Flailing Wildly

Too much straw, not enough camel

Clueless Recruiters, Issue #7 26 Feb 2016, 12:30 pm

Pure, unadulterated incompetence in this week’s episode of Clueless Recruiters! (Cue theme music!)


There are few things that technical people are more annoyed by than technical recruiters. A very large segment of the technical recruiting industry has made a bad name for the rest of their industry by relentlessly spamming technical professionals after having not done their homework. These people hock job openings the same way that sleazy salesmen hock used cars.

These recruiting companies need to radically change how they do business with the technical crowd, and the Clueless Recruiters series is an attempt to call out clueless technical recruiters who contact me for jobs that are clearly a terrible fit. Everything here is posted from real exchanges between myself and recruiters, entirely uncut. Enjoy!

Recruiter Schlock

Here’s one I got this morning from a clueless recruiter. For reference, here is my résumé.

Subject: Immediate Hiring :: Web Developer :: 6+ Months :: Los Angeles, CA
From: {redacted recruiter email address}
To: {the same redacted recruiter email address}

Oh, this is gonna be fun.

Hi Associates,

/me is quizzical

Hope you are doing great !

At least you didn’t say “your”.

Although that’s a weird space at the end of the sentence. Non-native english speaker?

If you are good for the below position please send me your most updated resume along with the contact details.

They’re not even spamming me directly, by name anymore. This is just a cattle call.

Job Title : Web Developer
Duration : 6+ Months
Location : Los Angeles, CA

Required Skills:
One of our client is looking for a Web developer with strong experience on SOA, XSLT and Resful.

I think you mean, “One of our client clients is looking for a Web web developer with strong experience on with SOA service-oriented architecture (e.g., micro-services), XSLT and Resful REST-like web service interfaces.”

I was mistaken. Not only are you clearly a non-native english speaker (which I don’t necessarily mind), but more of a not-going-to-try-very-hard english speaker. Word usage is the issue here instead of sentence structure, which means you’re not simply an American who can’t RITE GUD. You used periods and commas and everything!

Incompetent Americans will shorten you are to ur for brevity (because apparently we all still have Nokia dumb-phones with “T-9” texting), or gleefully confuse then/than, lose/loose, formally/formerly, or to/too/two, but also lack a fundamental understanding of basic sentence structure. The usage of periods and commas in your sentences tells me that you weren’t raised in the American school system. HAHA I FIGURED YOU OUT!

{Name redacted}
Senior Recruiting Manager
{Company redacted}
{Address redacted}
Hackensack, NJ 07601
Voice: {redacted}
Fax: {redacted}
{email redacted}
{www redacted}

That’s it?! No sales pitch? No carrot to dangle to even make me consider packing up my life and moving 6 hours away for a 6-month “gig”? No company name? Is this a 1099 pr W-2 position? What do the stock offerings look like? What is the ballpark salary range, depending on experience?

This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com

Please support #Lessig2016 and the Citizen Equality Act of 2017 11 Aug 2015, 9:25 pm

If you’ve known me for more than 5 minutes, you’ll know that I’m interested in politics, thoughtful discussion of the issues, and educating the kinds of people who only get their political information from Facebook. You’ll also know that I support moving beyond the petty, drive-by politics of today by changing the way that I — and hopefully others — think about the issues that affect us.

In America today, your vote doesn’t matter.

Your vote has a 0% impact on whether or not a piece of legislation passes in Congress. I’m not being hyperbolic — statistically, your vote is utterly worthless. Is this what a democratic republic is supposed to be? Is this what the founding fathers meant by “We the People…”

Currently in America, the top 0.02% of Funders determine who gets elected to both Congress and the Presidency. Not the Voters — the Funders. The Funders determine who gets nominated, and the Voters get to pick from whoever is left. Both Democrats and Republicans serve Big Money™ more than their constituents, and elected officials spend between 30–70% of their time in office fundraising for the next election.

Donald Trump flat-out admitted (during the recent 2015 Republican candidate debate) that this sort of cronyism is commonplace in Washington D.C. — where he/she who has the most dollars, wins. Whether you like Rand, Donald, Hillary or Bernie, there are currently zero major candidates who are dedicated to reforming this fundamental corruption in the American political system.

The system is rigged.

A USA Today/Gallup poll conducted on July 19–22, 2012 showed that 96% of American voters support reducing the corruption stemming from the influence of money in politics, but 91% of voters don’t believe that we can do anything about it. They feel hopeless — like there’s nothing that can be done to fix the corruption in American politics. Senator Elizabeth Warren (D-MA) said in an interview that “the system is rigged” when discussing this topic.

For years I’ve felt that Congress doesn’t represent me, and now I’ve seen the statistics that tell me that I’m not the only one.

This is why I would encourage you to look at Lawrence Lessig’s campaign, and the Citizen Equality Act of 2017. Without fundamental change in the core of how our elections are funded, and ensuring that all citizens have equal access to vote, the system will remain rigged against the average voter. The system will continue to be rigged in favor of the Funders, instead of in favor of the Voters as our founding fathers had designed.

Please support Lessig in 2016.

If the President is, metaphorically, Superman (capital “S”; I’m not excluding females here), then Washington D.C. is kryptonite. No president will ever be effective in favor of the American voters until we pass true, fundamental reform that brings democratic voting back to the citizenry.

Please support #Lessig2016 and the Citizen Equality Act of 2017.

Further reading

Gender-based restrictions on the legal contract known as “marriage” have been removed per the Supreme Court of the United States 26 Jun 2015, 7:29 pm

The Supreme Court of the United States (a.k.a., SCOTUS) has ruled today in favor removing the gender-based restriction on the legal contract known as “marriage”. Some names for this concept are “marriage equality”, “same-sex marriage”, “gay marriage”, and other things.

To all of my Christian friends:

It is not our place have the government push our morals onto those who don’t want it. A relationship with The Lord is a personal choice, not a government mandate. Jesus himself said that.

This is not the destruction of The Church. Do you really think that the U.S. Congress has the ability to overpower God? Really? Also, have you forgotten that Scripture explains that all sin is the same? You’re either sinless (including being covered by the blood of The Lamb) or you’re not. If you have ever lied, you are just as sinful as you believe homosexuals to be.

To all of my Conservative friends

“Smaller government” won today. Now, there is one fewer area where the government is allowed to tell us what we can and cannot do in our own personal lives. This decision does not add a restriction on American citizens; it removes a restriction. This is a good thing (since there are too many laws anyway, right?).

To all of my American Constitution-supporting friends:

Our Declaration of Independence states that “all men are created equal”. Of course, the author was using the word “men” to refer to “humankind” (using the grammatical concept known as “the male generic”). Today, that principle was upheld by our nation’s highest judicial authority — the ones charged with validating that lower-level laws are compatible with higher-level laws like the Constitution.


To those who are outraged at the Supreme Court’s decision this morning that same-sex marriage is Constitutional, I ask you this: Does it change or impact your faith? Does it add undue burden to your own life? Does it impact your marriage? Does it make Christ any less powerful?

I implore you: Let people live their lives. It’s none of your business what other people do, just like it’s nobody else’s business what you do. If you have an opportunity to share your faith with another human being, and they are willing to listen, go ahead. Carry out the Great Commission. But if the SCOTUS decision causes you to feel rage inside, I would ask you to pray on it. Pray on your feelings, pray on your mind, then listen when God speaks to your heart. Because I know that God is not one to fill His people with rage.

Be sensible

Please have more sense — and more faith in God — than these people do…

I just don’t get it 1 Mar 2015, 5:47 pm

Back in 2006, I was 26 years old. My long-time friend Matthew, and his friends, Vada and Joe, and I worked hard to kick-start an “Internet Startup” here in Silicon Valley.

We would come out of investor and lawyer meetings and comment on the tendency for how people over 35 “just didn’t get it”. They didn’t understand what we were trying to accomplish. Twitter, Facebook and MySpace were all the rage, and these guys couldn’t understand the whole point of status updates. Why would you want to tell strangers what you were thinking/doing?

Now, it’s 2015 and I’m 35 years old. I live and breathe the Internet and its culture, and keep an eye on all kinds of apps, services, and new businesses that are starting up all over this valley. When I see new apps — specifically Kik, Snapchat and Tinder…

…I just don’t get it.

From ages 30-34, I lived in Seattle, Washington where I spent some time getting deprogrammed from Silicon Valley thinking. I have a new perspective now about the kinds of things that are useful to real people. I spend less time reading TechCrunch posts about “valuations”, and more time thinking about how to solve real problems that real people have.

Have I become one of those crazy 35-and-older guys who just doesn’t get it? Maybe.

But I’m perfectly OK with that.

Rest in Peace, Jonathan Troiano 31 Dec 2014, 10:01 pm

The unspeakable monster reached up and grabbed another one. Rest in peace, Sir Jonathan.

There’s a sickness that sometimes infects us. It causes our brains to lie to us. It’s not logical. It’s not sensible. Sometimes all you want is for the pain/frustration/helplessness to stop. You can’t see the light at the end of the tunnel, and you dream of that sweet relief when it just doesn’t hurt anymore.

But what we don’t realize in the moment, is that it’s nothing more than a monster hiding in the dark, preying on us, whispering lies to us when we are alone. Lies intended to make us think that it’s hopeless, and that all is lost. We always believe our own brains, so it’s difficult to know what is truth and what isn’t, when our brains lie to us.

JT, although we haven’t seen each other in a few years, I’ll miss you. My prayers go out to your parents and your children, especially. I can’t pretend understand how badly they’re hurting right now, but I pray that in time they’ll be able to accept your apology.

There is always help. It might not be ideal, and it might not make all your problems go away, but life is such a precious thing. Find somebody to talk to. Go see a doctor. The first step to working through it is to realize that sometimes your brain lies to you. It’s okay to admit that your brain is sick, and that you can’t solve all of your problems by yourself. It’s okay. It’s okay to ask for help. You should never feel ashamed for asking for help.

People who’ve never experienced depression have a hard time wrapping their brains around what it is and how it works. They can’t fathom why somebody who is so sweet and so good could end things like that. And if the decision were logical, I would agree with you. But it’s not. It’s a disease that can be treated with support from family, friends, and your doctor.

Hug and kiss your loved ones tonight. Pick up the phone and call the friend that you’ve been thinking about but haven’t spoken to in a while. Be thankful that you can spend one more day together. Because life is just so fragile.

Apple’s October 2014 Product Announcement 9 Oct 2014, 3:09 am

Apple’s October 16th product announcement begins at 10am PST; 1pm EST.

My guesses?

  • Definitely: OS X Yosemite, iTunes 12, and the next-gen iPad Air and iPad mini.

  • Maybe: Updated Thunderbolt 2 + Retina display (I’d guessed at this last year and was wrong), iMac with Retina display, updates to the MacBook Pro line, Apple TV 4 with support for third-party apps.

  • Not a chance: An HDTV, more info about Apple Watch, a mega-sized iPad, or a pull-string-to-talk Steve Jobs doll.

New iPads

Thinner, faster, beefier. I would expect to see a marginally-improved camera, and Touch ID is a definite.

iPad Air and iPad mini should have equal specs, except for the screen sizes. I don’t believe that a 12-point-whatever-inch “iPad Air Plus” will be a thing.

