Recent Articles

[Good post from Sean Gallagher at Ars Technica,][1] he noticed a few of the things that I thought were surprisingly unreported about XKEYSCORE. Basically the tool can tell you available systems to be hacked, find who was using encrypted VPN sessions, and grab other encrypted items for later decryption. Yikes.

*Side Note: I cannot help but be impressed by how robust these systems are. Truly stuff of the movies, actually more powerful than many movies had imagined.*

[1]: http://arstechnica.com/tech-policy/2013/08/nsas-internet-taps-can-find-systems-to-hack-track-vpns-and-word-docs/

A new document collaboration app is out, called [Quip][1]. It’s an iOS app, and a [web service][2] that gives you a rich-text editor and allows you to not only work on a file with groups, but to comment and see the changes. It’s a lot like [Editorially][3], but seems less writing focused, and more business focused. I downloaded it and started playing immediately, because just this week we ran into a collaboration problem in our office.

The problem we had is that one person used Word with Track Changes to send a document for review and Person 2 made changes and sent it back. Then this time sensitive document sat there, because Person 3 (me) and Person 2 were out of the office and couldn’t see the tracked changes on their iPhones (yes, Pages, but PAGES) and so it was forgotten in email inboxes that were constrained by iPhones and travel. This was annoying, and led to a slowdown in our speed to get documents out, etc, as a business.

Quip seems great for handling that very scenario for two reasons:

1. It has iOS apps.
2. It eliminates email.

Everything else is what you get out of Word and track changes (mostly, but for basic needs is what we are talking). *BUT*, there’s one big gotcha: you can only export to PDF. How stupid is that? *Pretty stupid.*

Christine Chan also has a [nice writeup over at App Advice][4].

[1]: https://itunes.apple.com/US/app/id647922896?mt=8&ign-mpt=uo%3D4
[2]: http://quip.com
[3]: https://editorially.com
[4]: http://appadvice.com/review/quickadvice-quip

Ellis Hamburger over at *The Verge* (no link, it’s The Verge) has a post defending the practice of creating a wait list for new apps (think Mailbox). Hamburger linked to [an old post of mine][1] in order to point out that my solution doesn’t work in practice:

> Even with a thousand servers, one user’s actions can gum up the works. “It’s a complicated system with lots of moving parts,” Underwood says. “We can test each of the pipes between them but we won’t know until we scale it if everything can handle the load.

Me, back in March:

> You know what all these bullshit wait list apps have in common? They are *free*.

The thing is, I don’t know much about scaling apps like this. So, I did what people like Hamburger should do, I asked around to people with experience scaling some large systems — but I asked people I knew who had successfully scaled without a wait list. ((Instead of only ones with a wait list like Hamburger did, I should have asked wait list developers too, but Hamburger has that Press Release, I mean article, already written for you.)) When I sent them the link to Hamburger’s “post” the responses ranged from:

– Yeah, that *can* be a problem. (This dev clearly didn’t want to get involved.)
– That’s bullshit.
– Was he paid to write this for these devs?

All I then asked is if you threw money at the problem, could you make it go away. I don’t just mean by adding more engineers, but by adding more people: the consensus was that you could lessen disruption, but probably not stop it completely.

So there seems to be a few ways to handle scaling your service/app:

1. Do what you can. Allow the flood of users and do what you can to manage downtime. This is the worst option.
2. Wait list. Allows people to roll in slowly to manage the growth and complaints if the service does go down.
3. Allow everyone in, hire a massive team with a massive amount of servers — this is unlikely.
4. Charge a reasonable price, which will slow growth, use those funds to [grow the service as the service can afford to grow][2]. If a deluge of users come in, then you are in boat number 3.

You know which option I prefer, but it looks like Hamburger would rather tell you that the *only* option is number two — and his argument doesn’t seem to reflect the reality (why not grab some developers who have successfully scaled, why only one side? Oh yeah, *The Verge*).

The best way to get rid of this wait listing bullshit is to ignore every app that comes out using it. That’s what I am going to do and I hope you do too.

