-what-this-means-for-you/

[Garrett Murray on Instagram getting ads][1]:

> You can pretend all you want that ads won’t be intrusive, annoying or awful, but they will be. They’re ads. You’re putting unwanted crap into a feed of photos from people I hand-selected to follow.

Did I mention that [Favd launched][2], and that it’s great? [I think I did][3].

[1]: http://log.maniacalrage.net/post/63029294919/instagram-blog-hey-you-want-ads-no-too-bad
[2]: http://favd.net
[3]: https://brooksreview.net/2013/09/favd-share-your-pictures/

With real estate being my day job, I regularly get a lot of paper files and these files typically end up crumpled at the bottom of my bag unless I immediately do something with them. Therefore I try to scan things with my iPhone as I get them. I use ABBY Business Card reader for all business cards, and had been using JotNot Pro for all other documents.

JotNot works really well, and quickly. However, as you may know, Smile Software recently launched [PDFpen Scan+][1] — a new iOS app for scanning. The biggest feature it offers is the ability to do OCR conversion on your iOS device. That sounded killer, so I immediately bought the app.

In my testing, Smile’s Scan+ is *mostly* better than JotNot. The biggest point in JotNot’s favor is how cropping is handled. With JotNot the auto-edge-detection is much better. Even more in JotNot’s favor is that manually adjusting the corners brings up a nice magnifying glass making things easy and fast. With Smile’s Scan+ I would recommend not even wasting your time trying to adjust the edges — it’s that difficult. This is the only point not in Scan+’s favor.

As for the final file output? Smile wins hands down. Scan+ leaves you with a better PDF image and accurate OCR of the document. There’s little to no good reason to recommend anything but Scan+ right now for iOS scanning — great app.

For those that want to see a comparison, I took a printed page and scanned the page in each app — adjusting the image as best I could within each app. Here’s the result from [JotNot Pro][2], and here’s the result from [PDFpen Scan+][3]. It’s important to note that Scan+ has a much larger file size, but it also looks better and has OCR (OCR is not required).

Now that you can see the massive difference I suspect you want the link to buy Scan+. [PDFpen Scan+ is $4.99 in the App Store][4].

[1]: http://www.smilesoftware.com/PDFpen/Scan/index.html
[2]: https://f3a98a5aca88d28ed629-2f664c0697d743fb9a738111ab4002bd.ssl.cf1.rackcdn.com/File-03-10-2013-10-38-58.pdf
[3]: https://f3a98a5aca88d28ed629-2f664c0697d743fb9a738111ab4002bd.ssl.cf1.rackcdn.com/scanplus.pdf
[4]: http://www.smilesoftware.com/PDFpen/Scan/index.html

[David Kravets][1]:

> And thus, a digit-collection device attached to a lone purse snatcher’s telephone set the legal precedent used, three decades later, to justify the bulk collection of the same information on every single American.

Nice bit of reporting here by Kravets in looking at how the legal basis for NSA spying was formed off of a case that likely doesn’t have the implications that current courts are purporting it to have.

If you read the article, what you find is that FISC took a Supreme Court decision, which upheld the sentence of man that was specifically being targeted, and turned that into the legal basis for collecting everything on everyone (more or less). ((I see no reason for me to be more accurate than “more or less” if the NSA and FISC are going to play fast and loose with the Constitution.))

[1]: http://www.wired.com/threatlevel/2013/10/nsa-smith-purse-snatching/

[Charles P. Pierce on the shutdown][1]:

> We have elected the people sitting on hold, waiting for their moment on an evening drive-time radio talk show.

Here’s a great [Government status website][2].

[1]: http://www.esquire.com/blogs/politics/Shutdown_Blues
[2]: http://usgovernment.statuspage.io

[David Chartier][1]:

> After more than a year of work, 1Password 4 for Mac in the [Mac App Store][2] and will be available here in [our web store][3] in the next day or two!

I haven’t seen many people touch on this, but that last bit is suspicious to me. Why wait to release the version on *your own* site?

With an app like 1Password, I’d recommend you get it *outside* of the Mac App Store, not *from* the Mac App Store. You never know what features you may not be able to use in the future because of App Store restrictions — I wouldn’t buy it from the Mac App Store at all. I *will* be buying it from Agile Bits directly as soon as I can, but why make me wait?

I don’t get it.

UPDATE: Oddly enough, and without reason, 1Password 4 is now available on the website for purchase and download. Odd stuff. I bought it, installed it, and it is working.

[1]: http://blog.agilebits.com/2013/10/03/1password-4-for-mac-is-here/
[2]: http://j.mp/1PmasBLOG
[3]: https://agilebits.com/store