Retina Thunderbolt 2 Display

I’ve been looking forward to the successor to the Thunderbolt display for quite a while now, and I really hope that this is it. Thunderbolt 2 and USB 3.0 have been shipping in modern Macs for a couple of years now, and I’m anxious to see an updated display.

Also, Helvetica looks like ass in Yosemite on non-Retina displays. It seems like a good time to update.

Apple TV 4

I’ve also been keenly interested in seeing support for third-party apps on Apple TV.

With modern SDK features like better scalability for different viewports, games for iPad (4:3) and iPhone (16:9), the introduction of a controller API in iOS 7, the Metal API, and a well-built system for managing your account, apps and games, introducing a new Apple TV capable of gaming and third-party apps seems ripe.

Maybe not PS4 or Xbox One-caliber just yet, but Apple TV has been outselling both of them (by an order of magnitude) for a couple of years now. Nintendo should be very, very worried.

Dear Lockitron 10 Jul 2014, 11:55 pm

This is the message I just sent to the Lockitron team. I’m tired and frustrated at how poor the communication has been around schedule delays.

I ordered in October 2012. My original ship date was supposed to be October 2013. The date passed, and there were no updates. Then, April 2014 was the ship date. Still nothing. It’s now July 2014, and it still hasn’t shipped.

I’ve read the blog posts. I know you guys are behind. But how about this — if you’re going to miss the forecasted ship date by a matter of months, why not send me an email to let me know that your website is lying to me?

I don’t want an apology. I want better communication.

I’m this close to canceling my order and going with an automated lock from Schlage that works with the SmartThings service. Give me a reason to continue caring about Lockitron. Please. Here is a wide-open, moment-not-yet-passed opportunity to make things right.

If your website supports passwords, please stop sucking at it 23 Jun 2014, 3:03 am

I take password security very seriously. I’ve already written about how people can improve their password habits to keep themselves safe. This piece, however, is for those of you who build websites which provide password-related functionality.

This is a list of password crimes that some websites commit. I’ve described these crimes, then point out some criminals (a.k.a., websites) which commit these crimes.

(This list is not guaranteed to continue to be up-to-date. This post represents a snapshot in time, and is accurate as of early June 2014 when the first draft of this post was written.)

Basic usability

  • I should always be able to change my password from within my user preferences. If I have to log out and pretend like I’ve forgotten my password in order to change it, your system is broken. (Authy, TunnelBear)

  • If anything with your site or service requires a password, always allow me to change it from the web — even if changing my password is the only thing I can do. (Automatic, Zite, Steam)

  • Make it super-easy to find where to change my password. Do not bury the link to make it more difficult. (LinkedIn)

  • If my password change was successful, please tell me very clearly. If not, please tell me very clearly. (Last.fm, Disqus, Bible.com)

Provide clarity at all times

  • If you require my current password in order to change my password, then ask for it up-front. Don’t hide it, then surprise me. Don’t ask for it after I’ve put in my new password. Be direct and forthcoming about it. (Kickstarter, CloudApp, Spotify)

  • Be explicitly clear about what the password requirements are. Not just the low-end — make sure you document the high-end requirements too. I often run into cases where my passwords are too secure for the system. (Morgan Stanley, Life 360, H&R Block, Zendesk, Beatport, Secure Checkout by Visa)

  • If you wait until after I try to change my password to tell me how long it’s allowed to be, you’re a huge jerk. (H&R Block, MyFitnessPal, SourceForge, Secure Checkout by Visa)

  • If my password is too long, don’t complain that it’s too short and not tell me the maximum allowable length. (Beats Music)

  • If you list your password requirements on your website for people to use, make sure that the ones you list are actually correct. (Morgan Stanley, Secure Checkout by Visa)

Avoid confusion

  • If I’ve managed to inadvertently create two accounts, make it easy for me to merge them. If you suck, and require me to delete one of them, then actually delete the account. (Adobe, Readability, Facebook)

  • Never allow two accounts to have the same email address, then allow users to login with their email address. There is a 100% chance that this will ruin someone’s day. (Readability, Amazon Web Services)

Provide a useful “forgot password” page

  • On the “forgot password” page, always allow me to enter my email address. I may not always know some random username, but I will always know my email address. If I try to look-up my password and you ask for a username (i.e., lookup by email address is not supported), then make me go to another lookup for my username, your system is broken. Support both if possible, otherwise err on the side of email address. (Pottermore)

  • If your password change/reset form(s) accepts my new password, then the login page should too. If my password doesn’t pass validation for logging in, then it shouldn’t pass when I change it via account preferences or the “forgot password” page. (Morgan Stanley)

Be liberal in what you accept

  • Never tell me that an email address with the “+” character is invalid. Yes it is. You’re dumb, you’re ugly, and your mother never loved you.

  • You shouldn’t be storing my real password, ever. You should only be storing a cryptographic hash of my password for comparison. (Never use MD5 and never use SHA-1. You should be using SHA-256 at minimum, which is 64 hexadecimal digits long.) Because of this, the following principles should always be true.

    • Accept any password I give you, and be happy about it. Even if it’s 128 consecutive NULL bytes, or a long string of multi-byte characters, accept it gladly. Chances are, I’m smarter than your system, so allow me to be. (Anyone who limits supported characters.)

    • If you accept only certain “special characters” (a.k.a., “characters” — none are “special”), be explicitly clear which ones they are. If I try to use “£” in my password, but it isn’t allowed, tell me: “Your password contains the ‘£’ character, which is not allowed.” (Usability bonus)

    • If you have a length limit on passwords, the string limit should be no smaller than 64 bytes. Yes, 64 bytes. The next bank (or other service) to tell me that my password may only be 5-12 alphanumeric characters is going to immediately lose my business. (Life 360)

Support OAuth consistently, or not at all

  • If you allow me to sign-up/log-in to the desktop version of the website with Facebook (or any other OAuth provider), then you must always have that login option available everywhere else (e.g., mobile web, native mobile app, being an OAuth provider, asking for my password to change my password). I don’t have a password otherwise.

    • If I create an account with Facebook, then go to the mobile app and can’t login without a first-party password, I’m screwed. (TripIt)

    • If I then try to add (change) my password, but I have to know my current (imaginary) password before “changing” it to add one, I’m also screwed. (Engadget, Beatport)

Real security, not “Security Theater”

  • Instead of asking me random/stupid “security questions”, give me the option of using two-factor authentication. It’s more secure and easier to use. (Pretty much every bank and financial institution on the planet.)

    • If your second factor is SMS, fine. Not great, but fine. (Twitter, Etsy)

    • Even better is to support Authy, Google Authenticator, or an RSA key fob token as the second-factor authentication mechanism.

Don’t break the web

  • Never prevent me from copy-pasting my password. I use a password manager so that I don’t have to remember it, you pretentious prick. (Paypal)

  • Understand that an increasing number of people are using password managers. This is a very good thing. This also means (a) the username and password fields should always maintain the same HTML field name, (b) if you change the URL, the old URL should redirect to the new one — especially if you’ve changed the login domain. Otherwise, you end up breaking your customers’ experiences. (Amazon Web Services)

Easily SSH into Amazon EC2 instances using the Name tag 29 Jan 2014, 2:42 am

It’s been a while since I’ve written about code, so I thought I’d post this little AWS-related tip for OS X and Linux users.

If you have the Unified AWS CLI Tools configured, you can add these functions to your Bash profile (typically either ~/.bash_profile or ~/.profile) to enable you to SSH into an instance by “Name” tag, or simply lookup the IP address or DNS hostname.

$ hostname_from_instance <instance-name>

$ ip_from_instance <instance-name>

$ ssh-aws <instance-name>

Bash code

function hostname_from_instance() {
    echo $(aws ec2 describe-instances --filters "{\"Name\":\"tag:Name\", \"Values\":[\"$1\"]}" --query='Reservations[0].Instances[0].PublicDnsName' | tr -d '"')

function ip_from_instance() {
    echo $(aws ec2 describe-instances --filters "{\"Name\":\"tag:Name\", \"Values\":[\"$1\"]}" --query='Reservations[0].Instances[0].PublicIpAddress' | tr -d '"')

function ssh-aws() {
    ssh -i ~/.ssh/your-keypair.pem ec2-user@$(ip_from_instance "$1")


  • This assumes that every instance you have has a unique “Name” tag, and will return the IP address or public DNS hostname of that instance (for use with SSH access). If multiple instances share the same “Name” tag, it will simply use the first “Name” match.

  • If you’re running instances inside a (private) VPC, you should expect to lookup the public Elastic IP address for the instance.

  • If you’re running instances inside a (public, classic) EC2, you should expect to lookup the public DNS hostname (unless you’ve configured an Elastic IP — in which case, go nuts).

  • In the case where you’re running instances in the private subnet of a VPC, and SSH access to those instances is only possible from a bastion host in the public subnet, this is not the solution for you.

Feel free to tweak/adjust as necessary.


Games of the Year, 2013 11 Jan 2014, 12:28 am

For me, 2013 was a year where I picked back up in my gaming. Looking back, I spent way more time playing video games than I had in the last several years, and began following some gaming publications and podcasts.

Top 5

These are my top 5 favorite games from 2013:

5. Beyond: Two Souls (Playstation 3)

Beyond: Two Souls surprised me with how good the visuals were. It had some of the best, realistic-looking humans I’ve ever seen in a game. The characters were modeled after, and voiced by, Ellen Page (Juno, Whip It, Super) and Willem Dafoe (Boondock Saints, Antichrist). It had a great story with lots of variety, so I never got bored.

The most interesting thing about Beyond: Two Souls was that it wasn’t really a game, so much as an interactive drama. Made by the same studio who did Heavy Rain, it was like watching a really long movie — except that you would control the main character from time to time to interact with elements in the environment.

If you’re interested in a really good game with lots of action, this might not be for you. But if you find yourself interested and drawn-in by the excellent story, it’s definitely worth checking out.

4. Tomb Raider (Xbox 360)

This was the very first Tomb Raider game I’d ever played, and I really enjoyed it. I’m a big fan of games with a good story, and this one had me on the edge of my seat a few times. Couple that with really solid gameplay, and this makes for an excellent game.

Lara Croft was voice-acted by Camilla Luddington, and the game offers a good arrangement of weapons and upgrades for the character. While the puzzles in the game aren’t quite like something you’d find in a Zelda game, there was still plenty of thinking and stealth involved as you moved to solve the mystery of the island.

3. The Last of Us (Playstation 3)

The Last of Us is set 20 years after a zombie outbreak. The main character, Joel, is not the same man now that he was when he lost his daughter on the first night of the outbreak. Now a smuggler, he is tasked with delivering a package to a group of freedom fighters outside of the police-state-like quarantine zone. His package is a 13-year old girl that may hold the secret to finding a cure for the infected.

This game pairs an excellent, excellent story, with really good gameplay and weapons. I died a lot while playing through this game on normal mode, but it was so good, and the ending had such a pay-off, that I immediately played it through a second time.

2. Super Mario 3D World (Wii U)

Nintendo is kinda like that friend you had growing up that you always had such a blast with. You don’t seem him much anymore because he’s wandered off and gotten into some really weird stuff. But every once in a while he calls you up, you go hang out, and you have a blast all over again. This is the story of Super Mario 3D World.

The best way that I can describe Super Mario 3D World is that it is really, really fun! All of the things you know and love about the Mario series — suits, power-ups, his friends — are all back again. But it isn’t just old-school Mario stuff; You also get to see many of the things from the Wii and DS-era Mario games (e.g., New Super Mario Bros., Super Mario 3D Land).

