Rafe's blurbloghttps://rafeco.newsblur.com/2018-05-19T20:43:19.388000ZrafecoAgainst political analogies2018-05-19T20:43:19.388000ZTim Carmodyhttps://kottke.org/18/05/against-political-analogies<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/against-political-an/8676581:dd480d">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/8676581.png" style="vertical-align: middle;width:16px;height:16px;"> kottke.org.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>It’s a common and (on its face) rhetorical move: take something that’s happening now and map it onto the past. Better yet, take something atrocious that’s happening now and show how it maps onto something atrocious in the past, ideally affecting the very people who are now supporting the atrocities. “See?” this trope says: “what you’re doing to other people is exactly what was done to you.”</p>
<p>That’s the basic structure of “resistance genealogy,” as seen in clashes over immigration. “Tomi Lahren’s great-great-grandfather forged citizenship papers; Mike Pence’s family benefited from “chain migration”; James Woods’ ancestors fled famine and moved to Britain as refugees,” etc.</p>
<p>Rebecca Onion argues, convincingly, that <a href="https://slate.com/human-interest/2018/05/against-resistancegenealogy-digging-up-information-about-the-immigrant-ancestors-of-trumpsters-is-doing-more-harm-than-good.html">this doesn’t work</a>:</p>
<blockquote>The chasm between the life and experiences of a white American, even one who’s descended from desperate immigrants of decades past, and the life of this Honduran mother is the entire point of racist anti-immigration thought. Diminishment of the human qualities of entering immigrants (“unskilled” and “unmodern” immigrants coming from “shithole” countries) reinforces the distance between the two. People who support the Trump administration’s immigration policies want fewer Honduran mothers and their 18-month-olds to enter the country. If you start from this position, nothing you hear about illiterate Germans coming to the United States in the 19th century will change your mind. </blockquote>
<p>Besides underestimating racism, it flattens out history, and assumes that if people only knew more about patterns of historical racism, they might be convinced or at least shamed into changing how they talk about it. Everything we’ve seen suggests that isn’t the case.</p>
<p>I’m going to take this one step further and say this is a weakness in most resorts to historical and political analogies deployed as a tool to understand or persuade people about the present. </p>
<p>For example, consider Donald Trump saying, regarding immigrants trying to enter the United States, “<a href="https://www.nytimes.com/2018/05/16/us/politics/trump-undocumented-immigrants-animals.html">these aren’t people, these are animals</a>.” This is a disgusting thing to say and way to think — and not just because German Nazis and Rwandan perpetrators of genocide used similar language in a different context, and regardless of whether he was using it to refer to immigrants in general or members of a specific gang. It’s bad, it’s racist, it’s shitty, and you really don’t need the added leverage of the historical analogy in order to see why. But that leverage is tempting, because it shows off how much we know, it underlines the stakes, and it converts bad into ultra-bad.</p>
<p>This hurts me to say, because I love history and analogies both. But there’s a limit to how much they can tell us and how well they work. And playing “gotcha!” is usually well beyond the limits of both.</p>
<strong>Tags:</strong> <a href="https://kottke.org/tag/Donald%20Trump">Donald Trump</a> <a href="https://kottke.org/tag/history">history</a> <a href="https://kottke.org/tag/politics">politics</a>The United States of Guns2018-05-19T20:42:03.563000ZJason Kottkehttps://kottke.org/18/05/the-united-states-of-guns-4<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/the-united-states-of/8676581:225d45">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/8676581.png" style="vertical-align: middle;width:16px;height:16px;"> kottke.org.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Like many of you, I read <a href="https://www.nytimes.com/2018/05/18/us/school-shooting-santa-fe-texas.html">the news</a> of <em>a single person</em> killing <em>at least 10 people</em> in Santa Fe, Texas today. While this is an outrageous and horrifying event, it isn’t surprising or shocking in any way in a country where <a href="https://fivethirtyeight.com/features/gun-deaths/">more than 33,000 people die from gun violence each year</a>.</p>
<p>America is a stuck in a Groundhog Day loop of gun violence. We’ll keep waking up, stuck in the same reality of oppression, carnage, and ruined lives until we can figure out how to effect meaningful change. I’ve collected some articles here about America’s dysfunctional relationship with guns, most of which I’ve shared before. Change is possible — there are good reasons to control the ownership of guns and control has a high likelihood of success — but how will our country find the political will to make it happen?</p>
<p><a href="https://opinionator.blogs.nytimes.com/2012/12/16/the-freedom-of-an-armed-society/">An armed society is not a free society</a>:</p>
<blockquote><p>Arendt offers two points that are salient to our thinking about guns: for one, they insert a hierarchy of some kind, but fundamental nonetheless, and thereby undermine equality. But furthermore, guns pose a monumental challenge to freedom, and particular, the liberty that is the hallmark of any democracy worthy of the name — that is, freedom of speech. Guns do communicate, after all, but in a way that is contrary to free speech aspirations: for, guns chasten speech.</p>
<p>This becomes clear if only you pry a little more deeply into the N.R.A.’s logic behind an armed society. An armed society is polite, by their thinking, precisely because guns would compel everyone to tamp down eccentric behavior, and refrain from actions that might seem threatening. The suggestion is that guns liberally interspersed throughout society would cause us all to walk gingerly — not make any sudden, unexpected moves — and watch what we say, how we act, whom we might offend.</p></blockquote>
<p><a href="http://www.nybooks.com/daily/2012/12/15/our-moloch/">We’re sacrificing America’s children to “our great god Gun”</a>:</p>
<blockquote><p>Read again those lines, with recent images seared into our brains — “besmeared with blood” and “parents’ tears.” They give the real meaning of what happened at Sandy Hook Elementary School Friday morning. That horror cannot be blamed just on one unhinged person. It was the sacrifice we as a culture made, and continually make, to our demonic god. We guarantee that crazed man after crazed man will have a flood of killing power readily supplied him. We have to make that offering, out of devotion to our Moloch, our god. The gun is our Moloch. We sacrifice children to him daily — sometimes, as at Sandy Hook, by directly throwing them into the fire-hose of bullets from our protected private killing machines, sometimes by blighting our children’s lives by the death of a parent, a schoolmate, a teacher, a protector. Sometimes this is done by mass killings (eight this year), sometimes by private offerings to the god (thousands this year).</p>
<p>The gun is not a mere tool, a bit of technology, a political issue, a point of debate. It is an object of reverence. Devotion to it precludes interruption with the sacrifices it entails. Like most gods, it does what it will, and cannot be questioned. Its acolytes think it is capable only of good things. It guarantees life and safety and freedom. It even guarantees law. Law grows from it. Then how can law question it?</p></blockquote>
<p><a href="http://www.rogerebert.com/reviews/elephant-2003">Roger Ebert on the media’s coverage of mass shootings</a>:</p>
<blockquote><p>Let me tell you a story. The day after Columbine, I was interviewed for the Tom Brokaw news program. The reporter had been assigned a theory and was seeking sound bites to support it. “Wouldn’t you say,” she asked, “that killings like this are influenced by violent movies?” No, I said, I wouldn’t say that. “But what about ‘Basketball Diaries’?” she asked. “Doesn’t that have a scene of a boy walking into a school with a machine gun?” The obscure 1995 Leonardo Di Caprio movie did indeed have a brief fantasy scene of that nature, I said, but the movie failed at the box office (it grossed only $2.5 million), and it’s unlikely the Columbine killers saw it.</p>
<p>The reporter looked disappointed, so I offered her my theory. “Events like this,” I said, “if they are influenced by anything, are influenced by news programs like your own. When an unbalanced kid walks into a school and starts shooting, it becomes a major media event. Cable news drops ordinary programming and goes around the clock with it. The story is assigned a logo and a theme song; these two kids were packaged as the Trench Coat Mafia. The message is clear to other disturbed kids around the country: If I shoot up my school, I can be famous. The TV will talk about nothing else but me. Experts will try to figure out what I was thinking. The kids and teachers at school will see they shouldn’t have messed with me. I’ll go out in a blaze of glory.”</p>
<p>In short, I said, events like Columbine are influenced far less by violent movies than by CNN, the NBC Nightly News and all the other news media, who glorify the killers in the guise of “explaining” them. I commended the policy at the Sun-Times, where our editor said the paper would no longer feature school killings on Page 1. The reporter thanked me and turned off the camera. Of course the interview was never used. They found plenty of talking heads to condemn violent movies, and everybody was happy.</p></blockquote>
<p><a href="https://www.newyorker.com/magazine/2012/04/23/battleground-america">Jill Lepore on the United States of Guns</a>:</p>
<blockquote><p>There are nearly three hundred million privately owned firearms in the United States: a hundred and six million handguns, a hundred and five million rifles, and eighty-three million shotguns. That works out to about one gun for every American. The gun that T. J. Lane brought to Chardon High School belonged to his uncle, who had bought it in 2010, at a gun shop. Both of Lane’s parents had been arrested on charges of domestic violence over the years. Lane found the gun in his grandfather’s barn.</p>
<p>The United States is the country with the highest rate of civilian gun ownership in the world. (The second highest is Yemen, where the rate is nevertheless only half that of the U.S.) No civilian population is more powerfully armed. Most Americans do not, however, own guns, because three-quarters of people with guns own two or more. According to the General Social Survey, conducted by the National Policy Opinion Center at the University of Chicago, the prevalence of gun ownership has declined steadily in the past few decades. In 1973, there were guns in roughly one in two households in the United States; in 2010, one in three. In 1980, nearly one in three Americans owned a gun; in 2010, that figure had dropped to one in five.</p></blockquote>
<p><a href="https://www.theatlantic.com/international/archive/2012/07/a-land-without-guns-how-japan-has-virtually-eliminated-shooting-deaths/260189/">A Land Without Guns: How Japan Has Virtually Eliminated Shooting Deaths</a>:</p>
<blockquote><p>The only guns that Japanese citizens can legally buy and use are shotguns and air rifles, and it’s not easy to do. The process is detailed in David Kopel’s landmark study on Japanese gun control, published in the 1993 Asia Pacific Law Review, still cited as current. (Kopel, no left-wing loony, is a member of the National Rifle Association and once wrote in National Review that looser gun control laws could have stopped Adolf Hitler.)</p>
<p>To get a gun in Japan, first, you have to attend an all-day class and pass a written test, which are held only once per month. You also must take and pass a shooting range class. Then, head over to a hospital for a mental test and drug test (Japan is unusual in that potential gun owners must affirmatively prove their mental fitness), which you’ll file with the police. Finally, pass a rigorous background check for any criminal record or association with criminal or extremist groups, and you will be the proud new owner of your shotgun or air rifle. Just don’t forget to provide police with documentation on the specific location of the gun in your home, as well as the ammo, both of which must be locked and stored separately. And remember to have the police inspect the gun once per year and to re-take the class and exam every three years.</p></blockquote>
<p><a href="https://www.theguardian.com/world/2016/jun/23/australias-gun-laws-stopped-mass-shootings-and-reduced-homicides-study-finds">Australia’s gun laws stopped mass shootings and reduced homicides, study finds</a>:</p>
<blockquote><p>From 1979 to 1996, the average annual rate of total non-firearm suicide and homicide deaths was rising at 2.1% per year. Since then, the average annual rate of total non-firearm suicide and homicide deaths has been declining by 1.4%, with the researchers concluding there was no evidence of murderers moving to other methods, and that the same was true for suicide.</p>
<p>The average decline in total firearm deaths accelerated significantly, from a 3% decline annually before the reforms to a 5% decline afterwards, the study found.</p>
<p>In the 18 years to 1996, Australia experienced 13 fatal mass shootings in which 104 victims were killed and at least another 52 were wounded. There have been no fatal mass shootings since that time, with the study defining a mass shooting as having at least five victims.</p></blockquote>
<p>From The Onion, <a href="https://www.theonion.com/no-way-to-prevent-this-says-only-nation-where-this-r-1826142891">‘No Way To Prevent This,’ Says Only Nation Where This Regularly Happens</a>:</p>
<blockquote><p>At press time, residents of the only economically advanced nation in the world where roughly two mass shootings have occurred every month for the past eight years were referring to themselves and their situation as “helpless.”</p></blockquote>
<p>But America is not Australia or Japan. Dan Hodges <a href="https://twitter.com/dpjhodges/status/611943312401002496">said on Twitter a few years ago</a>:</p>
<blockquote><p>In retrospect Sandy Hook marked the end of the US gun control debate. Once America decided killing children was bearable, it was over.</p></blockquote>
<p>This can’t be the last word on guns in America. We have to do better than this for our children and everyone else whose lives are torn apart by guns. But right now, we are failing them miserably, and Hodges’ words ring with the awful truth that all those lives and our diminished freedom & equality are somehow worth it to the United States as a society.</p>
<strong>Tags:</strong> <a href="https://kottke.org/tag/USA">USA</a> <a href="https://kottke.org/tag/guns">guns</a>GDPR Hysteria · Jacques Mattheij2018-05-19T20:09:48.174000Zhttps://jacquesmattheij.com/gdpr-hysteria<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/gdpr-hysteria-jacque/184163:a1e9c5">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/184163.png" style="vertical-align: middle;width:16px;height:16px;"> Jacques Mattheij.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div><div><p>In another week the <a href="https://gdpr-info.eu/" rel="nofollow" class="external">GDPR</a>, or the General Data Protection Regulation will become enforceable and it appears that unlike any other law to date this particular one has the interesting side effect of causing mass hysteria in the otherwise rational tech sector.</p><p>This post is an attempt to calm the nerves of those that feel that the(ir) world is about to come to an end, the important first principle when it comes to dealing with any laws, including this one is <a href="https://en.wikipedia.org/wiki/Phrases_from_The_Hitchhiker%27s_Guide_to_the_Galaxy#Don%27t_Panic" rel="nofollow" class="external">Don’t Panic</a>. I’m aiming this post squarely at the owners of SME’s that are active on the world wide web and that feel overwhelmed by this development. A bit of background about myself: I’ve been involved in the M&A scene for about a decade, do technical due diligence for a living (together with a team of 8). This practice and my feeling that the battle for privacy on the web is one worth winning which has led me to study online privacy in some detail puts me in an excellent position to see the impact of this legislation first hand as well as how companies tend to deal with it.</p><p>First some context: <strong>Every</strong> company and every project or hobby ever has to be compliant with the law. Whether or not that is possible usually depends on what you are doing, your local legislative climate and, obviously, the law. So whether or not you are doing something for profit, as a hobby or making a few bucks on the side all the way up to a company doing billions in turnover with 10’s of thousands of employees does not matter. Compliance with the law is the norm. If you are doing business abroad then this means that you may have to be compliant with the laws of another country, and the web being as connected as it is this means there is a fairly high chance that your little domain will be impacted by the laws from multiple jurisdictions. For people from relatively insignificant (in terms of power in the rest of the world) countries this is not exactly news, they are already impacted by the laws from very powerful countries and so they are probably well adapted to this. For the inhabitants of large countries that so far have been able to ignore the laws of other places this is a new situation which may require some new level of understanding.</p><p>The easiest way to gain some of this understanding is to realize that you already have to be compliant with a lot of laws in order to be able to operate anything at all, even a lemonade stand comes with the following legal implications:</p><ul>
<li><p>food safety laws</p></li>
<li><p>commercial operation laws</p></li>
<li><p>municipal laws</p></li>
<li><p>administrative laws</p></li>
<li><p>employment law</p></li>
<li><p>and possibly even others</p></li>
