Recent Articles

[Edward Snowden commenting on the Lavabit shutdown, via Glenn Greenwald at The Gaurdian][1]:

> America cannot succeed as a country where individuals like Mr. Levison have to relocate their businesses abroad to be successful. Employees and leaders at Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren’t fighting for our interests the same way small businesses are. The defense they have offered to this point is that they were compelled by laws they do not agree with, but one day of downtime for the coalition of their services could achieve what a hundred Lavabits could not.

That would be a hell of a thing, no Google, Facebook, Microsoft, Yahoo, or Apple until the US government pulls their heads out of their asses. If those companies simply tell their users they are shutting down until something is done, you better believe shit *will* get done. I’d pay to see that.

[1]: http://www.theguardian.com/commentisfree/2013/aug/09/lavabit-shutdown-snowden-silicon-valley

[Jon Callas on the Silent Circle blog][1]:

> Today, another secure email provider, Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

I signed up for Silent Circle a little while back, and added that email address to the contact page of this site. In doing so I simply stated that it was “slightly more secure email” as it’s not really a secure option. Interestingly, among commenters that had never contacted me before, they chose to use the Silent Circle email 3 to 1.

I respect why Lavabit shut down, they were facing a court order that they felt they could not morally comply with — in an effort to keep users safe they stopped the service. That makes sense, but they likely can’t destroy the data they have, unless they want to go to prison for destroying evidence — they will have to fight for that. (I am guessing.)

Silent Circle though is a different story, they did this preemptively before a court order came to them. Thus, as [The New York Times reports][2], they were able to destroy their email servers:

> Mike Janke, Silent Circle’s chief executive, said in a telephone interview late Thursday that his company had destroyed its server. “Gone. Can’t get it back. Nobody can,” he said. “We thought it was better to take flak from customers than be forced to turn it over.”

The shitty part about both of these services going down is that the data is gone too. Users didn’t have a chance to migrate because if either company gave them chance they would have tipped their hand and the government would have been able to legally compel them not to shut down (let alone destroy data). These services had to end abruptly to protect their users. No way around that.

Still, I paid for a year of service for Silent Circle, and a large part of that was for the email. I’ve asked for a partial refund to reflect the partial (and immediate) closure of the service that Silent Circle charged me for, and am concerned that these refunds weren’t automatic as part of the announcement — that doesn’t seem very consumer friendly.

[1]: http://silentcircle.wordpress.com/2013/08/09/to-our-customers/
[2]: http://bits.blogs.nytimes.com/2013/08/08/two-providers-of-encrypted-e-mail-shut-down/?_r=0

[The site has been replaced with a splash page][1], which starts:

> I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations.

Lavabit was an encrypted and private email service that I had previously written about. It’s main competitor seems to be HushMail — which has been known to turn over records when compelled to do so (but it is tough for the US to get those because the US must ask Canada to compel HushMail). I hope this works out for Lavabit — I wasn’t a huge fan of their service, but this is a shitty way to treat businesses.

**UPDATE**: It seems fair to draw the conclusion that this may have to do with the fact that Edward Snowden purportedly used Lavabit, per [this article on Global Post](http://www.globalpost.com/dispatch/news/regions/europe/russia/130712/edward-snowden-meeting-moscow-airport):

> The note, which could not be verified, requested the attendance of a slew of well-known rights workers and lawyers “for a brief statement and discussion regarding the next steps forward in my situation,” according to a copy of the invitation posted Lokshina.

> It was sent from the email address “edsnowden@lavabit.com,” according to Lokshina’s post, and signed “Edward Joseph Snowden.”

I do want to mention that I suspect that if Snowden did use Lavabit it was so that he could send slightly more secure email communications to journalists who were not using PGP. Lavabit correspondence (as I understand it) is encrypted if sent between Lavabit accounts. Sending to a non-Lavabit account helps because the transmission from the client (or web interface) would be encrypted, and only unencrypted once it left Lavabit servers to reach the recipient servers. That means that Snowden’s location details and other such goodies would have been masked (I am guessing), but the email not encrypted — again, with my knowledge of how the service *did* work.