Everybody knows that, with rare exception, the best games for any Nintendo console are the first-party games. After being (mostly) bored out of my mind with the few titles available for the Wii U (except for New Super Mario/Luigi Bros. U and Zelda: Wind Waker HD), I wasn’t sure that the game would be worth the cost. I was wrong.

Super Mario 3D World is one of the most fun games I’ve played in recent memory, and although I’m still working my way through it, everything about it has been an absolute delight.

1. Bioshock Infinite (Xbox 360)

Bioshock Infinite was my very first game in the Bioshock series (I’m currently playing through the first Bioshock now), and I must say — MIND BLOWN. From the prologue, to the twisted alternate universe, to the weapons and gameplay, to that mindf**k of an ending, Bioshock Infinite is my favorite game of the year.

Having gone back and played the original Bioshock after-the-fact, I can appreciate the improvements they’ve made to the overall story and gameplay. It’s good that the main character now has someone to talk to. The controls on the original Bioshock are driving me mad, but Infinite has a secondary control style that is more like Call of Duty, which I greatly prefer.

Honorable mention

These are games that I thought were very good, but didn’t quite make my top 5.

The Legend of Zelda: Wind Waker HD (Wii U)

I loved playing the original Zelda: Wind Waker on my GameCube 12 years ago. I still have it. My son plays it regularly (although he really should have beaten the game by now, come to think of it).

Wind Waker HD is an update to the game, made exclusively for the Nintendo Wii U. It has HD graphics, and some subtle improvements to the game. Sailing on the ocean is faster, so you can get from island-to-island faster. Also, the original had some interaction with the Game Boy Advance which has now been replaced with the Wii U Gamepad serving the same purpose.

While I’ve enjoyed playing this updated version of the game, it didn’t make my top 5 for 2013 simply because the game is 12 years old. It still holds up well, though.

The Wolf Among Us (OS X; Steam)

The Wolf Among Us is a game made in the style of a 1950’s noir detective story, but darker and grittier. All of the fairytale animals from fables have been relocated to a modern-day city called “Fabletown”. They have the ability to look human in order to avoid suspicion, and The Big Bad “Bigby” Wolf has become the Sheriff.

You’re investigating the murder of a young girl, and you end up crossing paths with the Woodsman, Snow White, Ichabod Crane, Tweedle Dee & Dum, and others. This is not Walt Disney’s version of the characters either.

Oceanhorn (iOS)

There are two games that I can think of for iOS that make me feel like I’m playing a Zelda game. The first is Lili. The second, released in 2013, is Oceanhorn.

Oceanhorn is an adventure game with a very Zelda-like feel, and is one of the best games I’ve played on iOS. The touchscreen controls are straightforward and intuitive, and it even supports the Game Controller Framework in iOS 7, in case you’ve been keeping an eye out for someone to make a good one (here’s hoping CES 2014 produces something good).

Games that I haven’t played yet

These are games that I’ve heard were amazing, but I haven’t yet had a chance to play.

The Legend of Zelda: A Link Between Worlds

Grand Theft Auto V

Stanley Parable

Rayman Legends

Gone Home

FISA, The NSA, PRISM and Edward Snowden 14 Nov 2013, 3:10 pm

I’ve been paying quite a bit of attention to the story of Edward Snowden — the former CIA contractor who leaked classified information to the American public about how the government is spying on us through acronym-laden programs known as “PRISM” and “MUSCULAR”.

Allow me to be your tour guide as we uncover just a few of the ways in which the NSA has broken the law and spied on American citizens.

Foreign Intelligence Surveillance Act (1978)

It all started in 1978 with the passage of FISA:

The Foreign Intelligence Surveillance Act of 1978 (“FISA” Pub.L. 95–511, 92 Stat. 1783, 50 U.S.C. ch. 36) is a United States federal law which prescribes procedures for the physical and electronic surveillance and collection of “foreign intelligence information” between “foreign powers” and “agents of foreign powers” (which may include American citizens and permanent residents suspected of espionage or terrorism). The law does not apply outside the United States. It has been repeatedly amended since the September 11 attacks.

FISA was amended in 2001 by The Patriot Act:

The USA PATRIOT Act of 2001 is an Act of Congress that was signed into law by President George W. Bush on October 26, 2001. […]

On May 26, 2011, President Barack Obama signed the PATRIOT Sunsets Extension Act of 2011, a four-year extension of three key provisions in the USA PATRIOT Act: roving wiretaps, searches of business records (the “library records provision”), and conducting surveillance of “lone wolves”—individuals suspected of terrorist-related activities not linked to terrorist groups.

Then again by the Protect America Act of 2007:

The Protect America Act of 2007 (PAA), (Pub.L. 110–55, 121 Stat. 552, enacted by S. 1927), is a controversial amendment to the Foreign Intelligence Surveillance Act (FISA) that was signed into law by U.S. President George W. Bush on August 5, 2007. It removed the warrant requirement for government surveillance of foreign intelligence targets “reasonably believed” to be outside of the United States. The FISA Amendments Act of 2008 reauthorized many provisions of the Protect America Act in Title VII of FISA.

And yet again by the FISA Amendments Act of 2008:

Warrantless wiretapping by the National Security Agency (NSA) was revealed publicly in late 2005 by the New York Times and then discontinued in January 2007. […] Approximately forty lawsuits have been filed against telecommunications companies by groups and individuals alleging that the Bush administration illegally monitored their phone calls or e-mails. Whistleblower evidence suggests that AT&T was complicit in the NSA’s warrantless surveillance, which could have involved the private communications of millions of Americans.

The Foreign Intelligence Surveillance Act makes it illegal to intentionally engage in electronic surveillance under appearance of an official act or to disclose or use information obtained by electronic surveillance under appearance of an official act knowing that it was not authorized by statute; this is punishable with a fine of up to $10,000 or up to five years in prison, or both. In addition, the Wiretap Act prohibits any person from illegally intercepting, disclosing, using, or divulging phone calls or electronic communications; this is punishable with a fine or up to five years in prison, or both.

(All 3 sets of amendments to FISA were passed by Congresses operating during the George W. Bush administration.)

Edward Snowden, Whistleblower

In May 2013, Edward Snowden’s leak of Top Secret-level NSA material was called “the most significant leak in U.S. history” by Daniel Ellsberg, leaker of the Pentagon Papers (1971).

The U.S. government has charged Snowden with espionage and theft of government secrets. President Obama’s response was reported by Z. Byron Wolf, writing for CNN:

Even as he announced changes to the NSA programs, including the appointment of an independent government review, at a news conference on Friday, Obama suggested Americans would be better off if they hadn’t found out that the government collects vast amounts of phone and Internet data.

“No, I don’t think Mr. Snowden was a patriot,” Obama said. A bit earlier he had argued that his administration was already in the process of reviewing the programs that most Americans didn’t know existed.

The leaks, he said, hurt that process.

Conor Friedersdorf, writing for The Atlantic, talks about why pardoning the whistleblower would be more moral and legal than Team Obama’s treatment of Bush-era interrogators:

Circa 2008, Barack Obama gave his supporters reason to believe that if he were elected, he would protect whistleblowers and obey U.S. law on the subject of torture.

He has disappointed on both subjects.

Long before Edward Snowden exposed mass surveillance on Americans by the NSA, the Obama Administration was aggressively persecuting former civil servants who blew the whistle on objectionable behavior during the Bush Administration.

Edward Snowden, in A Manifesto for the Truth:

Society can only understand and control these problems through an open, respectful and informed debate. At first, some governments feeling embarrassed by the revelations of mass surveillance initiated an unprecedented campaign of persecution to supress this debate. They intimidated journalists and criminalized publishing the truth. At this point, the public was not yet able to evaluate the benefits of the revelations. They relied on their governments to decide correctly. […]

Citizens have to fight suppression of information on matters of vital public importance. To tell the truth is not a crime.

The American public’s view has been polarized. Here is what Wikipedia’s entry on Edward Snowden says:

He has been variously called a hero, a whistleblower, a dissident, a traitor, and a patriot. Response from US officials has been similarly varied; Director of National Intelligence James Clapper condemned Snowden’s actions as having done “huge, grave damage” to US intelligence capabilities, while United States Secretary of State John Kerry admitted that the NSA had gone “too far” in some of its surveillance activities and promised that it would be stopped.

“Patriotism is supporting your country all the time, and your government when it deserves it.”

— Mark Twain

Rory Carroll, writing for The Guardian, says that the White House has chosen to reject clemency for Edward Snowden.

The former NSA employee this week appealed for clemency and an opportunity to address members of Congress about US surveillance. He also asked for international help to lobby the US to drop the charges against him. The White House, stung by domestic and international criticism, has shown growing appetite to rein in some of the NSA programmes that Snowden exposed but it has not softened its hostility to the 30-year-old fugitive. […]

Feinstein, a Democratic senator from California, remained implacable. “He’s done this enormous disservice to our country. I think the answer is ‘no clemency’,” she told CBS’s Face the Nation.

The former NSA contractor could have blown the whistle on excesses by contacting the House and Senate intelligence committees, Feinstein said. “We would certainly have seen him … and looked at that information. That didn’t happen.”

The NSA’s PRISM program

The information that was leaked by Snowden outlined the PRISM program, run by the NSA. Here is what we’ve learned so far.

Chris Gayomali, writing for the The Week, says that “The United States has allegedly been spying on its own allies”.

Perhaps the most damning new revelation is that the U.S. government may have been spying on friends as well as foes. Thirty-eight embassies and missions are outlined as “targets” on one document, reports the Guardian.

Also that “PRISM allegedly collects data from companies in real time”.

The Post suggests the FBI uses “government equipment on private company property” to retrieve information on a specified target, before it is then passed on to “customers” in either the NSA, CIA, or FBI. If true, this ostensibly allows the government’s data collection to proceed in real time. To refresh your memory: Google, Yahoo, Microsoft, Apple, Facebook, PayTalk, AOL, Skype, and YouTube were all reported to be taking part in the PRISM program.

And yet, all the companies have “strenuously denied” involvement, says Mike Masnick at TechDirt, which doesn’t jibe with the Post’s own annotations. Based on the slides, “it’s not at all clear” that Data Intercept Technology Units (DITU) are physically located on private the premises of private companies:

Google has said in the past that when it receives a valid FISA court order under the associated program it uses secure FTP to ship the info to the government. From that, it seems like the “DITU” could just be a government computer somewhere, not on the premises of these companies, and info is uploaded to those servers following valid FISC orders. [TechDirt]

The Washington Post, in an article entitled “NSA slides explain the PRISM data-collection program”, shows slides from a classified presentation about PRISM’s purpose.

The top-secret PRISM program allows the U.S. intelligence community to gain access from nine Internet companies to a wide range of digital information, including e-mails and stored data, on foreign targets operating outside the United States. The program is court-approved but does not require individual warrants. Instead, it operates under a broader authorization from federal judges who oversee the use of the Foreign Intelligence Surveillance Act (FISA). Some documents describing the program were first released by The Washington Post on June 6. The newly released documents below give additional details about how the program operates, including the levels of review and supervisory control at the NSA and FBI. The documents also show how the program interacts with the Internet companies. These slides, annotated by The Post, represent a selection from the overall document, and certain portions are redacted.