</ul><p>So, <em>nothing</em> is really simple but one more law added to the pile is also not going to be the end of the world. Because this article is not aimed at large enterprises and because I am not a lawyer (yes, that’s one of those annoying disclaimers) this article is not written in legalese, but there will be some terms from the GDPR that I will not be able to get around. These terms will be defined when they are first used, a search with your favorite, GDPR compliant search engine will usually give you more context than I can put in this article.</p><p>The first thing you have to realize in coming to terms with the GDPR is that ‘one law fits all’. The GDPR was written as a law to repair the lack of adherence to its predecessor, the DPD, the European Data Privacy Directive, which has had the unfortunate shortcoming of being a directive rather than a regulation. The effect of this - and the lack of teeth - was that it was mostly ignored by businesses. This is a recurring theme in our collective history: first there will be room to self regulate, if that does not work there will be a directive and if all that fails then finally there will be a law with penalties in case of non compliance. As the sign on the maps on billboards all over the world says ‘You are here!’. Now - in exactly 7 days - we will have a law come into effect that has some serious teeth and that you will - for a change - not be able to ignore.</p><p>So what form does the panic take? I’ve seen a lot of different kinds of it but most of it revolves around the a fairly limited number of themes that I will try to address one by one from the perspective of a small business owner in order to reduce the emotional levels to something more manageable. Getting these fallacies out the way before going into more detail about the kind of impact the GDPR does have is productive because it will allow us to concentrate in more detail on what actually matters.</p><ul>
<li>The GDPR is going to expose me to fines of up to 20 million Euros for even the slightest transgression</li>
</ul><p>No, the GDPR has the potential to escalate to those levels but in the spirit of the good natured enforcers at the various data protection agencies in Europe they will <em>first</em> warn you with a notice that you are not in compliance with the law, give you some period of time to become compliant and will - if you ignore them - fine you. That fine will be proportional to the transgression. You can of course ignore the fine and then ‘all bets are off’ but if you pay the fine <em>and</em> become compliant you can consider the matter closed. The typical EU pattern in case of repeated transgressions on the same subject is increasing fines. This can get expensive quickly and most businesses tend to adjust their processes promptly once they have been fined the first time. The reason why I am sure this is the way it will go down is this is exactly how it has been done so far, every interaction with data protection authorities has followed the exact same pattern: warn, fine, increased fines. There are no known cases - though I’m willing to be surprised on this one, but none that I can find - where an entity was presented with a huge fine without first being given a chance to comply with the law.</p><p>Note that the 20 million Euros or 4% of global turnover is the <em>maximum</em> fine, the specific language is ‘a fine up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater’, so that’s the maximum of the fine that’s being set by the 20 million or the 4%, and this bit is there to ensure that even the likes of Facebook and Google will not simply ignore the law and pay the fine to be able to continue as they have so far. This in no way should be read as you, the small business operator will face a fine of 20 million for each and every infraction that could be found.</p><ul>
<li>The GDPR will enable anybody to be able to sue me, even from abroad</li>
</ul><p>The GDPR does not have this effect, but you may be interested to know that <em>anybody</em> can sue you or your business for whatever reason strikes their fancy. This is a direct consequence of doing business and has nothing to do with a particular law. What the GDPR allows private individuals to do is to contact their regulators and to complain <em>if</em> you decide to ignore their requests. So if John Doe wants to have his data removed from your service and you tell him to get stuffed then John has the right to alert his regulator to the fact that you are probably not in compliance. If the data protection entity of John’s country feels the case has merit they will send you the letter mentioned above. If not you might never hear from them. The data protection authorities will function as a clearing house. If you feel this is selective enforcement then you should be happy about it for a change: by providing this clearing house function the burden of regulation will be substantially lower than it would be without and it will ensure that the public will not be able to use the GDPR to harass businesses, and they will allow the insertion of a bar to be met before action is taken.</p><ul>
<li>Fines will land without warning and will be draconian</li>
</ul><p>No, fines will be proportional and will only be levied after a chance to become compliant has been given. This has been the case in all other EU law regarding privacy to date, this one will not be any different. The EU regulators see their job as ensuring compliance, not as creating a source of income.</p><ul>
<li>The GDPR will require me to deal with complaints/paperwork in 28 different languages</li>
</ul><p>The text of the GDPR is available in English, a typical regulator will send you a notice in a language that you can understand. This goes for everything in the EU that has to do with the law, from traffic fines to copyright law and everything else. If the EU is good at dealing with something it is dealing with other languages. So the paperwork - if any - that you will receive will be in a language that you can read and if you can’t there will be an English translation available. Case in point: I got a parking ticket in Paris last year where my car was on the wrong side of the road on a particular day I’d parked there on Monday, apparently on Tuesday you have to park your car on the other side of the road and me being a stupid tourist I thought I was safe because everybody else parked there too. I received my ticket in the mail a few days later, with a French text, an English text, and - most surprising - a perfectly worded Dutch text complete with instructions on how to have myself represented in court if I wished to contest the fine and instructions for paying the fine if I did not want to contest it.</p><ul>
<li>The GDPR will require me to hire people and my entity is too small to be able to afford this</li>
</ul><p>No, the GDPR will require you to assign certain roles to ensure that someone is in charge of privacy related stuff.</p><ul>
<li>Faceless bureaucrats will use the selective enforcement of the GDPR to stuff the coffers of the EU at the expense of foreign companies</li>
</ul><p>The EU tends to use fines as a means of forcing a company into compliance. Companies that are large and that have large European holdings or that use the EU to avoid paying taxes rightly worry about this particular aspect, <em>especially</em> if they have constructed their business around massive databases of profiles on EU citizens. If this isn’t you then you can probably ignore this aspect of EU legislation. If you’re Mark Zuckerberg however I would definitely advise <em>not</em> to ignore this, however the chances of Mark reading this blog post are nil.</p><ul>
<li>The EU is over-reaching here, as a foreigner I should be free to just comply with my local laws and ignore the rest</li>
</ul><p>As soon as you do business abroad you will have to comply with the laws of those countries. That’s maybe not what you were hoping for but this has always been the case. For physical products there are all kinds of entities that ensure compliance with the laws of other countries including rules for manufacturing, transportation, storage, ingredients - all the way back to the source - and so on depending on the context and nature of your business. For online businesses this has never been any different for instance you have to comply with copyright law, laws on online gambling, the DMCA and lots of other laws that are essentially local in nature (though copyright laws were harmonized long ago to make this easier).</p><ul>
<li>Processing all these end-user requests will be a huge burden</li>
</ul><p>Then automate it. If you could automate the collection of the data in the first place then you <strong>definitely</strong> can automate the rest of the life cycle. There is no technical hurdle companies won’t jump through if it gets them juicy bits of data but as soon as the data needs to be removed we’re suddenly back in the stone age and some artisan with a chisel and hammer will have to jump into action to delete the records and this will take <strong>decades</strong> for even a small website. Such arguments are not made in good faith and in general make the person making them look pretty silly after all nobody ever complained about collecting data, in fact there are whole armies of programmers working hard to scrape data from public websites which is a lot more work than properly dealing with the life cycle of that data after it has been collected. So yes, it is a burden, no, the burden isn’t huge <strong>unless you expressly make it so</strong> but that’s your problem.</p><ul>
<li>This law was sprung on us, there is absolutely no way I’m going to be prepared a week from now</li>
</ul><p>The law has been in effect for over two years at this point, and the DPD, the European Data Protection Directive has been in effect for <em>over two decades</em>. So no, this law was not sprung on anybody, though it is very well possible that you only became aware of it a few weeks or months (or days?) ago. If that’s the case do not panic, you too will <em>most likely</em> be fine.</p><ul>
<li>It is impossible to be compliant with this law</li>
</ul><p>Well, this website is fully compliant with the law, so at least in this particular case it seems to work. Why? Because I don’t store any information about you. That’s a conscious choice on my part which I made <em>long</em> before the GDPR was even talked about in public. But if your situation is more complex then you too can be compliant, or at least - and this is key - you could <em>try</em> to be compliant. For instance, one oft heard argument is that no webserver (or even any internet service) is going be able to be compliant because all web servers log IP addresses, and IP addresses are PII. But that argument does not hold water. There are several reasons for that, the major ones being: webservers only log IP addresses if you configure them to do so. Almost all webservers have a formatting option that determines what exactly is logged and you could configure your webserver to not log the whole address but just the network portion. You also have the option to log the address and to disclose that you do so in your privacy policy, but then you will have to allow for the removal of that data on request, which you may find burdensome (or not, that depends on the volume of such requests). Finally, you may have a legitimate reason to log the IP address, provided you delete it after you are done with whatever use you collected it for in the first place. There is enough room in the GDPR to hold on to the address for 30 days with a possible extension of another 60 days after which an automated reply to the user can tell them their IP address was purged and you’d be in compliance. That’s one of the reasons why I think the GDPR is a surprisingly good law, most of the times when legislation is written that impacts technology the end result is absolutely unworkable, in this case most scenarios seem to work well for all parties involved.</p><ul>
<li>Becoming compliant with this law will cause my business to go under</li>
</ul><p>I’m terribly sorry to hear that. But consider this: this law was written with the express purpose to rein in some of the worst violations of the privacy of EU citizens during their online activities. If becoming compliant with the law will cause your business to go under that is more or less the same as saying that your business is built on gross privacy violations. So if that’s your business model then good riddance to you and your company. However if that is not your business model then most likely you will be just fine.</p><ul>
<li>It’s not fair, I have no representation in the EU because I’m not from there, why should my company comply?</li>
</ul><p>Because you wish to do business in the EU. For what it’s worth, there are plenty of laws that project across the borders of countries and harmonization of laws between countries means that people are not always aware of the fact that this is happening. The DMCA is a nice example. Besides that, privacy is a fairly hot topic and there is hope in privacy advocacy circles that the EU is lighting the way here and that other countries will likely follow its example.</p><p>The fact that you or your company do not have representation in the EU does not mean you get to ignore the law, if you could then that would mean an automatic disadvantage for others that do play by the rules. You ignore the law at your peril.</p><ul>
<li>I don’t want to end up being arrested for GDPR violations when I go on a holiday in Europe (yes, I really saw that one)</li>
</ul><p>This is so far fetched it is comical. The EU does not operate that way, and besides, why would you wilfully break the law and continue to do so after you have been made aware of this? I’ve yet to hear about a single individual that was lifted from their bed in a French bed and breakfast during their well deserved holiday, but maybe you’ll be the first. If it happens let me know and I’ll come visit you in jail, I might even throw some bucks towards your defense fund. (Apologies for the flippant tone in this section but it really irks me, the only case like this that I’m aware of was the USA arresting one David Carruthers of <a href="http://betonsports.com" rel="nofollow">betonsports.com</a>.)</p><ul>
<li>My business can not be compliant with this draconian and burdensome law</li>
</ul><p>In that case please shut down or do not serve EU customers. But be aware that (1) you are leaving a nice opening for a competitor and (2) you are probably doing something you should not be doing in the first place, in which I would say the law is working as intended.</p><ul>
<li>The law is so complicated, there is no way I could ever make sense of it</li>
</ul><p>As laws come I was actually surprised by how easy it is to read it. It’s not particularly large, it uses mostly clear language and it <em>usually</em> (but critically, not always and this is a justified complaint) defines its terms. The biggest area where the lack of definition is annoying (but understandable) is when it comes to determining at what size company you need to take certain measures. I understand the complainers and I understand the lawmakers positions and this probably could have been handled in a more robust manner. But there are good reasons for doing it this way, as I hope to illustrate later.</p><ul>
<li>I can’t afford the risks associated with this law so I am shutting down/I will lock Europeans out</li>
</ul><p>Ok. Bye. But make sure you <em>really</em> understand those risks and please understand as well that it may not be possible for you to lock Europeans out reliably enough to not have any exposure under the law and realize that there are lots of other laws that you are also exposed to that could cause you to be wiped out. This law is really no different than any others in that respect. The price of using the web as a world stage is that you effectively are interacting with the legal domains of every country that you do business with.</p><ul>
<li>I should be able to engage in a contract with my users that lets them opt out from this law so I can ignore it</li>
</ul><p>For once the lawmakers saw what was coming and they actually repaired this before it became an issue. I suspect that the ‘cookie law’ debacle made them realise that companies have absolutely no scruples when it comes to things like this and will happily blackmail their users into consenting to something that they’d rather not consent to just to be able to participate in what is more and more unavoidable: online interaction.</p><ul>
<li>For large companies the burden is manageable, for small companies it is too high</li>
</ul><p>From what I’ve seen in my practice over the last couple of years the burden is roughly proportional to three things:</p><pre><code> - the amount of data you hold
- the number of employees in your company
- the kind of data you hold
</code></pre><p>In effect the burden of a large company holding vast amounts of sensitive data will likely be very large. The burden on a small company holding small amounts of non-sensitive data will be very low or even none.</p><ul>
<li>Nobody knows what the GDPR really means</li>
</ul><p>The text is readily available, it is true that there are no meaningful certification programmes as yet but in time these will be available. In some ways this is a pity because it would be nice to be able to say ‘We’re compliant because we have a stamp of approval from such and such a certification authority’ but at the same time the lack of certification requirements actually goes a long way towards reducing the burden on small companies.</p><p>Anyway, you get the gist by now. Each of these misconceptions is like dry tinder in the hands of those that wish to have a good old GDPR bonfire inciting others to panic as well and in general does not really contribute to the discussion. As a rule the statements are either made by well meaning people who have not really done their homework or they are done by people whose businesses depend on being able to violate other people’s privacy and they are hoping that by stoking this fire they will be able to turn the sentiment against the GDPR, to play politics. And as we all know we are in a fact-free environment when it comes to politics nowadays so anything goes. With that out of the way let’s look at some of the <em>actual</em> impact of the GDPR, at what level your exposure most likely is and how - according to me - the future will play out.</p><p>… to be continued, hopefully on Monday …</p></div></div>All problems are not solved2018-05-19T20:06:21.603000ZMark Libermanhttp://languagelog.ldc.upenn.edu/nll/?p=37994<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/all-problems-are-not/5629449:db9158">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/5629449.png" style="vertical-align: middle;width:16px;height:16px;"> Language Log.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>There's an impression among some people that "deep learning" has brought computer algorithms to the point where there's nothing left to do but to work out the details of further applications. This reminds me of what has been described as Ludwig Wittgenstein's belief in the early 1920s that the development of formal logic and the "picture theory" of meaning in his <em>Tractatus Logico-Philosophicus</em> reduced the elucidation (or dissolution) of all philosophical questions to a sort of clerical procedure.</p>