It seems logical that if the reporting is true, that the U.S. would demand access to the Lavabit servers for that information, knowing the information would likely not be anything useful. Which is just even more frustrating given that it effectively forced Lavabit to close down.

(via [Jan Dusek on App.net][2])

[1]: http://lavabit.com/
[2]: https://alpha.app.net/dusek/post/8643134

[Kip Hawley, former TSA head, writing for CNN][1]:

> The “prohibited items” list needs to be radically reduced to ban only real security threats such as explosives and toxins. As far as carrying knives, the FAA should make it a serious federal offense to intimidate a member of the flight crew or another passenger with a blade — and then TSA can remove blades from the prohibited list. Blades represent virtually no threat to the aircraft at this point. And the baggie rule should be dropped. Current technology allows threat liquids to be detected when they are taken out of the carry-on and scanned in a bin.

[1]: http://www.cnn.com/2013/08/06/opinion/hawley-tsa/index.html

[Reuters on the DEA’s “legal” database on American phone calls][1]:

> The DEA database, called DICE, consists largely of phone log and Internet data gathered legally by the DEA through subpoenas, arrests and search warrants nationwide. DICE includes about 1 billion records, and they are kept for about a year and then purged, DEA officials said.

So the DEA and NSA have phone record databases, but the DEA’s is apparently legal — though how an agency gathers a billion records in a year while getting warrants for each person leading to those records eludes me… No the real shame in the DEA DICE database is this:

> A 350-word entry in the Internal Revenue Manual instructed agents of the U.S. tax agency to omit any reference to tips supplied by the DEA’s Special Operations Division, especially from affidavits, court proceedings or investigative files.

This program is secret, but legal, *but* we don’t get to know when it was used against us, **but** other U.S. agencies get to use it. *Hmmm*.

[1]: http://www.reuters.com/article/2013/08/07/us-dea-irs-idUSBRE9761AZ20130807

[Dialogue is a very cool Mac app][1], which pairs your laptop with your phone, allowing you to send and receive your calls through the Mac. I’ve been using it for half-a-dozen phone calls today with my Apple EarPods and it works really well.

A nice screen appears to allow you to accept or decline calls, and the menubar app allows you to place calls. Very simple, very clean.

I *really* like this app, however, the complaints I have:

1. I’d like menubar-less modes so that I can use it just to receive calls.
2. I’d like to be able to initiate a call via a keyboard shortcut. (Thus allowing full functionality without needing a menubar icon.)
3. I want the button on the EarPods to end the call, instead it launches iTunes — which is more annoying than you could imagine.

Overall: very neat app, and a must buy in my book.

[1]: http://www.getdialogue.com/

[Benjamin Plackett][1]:

> If a quantum communiqué has changes in the slightest, it’s a telltale sign that the line has been tapped and someone who shouldn’t be is listening in. In other words, the delicate nature of a qubit allows it to act as a highly sensitive and sophisticated detector of security breaches.

That’s almost comical in a sense. At this point it seems like every U.S. communiqué would come back as “tapped”. Then again, I don’t think the NSA would be able to actually get any of the information with this level of technology — so suck on that NSA.

[1]: http://www.theconnectivist.com/2013/05/declassified-the-governments-quantum-internet/

Speaking of Shawn Blanc [he released a new ebook][1] which is all about designing details — it’s a spin-off (if you will) of a series he did for his members only podcast about the same topic.

I haven’t read the entire book yet (it takes me months to read books), but here’s a line that I really love:

> A simple, well-written application that delights is far better than a feature-rich one that overwhelms.

A lot of people ask me for the secret to getting a blogger “like me” to write about their apps. I tell them there is no secret, just make an app that I like. Of course, that’s just a bullshit answer so that I can get back to whatever I was doing, but Shawn dives deep into that subject.

> Rather, the focus is on addressing the finest goal a person in our industry can have: to create substantive work that delights and excites our audience.

*Disclaimer: Shawn is a friend, but you knew that.*

[1]: http://shawnblanc.net/thedetails/

[An all new plugin from Jonathan Christopher called SearchWP was just launched today][1]. I had the good fortune of getting a copy of this plugin from Jonathan yesterday afternoon, and I promptly installed the plugin (and shifted the live search results to it).