This presentation lists Microsoft, Yahoo!, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple as being the sources of data for PRISM.

Joshua Brustein, writing for Bloomberg Businessweek, has collected statements from all of the companies named in the leaked NSA documents.

In a series of terse statement (sic), all the companies named in the reports about NSA’s Internet snooping program, Prism, have denied involvement. All these companies have been compelled to share personal data with the government at some time, which they tacitly acknowledge by saying they only do so after careful consideration and court orders. “Direct access” to servers, though, is a bridge too far, they say […].

Dara Kerr, writing for CNET, says that “The tech giants [Apple, Google, Microsoft], along with Yahoo, Facebook, and AOL, call upon the Senate Judiciary Committee to substantially reform the US government’s mass surveillance practices.”

Google, Apple, Microsoft, Yahoo, Facebook, and AOL penned a letter (pdf) to the lead members of the Senate Judiciary Committee on Thursday urging the lawmakers to substantially reform the NSA surveillance practices. The companies also asked for additional oversight and accountability mechanisms for the spying programs.

“Transparency is a critical first step to an informed public debate, but it is clear that more needs to be done,” the letter reads. “We urge the Administration to work with Congress in addressing these critical reforms that would provide much needed transparency and help rebuild the trust of Internet users around the world.” […]

That document leak opened the public’s eyes to the government’s collection of data on US residents through both cellular records and metadata from Internet companies. Since Snowden’s original leak, thousands more documents have surfaced. The NSA and the Obama administration have maintained that the surveillance program was carried out to protect Americans and track down foreign terrorists.

The piece continues, showing precisely how good intentions mean nothing in the real world.

The letter sent by the tech companies “applauds” Sen. Patrick J. Leahy (D-Vt.) and Rep. F. James Sensenbrenner Jr. (R-Wis.) who recently sponsored a bill called the USA Freedom Act. This bill has the goal of “ending eavesdropping, dragnet collection, and online monitoring” by the NSA and other government agencies.

Sensenbrenner is considered one of the architects of the Patriot Act, which the NSA often cites as a legal justification for its surveillance activities. However, Sensenbrenner is adamant that mass government spying wasn’t the intention of the Patriot Act.

“We have to make a balance between security and civil liberties,” Sensenbrenner told the Associated Press in an interview last week. “And the reason the intelligence community has gotten itself into such trouble is they apparently do not see why civil liberties have got to be protected.”

Isn’t that against the law?

You’ve asked a very complex question.

If you read up on FISA and its various amendments, it is very clear that for the American government to get information from American companies on American soil, they have to provide probable cause and get a warrant from a judge.

What they’ve done is not break the law, but rather go around it. The Guardian has an excellent presentation entitled “NSA Files: Decoded. What the revelations mean for you.” which does a terrific job explaining everything. I would encourage you to take some time learning from it.

Much of the NSA’s defence is that the public should be unconcerned, summed up by the dictum: “If you have nothing to hide, you have nothing to fear.” But civil liberties groups such as the Electronic Frontier Foundation and the American Civil Liberties Union warn that surveillance goes well beyond what Congress intended and what the US constitution allows.

What the NSA has done is partner with GCHQ (Britain’s equivalent agency) to tap the private fiber-optic cables that transfer digital data from continent to continent.

Instead of the American government getting information from American companies on American soil, they’re getting it on British soil — which negates all of the oversight protections that American citizens expect.

The British parliament was very aware of the power they had over their own people, and colluded with the NSA to dodge American law. While it’s not technically a violation of FISA (which itself is being contested as unconstitutional), it is absolutely a violation of the of the Fourth Amendment to the U.S. Constitution.

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

The ACLU published a piece entitled “Surveillance Under the USA PATRIOT Act” which explains how the Patriot Act violates our Constitutional rights.

With regard to “Expanded access to personal records held by third parties”:

Section 215 of the Patriot Act violates the Constitution in several ways. It:

  • Violates the Fourth Amendment, which says the government cannot conduct a search without obtaining a warrant and showing probable cause to believe that the person has committed or will commit a crime.
  • Violates the First Amendment’s guarantee of free speech by prohibiting the recipients of search orders from telling others about those orders, even where there is no real need for secrecy.
  • Violates the First Amendment by effectively authorizing the FBI to launch investigations of American citizens in part for exercising their freedom of speech.
  • Violates the Fourth Amendment by failing to provide notice – even after the fact – to persons whose privacy has been compromised. Notice is also a key element of due process, which is guaranteed by the Fifth Amendment.

With regard to “secret searches”:

The Patriot Act, however, unconstitutionally amends the Federal Rules of Criminal Procedure to allow the government to conduct searches without notifying the subjects, at least until long after the search has been executed. This means that the government can enter a house, apartment or office with a search warrant when the occupants are away, search through their property, take photographs, and in some cases even seize property – and not tell them until later.

Notice is a crucial check on the government’s power because it forces the authorities to operate in the open, and allows the subject of searches to protect their Fourth Amendment rights. For example, it allows them to point out irregularities in a warrant, such as the fact that the police are at the wrong address, or that the scope of the warrant is being exceeded (for example, by rifling through dresser drawers in a search for a stolen car).

With regard to “Expansion of the intelligence exception in wiretap law”:

A 1978 law called the Foreign Intelligence Surveillance Act (FISA) created an exception to the Fourth Amendment’s requirement for probable cause when the purpose of a wiretap or search was to gather foreign intelligence. The rationale was that since the search was not conducted for the purpose of gathering evidence to put someone on trial, the standards could be loosened. In a stark demonstration of why it can be dangerous to create exceptions to fundamental rights, however, the Patriot Act expanded this once-narrow exception to cover wiretaps and searches that DO collect evidence for regular domestic criminal cases. FISA previously allowed searches only if the primary purpose was to gather foreign intelligence. But the Patriot Act changes the law to allow searches when “a significant purpose” is intelligence. That lets the government circumvent the Constitution’s probable cause requirement even when its main goal is ordinary law enforcement.

With regard to “Expansion of the ‘pen register’ exception in wiretap law”:

Under the Patriot Act PR/TT orders issued by a judge are no longer valid only in that judge’s jurisdiction, but can be made valid anywhere in the United States. This “nationwide service” further marginalizes the role of the judiciary, because a judge cannot meaningfully monitor the extent to which his or her order is being used. In addition, this provision authorizes the equivalent of a blank warrant: the court issues the order, and the law enforcement agent fills in the places to be searched. That is a direct violation of the Fourth Amendment’s explicit requirement that warrants be written “particularly describing the place to be searched.” […]

Web addresses are rich and revealing content. The URLs or “addresses” of the Web pages we read are not really addresses, they are the titles of documents that we download from the Internet. When we “visit” a Web page what we are really doing is downloading that page from the Internet onto our computer, where it is displayed. […] That is much richer information than a simple list of the people we have communicated with; it is intimate information that reveals who we are and what we are thinking about – much more like the content of a phone call than the number dialed. After all, it is often said that reading is a “conversation” with the author.

In order for a federal law to be recognized as unconstitutional, a court case needs to go before the U.S. Supreme Court to be decided. Not many court cases against a federal agency have been able to make it that far, but on occasion, something gets caught.

In January 2009, the FISA court was notified that the NSA had been querying business records metadata “in a manner that appear[ed] to the Court to be directly contrary” to the court’s order allowing it to so. In response, the FISA court ordered the government to explain itself. These documents detail this exchange as the NSA struggled to understand the business records program and ensure compliance.

“The court is exceptionally concerned about what appears to be a flagrant violation of its order in this matter and, while the court will not direct that specific officials of the executive branch provide sworn declarations in response to this order, the court expects that the declarants will be officials of sufficient stature that they have the authority to speak on behalf of the executive branch.”

— Reggie Walton

Using this interactive diagram, you can see which laws, amendments and executive orders have enabled the NSA to operate as it currently does.

So, what are Microsoft, Yahoo!, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple doing about this?

First of all, it needs to be clear that they never knowingly gave this kind of information to the NSA. The NSA colluded with the GCHQ to subvert American law by directly tapping the fiber optic cables that sends data between continents.

Barton Gellman, Ashkan Soltani and Andrea Peterson, writing for The Washington Post, explain “How we know the NSA had access to internal Google and Yahoo cloud data” (emphasis mine).

Immediately after the story posted online, a reporter asked NSA Director Keith B. Alexander about it at a cybersecurity event hosted by Bloomberg Government. Neither the reporter nor Alexander had read the story yet.

General, we’re getting some news that’s crossing right now being reported in The Washington Post that there are new Snowden allegations that say the NSA broke into Yahoo and Google’s databases worldwide, that they infiltrated these databases?

Alexander replied:

That’s never happened. […] This is not the NSA breaking into any databases. It would be illegal for us to do that. And so I don’t know what the report is, but I can tell you factually we do not have access to Google servers, Yahoo servers.

The story did not say the NSA breaks into “servers” or “databases.” It said the agency, working with its British counterpart, intercepts communications that run on private circuits between the fortress-like data centers that each company operates on multiple continents.

The distinction is between “data at rest” and “data on the fly.” The NSA and GCHQ do not break into user accounts that are stored on Yahoo and Google computers. They intercept the information as it travels over fiber optic cables from one data center to another. […]

The two companies do not entrust their data center communications to the “public internet,” which is comparable to an international highway system that anyone can use. Instead, they link their data centers with thousands of miles of privately owned or privately leased fiber optic cable – in effect, a system of private highways. When Google and Yahoo have to share a stretch of road with the public internet, they take other precautions to keep their traffic secure. […]

Our Wednesday story noted that the NSA is governed by fewer rules and less oversight when it does its intelligence collection outside U.S. territory:

Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.

Outside U.S. territory, statutory restrictions on surveillance seldom apply and the FISC has no jurisdiction. Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333, which defines the basic powers and responsibilities of the intelligence agencies.

(EO 12333 was signed by Ronald Reagan. It was superseded and amended by EO 13355 and EO 13470, both signed by George W. Bush.)

Brandon Downey, a security engineer at Google, had this to say:

Fuck these guys.

I’ve spent the last ten years of my life trying to keep Google’s users safe and secure from the many diverse threats Google faces. […]

It makes me sad because I believe in America.

Not in that flag-waving bullshit we’ve-got-our-big-trucks-and-bigger-tanks sort of way, but in the way that you can looked a good friend who has a lot of flaws, but every time you meet him, you think, “That guy still has some good ideas going on”.

But after spending all that time helping in my tiny way to protect Google — one of the greatest things to arise from the internet — seeing this, well, it’s just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.

Mike Hearn, another security engineer at Google, had this to say:

I now join him in issuing a giant Fuck You to the people who made these slides. I am not American, I am a Brit, but it’s no different – GCHQ turns out to be even worse than the NSA.

We designed this system to keep criminals out. There’s no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we’ve got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason.

Unfortunately we live in a world where all too often, laws are for the little people. Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done – build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined.

Thank you Edward Snowden. For me personally, this is the most interesting revelation all summer.

Later, in the comments of his post, he explains the following:

Encryption was being worked on prior to Snowden but it didn’t seem like a high priority because there was no evidence it would achieve anything useful, and it cost a lot of resources. Once it became clear how badly compromised the fiber paths were, there was a crash effort to encrypt everything.

Sean Gallagher, writing for Ars Technica, says that “Googlers say ‘F*** you’ to NSA, company encrypts internal network”.