<p>Several recent articles, in different ways, call into question this modern view that Deep Learning (i.e. complex networks of linear algebra with interspersed point nonlinearities, whose millions or billions of parameters are automatically learned from digital examples) is a philosopher's stone whose application solves all algorithmic problems. Two among many others: <a href="http://www.psych.nyu.edu/gary/" rel="noopener" target="_blank">Gary Marcus</a>, "<a href="https://arxiv.org/abs/1801.00631" rel="noopener" target="_blank">Deep Learning: A Critical Appraisal</a>", arXiv.org 1/2/2018; <a href="https://www2.eecs.berkeley.edu/Faculty/Homepages/jordan.html" rel="noopener" target="_blank">Michael Jordan</a>, "<a href="https://medium.com/@mijordan3/artificial-intelligence-the-revolution-hasnt-happened-yet-5e1d5812e1e7" rel="noopener" target="_blank">Artificial Intelligence — The Revolution Hasn’t Happened Yet</a>", <em>Medium</em> 4/19/2018.</p>
<p>And two upcoming talks describe some of the remaining problems in speech and language technology.</p>
<p><span id="more-37994"></span></p>
<p>This afternoon here at Penn, <a href="https://researcher.watson.ibm.com/researcher/view.php?person=us-picheny" rel="noopener" target="_blank">Michael Picheny</a>'s title is "Speech Recognition: What's Left?", at 1:30 in <a href="https://www.facilities.upenn.edu/maps/locations/levine-hall-melvin-and-claire-weiss-tech-house" rel="noopener" target="_blank">Levine</a> 307:</p>
<p style="padding-left: 30px;"><span style="color: #000080;">Recent speech recognition advances on the SWITCHBOARD corpus suggest that because of recent advances in Deep Learning, we now achieve Word Error Rates comparable to human listeners. Does this mean the speech recognition problem is solved and the community can move on to a different set of problems? In this talk, we examine speech recognition issues that still plague the community and compare and contrast them to what is known about human perception. We specifically highlight issues in accented speech, noisy/reverberant speech, speaking style, rapid adaptation to new domains, and multilingual speech recognition. We try to demonstrate that compared to human perception, there is still much room for improvement, so significant work in speech recognition research is still required from the community.</span></p>
<p>For one simple example of an area where further R&D is needed, see our earlier discussion of the <a href="http://languagelog.ldc.upenn.edu/nll/?p=37724" rel="noopener" target="_blank">First DIHARD Speech Diarization Challenge</a>, where on some input categories the winning system performed quite badly indeed, with frame-wise error rates in the 50% range even when the speech-segment regions were specified:</p>
<p><a href="http://languagelog.ldc.upenn.edu/myl/JHU349_2.png"><img src="http://languagelog.ldc.upenn.edu/myl/JHU349_2.png" title="Click to embiggen" width="490" /></a></p>
<p>(See <a href="https://coml.lscp.ens.fr/dihard/data.html" rel="noopener" target="_blank">here</a> for a description of the 10 eval-set data sources.)</p>
<p>And on Wednesday, Richard Sproat will be talking in room 7102 at the CUNY Graduate Center on the topic "Neural models of text normalization for speech applications":</p>
<p style="padding-left: 30px;"><span style="color: #800000;">Speech applications such as text-to-speech (TTS) or automatic speech recognition (ASR), must not only know how to read ordinary words, but must also know how to read numbers, abbreviations, measure expressions, times, dates, and a whole range of other constructions that one frequently finds in written texts. The problem of dealing with such material is called text normalization. The traditional approach to this problem, and the one currently used in Google’s deployed TTS and ASR systems, involves large hand-constructed grammars, which are costly to develop and tricky to maintain. It would be nice if one could simply train a system from text paired with its verbalization. I will present our work on applying neural sequence-to-sequence RNN models to the problem of text normalization. Given sufficient training data, such models can achieve very high accuracy, but also tend to produce the occasional error — reading “kB” as “hectare”, misreading a long number such as “3,281” — that would be problematic in a real application. The most powerful method we have found to correct such errors is to use finite-state over-generating covering grammars at decoding time to guide the RNN away from “silly” readings: Such covering grammars can be learned from a very small amount of annotated data. The resulting system is thus a hybrid system, rather than a purely neural one, a purely neural approach being apparently impossible at present.</span></p>
<p>This reminds me of something that happened in the mid-1980s, during one of the earlier waves of pseudo-neural over-enthusiasm. I was then at Bell Labs, and had presented at some conference or another a paper on our approach to translating text into instructions for the synthesizer. What we used then was a hybrid of a hand-coded text normalization system, a large pronouncing dictionary, dictionary extensions via analogical processes like inflection and rhyming, and hand-coded grapheme-to-phoneme transduction (though no neural nets at that time). Richard Sproat might well have been a co-author. Afterwards, someone came up to me and asked why we were bothering with all that hand-coding, since neural nets could learn better solutions to all such problems with no human intervention, citing Terry Sejnowski's work on learning g2p rules using an early NN architecture (Sejnowski & Rosenberg, "<a href="https://papers.cnl.salk.edu/PDFs/NETtalk_%20A%20Parallel%20Network%20That%20Learns%20to%20Read%20Aloud%201988-3562.pdf" rel="noopener" target="_blank">NETtalk: a parallel network that learns to read aloud</a>", JHU EECS Technical Report 1986).</p>
<p>I say that they "asked me", but "berated me" was more like it. My interlocutor's level of fervent conviction was like someone arguing about scientology, socialism, salvation, or grammatical theories — it had been mathematically proved, after all, that a non-linear perceptron with one hidden layer could asymptotically learn any finite computable function, more or less, so to solve a problem in any other way was clearly a sort of moral failure. Against this level of conviction, it was no help at all to point out that NETtalk's performance was actually not very good.</p>
<p>Not long thereafter, I moderated a 1986 ACL "Forum on Connectionism" (which is what pseudo-neural computation used to be called), and I think that my "<a href="https://dl.acm.org/citation.cfm?id=981168" rel="noopener" target="_blank">Moderator Statement</a>" (pdf <a href="http://www.aclweb.org/anthology/P86-1026?CFID=30200622&CFTOKEN=f4c14615d5b704a0-E28FB7B5-085D-6014-52536C357008EEDE" rel="noopener" target="_blank">here</a>) has actually stood up pretty well over the intervening 32 years.</p>
<p> </p>
<p> </p>★ The End of Third-Party Twitter Clients?2018-05-19T19:42:33.882000ZJohn Gruberhttps://daringfireball.net/2018/05/the_end_of_third_party_twitter_clients<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/the-end-of-third-par/8894995:4c4578">shared this story</a>
:</b>
</td>
</tr>
<tr>
<td>
I've been drifting away from Twitter for months and this probably finishes things off.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p><a href="http://apps-of-a-feather.com/">“Apps of a Feather” — a joint statement from the developers of several top third-party Twitter clients</a>:</p>
<blockquote>
<p><a href="https://blog.twitter.com/developer/en_us/topics/tools/2018/enabling-all-developers-to-build-on-the-account-activity-api.html">After August 16th, 2018</a>, “streaming services” at Twitter will
be removed. This means two things for third-party apps:</p>
<ol>
<li>Push notifications will no longer arrive</li>
<li>Timelines won’t refresh automatically</li>
</ol>
<p>If you use an app like <a href="http://klinkerapps.com/talon-overview/">Talon</a>, <a href="https://tapbots.com/tweetbot/">Tweetbot</a>, <a href="https://www.tweetings.net/apps/">Tweetings</a>, or
<a href="https://twitterrific.com/">Twitterrific</a>, there is no way for its developer to fix
these issues.</p>
<p>We are <em>incredibly eager</em> to update our apps. However, <em>despite
many requests for clarification and guidance, Twitter has not
provided a way for us to recreate the lost functionality</em>. We’ve
been waiting for <a href="https://blog.twitter.com/developer/en_us/topics/tools/2017/building-the-future-of-the-twitter-api-platform.html">more than a year</a> and have had <a href="https://blog.twitter.com/developer/en_us/topics/tools/2017/announcing-more-functionality-to-improve-customer-engagements-on-twitter.html">one reprieve</a>.</p>
</blockquote>
<p>This antipathy to third-party clients is especially confounding considering that Twitter recently dropped support for their own native Mac client. As far as I’m aware, once this comes to pass next month, there will be no way to receive notifications of Twitter DMs on a Mac. None. (Twitter’s website doesn’t even support Safari’s desktop notification feature.) That’s just wacky.</p>
<p>Twitter management obviously wants to steer people to their first-party mobile app and desktop website. I get that. But they already have that: the overwhelming number of Twitter users use exactly those products to access the service. What Twitter management seems to be missing is that many of its most influential users — including yours truly, yes — have been on the platform a <em>long</em> time and have a high tendency to be among those who not just use, but depend upon third-party clients.</p>
<p>To me this is like finding out you’re now required to access email entirely through a web browser. Sure, lots of people already do it that way and either prefer it or think it’s <em>eh, just fine, who cares</em> — but a lot of others <em>hate</em> it and find it completely disruptive to longstanding workflows.</p>
<p>Twitter isn’t explicitly saying that they’re shutting down third-party clients, but I don’t know that it’s feasible for them to exist if they don’t have access to these APIs. It’s like breaking up with someone by being a jerk to them rather than telling them you’re breaking up.</p>
<p>I urge Twitter to reconsider this decision. Third-party clients account for a relatively small part of the Twitter ecosystem, but it’s an important one. Twitter may not care about a native Mac client, but the users of these apps, and the developers who make them, certainly do.</p>★ Users and Customers2018-04-03T00:40:38.170000ZJohn Gruberhttps://daringfireball.net/2018/04/users_and_customers<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/users-and-customers/8894995:17844b">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Fascinating, wide-ranging podcast interview (with an excellent transcript) <a href="https://www.vox.com/2018/4/2/17185052/mark-zuckerberg-facebook-interview-fake-news-bots-cambridge">between Vox’s Ezra Klein and Facebook CEO Mark Zuckerberg</a>:</p>
<blockquote>
<p><strong>Klein</strong>: One of the things that has been coming up a lot in the
conversation is whether the business model of monetizing user
attention is what is letting in a lot of these problems. Tim Cook,
the CEO of Apple, gave an interview the other day and he was asked
what he would do if he was in your shoes. He said, “I wouldn’t be
in this situation,” and argued that Apple sells products to users,
it doesn’t sell users to advertisers, and so it’s a sounder
business model that doesn’t open itself to these problems.</p>
<p>Do you think part of the problem here is the business model where
attention ends up dominating above all else, and so anything that
can engage has powerful value within the ecosystem?</p>
<p><strong>Zuckerberg</strong>: You know, I find that argument, that if you’re not
paying that somehow we can’t care about you, to be extremely glib
and not at all aligned with the truth. The reality here is that if
you want to build a service that helps connect everyone in the
world, then there are a lot of people who can’t afford to pay. And
therefore, as with a lot of media, having an advertising-supported
model is the only rational model that can support building this
service to reach people. […]</p>
<p>But if you want to build a service which is not just serving rich
people, then you need to have something that people can afford. I
thought Jeff Bezos had an excellent saying on this in one of his
Kindle launches a number of years back. He said, “There are
companies that work hard to charge you more, and there are
companies that work hard to charge you less.” And at Facebook, we
are squarely in the camp of the companies that work hard to charge
you less and provide a free service that everyone can use.</p>
<p>I don’t think at all that that means that we don’t care about
people. To the contrary, I think it’s important that we don’t all
get Stockholm syndrome and let the companies that work hard to
charge you more convince you that they actually care more about
you. Because that sounds ridiculous to me.</p>
</blockquote>
<p>There is certainly something to Zuckerberg’s argument here, but the speciousness of the way he formulates it is that a company working hard to charge you more money <em>is</em> undeniably incentivized to care more about you, <em>if</em> you can afford their product or service. I think it’s undeniable that Apple cares more about the hundreds of millions of people who buy its products than Facebook cares about any of its billions of users.</p>
<p>The more apt Tim Cook quote that applies here <a href="https://gadgets.ndtv.com/internet/news/tim-cook-to-google-users-youre-not-the-customer-youre-the-product-594242">is this long-standing internet adage</a>: “When an online service is free, you’re not the customer. You’re the product.” Amazon is undeniably focused on low prices. But Facebook doesn’t charge low prices — they charge high prices. To their customers: advertisers. And <a href="https://www.statista.com/statistics/234056/facebooks-average-advertising-revenue-per-user/">a cursory look at their financials</a> indicates they’ve been working hard to raise those prices.</p>
<p>The linguistic trick Zuckerberg pulls here is that nowhere in the entire interview does he mention the words <em>user</em> or <em>customer</em>. He only says <em>you</em> (in the plural sense) and <em>people</em>. That’s a dodge, because unlike Apple — and Amazon — Facebook’s users are not its customers — and most of the controversies they are dealing with today all stem from the fact that they favored their customers (advertisers willing to pay ever-higher sums for ever-more-invasively-targeted ads) at the expense of their users.</p>Best books for new, first-time managers2018-01-21T21:08:40.306000ZChad Dickersonhttps://blog.chaddickerson.com/2018/01/09/best-books-for-new-first-time-managers/<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/best-books-for-new-f/239091:0281ec">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/239091.png" style="vertical-align: middle;width:16px;height:16px;"> Chad Dickerson's blog.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>I <a href="https://twitter.com/chaddickerson/status/950503614128295936">recently asked on Twitter</a>: “what book would you recommend most for new, first-time managers?” It’s been a while since I’ve been a first-time manager or managed first-time managers directly, so I was curious. Below is the list of what folks recommended. The categories were added by me after realizing an unstructured list of 35+ books would be too overwhelming. I certainly haven’t read all of these books but put some notes in the list next to books I have read and a few notes next to ones I haven’t read but know something about. If you have a book you think should be here and isn’t, email me (hello@chaddickerson.com). I’ll also include this in the newsletter I’m launching (more info <a href="https://blog.chaddickerson.com/newsletter/">here</a>).</p>
<p><strong><span style="text-decoration: underline;">General management & leadership</span></strong></p>
<ul>
<li><a href="http://amzn.to/2CKnHVp">High Output Management</a> (huge fan of this book, wish I had read it long before I did. I recommend pairing it with a book that delves into the emotional aspects of leadership.)</li>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B000FC11LK?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B000FC11LK" rel="noopener" target="_blank" title="Essential Drucker Druckers Management Essentials ebook">The Essential Drucker</a></span><span class="a-list-item"> (absolutely love Drucker — much of what he wrote 50 years ago is more relevant than anything you read today. </span><span class="a-list-item"><a href="https://blog.chaddickerson.com/2013/02/03/liberal-arts-matter/">I posted about Drucker and culture change</a></span><span class="a-list-item"> about five years ago)</span></li>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B00FUZQYBO?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00FUZQYBO" rel="noopener" target="_blank" title="Creativity Inc Overcoming Unseen Inspiration ebook">Creativity, Inc.</a></span><span class="a-list-item"> (great book from Pixar founder Ed Catmull)</span></li>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B00H6JBFOS?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00H6JBFOS" rel="noopener" target="_blank" title="Never Eat Alone Expanded Updated ebook">Never Eat Alone: And Other Secrets to Success, One Relationship at a Time</a> (recommended by Beth Comstock <a href="https://twitter.com/bethcomstock/status/953354921843228672">on Twitter</a> with these words: “Building internal & external networks important for 1st x mgrs – ask for help.”)</span></li>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B00B6U63ZE?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00B6U63ZE" rel="noopener" target="_blank" title="First Days Updated Expanded Strategies ebook">The First 90 Days: Proven Strategies for Getting Up to Speed Faster and Smarter</a></span><span class="a-list-item"> (Eric Hellweg over at HBR </span><span class="a-list-item"><a href="https://twitter.com/ehellweg/status/950508815270731777">said on Twitter</a></span><span class="a-list-item"> this is one of their all-time best sellers. Hadn’t read, now on my must-read list!)</span></li>