[1]: https://brooksreview.net/2013/03/if-i-wanted-a-wait-list-i-would-get-in-line-for-your-mom/
[2]: https://pinboard.in/about/

I almost feel like summing up the capabilities of the NSA as: “Watch Fox’s TV Show *24*, watch what Chloe does and how fast she does it. Apply that to real life, update it for modern communication methods, speed it up ten times, and make it look like a Google search. That’s what the NSA can do, *right* now.”

We don’t know the whole truth about the NSA’s capabilities, but we *do* know that there’s a massive lack of oversight and control. *Something* is really fucked up.

It’s always been laughable, as a nerd, how fast characters in TV shows “hack” into systems and get all the information they need. Now it looks like the joke was on *us*, because *we* thought any hacking was required. Just flag, store and correlate every bit that passes through a network and you don’t need to hack into servers because you already know everything going into *and* out of the them. In today’s world of “cloud” services, that means you essentially know everything, about anyone, whenever you want.

I’m not writing this to scare you, though you should be worried, what’s more interesting is where we go from here. [Protests are great][1], but you can’t change something without offering an effective alternative solution.

Perhaps the craziest part of XKEYSCORE (logo notwithstanding) is that the NSA doesn’t even [deny its capabilities][2], instead they just focus on the ethics of the tool and training of NSA users. It’s real, it does what was leaked — the only issue up for debate is whether there are proper checks and balances in place. How is this not the *only* story.

[1]: http://1984day.com
[2]: http://www.nsa.gov/public_info/press_room/2013/30_July_2013.shtml?utm_medium=App.net&utm_source=PourOver

[Google’s partnership with Starbucks][1], as described by Kevin Lo on the Google Blog:

> That’s why we’re teaming up with Starbucks to bring faster, free WiFi connections to all 7,000 company-operated Starbucks stores in the United States over the next 18 months. When your local Starbucks WiFi network goes Google, you’ll be able to surf the web at speeds up to 10x faster than before. If you’re in a Google Fiber city, we’re hoping to get you a connection that’s up to 100x faster.

Free WiFi. Hosted — and likely, in part, paid for — by Google at 7,000+ locations in the US. That’s a staggering thought. All your Frappuccino®-fueled internet browsing behavior is now passing through the NSA *and* Google. Who do you trust more with your data? Which has the more palatable mission: fighting crime, or making money?

For all the wrongs the NSA is perpetrating, they’re not doing this to profit financially. NSA contractors are doing it for a profit, but NSA contractors aren’t using your data for profit, they are using the fact that they can create tools to collect your data for profit. Google though? As far as I know, Google doesn’t fight crime: They make money — lots of money — with your data, now siphoned away as you sip your quadruple-shot dissolved sugar, all without you knowing.

Perhaps you think I’m overreacting, and that Google won’t collect a thing because they’re moral, but to that I would ask: Why would they offer free WiFi to begin with?

[1]: http://googleblog.blogspot.com/2013/07/starbucks-wifi-goes-google.html

[Ed Payne and Rene Marsh for CNN][1]:

> A new government report says misconduct by Transportation Security Administration workers has increased more than 26% in the last three years.

And:

> “There’s not even a way to properly report some of the offenses, so this may be just the tip of the iceberg of some of the offenses,” said Rep. John Mica, a Florida Republican and longtime critic of the TSA who ordered the audit.

So in a nutshell: TSA misconduct has increased by 26% at the very *low* end over the last three years. Great job guys.

[1]: http://www.cnn.com/2013/07/31/travel/tsa-misconduct/index.html

XKeyscore makes PRISM look like child’s play, here’s [Glenn Greenwald reporting on the latest Snowden leak][1]:

> XKeyscore, the documents boast, is the NSA’s “widest reaching” system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers “nearly everything a typical user does on the internet”, including the content of emails, websites visited and searches, as well as their metadata.