Google has started to encrypt its traffic between its data centers, effectively halting the broad surveillance of its inner workings by the joint National Security Agency-GCHQ program known as MUSCULAR. The move turns off a giant source of information to the two agencies, which at one point accounted for nearly a third of the NSA’s daily data intake for its primary intelligence analysis database—at least for now.

As of 2012, the NSA developed “defeat fingerprints” to scan the server-to-server communications that powered Google Adwords, Blogger, the BigTable database that powers Google Drive and other applications, and the TeraGoogle search index interface. These fingerprints allowed the NSA to scan Google internal traffic and identify elements associated with the usage of specific individuals or for searches and other behavior around a particular subject of interest (like, say, “pressure cooker bomb”). […]

A second set of NSA tools, called Serendipity, gave the agency the ability to target specific Google accounts for monitoring as they accessed service, including:

  • Chrome synchronization, including bookmark sync to the cloud
  • “Talkgadget,” the Google Talk component of Gmail
  • The now-defunct iGoogle personalized pages
  • Google searches
  • Picasa photo sharing
  • YouTube […]

For Yahoo, the NSA had developed another set of hooks, fully accessing its internal mail protocols as well as its Messenger instant messaging service, advertising tracker, and “Web beacons” used to track whether users had opened HTML-formatted emails. And the agency had to respond to a flood of unwanted data from these sources by instituting blocks—mostly to deal with Yahoo’s periodic movement of entire user mailboxes.

Chris Baraniuk, writing for Wired, says that Microsoft still doesn’t encrypt server-to-server data.

A senior Microsoft executive has told a European parliamentary committee that the company does not encrypt its server-to-server data communications.

Dorothee Belz, EMEA VP for Legal and Corporate Affairs, made the remark when answering a question from Claude Moraes, MEP, during a meeting at the European Parliament on Monday.

“Generally, what I can say today is server-to-server transportation is generally not encrypted,” she said. “This is why we are currently reviewing our security system.” […]

It’s just one of several leaks by former intelligence agency contractor Edward Snowden that has concerned the EU’s Committee for Civil Liberties, Justice, and Home Affairs (LIBE) in a series of parliamentary hearings.

Prior to taking questions from MEPs, Belz, who appeared alongside executives from Google and Facebook, reiterated earlier statements from Microsoft by stressing that the company did not openly provide “direct access” to its servers. However, her later admission that the firm has as yet failed to establish server-to-server encryption has raised fears among many within digital liberties groups that a significant breach of privacy could still be perpetrated.

Sam Smith, a technologist at Privacy International, said the unencrypted data could hypothetically relate to any of Microsoft’s cloud services, from Hotmail and Outlook.com email accounts to Xbox Live, Office 365, and SkyDrive cloud storage.

What now?

The debate Snowden wanted is happening. That in itself is a major achievement.

Public opinion is polarized over surveillance, but polls show a jump in concern over privacy in the wake of Snowden’s revelations. A Pew poll at the end of July found that for the first time in a decade, the majority of Americans are more concerned about the government infringing on their civil liberties than about a potential terrorist attack. […]

According to a recent study, the majority of Americans believe that preserving the rights of US citizens is more important than preventing terrorist attacks. Since the NSA revelations, Americans have become more opposed to government surveillance that infringes on civil liberties.

People are turning to the court system more and more.

In the end, it may be through the courts rather than Congress that genuine reform may come. Privacy groups such as the Electronic Privacy Information Center and the Electronic Frontier Foundation launched lawsuits that have led to disclosure of hundreds of pages of Fisa (sic) rulings on Section 215. GCHQ and NSA surveillance is facing a legal challenge at the European court of human rights from Big Brother Watch, English PEN and Open Rights Group.

Silicon Valley is also taking action through the courts. Google, Microsoft and Yahoo, facing a backlash from their users in the US and overseas over mass surveillance, are fighting to be allowed to be more transparent about their dealings with the intelligence agencies. These companies, along with Facebook, Apple and AOL have also written to the Senate intelligence committee demanding reform.

With as much hate and backbiting I’ve seen among American citizens and Congressional members since 2000, something strange has happened around this issue.

There are now several major pieces of legislation going through Congress that would introduce at least some reform of the NSA. Among those, the one backed by Feinstein and passed by her committee is the least radical, offering proposals for greater transparency but basically maintaining the status quo. The bulk collection of Americans’ phone call data would be enshrined in US law.

More far-reaching is the proposed Intelligence Oversight and Reform Act, with bipartisan support from senators Wyden, Udall, Richard Blumenthal and Rand Paul. It would ban the collection of internet communication data; close loopholes that allow snooping on Americans without a warrant; reform the Fisa court; and provide some protection for companies faced with handing over data to the NSA.

What about Edward Snowden?

After leaving Hawai’i and his job as an NSA contractor, he fled to Hong Kong before winding up in Moscow, where Russian President Vladimir Putin granted him temporary asylum and protection from the U.S. government.

He most certainly has a rough road ahead of him. There’s no way you can piss-off the U.S. government as badly as he has and plan to remain free forever. Then again, they also said that about Bobby Fischer.

Dr. Martin Luther King Jr. once said:

“An individual who breaks a law that conscience tells him is unjust, and who willingly accepts the penalty of imprisonment in order to arouse the conscience of the community over its injustice, is in reality expressing the highest respect for the law.”

I, for one, consider Edward Snowden a hero and a patriot to the highest degree.

Update (2013-12-09)

Aol, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo! have all gotten together and put forward this new initiative: ReformGovernmentSurviellance.com.

I’m disappointed that Apple isn’t on this list.

Password security is important. Start treating it like it is. 6 Nov 2013, 11:13 pm

My friend Michelle recently explained to me that password is a perfectly valid password to use. Her reason? “People always say not to use it. So now that nobody uses it anymore, it’s totally secure again!”

How I’d Hack Your Weak Passwords

In this case, Michelle made a fatal assumption. She assumed that human beings would be manually typing in guessed passwords. What she failed to understand is that it’s really, really easy for any off-the-shelf computer to chew through possible passwords at an incredible pace.

You know where they start? With password.

In an article written for Lifehacker entitled How I’d Hack Your Weak Passwords, author John Pozadzides says the following:

If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)

  1. The last 4 digits of your social security number.
  2. 123 or 1234 or 123456.
  3. “password”
  4. Your city, or college, football team name.
  5. Date of birth – yours, your partner’s or your child’s.
  6. “god”
  7. “letmein”
  8. “money”
  9. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

Everything you know (about passwords) is wrong

Michelle and I share a cell phone plan. The other day, she asked me for the account info so that she could login and do some stuff. So I gave her my information (because I trust her).

  • Username: my.email@address.com
  • Password: cVWXDD$XkA25eZo437F£$^Xp (not my real password)

She flipped-out on me. “Who’s going to try to hack into your AT&T account?!” I tried to explain how that wasn’t the point, but she’d already moved on to the next shiny object.

I talked a couple of months ago about how I’d changed every single password I have. Why? Because I was re-using the same passwords all over the place, and it was time to fix that.

In short, one of my hard-to-guess-but-used-in-lots-of-places passwords was one of the ones that was obtained by hackers. As such, I had the fine work ahead of me to change the password for every single site that used the password that got hacked.

1Password to the rescue! It took me about 90 minutes, but I was able to lookup all of the sites where this password was being used, and change the password for all of them. This event ended up making me re-think how I managed my passwords.

It’s not that anybody would care about my AT&T account. It’s that if I re-use the same password across multiple websites, it increases the likelihood that if a site gets hacked, that they can use that information to access other sites where you use that password.

We need to start doing a better job

Going back to the piece by John Pozadzides:

  • You probably use the same password for lots of stuff right?
  • Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
  • However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
  • So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
  • Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
  • But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache.

Any moderately-determined person could figure out how to hack passwords.

Normally, when you sign-up for a service, they don’t actually store your password. Instead they store a one-way hash of your password. What does this mean?

  • Real password: monkeyfarts
  • Hashed password (SHA-1): a05727a789efdeaaa0b3f45e7f944c1f17691da6

This way, they don’t know your password (yay, security!), and since it’s a one-way hash, they can’t figure out your real password if all they have is the hashed password.

But here’s the problem: If someone were to get a giant list of hashed passwords, there are enough pieces of the puzzle there to be able to begin figuring out common password patterns.

This is what happened in 2009 when a site called RockYou got hacked and a giant (32.6 million) list of usernames and hashed passwords were stolen. (RockYou makes fun little things for Facebook, and used to make fun things for MySpace. There’s a very good chance that you’ve used something they’ve done.)

In Brief Analysis of RockYou Passwords, we learn:

  • Dictionary passwords, that is, words like “password,” “monkey,” and so on, make one of the most stable groups.
  • Digital passwords based on easily memorized numeric combinations, phone numbers, document numbers, birth dates, and more make another group, which is as stable as the previous one, and maybe even more popular.
  • Passwords based on names and their derivatives. For example, a user may use the name of himself, his pet, some city, some place, and so on.
  • Passwords based on keyboard combinations, such as “abc123,” “qwerty,” etc.
  • Emotional passwords, such as “iloveyou,” “hateu,” “lovely,” “ihatemyboss,” or “ILoveJohn.”


Curiously enough, some users choose obscenely long passwords consisting of more than 20 characters, word combinations, or phrases. Here are some of these wonderful passwords (did you really think that nobody knows what you are typing?):

  • Hahaithinkilovejessebutthenagainmaybenotcuzheisadiknob

  • Lets you come back for your Countdown Timer
  • me plus food equals more sleep each night
  • tommmmmmmmmmmmmmmmmmmmmmmmmmmm
  • truongcaodangcongdonghaiphong
  • icantbelievethisshit.12345
  • banditbanditbandit1bandit1bandit1banditbandit
  • 11111111111111111111111111111111111111111111
  • aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
  • ilovepalmermyfuturehusband
  • 1delightyourselfinthelord!
  • Imaprincessbecausemyfatheristheking
  • iluvanjabisset4evashesmawebaexxx
  • stuartandchrisrmybestmatesforeva
  • thisismypasswordyoullnevergetit

Just for fun, I downloaded a copy of hashcat and the rockyou.txt list of hashed passwords. Within 30 minutes, I’d managed to crack several thousand passwords from the list.

This is not hard to do.

Okay, okay. What should I do differently?

First of all, if you’re using password as your password, you’re fired.

  1. Don’t use a word that can be found in the dictionary.

  2. If you choose to use a word, replace some of the letters with numbers or special characters. (Instead of monkeyfarts, use m0ñKeyƒår†s.)

  3. The longer the password, the better. Most sites require a minimum of 6 characters. I’d say to use a minimum of 10 characters. (Most of mine are in the 24-32 character range.)

  4. Don’t use the same password twice. I know this may seem hard, but let’s get to the next bullet-point.

  5. Stop trying to memorize your passwords. Let a password manager do it for you. 1Password, LastPass and Password Safe are all good solutions.

  6. Enhance your passwords with a second level of security. If a service you use supports Two-Factor Authentication (or Multi-Factor Authentication), enable it. This way, even if your password gets hacked, they won’t be able to access your account without a special code that only you have.

    • Lots of services are adding support: App.net, Apple, Amazon Web Services, Dreamhost, Dropbox, Evernote, Facebook, GoDaddy, Google, Microsoft (including Hotmail, MSN & Xbox Live), Paypal, Stripe.com, Yahoo!, WordPress.com (including Gravatar), and more!