<li><a href="https://www.amazon.com/gp/product/B00DGZKQM8?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00DGZKQM8" rel="noopener" target="_blank" title="Leaders Eat Last Together Others ebook"><span class="a-list-item">Leaders Eat Last: Why Some Teams Pull Together and Others Don’t</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B00AFPVP0Y?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00AFPVP0Y" rel="noopener" target="_blank" title="Turn Ship Around Turning Followers ebook"><span class="a-list-item">Turn the Ship Around!: A True Story of Turning Followers into Leaders</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B00WDDOS82?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00WDDOS82" rel="noopener" target="_blank" title="Why Should Anyone Preface Authors ebook"><span class="a-list-item">Why Should Anyone Be Led by You? What It Takes to Be an Authentic Leader</span></a></li>
<li><span class="a-list-item"><a href="http://amzn.to/2DcBl4A">Managing Genius: Master the art of managing people</a></span><span class="a-list-item"> </span></li>
<li><a href="https://www.amazon.com/gp/product/B01KT18416?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B01KT18416" rel="noopener" target="_blank" title="Multipliers Revised Updated Leaders Everyone ebook"><span class="a-list-item">Multipliers: How the Best Leaders Make Everyone Smarter</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B002Q6XUE4?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B002Q6XUE4" rel="noopener" target="_blank" title="Start Why Leaders Inspire Everyone ebook"><span class="a-list-item">Start with Why: How Great Leaders Inspire Everyone to Take Action</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B004CFAZYU?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B004CFAZYU" rel="noopener" target="_blank" title="Being Boss Imperatives Becoming Leader ebook"><span class="a-list-item">Being the Boss: The 3 Imperatives for Becoming a Great Leader</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B00MMG19OG?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00MMG19OG" rel="noopener" target="_blank" title="New One Minute Manager ebook"><span class="a-list-item">The New One Minute Manager</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B01BUIBBZI?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B01BUIBBZI" rel="noopener" target="_blank" title="Coaching Habit Less Change Forever ebook"><span class="a-list-item">The Coaching Habit: Say Less, Ask More & Change the Way You Lead Forever</span></a></li>
<li class="product-name"></li>
</ul>
<p><strong>Tech management and leadership</strong></p>
<p><em>Note: having been a CTO and CEO, I recommend reading these books alongside the more general management books. An engineering leader with strong general management chops and business skills is a rare and valuable breed. </em></p>
<ul>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B06XP3GJ7F?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B06XP3GJ7F" rel="noopener" target="_blank" title="Managers Path Leaders Navigating Growth ebook">The Manager’s Path: A Guide for Tech Leaders Navigating Growth and Change</a></span><span class="a-list-item"> </span>(many recs for this book)</li>
<li><a href="https://www.amazon.com/gp/product/B01J53IE1O?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B01J53IE1O" rel="noopener" target="_blank" title="Managing Humans Humorous Software Engineering ebook"><span class="a-list-item">Managing Humans: Biting and Humorous Tales of a Software Engineering Manager</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B004J4VV3I?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B004J4VV3I" rel="noopener" target="_blank" title="Becoming Technical Leader Gerald Weinberg ebook"><span class="a-list-item">Becoming a Technical Leader</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B00A4OA6UQ?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00A4OA6UQ" rel="noopener" target="_blank" title="Behind Closed Doors Management Programmers ebook"><span class="a-list-item">Behind Closed Doors: Secrets of Great Management</span></a></li>
</ul>
<p><strong><span style="text-decoration: underline;">Communication</span></strong></p>
<ul>
<li><a href="http://amzn.to/2AKtLLD">Radical Candor: Be a Kick-Ass Boss Without Losing Your Humanity</a> (lots of recs for this book)</li>
<li><a href="https://www.amazon.com/gp/product/B005K0AYH4?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B005K0AYH4" rel="noopener" target="_blank" title="Crucial Conversations Talking Stakes Second ebook"><span class="a-list-item">Crucial Conversations Tools for Talking When Stakes Are High</span></a></li>
<li><a href="http://amzn.to/2CWLIvy">Nonviolent Communication</a></li>
</ul>
<p><strong><span style="text-decoration: underline;">Culture</span></strong></p>
<ul>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B06XFLFSRY?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B06XFLFSRY" rel="noopener" target="_blank" title="Braving Wilderness Quest Belonging Courage ebook">Braving the Wilderness: The Quest for True Belonging and the Courage to Stand Alone</a></span><span class="a-list-item"> (from Brene Brown, an exploration of what true belonging means – definitely want to read this)</span></li>
<li><a href="https://www.amazon.com/gp/product/B000OT8GV2?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B000OT8GV2" rel="noopener" target="_blank" title="Asshole Rule Civilized Workplace Surviving ebook"><span class="a-list-item">The No Asshole Rule: Building a Civilized Workplace and Surviving One That Isn’t</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B000OI0FCQ?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B000OI0FCQ" rel="noopener" target="_blank" title="Setting Table Transforming Hospitality Business ebook"><span class="a-list-item">Setting the Table: The Transforming Power of Hospitality in Business</span></a></li>
</ul>
<p><strong><span style="text-decoration: underline;"> Prioritization and results</span></strong></p>
<ul>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B01BFKJA0Y?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B01BFKJA0Y" rel="noopener" target="_blank" title="Radical Focus Achieving Important Objectives ebook">Radical Focus: Achieving Your Most Important Goals with Objectives and Key Results</a></span><span class="a-list-item"> </span></li>
<li><span class="a-list-item"><a href="http://amzn.to/2AKeOt0" rel="noopener" target="_blank" title="Why Managing Sucks How Fix ebook">Why Managing Sucks and How to Fix It</a></span><span class="a-list-item"> (describes something called a “Results-Only Work Environment,” which is why I’m including it in this category)</span></li>
<li><a href="https://www.amazon.com/gp/product/B00G1J1D28?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00G1J1D28" rel="noopener" target="_blank" title="Essentialism Disciplined Pursuit Greg McKeown ebook"><span class="a-list-item">Essentialism: The Disciplined Pursuit of Less</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B002LHRM2O?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B002LHRM2O" rel="noopener" target="_blank" title="Goal Process Ongoing Improvement ebook"><span class="a-list-item">The Goal: A Process of Ongoing Improvement</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B006MN4RAS?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B006MN4RAS" rel="noopener" target="_blank" title="Deadline Novel About Project Management ebook"><span class="a-list-item">The Deadline: A Novel About Project Management</span></a></li>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B008K9AKGM?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B008K9AKGM" rel="noopener" target="_blank" title="Managing Change World Nonprofit Managers ebook">Managing to Change the World: The Nonprofit Manager’s Guide to Getting Results</a></span><span class="a-list-item"> (not all organizations are high-growth startups – thanks to </span><span class="a-list-item"><a href="https://twitter.com/AnotherJayLee/status/950521848739041281">Jay Lee for recommending it</a></span><span class="a-list-item">. I’m on a couple of non-profit boards and will be buying copies.)</span></li>
</ul>
<p><strong><span style="text-decoration: underline;">Psychology and how people think</span></strong></p>
<ul>
<li class="product-name"><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B00555X8OA?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B00555X8OA" rel="noopener" target="_blank" title="Thinking Fast Slow Daniel Kahneman ebook">Thinking, Fast and Slow</a> (thanks to <a href="https://twitter.com/courtneynash">@courtneynash</a> who emailed me about this one: “it’s one of the best distillations of how people think and reason from a true leader in the field”)</span></li>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B000FCKPHG?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B000FCKPHG" rel="noopener" target="_blank" title="Mindset Psychology Carol S Dweck ebook">Mindset: The New Psychology of Success</a></span><span class="a-list-item"> (Carol Dweck’s well-regarded work on growth vs. fixed mindset)</span></li>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B002C949KE?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B002C949KE" rel="noopener" target="_blank" title="Predictably Irrational Revised Expanded Decisions ebook">Predictably Irrational: The Hidden Forces That Shape Our Decisions</a></span><span class="a-list-item"> (love this book)</span></li>
<li><a href="http://amzn.to/2CKB0ow">Influence: The Psychology of Persuasion</a></li>
<li><a href="https://www.amazon.com/gp/product/B004P1JDJO?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B004P1JDJO" rel="noopener" target="_blank" title="Drive Surprising Truth About Motivates ebook"><span class="a-list-item">Drive: The Surprising Truth About What Motivates Us</span></a></li>
<li><a href="https://www.amazon.com/gp/product/B0051SDM5Q?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B0051SDM5Q" rel="noopener" target="_blank" title="Getting Yes Negotiating Agreement Without ebook"><span class="a-list-item"><span class="a-list-item">Getting to Yes: Negotiating Agreement Without Giving In</span></span></a></li>
<li><a href="https://www.amazon.com/gp/product/B002U3CBUW?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B002U3CBUW" rel="noopener" target="_blank" title="Emotional Intelligence 2 0 Travis Bradberry ebook"><span class="a-list-item">Emotional Intelligence 2.0</span></a></li>
</ul>
<p><strong><span style="text-decoration: underline;">Other (literature, non-fiction with important themes)</span></strong></p>
<ul>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B006ID0CH4?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B006ID0CH4" rel="noopener" target="_blank" title="How Will Measure Your Life ebook">How Will You Measure Your Life?</a></span><span class="a-list-item"> (by Clayton Christensen, best known for Innovator’s Dilemma)</span></li>
<li><a href="http://amzn.to/2CKwxSW">The Prince</a></li>
<li><a href="http://amzn.to/2DbVJ5M">Lord of the Flies</a> (Ha. . . I think. Gulp.)</li>
<li><span class="a-list-item"><a href="https://www.amazon.com/gp/product/B003XQEVLM?ie=UTF8&tag=chaddickerson-20&camp=1789&linkCode=xm2&creativeASIN=B003XQEVLM" rel="noopener" target="_blank" title="Paradise Built Hell Extraordinary Communities ebook">A Paradise Built in Hell: The Extraordinary Communities That Arise in Disaster</a></span><span class="a-list-item"> (Akiva Leffert </span><span class="a-list-item"><a href="https://twitter.com/aleffert/status/950544300143730689">said on Twitter</a></span><span class="a-list-item">: “Not a management book per se, but gets you thinking about how people find their best selves”)</span></li>
</ul>
<p>Michael Dearing suggested taking <a href="https://www.harrisonmetal.com/classes/foundations-general-management">his very well-regarded general management course</a>, so I mention that here. Even if you can’t take the course, <a href="https://docs.google.com/document/d/12urC2W5rjN4mCbKCB3SL_gCcfJBYqn0qqdQMOHDCg9M/edit">check out page two of the syllabus</a> for some great readings. Thanks, Michael!</p>
<p>Again, if you have a book you think should be here and isn’t, email me!(hello@chaddickerson.com) I’ll try to keep it updated.</p><br><br><img src="http://1.gravatar.com/avatar/189b64c70b0ce93763d679ee1a8e0bd1?s=96&d=identicon&r=G" />The World is UDP2017-07-24T06:09:18.995000ZGreg Knausshttp://feedproxy.google.com/~r/eod_full/~3/3moukrpoIeU/<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/the-world-is-udp/56:e625db">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/56.png" style="vertical-align: middle;width:16px;height:16px;"> An Entirely Other Day: Full Feed.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>There are two types of people: TCP people and UDP people. (Yes, those are Internet protocols. I’m the guy who wrote software to text my wife. <em>Of course</em> I’m going to classify people by Internet protocols.)</p>
<p>TCP, the protocol, guarantees delivery. When you send something via TCP, you know it’s either arrived or it hasn’t. It’s a phone call, where the person on the other end keeps repeating, “Uh huh” to let you know that they’re listening.</p>
<p>UDP does not guarantee delivery. You send something off into the ether and have no idea if it eventually lands where it’s supposed. It’s the postal mail, where you drop a letter into the box, and there’s a chance that it will be waylaid somewhere, and you’ll never know.</p>
<p>TCP is used for reliable communication. UDP is used for <em>mass</em> communication. E-mail is delivered via TCP, a packet at a time, confirmed and verified. Video conferences are delivered via UDP, a torrent of data vomited willy-nilly towards its destination, and if some of it is lost along the way, well, it’s just a few frames, a hiccup that nobody will notice.</p>
<p>TCP <em>people</em> — people with the TCP personality type — consume everything in their feeds. Every tweet, every e-mail, every photo. They’re completists, and neurotic completists at that. “Mark as Read” makes them feel uncomfortable, like something that needed to be done has been left undone, without actually being able to say what it might be. The data, to a TCP person, was sent, so it must arrive. If it doesn’t, something is broken.</p>
<p>UDP people think TCP people are bonkers. They’ll dip in and out of whatever data happens to be sluicing towards them at any particular moment, without giving the slightest thought to what might have come before and what might come after. If it’s important, they think, it will probably come around again. Missing something, by definition, makes it unimportant.</p>
<p>I am a TCP person, a habit formed back when it was possible to be a TCP person and not be driven to whimpering madness by the constant deluge of text and images and video — there hardly <em>was</em> any video — and whatever else managed to crawl off stand-alone computers and onto the then-fledging Internet. Bandwidth, never mind the relatively few people contributing the the miasma, made it possible to keep up. You can cope with anything at 300 baud.</p>
<p>The world, today, many years after my habit formed, is UDP. Bandwidth doubled, and doubled again, and doubled again and again and again and again. The Internet was flooded with literally billions of people. More data has swung around the planet in the last week than in all of prior history combined. (I just made that up. But you believed it for a second, didn’t you?) There’s just too much, and if you’re intent on crawling through the endless sand of this particular beach, it’s a lot easier not to have to mark every grain as “Done”.</p>
<p>And so people are becoming UDP as well. People wander into and out of their Twitter stream, produced by the N-thousand people they follow, as time allows. They let Gmail decide which messages are important enough to highlight. They happily allow a thousand-thousand posts and tweets and pictures to sail by, without the slightest concern that they might have enjoyed any of them, because they know there’s a thousand-thousand times as much coming over the spillway.</p>
<p>UDP people are right: TCP like me <em>are</em> bonkers. We maintain a tradition in the complete absence of the circumstance that allowed that tradition to form. When the land we stand on finally sinks below the relentlessly rising tide, it’s the people who have adapted, transformed, evolved who will survive. The only place for TCP people in the post-diluvian world will be on the small outcroppings of rock that poke above the endless, endless sea, and the only approach TCP people will be able to take is to pretend that the vast deep that surrounds them doesn’t exist. The world is UDP, and the people who live in it need to be as well.</p>
<p>But it would have been nice if anybody had actually seen this post.</p>
<img alt="" height="1" src="http://feeds.feedburner.com/~r/eod_full/~4/3moukrpoIeU" width="1" />Apple’s Achilles Heel2017-04-18T03:44:29.313000ZJohn Gruberhttps://www.aboveavalon.com/<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/apples-achilles-heel/6230633:4cd650">shared this story</a>
:</b>
</td>
</tr>
<tr>
<td>
Apple has over $200 billion in the bank. I wonder which form of attention is scarce inside Apple.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Neil Cybart, in his weekly Above Avalon column last week, “The Mac Is Turning into Apple’s Achilles Heel”:</p>
<blockquote>
<p>Apple’s decision to change course and develop a new Mac Pro has
received near-universal praise from the company’s pro community.