If you read the entire post, it doesn’t get any less invasive. Greenwald notes that this tool can grab content of private messages on websites like Facebook, as well as chat communications. Because of the sheer amount of data, the information can thankfully only be stored for very short periods of time, unless otherwise flagged. But this flies in the face of the lies being told by intelligence “officials”, and these slides look pretty damning.

Thankfully, this leak includes screenshots. I didn’t want to see screenshots so much for my own curiosity as I did because I suspected they would show just how trivial this process is. Indeed, the screenshots very much show that. These programs work off of very simple search fields with drop down boxes — they actually looks more useable than a lot of websites.

The “best” part: there’s a “justification” box, to which Snowden says:

> Some searches conducted by NSA analysts are periodically reviewed by their supervisors within the NSA. “It’s very rare to be questioned on our searches,” Snowden told the Guardian in June, “and even when we are, it’s usually along the lines of: ‘let’s bulk up the justification’.”

Well *that’s* reassuring.

[1]: http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data

Since O’Neill’s post mentions Calca, I thought I should talk a little bit about the latest nerd calculating tool. [Calca bills itself as a: “Humane Symbolic Calculator”][1]. While I have no clue what that means, it’s very catchy. I downloaded the Mac version and have very mixed feelings about the app.

I have no doubt that for some people, this app will just click, but I think *most* people are still better off with [Soulver][2].

But don’t mistake that for me saying that Soulver *is* better than Calca — they are actually much further apart that I would have guessed.

Soulver acts like calculator mixed with Excel, whereas Calca acts like a text-file version of Excel. Neither is bad, just very, *very*, different. Soulver is what I grab when I need to do math, Calca is a tool to grab when I want to create a dynamic reference — something with perhaps more permanence.

Since that was overly vague, here’s the only thing I have found Calca useful for so far: lease rates. I always have to tell people how much Space 2 at Building Q will cost monthly, and that’s rather dynamic. Usually I have to calculate it each time, but with Calca I can set all the variables up and run the calculations. Thus I can update the price of every space by changing one variable — that’s pretty damned handy. And because it is *just* a text file, the information won’t be trapped.

[Calca is `$4.99`][3] on the Mac App Store and is niche, but very neat.

[1]: http://Calca.io/
[2]: https://brooksreview.net/2012/09/soulver-buy-it/
[3]: https://itunes.apple.com/us/app/calca/id635758264?ls=1&mt=12

Sid O’Neill sent me a link on App.net to his Keyboard Maestro macro and holy crap. [This is one hell of a useful macro, you need this.][1]

I have to say I was very skeptical at first that this would work, but good lord does this work well. Very cool stuff.

[1]: http://crateofpenguins.com/blog/2013-7-textexpander-snippets-and-keyboard-maestro-macro-to-solve-math-in-your-text-editor

Back before I started this site, I had the tedious task of coming up with the table plan for our wedding. We thought long and hard about just letting it be a free for all, but for reasons I cannot remember we both decided that assigned seating was best.

It sounds like a really simple thing to do, but I wanted to do this on my computer so that I could quickly change and tweak everything, and then print it all out for the staff at our venue. That’s when I hit a wall — I couldn’t figure out how best to do it. (I started with an Illustrator document, that proved to be a bad idea rather quickly.)

[I ended up buying Perfect TablePlan][1]. It is *not* great looking — and that’s being generous. I haven’t looked in ages for this kind of software (nor do I need it now), but they sent me an email about their latest version, so I thought I would throw it out there for all of you.

The best feature — the feature that sold me — was the ability of the software to not only say “these two people should sit together”, but to say “these people should *not* sit together”. Then you can have the software auto assign the seats and from there fine-tune. It helped me tremendously.

[1]: http://www.perfecttableplan.com/

[Brett Terpstra on tagging in Mavericks][1]:

> Offering a universal system that allows files to pass seamlessly from one app to another and be organized in more powerful ways is not just a nice gesture, it’s integral to killing off our current file-in-folder mindset.

I scoffed at tagging until I read Brett’s post — he makes some great points. I’ve never been a big fan of tagging, but I think if you fully commit to tagging and spend a couple weeks reorganizing your filesystem, you are probably better off in the long run — this seems to be the direction Apple is taking.