If you’re worried about someone (perhaps someone you know) figuring out your password and using it for nefarious purposes (including simply violating your personal privacy, e.g., checking your messages, reading your emails), I would highly recommend doing all 6 things on this list.

Got it. What else can I do?

Lots and lots. Siraj Datoo published a really good list on Quartz called The complete guide to not being that idiot who got the company hacked. This list is good for the home as well. I would encourage you to read the whole post, but here are the bullet points:

  1. Install HTTPS Everywhere in your browser. (Switches to secured HTTPS traffic for several popular sites, among other things.)

  2. Put a password on your home Wi-Fi. (Also: Use the WPA2 security mode.)

  3. Put passwords on all your devices. (Quit butt-dialing me like my friend Lindsey.)

  4. Employ two-step authentication on everything. (We already covered this.)

  5. Encrypt your laptop’s hard drive, especially if it’s a Mac. (It’s really easy on a Mac. System Preferences → Security → FileVault.)

  6. Never send or save your password electronically. (Email, IMs and other forms of electronic communication leave a trail. Don’t be the weakest link.)

  7. Use 1Password or a similar service. (We already covered this.)

  8. Read your emails carefully to avoid phishing attempts.

  9. Take precautions when you use an open Wi-Fi network. (Anybody can connect to an open network and listen for unsecured web traffic to figure out your secrets. This is a very easy thing to do.)

  10. Know which applications are connecting to the Internet. (If you have a Mac, Little Snitch is a worthwhile investment.)

Apple’s 2013 iPad Announcement 22 Oct 2013, 11:29 am

Last month, when writing about Apple’s Fall 2013 Product Announcement, I’d guessed at a few announcements that they didn’t end up making. Today, Apple announced all of those things and more.

OS X Mavericks

OS X 10.9 ”Mavericks”. Available today. Free (down from $19.99 last year).

MacBook Air

Lighter and faster than the last model. Faster 802.11ac wireless networking, Bluetooth 4.0 and Thunderbolt 2. Available today. Starting at $999.

MacBook Pro with Retina Display

Lighter and faster than the last model. Faster 802.11ac wireless networking, Bluetooth 4.0 and Thunderbolt 2. Available today. Starting at $1,299.

MacBook Pro (non-Retina)

Quietly discontinued in favor of the all-Retina lineup.

Mac Pro

An incredibly powerful machine. Faster 802.11ac wireless networking, Bluetooth 4.0 and Thunderbolt 2. Available in December. Starting at $2,999.

iLife and iWork (for iOS and OS X)

New versions for iOS as well as OS X. Faster, better, simpler, more powerful. Free with any Mac or iOS device purchase.

iPad Air

New line of iPads, replaces “iPad classic”. Smaller, lighter, faster. MIMO wireless networking. Available November 1. Starting at $499. iPad 2 sticking around for $399.

iPad mini with Retina Display

iPad mini with a Retina Display. Starting at $399. Available in November. Last-generation iPad mini sticking around for $299.


Quietly discontinued in favor of the iPad Air.

What was not announced and/or what we didn’t get

For all the rumor and speculation from analysts and pundits, here’s where we landed.

  • Anybody with a brain knew that there wouldn’t be an iWatch or iHDTV.
  • No “Touch ID” fingerprint sensors in the new iPads. We’ll be unlocking our iPads like neanderthals for the foreseeable future.
  • No iMac or Mac mini updates.
  • No Apple TV updates.
  • No updates to the Thunderbolt display. (I was secretly wishing for a Retina-capable Thunderbolt display with 4K resolution.)
  • iPad Air gets the same larger-pixel update as the iPhone 5s got for better indoor shots, but stays at 5 MP.
  • iPad Air and iPad mini are still on 802.11n wireless networking speeds, but the iPad Air makes up for it with dual-signal MIMO networking.
  • No Gold/Champagne-colored iPads.
  • After reading through the things that the analysts are saying about Apple, they still have absolutely no idea how Apple works — despite Apple operating like clockwork, year after year.

My experience with iOS 7 20 Sep 2013, 11:14 am

I’ve been spending time with iOS 7 since WWDC this year, and I wanted to post a few notes.

  • I installed Beta 1 on my iPhone 5 the day it was available at WWDC. I toyed with it for an hour before returning to 6.1.4. It was appallingly ugly and very, very slow. The icons looked garish, and the typography was unrefined. Not surprising for a Beta 1, but it was still pretty bad.

  • I installed Beta 2 on my iPad mini, just so that I had one device that was running the latest beta. It was still really rough though.

  • I installed Beta 5 on my iPhone 5, and it was much, much better than before. I invested a bit more time with it, and once I got past the garish icon colors, I really began to appreciate the more subtle touches and interactions throughout the OS.

  • I installed Beta 6 on my iPad 3 just because it was about darn time.

  • The GM dropped to developers almost 2 weeks ago. I’ve been running it full-time ever since.

Over the past 3 days, I’ve seen 20-something app updates come through. Some of those updates were superficially “flatter” (e.g., Twitter, Facebook, Instapaper), while a few took the time to really rethink things (e.g., Drafts, Evernote, Instacast).

By and large, the primary interactions throughout the entire OS are mostly the same. It’s the subtle things that are better. The way that messages bubbles bounce in iMessage. The way that they cleaned things up in Notification center. The “cards” UI that they borrowed/stole from Palm webOS when switching applications. The remastered system sounds. The subtle reshaping of the round-rects on the homescreen icons. The profile photos in the phone favorites. Overall, I think it’s a net-positive (especially since the shock of the new icons has worn off). The battery life is a bit worse, but I expect that to be resolved in an upcoming 7.0.x release.

Mostly, I’m interested to see what app developers create/build/invent next. How will they leverage the changes in canvas, depth, and the underlying system APIs (e.g., smarter network connection pooling, broader multitasking support, smarter integration with built-in social services) to create richer, more useful user experiences? Apps that will allow me to set aside the rut and rigor of being a technologist, and enable me to better appreciate the craftsmanship of a quality experience and interaction.

It’s a brand-new day in iOS-land, and I’m excited to see what’s next. 🙂

Apple’s Fall 2013 Product Announcement 10 Sep 2013, 9:49 am

Apple’s fall product announcement begins at 10am PST; 1pm EST.

My guesses?

  • Definitely: Next-gen iPhone 5S, iOS 7, OS X Mavericks, iTunes 11 (with iTunes Radio), updated MacBook Pro.

  • Maybe: New iPads (though I’d bet on spring instead), lower unsubsidized-cost iPhone for other (non-American) countries, updated iMac, updated Thunderbolt 2 display (with USB 3.0)

  • Not a chance: An HDTV, a wrist-watch, a pull-string-to-talk Steve Jobs doll.

How’d I do?

How good were my predictions? Well, this event was a little shorter than I was expecting and they only covered iPhone-related stuff.

  • Next-gen iPhone 5S. Check.
  • iOS 7. Check.
  • iTunes Radio. Sort-of. It got coverage on the website, but not the event.
  • Lower unsubsidized-cost iPhone for other (non-American) countries. I’m going to say I was wrong. Instead, Apple changed their strategy and created a slightly-modified iPhone 5 called the 5c.
  • New MacBook Pro. I was also wrong here.

Stephen Elop to become the next Microsoft CEO? I’d buy it. 2 Sep 2013, 11:10 pm

“Microsoft to acquire Nokia’s devices & services business, license Nokia’s patents and mapping services.”

From the press release:

Microsoft Corporation and Nokia Corporation today announced that the Boards of Directors for both companies have decided to enter into a transaction whereby Microsoft will purchase substantially all of Nokia’s Devices & Services business, license Nokia’s patents, and license and use Nokia’s mapping services.

So, in other words, most of Nokia. Phones, mapping services and intellectual property.

Building on the partnership with Nokia announced in February 2011 and the increasing success of Nokia’s Lumia smartphones, Microsoft aims to accelerate the growth of its share and profit in mobile devices through faster innovation, increased synergies, and unified branding and marketing.

Heh heh. “synergies”.

For Nokia, this transaction is expected to be significantly accretive to earnings, strengthen its financial position, and provide a solid basis for future investment in its continuing businesses.

Shareholders can cash out before the company officially shuts down.

“It’s a bold step into the future – a win-win for employees, shareholders and consumers of both companies. Bringing these great teams together will accelerate Microsoft’s share and profits in phones, and strengthen the overall opportunities for both Microsoft and our partners across our entire family of devices and services,” said Steve Ballmer, Microsoft chief executive officer.

Out-going chief executive officer. Remember, Ballmer got shitcanned last week.

“In addition to their innovation and strength in phones at all price points, Nokia brings proven capability and talent in critical areas such as hardware design and engineering, supply chain and manufacturing management, and hardware sales, marketing and distribution.”

Nokia has made some great-looking phones, but they’ve not sold well. Windows Phone is vying with Blackberry for the number 3 spot in the market, and Nokia has been the only worthwhile partner they’ve had. Microsoft doesn’t have any other options at this point but to bring them inside.

“For Nokia, this is an important moment of reinvention and from a position of financial strength, we can build our next chapter,” said Risto Siilasmaa, Chairman of the Nokia Board of Directors and, following today’s announcement, Nokia Interim CEO. “After a thorough assessment of how to maximize shareholder value, including consideration of a variety of alternatives, we believe this transaction is the best path forward for Nokia and its shareholders. Additionally, the deal offers future opportunities for many Nokia employees as part of a company with the strategy, financial resources and determination to succeed in the mobile space.”

Risto Siilasmaa, overseeing the takeover by Microsoft from the Nokia side.

“Building on our successful partnership, we can now bring together the best of Microsoft’s software engineering with the best of Nokia’s product engineering, award-winning design, and global sales, marketing and manufacturing,” said Stephen Elop, who following today’s announcement is stepping aside as Nokia President and CEO to become Nokia Executive Vice President of Devices & Services.

Stephen Elop, abandoning the Nokia ship and heading back to Microsoft as a major executive shortly after Ballmer announced his (forced-) retirement.

For those who don’t see it yet…

  1. Microsoft executive, Stephen Elop, goes on to become CEO of Nokia.

  2. Nokia invests heavily in making Windows Phone, um, phones.

  3. Microsoft CEO, Steve Ballmer, announces retirement in next 12 months.

  4. Microsoft agrees to acquire Nokia’s Devices & Services division.

  5. Nokia CEO steps down to become Nokia’s EVP of Devices & Services — the division being acquired by Microsoft.

  6. Will the former Microsoft executive and Nokia CEO, Stephen Elop, become the next Microsoft CEO?

My money’s on “yes”. Ballmer has already ousted every other executive that had been groomed for the position (e.g., Ray Ozzie, Robbie Bach, J. Allard, and most recently, Steven Sinofsky).

Uploading web files to a new Amazon EC2 instance 10 Aug 2013, 9:19 pm

This is one of a few quick tutorials I’ve had sitting around on my hard drive for a while. I’m posting it now for the sake of anyone who may find these instructions useful.

It’s important to note that these are the instructions you’d use for a standalone EC2 instance. If your app is low-traffic enough to only need a single server, a better option would be to leverage a single-instance Elastic Beanstalk environment which gives you more, better and simpler deployment options.