There’s a lot of really great things about SearchWP that make it a no-brainer for any WordPress user that loves their readers, not the least of which are:

1. You can weight the results based on how *you* want to weight them. If you want to match titles above all else, you can. Your slug above all else? Done.
2. You can exclude categories from the search. Which for me means I can exclude *all* of those old sponsor posts from showing up — I cannot tell you how much I love that. (I urge people to do the same on their sites.)
3. The search results stay on *your* site. I previously went with DuckDuckGo because it was the best solution at the time, but over the last few months I have noticed DuckDuckGo “missing” some of my posts when I am searching. This is not good, especially when you are directing traffic out of your site in hopes they come back.
4. Keyword stemming is an option, so that searches like `backpack`, `backpacks`, and `backpacking` returns the same results. I love that, it’s just a little nicety that is user friendly.

I still have tweaking to do with how the search results are displayed on this site, but this is a fantastic plugin. There’s even an extension (I have it installed) to add the Boolean minus attribute. So you could search `Shawn -Blanc` and find every instance that I reference “Shawn”, but not “Blanc”. Just compare the search for `Shawn Blanc` ([here][2]) and `Shawn -Blanc` (again, [here][3]).

The one thing I have been trying to do since I launched the paywall is to make this site better *for* the readers of the site. I believe SearchWP does just that because it’s weighted how I know it needs to be weighted, keeps you on the site that you want to search, and is *more* user friendly.

Amazingly, SearchWP is only $24.99 for a single site license *and* you get support, *and* you get extensions. There’s a lot of WordPress plugins for sale, but you typically don’t get a lick of support. [Go buy it][4], [install it][5], [love your readers][6].

[1]: https://searchwp.com/
[2]: https://brooksreview.net/?s=Shawn+Blanc
[3]: https://brooksreview.net/?s=Shawn+-Blanc
[4]: https://searchwp.com/buy/
[5]: https://searchwp.com/docs/
[6]: http://bukk.it/carlton.gif

[Paul Rosenzweig has a fantastic article][1] about the different types of encryption and what each means from a legal standpoint. There are a lot of services that will tell you your data *is* encrypted, but if the service is still holding the keys to that encryption then your data *may* not be encrypted from legal bodies who could compel that service provider to turn over your encryption keys.

I think this is of utmost importance to understand right now. Far too many people, not only don’t understand the difference, but they are misled by marketing bullshit on “cloud” service providers websites when they refer to encryption. At the end of it all, right now, the only stuff that is truly encrypted are the things that are also a big pain in the ass to use. ((As a rule of thumb.))

[1]: http://www.lawfareblog.com/2013/08/encryption-keys-and-surveillance-2/

I’ve mentioned a few times now that I use the Digg app on the iPhone pretty regularly. I like that I can browse some articles that are typically interesting, and send those articles to Instapaper with a swipe… Well actually send them with one of half-a-dozen swipes. You see, my iPhone with iOS 7 on it, apparently hates the Digg app (or the other way around). ((Could be fallout from the Digg podcast’s terribleness.))

[Here’s what happens with the latest Digg app running on iOS 7](https://vimeo.com/71755406):

Let’s be clear: I place zero blame on Digg, Apple, or the developers of either for those swiping issues. *I* am running beta software, and I included Digg not to chastise them, but to talk about a larger point: interaction matters.

While the fact that I cannot reliably swipe the table off the screen to see the hidden actions is incredibly annoying, almost more annoying is how small the tap zone is for Instapaper. Yes, I hit the icon 9 times out of 10, but given the fact that it takes me a maddening amount of swipes to get to that view, if I miss that tap even once — I am so pissed I almost throw my phone.

## My Point

My point isn’t that developers should support beta software — I don’t care about that. My point is that if you require a gesture to reveal a tap zone(s), then make sure that the tap zone(s) are easy to, uh, *tap*. Having to repeat a gesture once is annoying enough, having to repeat it because you missed a tap is downright maddening.

That is all.