While developing a new Mac Pro is the right decision for Apple to
make given the current situation, it has become clear that the Mac
is a major vulnerability in Apple’s broader product strategy. The
product that helped save Apple from bankruptcy 20 years ago is now
turning into a barrier that is preventing Apple from focusing on
what comes next.</p>
</blockquote>
<p>I read this last week and it didn’t sit right with me at all. But I couldn’t put my finger on why until this weekend. It’s actually very simple: I think Cybart’s entire premise is completely backwards. The Mac is not Apple’s Achilles heel. The iPhone is. That’s why the rest of his column doesn’t make much sense.</p>
<p>The iPhone hasn’t suffered because Apple is focused on the Mac. New iPhones come out like clockwork every year. Apple has really gotten it down to a science in recent years. The Mac lineup, however — and the Mac Pro in particular — has clearly suffered from a lack of attention. Where did that institutional attention go? Surely much of it went to iPhone.</p>
<p>I’m <em>not</em> arguing that it’s a mistake for Apple to devote more attention to the iPhone than any other product. Smartphones are the greatest opportunity in the history of mass market consumer goods, and <em>also</em> the greatest opportunity in the history of personal computing. The iPhone epitomizes everything Apple stands for. But it’s a mistake to focus so much attention on the iPhone that other important products suffer.</p>
<div>
<a href="https://daringfireball.net/linked/2017/04/17/cybart-achilles-heel" title="Permanent link to ‘Apple’s Achilles Heel’"> ★ </a>
</div>About the PPK talk and tweet2017-02-11T19:16:39.554000ZAdrian Holovatyhttp://www.holovaty.com/writing/ppk-talk/<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/about-the-ppk-talk-a/4437:951bca">shared this story</a>
from <img src="https://www.newsblur.com/rss_feeds/icon/4437" style="vertical-align: middle;width:16px;height:16px;"> Holovaty.com.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Yesterday I <a href="https://www.meetup.com/Frontend-Developer-Meetup-Amsterdam/events/237138278/">attended a talk at a tech meetup</a> here in Amsterdam by <a href="http://quirksmode.org/">Peter-Paul Koch</a> — during which I tweeted a photo of one of his slides:</p>
<blockquote class="twitter-tweet"><p dir="ltr" lang="en">Preach on, <a href="https://twitter.com/ppk">@ppk</a>. Brilliant talk tonight about what went wrong in modern frontend web development. Too many tools, too little thinking. <a href="https://t.co/1jxaP97hsq">pic.twitter.com/1jxaP97hsq</a></p>— Adrian Holovaty (@adrianholovaty) <a href="https://twitter.com/adrianholovaty/status/829777292633194497">February 9, 2017</a></blockquote>
<p>This tweet has gotten quite a lot of attention — mostly negative — and I’d like to give some much-needed context.</p>
<p>PPK’s talk was about the problems he sees in with modern front-end web development. Problems for developers, problems for users, and problems for the web in general. It was more than an hour long and covered many topics, weaving in his rich knowledge of web-development history. Some opinions he articulated:</p>
<ul>
<li>Web developers have become overly focused on emulating native mobile apps, when in fact they should focus on the strengths of the web. Sort of by definition, a website will never be as performant as a native app, given native apps speak directly to an OS while websites always have the browser as middleman — barring some significant technical shifts. So it’s an unattainable goal.</li>
<li>Modern front-end libraries and frameworks have become overly complicated, with so many abstractions and so much tooling that it’s very difficult for developers, especially beginners, to hold it all in their heads. He cited the brilliant <a href="https://hackernoon.com/how-it-feels-to-learn-javascript-in-2016-d3a717dd577f">How it feels to learn JavaScript in 2016</a> by Jose Aguinaga.</li>
<li>Relatedly, browser vendors should have a year-long moratorium on adding new features. (See also his <a href="http://www.quirksmode.org/blog/archives/2015/07/stop_pushing_th.html">blog post</a> on this.)</li>
<li>Modern front-end libraries and frameworks encourage a style of development that punishes people on underpowered/mobile devices and slow connections. In many cases, he argued, there’s no reason to pull in hundreds of kilobytes of JavaScript, or naively traverse the entire DOM for the sake of developer convenience (he gave the example of Angular here), when doing it at a lower level of abstraction would perform better and might also result in less code that’s easier to reason about.</li>
<li>Developers who come to front-end work from back-end work often underestimate how difficult it is to be a front-end developer. Web browsers — with competing standards, implementation differences and browser bugs — are the “most hostile development environment in the world.” The key to being a front-end developer is to embrace that. In fact, certain Computer Science Best Practices, such as the DRY principle, don’t necessarily apply in front-end work (e.g., when practicing progressive enhancement, you develop the same thing twice).</li>
<li>A key distinction of front-end web programming is that users <em>download your code</em> when visiting a web page, which means users get “punished” if your code is bloated. This is different from back-end web programming, where it doesn’t matter nearly as much which tools you use as long as the network request is served quickly enough.</li>
</ul>
<p>I’m working from memory, so I hope I did PPK’s opinions justice here. It was a fantastic, thought-provoking talk. I assume video, or at least the slides, will be posted online soon — and I’ll update this post with links when that happens.</p>
<p>Which brings me to my tweet. One of PPK’s slides said: “If you can’t do without tools you’re not a web developer.” In context of the presentation, this was already a controversial statement. <em>Out of context</em>, it’s absolutely incindiary (and, frankly, a bit nonsensical).</p>
<p>I regret tweeting this photo. It was clearly out of context, and I should have either used a different slide or waited until the video was posted. I hope the context here helps explain it.</p>
<p>Many people saw that slide, interpreted it at face value, and tweeted sarcastic responses such as “If you can’t put in a nail without a hammer, you’re not a carpenter.” They took it way too literally, suggesting PPK was telling us to cease using all tools, <a href="https://twitter.com/michaellnorth/status/830089355511291904">code in assembly</a>, or otherwise be luddites. Obviously this is nonsense.</p>
<p>Other people took issue with drawing lines in the sand, saying it’s counterproductive (and can scare away beginners) to make exclusionary statements like this. I agree. Saying “You’re not a <em>real</em> X unless Y” is the wrong way to make the point. The arbitrary distinction of “Real Programmers” (versus, uh, not-Real Programmers?) is a disease of our profession.</p>
<p>In fact, regarding beginners, one of PPK’s most salient points was that the modern front-end development landscape is so complex that it’s impenetrable to newcomers. If I were starting web development today, I’d be <em>terrified</em> by the complexity — and probably give up. The <a href="https://hackernoon.com/how-it-feels-to-learn-javascript-in-2016-d3a717dd577f">aforementioned Jose Aguinaga post</a> illustrates this brilliantly.</p>
<p>My interpretation of PPK’s slide, having seen the entire presentation, was simply this: <b>web developers should have knowledge of what’s happening behind the scenes, so that they can use their tools more effectively</b>. This, I agree with. If you blindly use a 20K library that traverses the entire DOM on every page load, in a situation where five lines of vanilla JavaScript would have done the same thing, you’re adding unnecessary strain on your users and possibly unnecessary strain on your development team. (That assumes “unnecessary strain” is a bad thing for your particular project/work.)</p>
<p>I’ve always thought the same about Django, by the way. Take, for example, the Django ORM. I think developers ought to have an understanding of SQL — the advantages, the limitations, the dos and don’ts — before they jump into using an ORM. That doesn’t mean everybody needs to <em>write their own ORM</em>, or <em>always use raw SQL</em> (two strawman arguments people have been making repeatedly in response to this tweet) — it just means they should have a basic understanding of what’s happening. Not enough to be a DBA, just enough to not make poor decisions.</p><script id="twitter-wjs" type="text/javascript" async defer src="https://platform.twitter.com/widgets.js"></script>Open Whisper Systems >> Blog >> There is no WhatsApp 'backdoor'2017-01-14T17:05:34.055000Zhttps://whispersystems.org/blog/there-is-no-whatsapp-backdoor/<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/open-whisper-systems/0:3a4fe5">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div><div><p>Today, the Guardian published a story falsely claiming that WhatsApp's end to end encryption contains a "backdoor."</p><h2>Background</h2><p>WhatsApp's encryption uses Signal Protocol, as
<a href="https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf" rel="nofollow" class="external">detailed in their technical whitepaper</a>.
In systems that deploy Signal Protocol, each client is cryptographically identified by a key pair
composed of a public key and a private key. The public key is advertised publicly, through the server, while
the private key remains private on the user's device.</p><p>This identity key pair is bound into the encrypted channel that's established between two parties when they
exchange messages, and is exposed through the "safety number" (aka "security code" in WhatsApp) that participants
can check to verify the privacy of their communication.</p><p><img src="https://whispersystems.org/blog/images/whatsappcomplete2.png" alt="" /></p><p>Most end-to-end encrypted communication systems have something that resembles this type of verification, because
otherwise an attacker who compromised the server could lie about a user's public key, and instead advertise a
key which the attacker knows the corresponding private key for. This is called a "man in the middle" attack,
or MITM, and is endemic to public key cryptography, not just WhatsApp.</p><h2>The issue</h2><p>One fact of life in real world cryptography is that these keys will change under normal circumstances. Every time
someone gets a new device, or even just reinstalls the app, their identity key pair will change. This is something
any public key cryptography system has to deal with. WhatsApp gives users the option to be notified when those changes occur.</p><p>While it is likely that not every WhatsApp user verifies safety numbers or safety number changes, the WhatsApp clients have been
carefully designed so that the WhatsApp server has no knowledge of whether users have enabled the change notifications,
or whether users have verified safety numbers. WhatsApp could try to "man in the middle" a conversation, just like with
any encrypted communication system, but they would risk getting caught by users who verify keys.</p><p><img src="https://whispersystems.org/blog/images/whatsapp-keychange.png" alt="" /></p><p>Under normal circumstances, when communicating with a contact who has recently changed devices or reinstalled WhatsApp,
it might be possible to send a message before the sending client discovers that the receiving client has new keys.
The recipient's device immediately responds, and asks the sender to reencrypt the message with the recipient's new identity key
pair. The sender displays the "safety number has changed" notification, reencrypts the message, and delivers it. </p><p>The WhatsApp clients have been carefully designed so that they <em>will not</em> re-encrypt messages that have already been delivered.
Once the sending client displays a "double check mark," it can no longer be asked to re-send that message. This prevents
anyone who compromises the server from being able to selectively target previously delivered messages for re-encryption.</p><p>The fact that WhatsApp handles key changes is not a "backdoor," it is how cryptography works. Any attempt to intercept
messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end
encrypted communication system.</p><p>The only question it might be reasonable to ask is whether these safety number change notifications should be "blocking"
or "non-blocking." In other words, when a contact's key changes, should WhatsApp require the user to manually verify the
new key before continuing, or should WhatsApp display an advisory notification and continue without blocking the user.</p><p>Given the size and scope of WhatsApp's user base, we feel that their choice to display a non-blocking notification is appropriate.
It provides transparent and cryptographically guaranteed confidence in the privacy of a user's communication, along with a
simple user experience. The choice to make these notifications "blocking" would in some ways <em>make things worse</em>. That
would leak information to the server about who has enabled safety number change notifications and who hasn't, effectively
telling the server who it could MITM transparently and who it couldn't; something that WhatsApp considered very carefully.</p><p>Even if others disagree about the details of the UX, under no circumstances is it reasonable to call this a "backdoor," as
key changes are immediately detected by the sender and can be verified.</p><h2>The reporting</h2><p>The way this story has been reported has been disappointing. There are many quotes in the article, but it seems that the
Guardian put very little effort into verifying the original technical claims they've made. Even though we are the creators
of the encryption protocol supposedly "backdoored" by WhatsApp, we were not asked for comment.</p><p>Instead, most of the quotes in the story are from policy and advocacy organizations who seem to have been asked "WhatsApp
put a backdoor in their encryption, do you think that's bad?"</p><p>We believe that it is important to honestly and accurately evaluate the choices that organizations like WhatsApp or Facebook make.