Launching an instance

  1. You’ll need to launch a new EC2 instance. The simplest way is from the AWS Management Console.
  2. As part of this process, you’ll create a new keypair. The key pair will have a name and a keypair file (.pem). The .pem file is a replacement for a password. You’ll need this file to log into your EC2 instance.
  3. Once the instance has launched, you’ll want to select it in the EC2 console, and find the public hostname in the details section of the screen.

Logging in and fixing access permissions

  1. Armed with Terminal/PuTTY, your keypair file (.pem), and the public hostname of the instance, you’re ready to log into your instance.
  2. If you’re using Terminal, log into your instance using the following command:
    ssh -i {path-to-keypair-pem} ec2-user@{public-hostname}
  3. If you’re using a GUI tool for connecting (e.g., PuTTY), here are the important bits:
    • Hostname: {public-hostname}
    • User: ec2-user
    • Key: {path-to-keypair-pem}
  4. Once you’re logged into the EC2 instance as the ec2-user user, you’ll need to switch to the root user.
    sudo -i
  5. Move into the default Apache DocumentRoot directory.
    cd /var/www/html
  6. Change the owner of this directory to the ec2-user user. This will enable you to use a GUI-based tool to upload your web files.
    chown ec2-user .

Installing any required software

A new EC2 instance is essentially a blank slate. Very little is installed on the instance by default (which keeps it lean and fast), but there are many, many packages available for install via yum.

  • yum list available will show you all of the packages that are available to install.
  • yum list installed will show you all of the packages that are already installed.
  • yum help will show you which commands are available to use.

If you wanted to install PHP and Apache on your server, you would type (assuming you’re already the superuser (i.e., sudo -i)):

yum install php apache

Uploading your web files

  1. Using the SFTP client of your choice (I prefer Transmit or Cyberduck, depending on what I’m doing), connect to your EC2 instance over SFTP using the following credentials:
    • Hostname: {public-hostname}
    • User: ec2-user
    • Key: {path-to-keypair-pem}
  2. Move to the /var/www/html directory.
  3. Drag your web files into this directory to upload them. index.html will be loaded as the homepage when you load the public hostname in your web browser.

Things I learned about how websites manage passwords 10 Aug 2013, 2:30 am

I recently wrote about the work I did to change every single password I had into ones that were unique for every site, and far more difficult to brute-force due to their long and randomized nature.

As part of this exercise, I was essentially trying to change 250 passwords on 250 websites as quickly as possible. When you do this, you end up seeing trends and patterns across unrelated sites that you might not have noticed otherwise.


Here are some of the patterns I observed about how websites manage passwords:

  1. The Login/Sign-in link is typically in the upper-right part of the global navigation bar.

  2. Very few sites support OpenID logins anymore. 🙁

  3. Very few sites support OAuth logins, but many will pre-fill registration forms using OAuth. We still end up with multiple accounts and multiple passwords across the board. (Missing the point, much?)

  4. I can count on 3-4 hands the number of sites I use that offer Multi-Factor Authentication options for increased security.

  5. Different companies use the words “account”, “preferences” and “settings” differently. Sometimes they use more than one of these words in their UI, and they don’t always mean the same thing for everybody. Sometimes I would log into a site and click through “preferences” and “settings” until I found where I could change my password.

  6. Some websites didn’t offer a way to change my password at all (e.g., Authy, Lockitron). In those cases, I had to pretend that I forgot my password so that I could logout and go through the “forgot password” flow to change it.

  7. Most were pretty good about telling me about success/failure of changing my password. Some didn’t say anything, so I tried again to see if it worked.

  8. The more enterprise-focused a company was, the worse its password requirements and/or tools were (e.g., Microsoft, VMware). There were a few customer-facing sites that had bad handling as well (e.g., Redbox).

  9. A surprising number of sites either offered no information about the password requirements, some information, or occasionally wrong information. It wasn’t until I tried to paste a 24-character password with special characters that some sites freaked-out. Some told me that my password was invalid, but changed it successfully, leaving me in a weird state. Some took the password and told me everything was successful, then wouldn’t let me log in again.

  10. Sites tend to make one very specific assumption: You know what your new password is going to be. I didn’t. Paypal even goes so far as to use JavaScript to disallow copy-pasting so that you’re forced to know your password, even if you don’t want to. I had to open up the Web Inspector tools to manually override this hateful behavior.

  11. As part of the aforementioned assumption, about 70% of sites require the old password while applying the new password. 30% of sites simply allow you to apply the new password since you’re already logged-in anyway. However, there are some sites which hide the “old password” field until you’ve started typing a new password. Since you don’t know what the newly-generated password is, you then need to temporarily paste it somewhere, dig up the old password, paste that, then re-copy the new password from wherever you stashed it.

  12. Some sites separate the username field and the password field by putting them on separate pages. Instead of talking about how that can actually hurt security, I’ll just say that the only sites I saw that did this were banking/financial websites (except for Simple.com, of course), and Verizon Wireless. Go figure.


We, as a web-building culture, have absolutely no idea what we’re doing when it comes to handling passwords. Many of us don’t understand the first thing about the balance between convenience and security. Heck, some sites are both inconvenient and insecure.

IMO, this should be the very next thing that Software Engineers and UX Practitioners work together on to solve: When you’re stuck with the “Password Anti-pattern”, how can we ensure a secure experience that isn’t cumbersome to human beings?

Breaking my bad password habits with 1Password, Authy, OAuth and OpenID 10 Aug 2013, 2:03 am

I learned at a relatively young age what makes a good password versus a bad password, and I’ve tried to always use these qualities in the passwords that I choose.

The Problem

Unfortunately, even with the best intentions, you inevitably end up re-using one or a few passwords across every single website you log into. Some people do things as dumb as using the name of their significant other. Or their pet. Or a birthdate. Or something else equally guessable by one of the many supercomputers that exist (whereby “supercomputer”, I mean pretty much any computer invented in the past 5-7 years).

My approach was this: Whenever a website would auto-generate a random password for me, instead of changing it to something I could remember, I simply memorized it. They were usually a blend of 8 alphanumeric and/or symbol characters. Nothing too wild, but after a while, I established some muscle memory around typing them and began to rely on them. This is a better approach than most people use, but it’s still a terrible practice. Over time, I began appending special characters here, or prepending them there. Sometimes I would stick a dollar sign or two somewhere in the middle to mix things up.

Enter 1Password

Then in 2008, I discovered a piece of software called 1Password. Initially I balked at the price. “You want me to pay for software?!” Clearly I was still in a Windows-user’s state of mind when it came to things like that. But I sucked it up, bought a license, and started using it regularly.

It is the single best investment I’ve ever made. Software-wise, anyway.

OpenID and OAuth

Around the same time as when I discovered 1Password, I also learned about something called OpenID. The approach that OpenID takes is known as Federated Identity. It’s essentially a system where two people don’t know or trust each other, but they both trust a third person, and that third person vouches for each of the first two. Eric and Jeff don’t know each other, but they both know me. I vouch for Jeff with Eric saying that he’s a cool dude, and vice-versa. Make sense?

It allowed me to trust a company of my choosing to vouch for me, whenever I came to log into sites which supported OpenID. If something happened and I didn’t trust that middle company any more, I could simply change the company/service which vouched for me. In that way, I only had to remember the username and password for that one company that was vouching for me, instead of having to create all-new accounts for every service I signed-up for.

But there were some quirks that made OpenID a bit harder to understand for normal folks, so the great minds of the Internet got together and bore a different system known as OAuth. You know all of those sites you visit that have a big blue button that says “Login with Facebook”? That’s OAuth in action.

OAuth works a bit differently behind the scenes. You say, “I want to sign up for your site”. The website says, “Either give me your information so I can register you, or you can authorize me to get your information from someone else who already has it.” And you respond with, “Sure. Facebook has it.” You then click the blue button, tell Facebook that you authorize the new site to pull your information, and away you go. Between the two approaches, OAuth is used about a zillion times more often than OpenID is.

I would recommend using OpenID or OAuth for handling your login information if at all possible because it reduces the number of passwords you need to keep track of.

Sony’s Playstation Network got hacked

Remember when this happened? Where Sony was storing passwords in m********king plain text?! (To paraphrase Shepherd Book from Firefly/Serenity, there is a special place in Hell for people who rape, murder, talk during movies, and store passwords in plain text.)

In short, one of my hard-to-guess-but-used-in-lots-of-places passwords was one of the ones that was obtained by hackers. As such, I had the fine work ahead of me to change the password for every single site that used the password that got hacked.

1Password to the rescue! It took me about 90 minutes, but I was able to lookup all of the sites where this password was being used, and change the password for all of them. This event ended up making me re-think how I managed my passwords.

Authy and 2-Factor Authentication

Over the past couple of years, I’ve started to see more and more websites begin leveraging something called 2-Factor Authentication (or, Multi-Factor Authentication). This is where besides having the username and password (i.e., the first “factor”), you also need a code from a key fob or something else that you have with you at all times (i.e., the second “factor”). This way, even if somebody figured out your username and password, they still wouldn’t be able to get into your account unless they also had either a key fob with a code, or more commonly, your cell phone.

Besides having a key fob for logging into my company’s VPN remotely, I’d never heard of 2-Factor Authentication until Amazon Web Services announced it as a new feature of their Identity and Access Management (IAM) service. The Google added support for it. Then Facebook added support. Then a few more services added support. Most of them leveraged an app that ran on modern smartphones called Google Authenticator which would generate a code that you could type in after your username and password.

When ADN added support for it was when I learned about Authy. Besides looking and working WAY better than Google Authenticator, it supported lots of different accounts. The switch was a no-brainer.

Sites that I’m currently aware of that support 2-Factor Authentication are:

  • ADN (aka, App.net)
  • Apple (account management, only)
  • Amazon Web Services (AWS)
  • Dreamhost
  • Dropbox
  • Evernote (Premium accounts)
  • Facebook
  • GoDaddy
  • Google
  • Microsoft (including Hotmail & Xbox)
  • Paypal
  • Stripe.com
  • WordPress.com (including Gravatar)
  • and more!

You can even install the Authy plugin in your self-hosted WordPress installation to enable extra security for your blog. I would absolutely recommend enabling 2-Factor Authentication (using Authy, of course) for every single service you use that supports it.

Changing every password

2 days ago, I decided to bite the bullet and put in the work to change every single password I had stored in 1Password (around 250). Using their built-in password generator, I created a brand-new, completely randomized password, using a mix of upper/lower-case letters, numbers and symbols. These new passwords are all 24-30 characters long, except for services that required shorter ones, or only allowed alphanumeric characters.

I have absolutely no idea what any of my passwords are. But I’m relying on 1Password to manage them for me, and to sync them to the copies of 1Password I have installed on my iPhone and iPads.

Couple long, randomly-generated passwords, with 2-Factor Authentication, and I’m never worried about getting hacked. If Sony gets their servers hacked again and that password gets stolen, no worries. I’ll just create a new randomly-generated password for it and keep right on going.


Yes this was several hours of work, but I believe was well-worth it. If you can swing it, I would confidently — even exuberantly — recommend 1Password to anyone just getting started with making their online life more secure. Definitely take a look at Authy as well, and start leveraging OpenID and OAuth logins on every site that supports them. You’ll be better off for it.


See my follow-up post: “Things I learned about how websites manage passwords”.