*(Side note: I didn’t realize what that Ke$$$$Ha article was about until I watched the video — it’s rather fitting.)*

[Pete Yost for the Boston Globe][1]:

> For the first time, NSA Deputy Director John C. Inglis disclosed that the agency sometimes conducts what is known as three-hop analysis. That means the government can look at the phone data of a suspected terrorist, plus the data of all of the contacts, then all of those people’s contacts, and all of those people’s contacts.

> If the average person calls 40 unique people, three-hop analysis could allow the government to mine the records of 2.5 million Americans when investigating one suspected terrorist.

I was [looking for these numbers][2] a while back, and I finally found the article I was thinking of.

[Here’s Sean Gallagher for Ars Technica][3]:

> The Internet has blown the level of interconnectedness though the proverbial roof—we now have e-mail, social media, and instant message interactions with people we’ll never meet in real life and in places we’ll never go. A 2007[ study][4] by Carnegie Mellon University machine learning researcher Jure Leskovec and Microsoft Research’s Eric Horvitz found that the average number of hops between any two arbitrary Microsoft Messenger users, based on interaction, was 6.6. And a [study of Twitter feeds published in 2011][5] found the average degree of separation between random Twitter users to be only 3.43.

Three hops is essentially *everyone* when your “suspected terrorist” pool parameters are essentially anyone who Googles the wrong thing from a non-US computer. Two hops is a lot of people, three hops is basically anyone — that’s how a “Foreign Intelligence Surveillance Court” authorizes *domestic* spying. If FISC rules that it *is* constitutional to spy on these enemies, **and** to follow those that they are spying on through three hops of communication, then FISC (which authorizes foreign spying) has essentially authorized domestic spying.

And this is the problem with only one side presenting information to the court — we can’t be sure that FISC judges were presented the right math. Maybe they thought it effected hundreds of thousands of Americans, not hundreds of million Americans. Maybe, or maybe they don’t care, shouldn’t we be allowed to know one way or the other?

[1]: http://www.bostonglobe.com/news/nation/2013/07/17/nsa-spying-under-fire-you-got-problem/Ev73I1XwPYtvD2WFZ6idGK/story.html
[2]: https://brooksreview.net/2013/07/three-hops/
[3]: Sean%20Gallagher
[4]: http://arxiv.org/pdf/0803.0939v1.pdf
[5]: http://www.aaai.org/ocs/index.php/SOCS/SOCS11/paper/viewFile/4031/4352

[Steven Aquino, in a post with Josh Centers, about the Solarized color theme (with a Nitti Light font equivalent)][1]:

> After using this setup for the last couple weeks, I can say with confidence that the combination of Cousine and Solarized Light is great for writing. More importantly, as a visually impaired person, I find the combination to be extremely comfortable for my eyes. Between Cousine’s clean design and the contrast of the background, I’m experiencing considerably less eye strain than normal.

I love this setup: Ulysses III + Solarized + Nitti Light. I’ve been using it since the moment I had my hands on the Ulysses III beta, and it’s fantastic. I have a few things to add to their post.

First, you can get [Cousine][2] from a non-Google source for free, but I haven’t used the font before so that’s about all I know about it.

Secondly, your font size is almost as important as the font itself. I just checked and Ulysses III is showing that I have Nitti Light selected as my font at about 16.9 points, with a 1.6 line height. I’ve been using that for quite a while and it’s the sizing that seems most comfortable to me — just don’t feel bad making the font bigger, or smaller, if you need it to be.

Lastly, Ulysses III has a bug that I have found with Nitti light. Specifically it seems that selecting the body font as a light weight instead of a normal weight screws with the syntax highlighting a bit. Where light is the body weight and bold becomes the highlighted weight — when I personally feel setting your font to a light weight should make the normal weight the highlighted weight. I don’t know if this is a fix that is coming down the line or not, and for some this might drive them crazy.

*[Ulysses III][3] is $39, and worth every penny — [Nitti Light][4] is (roughly) $78 and is also worth every penny (I bought the whole suite).*

[1]: http://tidbits.com/article/13966
[2]: http://www.fontsquirrel.com/fonts/cousine
[3]: http://www.ulyssesapp.com
[4]: http://www.boldmonday.com/en/nitti