There are many things to criticize Facebook for; running a product that deployed end-to-end encryption by default for over a
billion people is not one of them.</p><p>It is great that the Guardian thinks privacy is something their readers should be concerned about. However, running a story
like this without taking the time to carefully evaluate claims of a "backdoor" will ultimately only hurt their readers. It has the
potential to drive them away from a well engineered and carefully considered system to much more dangerous products
that make truly false claims. Since the story has been published, we have repeatedly reached out to the author and the
editors at the Guardian, but have received no response.</p><p>We believe that WhatsApp remains a great choice for users concerned with the privacy of their message content.</p></div></div>About Those Folders2017-01-14T16:55:06.750000ZKevinhttp://feeds.feedblitz.com/~/257862718/0/loweringthebar~About-Those-Folders.html<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/about-those-folders/6594:f5afa6">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/6594.png" style="vertical-align: middle;width:16px;height:16px;"> Lowering the Bar.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<img alt="" class="attachment-medium size-medium wp-post-image" height="169" src="https://i0.wp.com/loweringthebar.net/wp-content/uploads/2017/01/folder1.jpg?fit=300%2C169" style="display: block; margin: auto; margin-bottom: 5px;" width="300" /><p>As you surely know, the stars of Donald Trump’s recent press conference were what looked like hundreds of file folders full of papers, which both Trump and his lawyer, Sherri Dillon of <a href="http://feeds.feedblitz.com/~/t/0/0/loweringthebar/~www.morganlewis.com">Morgan Lewis</a>, said were “just some” of the paperwork involved in turning over Trump’s stuff to his sons to solve conflict-of-interest problems.</p>
<p>I don’t want to address here whether the legal plan they have described actually <em>would</em> solve conflict-of-interest problems, except that to the extent I understand what that plan is, I find the claim that it <em>might</em> solve those problems hilarious. But what I want to address is the equally burning question, to me, of whether there was actually anything in those folders other than blank paper.</p>
<p>There was not.</p>
<p>Again, both Trump and Dillon said there <em>was</em>. According to the <a href="http://feeds.feedblitz.com/~/t/0/0/loweringthebar/~www.cnbc.com/2017/01/11/transcript-of-president-elect-donald-j-trumps-news-conference.html">transcript</a>:</p>
<ul>
<li>Trump: “these papers are just some of the many documents that I’ve signed turning over complete and total control to my sons” (that’s the hilarious part).</li>
</ul>
<ul>
<li>Dillon: “Here is just some of the paperwork that’s taking care of those actions.”</li>
</ul>
<ul>
<li>Trump again, at the end: “So this is all—just so you understand, these papers—because I’m not sure that was explained properly. But these papers are all just a piece of the many, many companies that are being put into trust to be run by my two sons….”</li>
</ul>
<p>Again, hilarious! But on to the mysterious papers.</p>
<p>Other than the statements above, to my knowledge there is no direct evidence as to what those folders contained. That is, we can see they contained sheets of paper, but the question is whether anything was <em>printed</em> on the paper. That we do not know, because despite the folders having center stage at the press conference—literally; the podium was off to the side a bit—no one outside the Trump team was allowed even a glance inside them. In the absence of direct evidence, or an admission, the claim that the papers were blank remains “unproven,” <a href="http://feeds.feedblitz.com/~/t/0/0/loweringthebar/~www.snopes.com/trump-busted-using-empty-folders/">as <em>Snopes.com</em> says in its report</a> on this. So there’s that.</p>
<p>But while “circumstantial” is sometimes used as a synonym for “weak,” the fact is that people are convicted all the time based on circumstantial evidence. Sometimes those people are even guilty. And here, as far as I’m concerned the circumstantial evidence only allows one conclusion.</p>
<p>First: they didn’t let anybody see inside the folders. You would not expect them to display anything privileged, of course, but the implication was that these were documents Trump signed for business purposes, and presumably at least some would be for public filing and so not privileged. Even if every document <em>were</em> privileged, it wouldn’t breach the privilege to hold up a document and riffle through it just to show skeptical reporters it had some writing on it. (You couldn’t hold it still or some jackass like me would take a screenshot.) The complete refusal to allow even a glance at any document is therefore very suspicious.</p>
<p><img alt="" class="alignright size-medium wp-image-37070" src="https://i2.wp.com/loweringthebar.net/wp-content/uploads/2017/01/folders.jpg?resize=300%2C225" />Second, as many have pointed out, none of the visible folders have a label or any sort of mark on them, not even a Post-It or other sticky note, and in fact they look quite pristine. As a practicing lawyer, I can tell you that we do not keep documents in unmarked manila folders, at least if dealing with more than a few. It seems highly unlikely that Morgan Lewis has large stacks of manila folders sitting around in its offices, and if somebody needs a particular document the only way to find it is for somebody to go through the whole stack until they get lucky.</p>
<p>Third, no writing or any other sort of mark can be seen on any of the papers themselves. I did not think this was conclusive, though, because as far as I know no more than a fraction of any page was visible. Maybe they just use really big margins. Also, one report speculated that these were unlikely to be legal documents because they clearly aren’t on legal-<em>sized</em> paper. But there’s no rule saying you have to use legal-sized paper for anything. I haven’t used it willingly <em>ever</em>, and I hate it, because it’s stupid. Why is it longer? If long paper is somehow better, why aren’t we still using scrolls? But anyway, this is not conclusive either.</p>
<p>Fourth, here’s what <em>is</em> conclusive, to me: none of the pages, so far as I can tell, have been stapled together. Many individual pages are individually aligned. This makes it impossible that a lawyer or anyone else at a law firm has been using these documents. They are <em>unstapled</em>.</p>
<p>Even if you did use the stacks-of-unlabeled-file-folders system of organization, and you don’t, there is no way in <em>hell</em> any lawyer would fail to bind together the pages of even a written draft, let alone a final document your client is supposedly going to sign in order to make major business changes. You don’t just print out all the pages of multiple documents and stick them in a binder, or leave them in a stack. Nor would you use a mere binder clip (a few of those are visible) for <em>final</em> documents. Never. These things are not done.</p>
<p>[<strong>Update:</strong> someone has just reminded me that a stack of any significant number of legal documents will virtually always exhibit “stack tilt” because of the cumulative effect of page fasteners. That is, the upper-left corner of such a stack is <em>always</em> higher. This is further evidence that Trump’s “legal documents” were unstapled, which, again, is compelling evidence they were all blank. I should also say that Sherri Dillon so far has not responded to my email asking for comment on the alleged blankness of the pages, although that is not at all surprising.]</p>
<p>In short, the circumstantial evidence is overwhelming that somebody on the Trump team created fake stacks of documents to which the president-elect could point when talking about his conflict-of-interest plan. (And it was an amateur—an <a href="http://feeds.feedblitz.com/~/t/0/0/loweringthebar/~https://twitter.com/bergopolis/status/819690193712095232">expert would do a much, much better job</a>.) This doesn’t mean there <em>are</em> no such documents, of course. Probably are, somewhere. But they weren’t in those folders.</p>
<p>So now you know.</p>
<img align="left" alt="" border="0" height="1" hspace="0" src="http://feeds.feedblitz.com/~/i/257862718/0/loweringthebar" style="border: 0; float: left; margin: 0; padding: 0; width: 1px!important; height: 1px!important;" width="1" />
<div style="clear: both; padding-top: 0.2em;"><a href="http://feeds.feedblitz.com/_/28/257862718/loweringthebar" title="Like on Facebook"><img height="20" src="http://assets.feedblitz.com/i/fblike20.png" style="border: 0; margin: 0; padding: 0;" /></a> <a href="http://feeds.feedblitz.com/_/30/257862718/loweringthebar" title="Share on Google+"><img height="20" src="http://assets.feedblitz.com/i/googleplus20.png" style="border: 0; margin: 0; padding: 0;" /></a> <a href="http://feeds.feedblitz.com/_/16/257862718/loweringthebar" title="Add to LinkedIn"><img height="20" src="http://assets.feedblitz.com/i/linkedin20.png" style="border: 0; margin: 0; padding: 0;" /></a> <a href="http://feeds.feedblitz.com/_/29/257862718/loweringthebar,https%3a%2f%2fi0.wp.com%2floweringthebar.net%2fwp-content%2fuploads%2f2017%2f01%2ffolder1.jpg%3ffit%3d300%252C169" title="Pin it!"><img height="20" src="http://assets.feedblitz.com/i/pinterest20.png" style="border: 0; margin: 0; padding: 0;" /></a> <a href="http://feeds.feedblitz.com/_/1/257862718/loweringthebar" title="Add to Reddit"><img height="20" src="http://assets.feedblitz.com/i/reddit20.png" style="border: 0; margin: 0; padding: 0;" /></a> <a href="http://feeds.feedblitz.com/_/12/257862718/loweringthebar" title="Stumble This"><img height="20" src="http://assets.feedblitz.com/i/stumble20.png" style="border: 0; margin: 0; padding: 0;" /></a> <a href="http://feeds.feedblitz.com/_/24/257862718/loweringthebar" title="Tweet This"><img height="20" src="http://assets.feedblitz.com/i/twitter20.png" style="border: 0; margin: 0; padding: 0;" /></a> <a href="http://feeds.feedblitz.com/_/19/257862718/loweringthebar" title="Subscribe by email"><img height="20" src="http://assets.feedblitz.com/i/email20.png" style="border: 0; margin: 0; padding: 0;" /></a> <a href="http://feeds.feedblitz.com/_/20/257862718/loweringthebar" title="Subscribe by RSS"><img height="20" src="http://assets.feedblitz.com/i/rss20.png" style="border: 0; margin: 0; padding: 0;" /></a><h3 style="clear: left; padding-top: 10px;">Related Stories</h3><ul><li><a href="http://loweringthebar.net/2017/01/alert-no-lawyers-in-kansas-senate.html" rel="nofollow">ALERT: There Are No Lawyers in the Kansas Senate</a></li><li><a href="http://loweringthebar.net/2016/10/congress-blames-veto.html" rel="nofollow">Congress Blames President for Law He Vetoed</a></li><li><a href="http://loweringthebar.net/2016/07/what-is-treason.html" rel="nofollow">What Is Treason?</a></li></ul> </div>‘No One Ever Went Broke Taking a Profit’2016-12-29T00:41:20.427000ZJohn Gruberhttp://lifehacker.com/im-jason-fried-ceo-of-basecamp-and-this-is-how-i-work-1790556608<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/no-one-ever-went-bro/5719080:074b85">shared this story</a>
:</b>
</td>
</tr>
<tr>
<td>
This time management strategy works incredibly well when you're the boss and everybody has to work around you.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Andy Orin interview with Jason Fried, for Lifehacker’s “This Is How I Work” series:</p>
<blockquote>
<p><em>What’s your favorite to-do list manager?</em></p>
<p>I don’t track to-dos. I have a small handful of things I know I
need to do every day. If I can’t keep them in my head, I have too
many things to do. Every day is a blank slate for what I need to
do. If something I was supposed to get done yesterday didn’t get
done yesterday, it’s not automatically on my mind for today.
Today’s mind is a clear mind, not yesterday’s remnants.</p>
</blockquote>
<p>That wouldn’t work for me — I literally need to write down the stuff I want to do every day, or I’ll forget something — but I love the mindset.</p>
<p>This is good advice too:</p>
<blockquote>
<p>I’m a one-computer guy — a 12-inch MacBook, so I can work from
anywhere. Years ago I used multiple monitors and had multiple
computers. Then I jettisoned multiple computers but kept the
multiple monitor setup. And a few years ago I tossed out the
second monitor and have been a single computer, single screen
person since then. I go full screen on nearly every app. I also
hide my dock. I don’t want anything pulling my attention away.
When I’m curious I’ll look. Otherwise, I’m looking at what I want,
not what someone else might want me to see.</p>
<p>I can’t stress this enough — protect your attention like you
protect your friends, family, money, etc. It’s among the most
valuable things you have.</p>
</blockquote>
<div>
<a href="http://daringfireball.net/linked/2016/12/28/how-jason-fried-works" title="Permanent link to ‘‘No One Ever Went Broke Taking a Profit’’"> ★ </a>
</div>★ Regarding Uber’s New ‘Always’ Location Tracking2016-12-20T02:17:11.507000ZJohn Gruberhttp://daringfireball.net/2016/12/uber_location_privacy<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/regarding-ubers-new-/5719080:fbaf55">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Uber’s iOS app <a href="http://www.npr.org/sections/alltechconsidered/2016/12/01/503985473/uber-now-tracks-passengers-locations-even-after-theyre-dropped-off">recently changed</a> its location-tracking from “When using the app” to “Always”. The company says they’re only doing it for five minutes after a ride ends, to see where passengers go. They’re trying to improve the accuracy of where passengers get dropped off.</p>
<p><a href="https://hackernoon.com/dear-apple-give-us-control-over-stalkerware-95c625f585fb">Michael S. Fischer is alarmed by this</a>:</p>
<blockquote>
<p>As you know, iOS allows users to control how apps can access the
user’s location. There are three choices: “Always,” “When using
the app,” or “Never.” These are reasonable options. Some users
might never want an app to have access to their location. Others
might have a strong trust relationship with the app and its
authors and allow the app always to track them.</p>
<p>Most of us, though, fall into the middle camp: We want to allow
apps to use our location for the purpose of providing a service,
but want to control our privacy when the app or its authors cease
doing business with us. So what we’re asking is simple:</p>
<p><em>Don’t allow app developers to disable the “when using the app”
Location privacy option.</em></p>
<p>It’s simply unnecessary for Uber or others to track us when the
app isn’t in use. How do we know this? <em>Because these apps worked
adequately before they disabled this option.</em> We were able to meet
our drivers by opening the app, finding our location, and hailing
a driver. We gave them enough information to get the job done, and
we were satisfied with the results.</p>
</blockquote>
<p>Few people are more skeptical about Uber than I am. Just last week <a href="http://daringfireball.net/linked/2016/12/12/uber-privacy">I linked to</a> a <a href="https://www.revealnews.org/article/uber-said-it-protects-you-from-spying-security-sources-say-otherwise/">scathing report on Uber’s internal privacy problems</a>.</p>
<p>iOS does not give users the fine-grained control over apps’ location-tracking privileges that Fischer is asking for, but it does give us a way to verify that Uber is only using its “Always” privilege the way it claims to be — for five minutes after a ride ends.</p>
<p>Go to Settings → Privacy → Location Services and take a look at the list of apps. If Uber has checked your location recently, an indicator will appear in the list — purple if it checked “recently”, gray if in the last 24 hours. I’ve been checking this every few days ever since Uber changed its location-checking privilege, and it has never once shown any sign of misuse.</p>
<p>I don’t trust Uber. But we can collectively verify that in this case, they’re doing exactly what they say they’re doing.</p>Twitter’s ‘Branded Emojis’2016-12-15T19:17:44.951000ZJohn Gruberhttps://marketing.twitter.com/na/en/insights/best-practices-for-supercharging-campaigns-with-branded-emojis.html<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/twitters-branded-emo/5719080:3d585e">shared this story</a>
:</b>
</td>
</tr>
<tr>
<td>
I can't believe companies pay for this at all.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>I wrote yesterday, with regard the Trump campaign’s spat with Twitter over what the New York Times described as “Twitter had killed a #CrookedHillary emoji”:</p>
<blockquote>
<p>I can’t believe the Times didn’t put quotes around that hashtag.
And whatever it is they’re talking about, a sticker or whatever,
is not an emoji.</p>
</blockquote>
<p>I stand by that — I think the word <em>emoji</em> should be used exclusively for <a href="http://emojipedia.org/unicode-9.0/">the icons in the official Unicode spec</a>. Something that is like an emoji but not in the spec is a sticker or an icon or whatever, but it’s not an emoji.</p>
<p>Obviously, others disagree, because Twitter is selling these hashtag icons as “Branded Emojis”. I think that’s a gross misuse of the word. (This is another one of those Twitter things about which I was unaware because they’re only visible in Twitter’s first-party clients, which I almost never use.)</p>
<div>
<a href="http://daringfireball.net/linked/2016/12/15/emoji-twitter" title="Permanent link to ‘Twitter’s ‘Branded Emojis’’"> ★ </a>
</div>Uber’s Privacy Data Problems2016-12-13T03:58:12.270000ZJohn Gruberhttps://www.revealnews.org/article/uber-said-it-protects-you-from-spying-security-sources-say-otherwise/<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/ubers-privacy-data-p/5719080:0cf090">shared this story</a>
:</b>
</td>
</tr>
<tr>
<td>
This looks particularly bad in light of their decision to require you to share location with them all the time if you want to use the app. I have it set to never share location info now, and only turn on location info when I need to use Uber for a ride. I also use Lyft whenever possible, with the knowledge that they may have all the same privacy problems.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Scathing investigative report by Will Evans, writing for Reveal:</p>
<blockquote>
<p>For anyone who’s snagged a ride with Uber, Ward Spangenberg has a
warning: Your personal information is not safe.</p>
<p>Internal Uber employees helped ex-boyfriends stalk their
ex-girlfriends and searched for the trip information of
celebrities such as Beyoncé, the company’s former forensic
investigator said.</p>
<p>“Uber’s lack of security regarding its customer data was resulting
in Uber employees being able to track high profile politicians,
celebrities, and even personal acquaintances of Uber employees,
including ex-boyfriends/girlfriends, and ex-spouses,” Spangenberg
wrote in a court declaration, signed in October under penalty of
perjury.</p>
<p>After news broke two years ago that executives were using the
company’s “God View” feature to track customers in real time
without their permission, Uber insisted it had strict policies
that prohibited employees from accessing users’ trip information
with limited exceptions.</p>
<p>But five former Uber security professionals told Reveal from The
Center for Investigative Reporting that the company continued to
allow broad access even after those assurances.</p>
</blockquote>
<p>They’re currently under investigation by the FTC:</p>
<blockquote>
<p>The Federal Trade Commission, the consumer protection agency, is
investigating Uber’s information security practices and recently
deposed Sullivan, according to security sources.</p>
</blockquote>
<div>
<a href="http://daringfireball.net/linked/2016/12/12/uber-privacy" title="Permanent link to ‘Uber’s Privacy Data Problems’"> ★ </a>
</div>Why Do Websites Publish AMP Pages?2016-10-22T02:47:31.627000ZJohn Gruberhttps://www.ampproject.org/<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/why-do-websites-publ/5719080:b3c6be">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Can someone explain to me why a website would publish AMP versions of their articles? They do load fast, which is a terrific user experience, but as far as I can see, sites that publish AMP pages are effecting ceding control over their content to Google.</p>
<p>Here’s an example I ran into today. I wanted to read Ron Amadeo’s review of the Google Pixel at Ars Technica. From my (new) Google Pixel, I searched for “ars pixel preview”. The first search result <a href="https://daringfireball.net/misc/2016/10/pixel-ars-amp.png">was the AMP version of his review</a>. Same thing <a href="https://daringfireball.net/misc/2016/10/iphone-ars-amp.png">on my iPhone</a>.</p>
<p>If I tap the result, I get the AMP version of the Ars article, served from Google’s domain. So far, I get it. But the kicker is that I don’t see any way to get from the AMP page Google is serving to the canonical version of the article on Ars’s website. Even if I share the article, what gets shared is the google.com URL (<em>https://www.google.com/amp/arstechnica.com/gadgets/2016/10/google-pixel-review-bland-pricey-but-still-best-android-phone/</em>). On desktop browsers, these URLs do get redirected to Ars’s website. But on mobile they don’t. Share from one mobile device to another and nobody ever leaves google.com. Why would any website turn their entire mobile audience — a majority share of their total audience, for many sites today — over to Google? </p>
<p>It makes no sense to me.</p>
<div>
<a href="http://daringfireball.net/linked/2016/10/21/google-amp" title="Permanent link to ‘Why Do Websites Publish AMP Pages?’"> ★ </a>
</div>iPhones can't receive SMS reliably2016-10-17T22:24:34.817000ZNelson Minar (nelson@monkey.org)http://www.somebits.com/weblog/tech/bad/apple-iphone-cant-receive-sms-reliably.html<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/iphones-cant-receive/4468:9a7ae1">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/4468.png" style="vertical-align: middle;width:16px;height:16px;"> Nelson's Weblog:</b>
</td>
</tr>
<tr>
<td>
This seems like a hard problem, I kind of want to write an interview question about it.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>I ran into an awkward problem in Europe; I
couldn’t get SMS messages. It’s a design flaw in
Apple’s handling of text messages, it’s favoring of <a href="https://en.wikipedia.org/wiki/IMessage">iMessage</a> over <a href="https://en.wikipedia.org/wiki/Short_Message_Service">SMS</a>. If
you turn data roaming off on your phone when travelling, you may not be
able to get text messages reliably.</p>
<p>If you have an iPhone suitably logged in to Apple’s cloud services,
other iPhones (and Apple stuff in general) will prefer to deliver text
messages via iMessage instead of SMS. You see this in the phone UI: the
messages are blue, not green. In general iMessage is a good thing. It’s
cheaper and has more features.</p>
<p>The problem is Apple’s iMessage delivery requires the receiving
phone have an Internet connection via WiFi or cellular data. If you have
no WiFi at the moment and have data roaming turned off, your phone is
offline. And so Apple can’t deliver to you via iMessage. They seem to
buffer sent messages for when you come back online. Which is too bad,
because your phone could still receive the message via SMS. Unfortunately
iMessage doesn’t have an SMS delivery fallback.</p>
<p>In practice this design flaw meant I had to leave data
roaming turned on all the time because I needed to reliably get
messages from another iPhone user. Which then cost me about $30
in uncontrollable data fees from “System Services”. Some
$15 was spent by Google Photos spamming location lookups (a <a href="https://productforums.google.com/forum/#!topic/photos/c_vae4ogaS0;context-place=topicsearchin/photos/minar">bug</a>?),
another $15 receiving some photo iMessages from a well-meaning
friend. Admittedly the SMS fallback I’d prefer would also cost some
money, but I think significantly less in my case.</p>
<p>There’s a broader problem with iMessage which is that once a
phone number is registered with it, iPhones forever more will not send
SMS to that number. Apple got sued over this, so now they have a <a href="https://support.apple.com/en-us/HT203042">way to deregister your
number</a>.</p>E.W. Scripps Buys Podcast Company Stitcher2016-06-07T00:41:51.491000ZJohn Gruberhttp://www.wsj.com/articles/e-w-scripps-buys-podcast-company-stitcher-1465239600<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/ew-scripps-buys-podc/5719080:a5d117">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Steven Perlberg, reporting for the WSJ:</p> <blockquote><p>Stitcher is a free app that streams more than 65,000 podcasts from
publishers ranging from NPR to MSNBC to The Wall Street Journal.