I don’t use many folders and I truly don’t tag, I just find things by search, but more and more finding by search without some kind of “thing” to immediately tone down the results, is getting hard. I’m giving tagging a go.

[1]: http://brettterpstra.com/2013/07/28/mavericks-and-tagging/

[Glenn Greenwald via Kari Rea on George Stephanopoulos’ show][1]:

> And what these programs are, are very simple screens, like the ones that supermarket clerks or shipping and receiving clerks use, where all an analyst has to do is enter an email address or an IP address, and it does two things.  It searches that database and lets them listen to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you’ve entered, and it also alerts them to any further activity that people connected to that email address or that IP address do in the future.

Two things:

1. This is getting down right crazy. The fact that Chambliss is trusting the NSA is just sad — I really just want someone to do a hardcore investigation related to everything the NSA is doing.
2. I *really* want to see a screenshot.

[1]: http://abcnews.go.com/blogs/politics/2013/07/glenn-greenwald-low-level-nsa-analysts-have-powerful-and-invasive-search-tool/

[John Mutter][1]:

> Another possible reason for Amazon’s boldness is its apparently cozy relationship with the Obama administration–whose Justice Department pursued the agency model case, which mainly benefited Amazon. This relationship will be highlighted this coming Tuesday, when the president will give another major speech on the economy and aiding the middle class at, of all places, the Amazon warehouse in Chattanooga, Tenn. This is roughly equivalent of going to a Wal-Mart and calling for more of the kinds of jobs it offers.

Mutter also hits on some interesting tidbits that Amazon is doing to try and shutter its competition — by dropping their prices so low there’s no way anyone else (hell even Amazon) can make money.

[1]: http://shelf-awareness.com/booktrade.html

[David Kravets][1]:

> On Wednesday, the house voted 217 to 205 not to rein in the NSA’s phone-spying dragnet. It turns out that those 217 “no” voters received twice as much campaign financing from the defense and intelligence industry as the 205 “yes” voters.

Shocking? No. Nonetheless, disgusting? Yes.

[1]: http://www.wired.com/threatlevel/2013/07/money-nsa-vote/?utm_medium=App.net

*Disclaimer: Ben did not ask me to write this post, nor did I run it by him before I published it (not that I do any other time). These are my personal views, and do not necessarily reflect the views of this site or its owner. But seriously, I’m totally right.*

As some of you may remember from a few months ago, after I filled in for him during a week-long vacation from blogging, Ben asked if I would stay on as a contributing editor for The Brooks Review. While the English award I received in elementary school clearly qualified me for such a title, I was nervous I wouldn’t be able to perform up to the standards this site has risen to over the past few years.

Unfortunately, before I even had a chance to buckle under the pressure, I had to write an email I didn’t want to write: “I have to quit”. At the time, between work and life my free time had dwindled to the point where keeping up with even a single-post-per-week pace was impossible.

Thankfully, Ben’s response was even better than I could ask for: keep writing when you can, and don’t let missing a few weeks here and there stop you. And while up to this point I still haven’t had—or, perhaps more accurately, made—the time to write as often as I’d like, I knew I had to write this.

You see, this site is special. It may not look it (though Ben’s taste for elegantly minimal design certainly speaks to my soul), but it really is.

It’s special not because of its content, its design, or even its writers, but because of its independence. And independence not just in terms of ownership, but in editorial process and even its business model.

There are plenty of independent sites out there, many of which I’m sure you read regularly. As an independent media advocate myself, I absolutely love that the Internet has lowered the bar to entry so that anyone—[even my mom][1]—can have their voice be heard.

But while many sites like this are independently owned, many rely on a third party of some sort to monetize it. Whether it’s running an ad network spot in the sidebar or RSS feed, or even doing those sales independently, there’s a third party involved that isn’t the site owner, the writers, or the readers. There’s another voice that doesn’t really… fit.