It will operate under Midroll Media, the podcast advertising
company that Scripps acquired last year for $50 million, plus $10
million more over three years if the company hits certain
milestones.</p> <p>Midroll sells ads for about 230 programs like “WTF with Marc
Maron,” “The Nerdist,” “StarTalk Radio” and “The Bill Simmons
Podcast.” But podcast listeners these days have a handful of ways
to actually tune into shows, through the likes of Apple’s podcast
app or Google Play Music. Stitcher, one such service, has 8
million registered users and is installed in about 50 car models.</p> </blockquote> <p>Midroll owning Stitcher is not good for the podcast ecosystem. Stitcher is popular, but my show is not on Stitcher because Stitcher re-hosts the audio, compresses it to hell, and unless you opt out, inserts their own ads. That’s not how podcasting is supposed to work. I firmly believe podcasting should be open, like the web. (This is also why I don’t have my show on Google Play — they insist upon hosting and re-compressing the audio as well.)</p> <p>I worry that it’s toxic to combine advertising sales with an exclusive app for playback. Advertisers want tracking? You got it — in Stitcher. <ins>The end goal here is lock-in, and so I think it’s worth fighting right from the start, even at the expense of a few thousand additional listeners for my show. Maybe they’ll never become dominant. Maybe even if they do, they won’t do anything to promote lock-in. But now is the only time to resist the possibility that they’ll grow dominant and abuse their position. It’s too late once it happens.</ins><div><ins><a href="http://daringfireball.net/linked/2016/06/06/midroll-stitcher" title="Permanent link to ‘E.W. Scripps Buys Podcast Company Stitcher’">★ </a> </ins></div> </p> <div><del><a href="http://daringfireball.net/linked/2016/06/06/midroll-stitcher" title="Permanent link to ‘E.W. Scripps Buys Podcast Company Stitcher’">★ </a> </del></div>Glenn Fleishman: ‘The New Night Shift Feature Probably Won’t Help You Sleep Better’2016-03-28T22:54:36.002000ZJohn Gruberhttp://www.macworld.com/article/3047121/iphone-ipad/ios-93-the-new-night-shift-feature-probably-wont-help-you-sleep-better.html<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/glenn-fleishman-the-/5719080:3c40c9">shared this story</a>
:</b>
</td>
</tr>
<tr>
<td>
I used f.lux for awhile before admitting to myself that I hated it.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Glenn Fleishman, writing at Macworld:</p>
<blockquote>
<p>The Night Shift feature in iOS 9.3 lets you adjust the color
temperature of the display, shifting away from blue spectrums of
light, in the putative interest of improving sleep. But Apple
makes no promises. On its website, Apple notes, “Many studies have
shown that exposure to bright blue light in the evening can affect
your circadian rhythms and make it harder to fall asleep.” In iOS,
the feature is explained with “This may help you get a better
night’s sleep.”</p>
<p>In fact, this feature likely will have little or no effect on most
people. Apple hasn’t misrepresented any of the science, but
clinical work done to date doesn’t point a finger right at mobile
devices or even larger displays. Night Shift also can’t remove
enough blue to make a difference if that color is the culprit. And
blue light may not be the trigger it’s been identified as. While
researchers haven’t tested the new feature yet, several factors
add up to at best a placebo effect and a reminder to power
yourself down.</p>
</blockquote>
<p>I know people who enjoy Night Shift (and its Mac progenitor, <a href="https://justgetflux.com/">F.lux</a>) because they find it easier on their eyes at night. I think the stuff about getting a better night’s sleep is bunk, though. (And personally, I find the effect hideous.)</p>
<div>
<a href="http://daringfireball.net/linked/2016/03/28/fleishman-night-shift" title="Permanent link to ‘Glenn Fleishman: ‘The New Night Shift Feature Probably Won’t Help You Sleep Better’’"> ★ </a>
</div>Jake Tapper Asks Trump 7 Straight Horse Race Questions2016-02-22T01:03:48.429000ZRogers Cadenheadhttp://feeds.cadenhead.org/~r/workbench/~3/nk6GzQu93EM/jake-tapper-asks-trump-7-straight-horse-race<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/jake-tapper-asks-tru/156740:d831e9">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/156740.png" style="vertical-align: middle;width:16px;height:16px;"> Workbench:</b>
</td>
</tr>
<tr>
<td>
Not journalism.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>I began watching the Sunday talk shows again last weekend because of Antonin Scalia's death, which propelled the U.S. into an exceptional time in our history. We'll be living with the consequences of how the next Supreme Court appointment is made for a long time. <del>I have no idea how it will turn out, though I believe strongly that a president should be allowed to fill a vacancy when there's nearly a year left in his term. A presidency is four years long, not three.</del> </p><p>Watching one of the shows today reminded me of how terrible political reporting on television can be.</p><p>On CNN's <i>State of the Union</i>, host Jake Tapper asked Donald Trump <a href="http://transcripts.cnn.com/TRANSCRIPTS/1602/21/sotu.01.html">10 <ins>questions:</ins> </a> <del>questions:</del> </p><ol><li>Mr. Trump, congratulations on your victory. What do you think this means for the race going forward? Are you unstoppable?</li><li>Your campaign manager, Corey Lewandowski, said that you have not gotten the credit you deserve from the party for leading the race. Why do you think that is? Do you think some Republicans still don't take you seriously?</li><li>Last week, Senator Rubio said he didn't think a brokered convention would necessarily be a bad thing. Are you concerned at all that party leaders might try to block your nomination at the convention?</li><li>Senator Cruz says that you attack him every day because you know he's the only one who can beat you. Is that right?</li><li>Governor Jeb Bush dropped out last night. He was once the front-runner, once expected to win the nomination. Many would point to you as the primary reason his campaign sputtered. Do you think, by labeling him low-energy and targeting him so quickly, do you think that's what did him in?</li><li>You also took on Jeb's brother President George W. Bush in South Carolina, a state that he won in 2000. And then you won it handily, even though you took on George W. Bush. Do you see Jeb's loss and your victory in South Carolina as a vote on the entire Bush legacy, in a way?</li><li>There's a lot of concern, as you know, among Republican Party leaders in Washington about, can you win a general election? Let's talk about demographics for a second. If the next Republican nominee wins the same share of the white vote that Mitt Romney did in 2012 -- that was 59 percent -- that nominee would need to win 30 percent of the non-white vote. Now, with all due respect, sir, a lot of Republican leaders in D.C. struggle to envision you accomplishing this, especially given the fact that there are white supremacist groups and individuals like that who support you, some of whom you have even retweeted.</li><li>I want to get some clarification on comments you made this week at the CNN town hall about Obamacare. Take a listen. ... So, sir, what did you mean when you said, "I like the mandate"?</li><li>But -- but, just to clarify, you're saying now that you would not support requiring every individual in America to have health insurance? You wouldn't support that?</li><li>Last question, sir. We heard from your wife, Melania, last night, which doesn't happen a tremendous amount. Are we going to hear more from her going forward?</li></ol><p>By my count that's seven straight horse-race questions that are solely about who's leading and who's trailing, one policy question with a follow-up and then a nice softball question that lets him say something nice about his wife.</p><p>Trump is the Republican front-runner and the favorite to win the GOP nomination. There's a great deal of importance in the media getting beyond his vague policy statements to pin him down on actual things he would do as president. Making America Yuge Again is not a concrete policy objective.</p><p>Tapper had an opportunity to do this, but he thought the bulk of his time with Trump was better spent with such queries as "Are you unstoppable?"</p><p>That's the kind of dumb-ass question a non-journalist would never ask. Political reporters ask them all day long.</p><p>The one time Tapper delved into Trump's actual policies on health care and the individual mandate, we got to see that Trump is completely out of his depth. After he took insurance away from millions of Americans by killing ObamaCare, the only things Trump could suggest are to let states compete and offer healthcare savings accounts.</p><p>The answer Trump gave was as floundering and repetitive as the Marco Rubio debate answer when he was accused of being robotic. Trump twice repeated that we're going to have great health care if he's president, and three times said people won't be dying in the streets.</p><p>Or the sidewalks: "They're not dying on the sidewalks, and they're not dying on the streets if I'm president," he said. "They're just not."</p><p>Unless he shoots them, I guess.</p><p> <ins>The Sunday show reporters should ask candidates</ins> <del>I want reporters to ask Trump</del> as many questions about policy as they do about winning and losing. If they did, it would be clear to millions that <ins>Trump's</ins> <del>he's</del> a bag of hair whose ideas never go beyond braggadocious posturing.</p> <ins><img alt="" height="1" src="http://feeds.feedburner.com/~r/workbench/~4/nk6GzQu93EM" width="1"></ins> <del><img alt="" height="1" src="http://feeds.feedburner.com/~r/workbench/~4/CZVVeVhbow8" width="1"></del>★ On the San Bernardino Suspect’s Apple ID Password Reset2016-02-22T01:02:16.511000ZJohn Gruberhttp://daringfireball.net/2016/02/san_bernardino_password_reset<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/on-the-san-bernardin/5719080:e73752">shared this story</a>
:</b>
</td>
</tr>
<tr>
<td>
Nice explanation of the iCloud password change aspect.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>The latest news in the Apple-FBI legal fight has resulted in much confusion. <a href="http://www.buzzfeed.com/johnpaczkowski/apple-terrorists-appleid-passcode-changed-in-government-cust">John Paczkowski, reporting for BuzzFeed</a>:</p> <blockquote><p>The FBI has <a href="https://assets.documentcloud.org/documents/2716011/Apple-iPhone-Access-MOTION-to-COMPEL.pdf">claimed</a> that the password was changed by someone at
the San Bernardino Health Department. Friday night, however,
things took a further turn when the San Bernardino County’s
official Twitter account <a href="https://twitter.com/CountyWire/status/700887823482630144">stated</a>, “The County was working
cooperatively with the FBI when it reset the iCloud password at
the FBI’s request.”</p> <p>County spokesman David Wert told BuzzFeed News on Saturday
afternoon the tweet was an authentic statement, but he had nothing
further to add.</p> <p>The Justice Department did not respond to requests for comment on
Saturday; an Apple spokesperson said the company had no additional
comment beyond prior statements.</p> </blockquote> <p><a href="https://assets.documentcloud.org/documents/2716011/Apple-iPhone-Access-MOTION-to-COMPEL.pdf">Here is what the FBI wrote in its legal motion</a>, in a footnote on the four ways Apple suggested they obtain the data they seek:</p> <blockquote><p>(3) to attempt an auto-backup of the SUBJECT DEVICE with the
related iCloud account (which would not work in this case
because neither the owner nor the government knew the password
the iCloud account, and the owner, in an attempt to gain
access to some information in the hours after the attack, was
able to reset the password remotely, but that had the effect
of eliminating the possibility of an auto-backup);</p> </blockquote> <p>To unpack this, the “owner” is <em>not</em> Syed Farook, the shooter. The iPhone at the center of this was supplied by Farook’s employer, the San Bernardino County Department of Public Health. They are the “owner”. The “government” is the federal government: the FBI and the Department of Justice.</p> <p>The iPhone had been configured to back up to iCloud. However, at the time of the attack, it had not been backed up to iCloud for six weeks. Under warrant, Apple supplied the FBI with the data from that six-week-old backup. The FBI (for obvious reasons) would like the most recent six weeks of data from the phone, too.<sup id="fnr1-2016-02-21"><a href="http://daringfireball.net/#fn1-2016-02-21">1</a></sup></p> <p>iCloud backups are triggered automatically when the phone is (a) on a known Wi-Fi network, and (b) plugged-in to power. Apple’s suggestion to the FBI was that if they took the iPhone to Farook’s office and plugged it in, it might trigger a backup. If that had worked, Apple could supply the FBI with the contents of that new backup, including the most recent six weeks of data.</p> <p>It is not clear to me from any of the reports I have read <em>why</em> the iPhone had not been backed up in six weeks. It’s possible that Farook had disabled iCloud backups, in which case this whole thing is moot. <ins><sup id="fnr2-2016-02-21"><a href="http://daringfireball.net/#fn2-2016-02-21">2</a></sup></ins> But it’s also possible the only reason the phone hadn’t been backed up in six weeks is that it had not been plugged-in while on a known Wi-Fi network in six weeks. <ins>The</ins> <del>I think the</del> phone would have to be unlocked to determine this, and the whole point of this fight is that the phone can’t be unlocked.</p> <p>The FBI screwed this up by directing the San Bernardino County Department of Public Health to reset Farook’s Apple ID password. <em>They did not, and apparently could not, change anything on the phone itself.</em> But once they reset the Apple ID password, the phone could not back up to iCloud, because the phone needed to be updated with the newly-reset Apple ID password <del>to do so</del> — and they could not do that because they can’t unlock the phone.</p> <p>The key point is that you do not have to unlock an iPhone to have it back up to iCloud. But a locked iPhone <em>can’t</em> back up to iCloud if the associated Apple ID password has been changed.</p> <p>Again, there are two password-type things at play here. The Apple ID (iCloud) password, and the four-digit device passcode locking the iPhone. The county, at the behest of the FBI, reset the Apple ID password. This did not allow them to unlock the iPhone, and, worse, it prevented the iPhone from initiating a new backup to iCloud.</p> <p><em>How</em> did the county reset Farook’s Apple ID password? We don’t know for sure, but the most likely answer is that if his Apple ID was his work-issued email account, then the IT department at the county could go to <a href="https://iforgot.apple.com/">iforgot.apple.com</a>, enter Farook’s work email address, and then access his email account to click the confirmation URL to reset the password.</p> <p>In short:</p> <ul><li>The data the FBI claims to want is on Farook’s iPhone.</li> <li>They already have access to his iCloud account.</li> <li>They might have been able to transfer the data on his iPhone to his iCloud account via an automated backup, but they can’t because they reset his Apple ID (iCloud) password.</li> </ul> <p>The only possible explanations for this are incompetence or dishonesty on the part of the FBI. Incompetence, if they didn’t realize that resetting the Apple ID password could prevent the iPhone from backing up to iCloud. Dishonesty, if they directed the county to do this <em>knowing</em> the repercussions, with the goal of setting up this fight to force Apple to create a back door for them in iOS. I’m not sure which to believe at this point. I’d like to know exactly when this directive to reset the Apple ID password was given — ” in the hours after the attack” leaves a lot of wiggle room.</p> <div class="footnotes"><hr> <ol><li id="fn1-2016-02-21"><p>Much (or all?) of the data stored on Apple’s iCloud backup servers is not encrypted. Or, if it is encrypted, it is encrypted in a way that Apple can decrypt. <ins><a href="http://images.apple.com/privacy/docs/legal-process-guidelines-us.pdf">Apple has a PDF that describes the information</a> available to U.S. law enforcement from iCloud, but to me it’s not</ins> <del>To my knowledge, Apple has never made</del> clear exactly what <del>information</del> is available under <ins>warrant.</ins> <del>search warrant from an iCloud backup. They should publish this in detail. And,</del> I would bet a large sum of money that Apple is hard at work on an iCloud backup system that <em>does</em> store data encrypted in a way that Apple cannot read it without the user’s Apple ID password. <a class="footnoteBackLink" href="http://daringfireball.net/#fnr1-2016-02-21" title="Jump back to footnote 1 in the text.">↩︎</a></p> </li> <li id="fn2-2016-02-21"><p><ins>Another possibility: Farook’s iCloud storage was full. If this were the case, presumably Apple could have granted his account additional storage to allow a fresh backup to occur. But again, this became moot as soon as the county reset the Apple ID password at the behest of the FBI. <a class="footnoteBackLink" href="http://daringfireball.net/#fnr2-2016-02-21" title="Jump back to footnote 2 in the text.">↩︎︎</a></ins></p><ins> </ins></li> </ol> </div>Framing2016-02-17T04:17:55.191000ZCamille Fournier (noreply@blogger.com)http://www.elidedbranches.com/2016/02/framing.html<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/framing/1420881:35ee69">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/1420881.png" style="vertical-align: middle;width:16px;height:16px;"> Elided Branches:</b>
</td>
</tr>
<tr>
<td>
Yep yep yep
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
I had a realization, towards the end of my last job, about company values. What are company values (aka "Core Values")? Well, here are some examples: <a href="http://deliveringhappiness.com/book/zappos-core-values/">Zappos</a>, <a href="https://www.etsy.com/mission">Etsy</a>, <a href="http://deliveringhappiness.com/facebooks-5-core-values-for-success-at-work/">Facebook</a>. My former company had 10:<br /><blockquote class="tr_bq"><blockquote class="tr_bq">1. Everyone deserves a Cinderella Experience</blockquote><blockquote class="tr_bq">2. Dream big and go after it!</blockquote><blockquote class="tr_bq">3. Make the most with what you have...scrappiness is a virtue</blockquote><blockquote class="tr_bq">4. Debating, honest conversations and collaborating make the company stronger</blockquote><blockquote class="tr_bq">5. Happiness and positivity is a choice</blockquote><blockquote class="tr_bq">6. Embrace the RTR family and bring your authentic self into the office each day</blockquote><blockquote class="tr_bq">7. Bring your best intentions to everything and trust that others do the same</blockquote><blockquote class="tr_bq">8. Adapt and learn from everything you do</blockquote><blockquote class="tr_bq">9. Roll up your sleeves and get involved. Everyone should be accessible and involved with the day to day elements of RTR</blockquote><blockquote class="tr_bq">10.We are all founders of Rent The Runway</blockquote></blockquote>When I first started, I was skeptical about the purpose of Core Values. Zappos, the most famous advocate of this concept, seemed a bit weird. I am not a conformist, and I felt like expecting a diverse group of people to embrace the same set of values and beliefs was a bit Orwellian.<br /><br />What changed my mind? As part of the company review process, we would ask people to mention ways in which their peers embraced the core values. One person might write, for example, "When Jane suggested we try this crazy experiment to increase the performance of our product page, she encouraged us to dream big and go after it." You weren't required to spell out how each person met every value, just give one or two instances where they had met them.<br /><br />Is it a good idea to use values as part of the performance review process? Well, for better or worse, one of the things that indicates success within a company is how well a person is capable of working within the culture of that company. This can be a bad thing, when the culture of the company is confused with the color of the company, the gender of the company, the background of the people in the company. That is not a very specific culture, and it is likely to cause bias that does not actually serve to reduce the collaboration issues that you might worry about in heterogenous groups. When company values are more explicit, however, they give you something that is (hopefully) less correlated with how people look and more correlated with how people communicate, make decisions, and behave.<br /><br />I wrote, read, and delivered many reviews, always involving a section on values. I also observed many "core value stories," where employees would stand up and tell about another person or group who went above and beyond and how that tied back to some of our core values. I got to see over and over again examples of people exhibiting these values and the ways they presented themselves.<br /><br />At some point, I realized there was a pattern. The people in the company who were beloved by all, happiest in their jobs, and arguably most productive, were the people who showed up for all of these values. They may not have been the people who went to the best schools, or who wrote the most beautiful code, in fact they often weren't the "on-paper" superstars. But when it came to the job, they were great, highly in-demand, and usually promoted quickly. They didn't all look the same, they didn't all work in the same team or have the same skillset. Their only common thread was that they didn't have to stretch too much to live the company values, because the company values overlapped with their own personal values.<br /><br />What's the takeaway here? Well, we often talk about "culture." By now, we know that beer and ping pong tables aren't culture. Many of us fear that "culture" can be a dog whistle for "people who look like me." And yet, people are more likely to be successful and happy if they are in a company with a culture that matches their values. My experience has led me to conclude that looking for the values of your company as part of your interviewing process is probably at least as important as the technical and skills screening, in finding the best employees.<br /><br /><h3>Why is this post called Framing?</h3><br />The way you ask people to look for values is going to make a big difference in what they look for, and what they see. You might have 10 values, as RTR did. Would you really want to ask every interviewer for a "yes/no" on all 10? Probably not. But if you boiled that question down to "culture fit", do you think the interviewers are going to think about the company values? Or are they going to think about whether this person looks like them, talks like them, is "a person they could get a beer with?" The way you frame the question of culture is important, and if you aren't explicit, people may skip over the details and go with their bias.<br /><br />If you agree with me that values are valuable, I encourage you to put them in your interview process, and make them explicit. Don't ask for "culture fit", list the values and ask people to mention any they noticed the person definitely meeting or definitely not meeting. Prime the interviewers beforehand with the list of values, so they know what to look for. And then, let me know how it goes! Because this is still theoretical for me, and I would love to hear your experience, as well as any counterpoints to what I have suggested.<br /><br />Control Center2016-01-30T22:09:32.614000ZJohn Gruberhttp://www.512pixels.net/blog/2016/1/the-case-against-control-center<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/control-center/5719080:7a65a3">shared this story</a>
:</b>
</td>
</tr>
<tr>
<td>
I definitely use Control Center all the time, particularly to get to the camera. I also like the easy access to Airplane Mode.
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Stephen Hackett, “The Case Against Control Center”:</p>
<blockquote>
<p>I don’t think this has aged very well, unfortunately, and it’s
mostly Control Center’s fault. In addition to it being confusing
to have a hidden panel at the top of the screen, having one at the
bottom too is a lot to handle for some users. But there’s a bigger
problem in my mind: Control Center just does way too many things.</p>
<p>I love the top row and screen brightness settings, but as I get
closer to the bottom of the screen, the usefulness of Control
Center lessens. With the exception of maybe the flashlight button,
I’d be fine if the bottom row went away, Calculator and that
creepy new Night Mode button included.</p>
<p>I think Apple could simplify all of this by looking to Android’s
Notifications Drawer, where <em>all</em> of this stuff is in one
pull-down tray from the top of the screen. Pull down a little to
see notifications; pull down further to reveal a set of utilities.</p>
</blockquote>
<p>I couldn’t disagree more strenuously. Control Center is probably my single favorite system-level UI change to iOS ever. I kind of wish you could change the apps hard-coded at the bottom (I’d replace Calculator with PCalc, for example), but I use it all the time. </p>
<p>I think Notification Center and Today view could still use some improvement. But cramming Control Center into the same pull-down sheet would make things worse up, not better. Putting the dynamic Notification Center at the top and the static Control Center at the bottom provides a consistent <em>spatial</em> familiarity. It makes these features feel like they’re part of the hardware. (And I think Android might have to make them both pull-down-from-the-top because Android phones have soft buttons at the bottom of the display.)</p>
<div>
<a href="http://daringfireball.net/linked/2016/01/30/control-center" title="Permanent link to ‘Control Center’"> ★ </a>
</div>What the new video compression strategy from Netflix means for Apple and Amazon2015-12-23T03:07:14.449000Zhttps://donmelton.com/2015/12/21/what-the-new-video-compression-strategy-from-netflix-means-for-apple-and-amazon/<table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/df2e97f18b5802e199d4920552a52d34" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
rafeco
<a href="https://rafeco.newsblur.com/story/what-the-new-video-c/1512348:6dfc87">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/1512348.png" style="vertical-align: middle;width:16px;height:16px;"> Don Melton.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Last week, several folks on Twitter pointed me to <a href="http://techblog.netflix.com/2015/12/per-title-encode-optimization.html">this technical post</a> from Netflix about their new video compression strategy. While not yet implemented, it promises to save bandwidth while improving quality for some content.</p>
<p>And the article is very nearly a nerdgasm for a transcoding geek like myself. I’d still like to see more details about the exact rate control mechanism they’re using and actual encoder arguments but, hey, you can’t have everything.</p>
<p>The tl;dr of it all is simply that Netflix plans on scaling bitrates up and down based on the complexity of the their video. So, slightly higher bitrates for busy action blockbusters and possibly lower bitrates for relatively static, flat cartoons.</p>
<p>Basically what we’ve all been doing for years with variable bitrate (VBR) encoding. But they’re trying to control that variance a lot more than an encoder like <a href="https://en.wikipedia.org/wiki/X264">x264</a> typically allows. In fact, as near as I can tell, Netflix still plans on encoding everything with a constant bitrate (CBR), but they want to be really particular about the target number.</p>
<p>To do that, Netflix will transcode every one of their videos a bazillion times at different resolutions and at different bitrates, finally selecting the smallest one for a particular title that doesn’t suck visually. Seriously, their algorithm for all of this is quite clever.</p>
<p>And the new Netflix proposal will likely succeed. After all, they have a server farm the size of a small country to do all those iterations.</p>
<p>Since the rest of us don’t have that kind of hardware, the rate control system used in my <a href="https://github.com/donmelton/video_transcoding">video_transcoding</a> project might be more appropriate.</p>
<p>Anyway, besides all the geekery, what struck me about this whole plan by Netflix is that Apple and Amazon will likely go down the same path. For competitive reasons, if nothing else.</p>
<p>They all have the same server farms. Owned by Amazon, no doubt. And there aren’t any technical hurdles. It’s just more computation.</p>
<p>At least Apple and Amazon will likely do this for streaming. But I’m not sure that’s true for sales of digital video downloads.</p>
<p>Let me explain.</p>
<p>When Apple first opened the iTunes Store to sell music, those audio files were provided at 128 Kbps in AAC format using Apple’s own encoder.</p>
<p>And that encoder was quite good, but back then it was only used for constant (CBR) and average bitrate (ABR) output. So a track that was advertised being 128 Kbps was very likely encoded at or very near 128 Kbps. You got what you paid for.</p>
<p>Later, Apple did away with audio DRM and upped the bitrate to 256 Kbps. For nearly the same price. It was awesome. And we all remember the awesomeness of it.</p>
<p>Apple also developed a new version of their audio encoder with a true variable bitrate (VBR) mode. And that new mode produced just as good if not better quality audio than the CBR and ABR schemes. Often at much lower bitrates, too.</p>
<p>But I suspect that was a problem.</p>
<p>You see, it would probably be difficult to sell those VBR files — some of which were quite a bit lower than 256 Kbps and a few even lower than 128 Kbps — because customers might perceive a loss of value.</p>
<p>I think this is why Apple developed a new encoding mode they call Constrained VBR. It has all the benefits of the regular VBR mode, but it just doesn’t dip the bitrate too low. In a way, it acts like the old ABR mode, occasionally wasting space for less complex audio.</p>
<p>Of course, for some tracks the Constrained VBR output is larger than 256 Kbps. In fact, all of the songs on Taylor Swifts’s “1989” are larger than 256 Kbps. I bet you’re thinking, “Wow! More value for my money!” (And maybe, “WTF? Gramps listens to Taylor Swift?”)</p>
<p>But there are quite a few audio files in the iTunes Store that could probably be a lot smaller with no perceived loss of quality if Apple used that original VBR mode to do the encoding.</p>
<p>I would bet money that Amazon ran into this same conundrum with the unconstrained VBR mode of the <a href="https://en.wikipedia.org/wiki/LAME">LAME MP3 encoder</a> which they use. And this might explain why some of Amazon’s files are in CBR format, artificially boosting their size.</p>
<p>Anyway, Netflix is talking about the bitrates for their 1080p videos soon being as low 2000 Kbps for the simple stuff. That’s down from the 4300-5800 Kbps range they’re using now. And I’m sure they can do that on the low end without any perceivable loss of quality while streaming.</p>
<p>But can Apple and Amazon sell 1080p videos — averaging about 5000 Kbps now — at bitrates as low as 2000 Kbps — less than half that average size — without a perceived loss of value?</p>
<p>I don’t know. It’s hard to predict because consumers… well… we’re fucking stupid.</p>