And I don’t begrudge those sites for doing it this way. Ads ran on my own site before it was overrun with crickets. I believe in independent media, and I believe those who create it deserve to be compensated just as those who produce mass media are compensated. If all it takes is a single ad for one of my favourite writers or podcasters to plop themselves into a chair and create magic, then god bless that little ad.

But what’s exciting about this site, as I’m sure you have figured out, is its true independence. While there are a couple of us slugging away at these keys, clamouring for that tiny morsel of attention you have left after work and kids and wives ¹ and friends and drinks, we write with a singular aspiration: to entertain you.

Guys, I don’ get paid for this. I did, for that brief shining moment when I was actually dedicated to a posting schedule. But as soon as I stepped down, I told Ben to keep his money because I know both how much this site makes and how much he has invested right back into it.

I first started using the Internet back in 2003. I was in high school, I was a loner in a big crowd of people, and I was drawn to the acceptance I found on the message boards and blogs I participated in. I’ve made great friends online—among which I count Ben—and I believe this was only possible because we were each given permission to have a voice.

Having a voice [in a world that so frequently tells you not to have one][2] is one of the most important revolutions of human history. But for that to continue, we need people who can say what needs to be said; whether it’s about the crazy shit our own governments are doing behind our backs or that GODDAMN BLUE ICON, the freedom to speak *and have our voices be heard* is one of the greatest privileges we’ve ever stumbled into.

The Brooks Review does not use slideshows, articles broken up into multiple pages, or ugly fucking popovers asking you to “SIGN UP TO OUR NEWSLETTER GUYZ!” because we don’t need pageviews, ad clicks, or multiple streams of income. We need one.

We need you.

The Brooks Review runs on three things: the dedication we have to provide you with the most honest, brutal truth we can muster about things silly and significant; the love and support our readers have shown this site through your emails, @replies, and crazy-ass comments; and your money.

I’m not going to link to the page Ben’s set up for you to become a contributing member. You can DuckDuckGo that shit. I don’t want to make it easy because my hope isn’t that you’ll support this site. My hope is that you’ll support independent media, whether that’s here or wherever you find that person or group of people who says or writes or performs or draws the things you need to hear or read or experience. Because if you don’t…

1. Adendum: Or husbands. Sorry, sometimes my inner chauvinist sneaks out. Apologies. — P
   ↩

[1]: http://momsknitting.tumblr.com
[2]: http://www.tmz.com/2013/07/19/kanye-west-paparazzi-attack-assault-paramedics-photo/

[Natasha Singer on the idea behind this new agreement][1]:

> The code of conduct would require participating mobile app developers to show notices indicating whether their apps collected user-specific details in any of eight categories: biometrics, including fingerprints or facial recognition data; Web browsing history; logs of phone calls or texts made or received; contact list details like e-mail addresses or social network connections; financial information, like credit or banking data; health or medical data; precise location data; and stored text, video or photo files.

That’s great and all, but it’s probably the least effective solution. For it to work several things need to happen, not the least of which are:

1. The shady developers signing on;
2. Consumers stop downloading any apps that do *not* participate.
3. It becoming law.

None of those options are likely to happen if you ask me. What’s more likely is that the good developers sign up voluntarily and show that they have nothing to hide, while the [bad developers][2] siphon your entire fucking address book and do whatever they want and then say “BUGS! Oops!”. Congress may get around to changing the laws, but the laws will be a hacked apart mess that is irrelevant by the time the laws are invoked.

The real enforcement should come from Apple, Google, and Microsoft — in the form of kicking shady apps out. I feel like such a dialog should be a standard part of iOS that pops up to tell uses what data is being accessed — not ok boxes that are most easily dismissed by agreeing. No, a screen that Apple puts together, not the developers that blocks the entire interface for a few seconds before allowing you to proceed. Then again, me and like two other people, would be the only ones for that.

[1]: http://www.nytimes.com/2013/07/26/technology/under-code-apps-would-disclose-collection-of-data.html
[2]: http://gizmodo.com/5981041/did-path-screw-up-and-steal-your-data-again