Running 24 Jul 2013, 9:53 am

Not long ago, I read an blog post by Leah Culver about how she got into running. I decided that I wanted something similar.

10 years

In high school, I could run a 6-minute mile without breaking a sweat. When I graduated in 1998, I weighed 145 lbs. Then came college, marriage, a desk job, two kids, a dog, and a slowing metabolism that caught up with me before I’d had a chance to realize it.

By January 1, 2008, I weighed almost 250 lbs. I was drinking several sodas a day, and going out to eat all the time. I spent a ton of time in front of my computer screen. Physically, I was a mess. So starting that day, I decided to do something about it.


First, I changed my diet. No soda, no fast food. I started drinking a ton of water — so much that I was peeing 5-6 times a day. I started doing protein shakes for breakfast and lunch, then cooking something reasonably healthy for dinner. It was pretty easy because my wife and I were doing it together, and we were both working at home full-time. By May 2008, I was down to 180 lbs.

Then the housing market collapsed, taking out the economy and our jobs. We tried to float by for a while on credit cards until one of us could land something steady, and I began stress-eating again. Little snacks here and there, allowing myself something bad because I’d been so good lately. I ended up finding a job 150 miles away in Redwood City, CA and began commuting again. More stress, less energy, more snacks, more caffeine, less water. The job I got was with a company that was a start-up in its awkward teenage years. Free snacks and goodies as long as you sat in a chair longer.

Within a few weeks, I was back up to 190 lbs. Although I didn’t have the time to be as hard-core about the way I ate as I’d been when I worked at home, I managed to maintain that weight — give or take 5 lbs. — for the 18 months that I was there. When I left for Seattle in March 2010, I was 195 lbs.


Seattle rains a lot. It isn’t that the cumulative amount of water falling from the sky is more than anywhere else — it’s not. But it rains more frequently than almost anywhere else in the U.S. That means lots of clouds, more Seasonal Affective Disorder, less energy.

I did pretty well through the summer, but I ended up eating a lot between Halloween, Thanksgiving and Christmas. So much candy was sitting around the house for a month after Halloween that it had to be eaten. Thanksgiving was delicious, and who doesn’t love leftovers for the couple of weeks afterward? Then Christmas was driving down to California to spend time with family, all while going out to dinner, of course. January 1, 2011, I was up to 205 lbs. Yikes!

That was also the same time that my wife and I decided to get a divorce. A lengthy 2 years of fighting depression and insomnia, more stress eating, and not caring about any of it (since nobody could ever love me again anyway, right Mr. Depression?).


Last weekend, July 2013, I weighed 225 lbs. I’d been hovering around 215 lbs. for most of the last two years, but I’d let my diet get sloppy over the past few months, so here I am.

I’ve managed to work through my post-divorce depression, and it’s summertime. The skies are clear and non-dreary for the next month or two, so I want to take advantage of the non-rain while I can.

Since Sunday morning, I’ve been back on 1-2 protein shakes per day (depending on my schedule), and paying more attention to what I eat for lunch. It’s currently Wednesday morning. I’ve run a minimum of 1 mile twice in that time, and spent some time doing some arm, leg and ab workouts using some apps I downloaded for my iPhone. I’m down to 220 lbs.

Don’t quit

So, thanks Leah Culver for writing what you did. After running twice (about 1/3 running and 2/3 walking), I’m doing a 16-minute mile. Super-slow, for sure, but at least I’m on the board.

I’ve been investing in my mind for a long time, but I haven’t been investing in my body so much. I -want to- am going to change that. My first goal is to lose 10 lbs. I’m keeping track with Fitbit and RunKeeper. Feel free to join me if you’d like.

But the biggest thing I took away from your post were these words: “Don’t quit.”

The Microsoft Ecosystem 4 May 2013, 12:02 am

In 2011, I wrote about Apple vs. Android and how “It’s all about the ecosystem, stupid!” The more time I spend with my iPhone, iPad, Mac and Apple TV, the more of a believer I become in the power of the ecosystem.

The Digital Hub

Apple spent the first decade of this century focusing on the idea of The Digital Hub. It started with Mac + music, then they added photos, movies, TV shows, books, and all sorts of things. With the launch of iCloud, they’ve taken the next major step in that strategy and they are dominating the market, cumulatively.

Samsung might make a good Android-based phone, but where’s the tablet that’s better for reading and games? Where’s the set-top box that shows my media on my TV that I can control with my phone? Where’s the ability to stream the cool thing I found on my tablet to the TV so everyone can watch it? Where’s the computer that streams my terabytes of music, photos, movies and TV shows to my devices? Where’s the ability to walk from room to room and bring my music with me to the nearest set of speakers?

Samsung doesn’t have that, and neither does Google. Google TV and the Nexus Q were unmitigated disasters. The Android experience on tablets still sucks (I have Android 4.1 “Jelly Bean” running on my HP TouchPad). There is no ecosystem at play in the Android universe.

Microsoft’s dark horse

While reading a post by Ken Seagall, I watched this video:

Suddenly something occurred to me. Something that Microsoft has done a terrible job capitalizing on. Something that, if executed properly, could position Microsoft back in the #2 position behind Apple: The Digital Hub.

Let’s look at what Microsoft has today that already works well together: Windows, Surface, Windows Phone and Xbox. Your Windows Phone and Surface tablet have different use-cases in your life, but they sync together with your Windows PC, and the Xbox is the media hub in your living room. They also have Outlook.com (née Windows Live Mail, née MSN Hotmail, née Hotmail.com), Office 365, SkyDrive, and lots of other services to complement the devices they have.

But Microsoft is so discombobulated internally that it can’t figure out how to put one foot in front of the other. It’s like watching a drunk guy stumble across the railroad tracks.

Microsoft is okay at services (still not as good as Google, but much better than Apple), they have a very mature desktop OS with a massive number of apps, and they have the best selling living room console behind Apple TV. Windows Phone may be nice, but there’s no notable audience for it. And the Surface is, well, junk. (It’s the worst kind of “me too” product out there.)

Can they pull it off?

If (and this is a really big if) Microsoft can get rid of the warring internal tribes, and can set aside empty, doom-inducing rhetoric like Windows Everywhere and No Compromise, I think they may have a shot at being #2 overall. Windows still dominates on the desktop in terms of numbers (I’ll avoid talking about other metrics for the moment), and Xbox is (finally) making money, but they’re failing at everything else.

They need to have a leader with a clear vision and the know-how to execute that plan. They don’t need a loud-mouthed buffoon as a mouthpiece. Their financials are OK, but they could be so much more if they tried harder and focused their efforts behind a singular vision.

Apple has a rock-solid ecosystem. Google & Samsung do not. Microsoft has all the pieces of a solid ecosystem, but they have too many cooks in the kitchen with conflicting visions.

I never thought I’d say this, but I find myself rooting for Microsoft. I really hope they can get their act together and clinch the #2 spot.

Converting MKV files to MP4, using Mac OS X, for playback on iPad, Apple TV, Playstation 3, Xbox 360, Roku and other players 10 Apr 2013, 12:45 am

Nearly 2 years ago, I became a Cord-Cutter. I couldn’t see the sense in paying a ton of money every month for 500 channels that I didn’t watch, just so that I could catch the occasional show.

I invested in Netflix and Hulu Plus accounts so that I could watch most of my shows, and for the shows that haven’t made their way into the 21 century yet, there are plenty of places online where you can acquire the latest episodes.

If you read my previous post on converting Blu-ray and DVD movies to MP4, this process has a slightly different flow.

Crash Course in Digital Video Formats

These days, if you (ahem) acquire a high-definition copy of your favorite show online (commonly in 720p), it will most likely be in MKV/H.264/AC3 format.

The short explanation is that every video file is made up of 3 different parts: the video stream, the audio stream, and the container. The audio and video are synced-up (a.k.a., “multiplexed” or “muxed”) and are bundled together into a single file using a container format.

If you want to make yourself a little more educated about this stuff, check out the “Video on the Web” chapter of Dive Into HTML5 by Mark Pilgrim.

MKV is a popular container format because it’s designed to be a kitchen sink. You can throw all sorts of stuff inside this container, so people like to stash it full of subtitle files and other sorts of things. AC3 is the name of the Dolby Digital surround-sound audio format. You typically need a dedicated decoder ship to handle this kind of audio, which is common in modern receivers and some TVs.


The first thing we need to do download a copy of MP4Tools.

While you can use it without a license, it’s always a good idea to support the independent software developers who write this stuff — especially if its useful.

When you drag your MKV file into MP4Tools, you should see two entries — the video stream and the audio stream.

The video stream should already be in H.264 format. (If it isn’t, stop what you’re doing and run the file through Handbrake instead.) Check the box next to the stream to select it.

If the audio stream is already in AAC format, this will be very simple. If the audio stream is in AC3 format, this will still be simple, but will take a little longer to complete.

  1. For H.264 video, choose Pass Thru.

  2. For AAC audio (if available), choose Pass Thru.

  3. For AC3 audio (if available), choose the highest AAC audio selection you have available (either AAC (2-Ch.) or AAC (5.1)). If you selected AAC (5.1), also check the box for add 2-Ch. Track.

Lastly, choose your intended device. The Apple TV setting tends to have the broadest compatibility in my experience. Leave everything else as the default setting, and click the Convert button.

In a few minutes, you should have a new .m4v file.

Metadata and Artwork

It’s possible that you may have heard of AtomicParsley, MetaX or MetaZ before. They all suck. Check out Subler instead.

Once you have your .m4v file, you’ll want to add the metadata and artwork to the file. As long as the video file starts with a format similar to <show>.s<#>e<#> (e.g., Weeds.s7e1), Subler will be able to determine the right things to search for.

Subler queries TVDB for TV show data, although I’m generally unimpressed with the TV show artwork. For that, I use Get Video Artwork and download the iTunes-compatible, square-shaped TV show artwork.

While Subler does a good job of checking the right boxes automatically, you’ll want to check the Other Settings and make sure that the resolution and media kind are set correctly for your new .m4v file.


I prefer to keep my video files sorted by <show>/<season>/<file>. I also go so far to name my files as S.E - Title.mp4 (e.g., a recent episode of Supernatural was labeled 8.15 – Man’s Best Friend with Benefits).

Going episode-by-episode can be very tedious, so I wrote up a Mac OS X service to handle this for me. The only prerequisite is to install a package called mp4v2 from MacPorts.

sudo port install mp4v2

Once you’ve installed MacPorts (if you hadn’t already) and the mp4v2 package, you can install the OS X service by double-clicking it. (It’s an Automator action, so feel free to take a look at what it does before installing it.)

With everything installed, you can now right-click on one or more video files, choose Services, then “Rename video to 1.01 – Title.mp4”.

Within a few seconds, the Automator workflow will read the contents of the video file for the season number, episode number, and episode title, and rename the file automatically.

Streaming from iTunes

I’ve already covered this in my previous post, so I’m not going to go over it again here.

Once it’s in iTunes, you can sync shows to your smartphone, iPad, or stream them to a variety of devices throughout your home.

Converting Blu-ray and DVD movies to MP4, using Mac OS X, for playback on iPad, Apple TV, Playstation 3, Xbox 360, Roku and other players 9 Apr 2013, 12:04 am

I often find myself wanting to watch my movies when I’m on-the-go, or sitting at work writing code. I also have one Blu-ray player in the house, and hate having to sit through one unskippable warning or commercial after another.

Because of this, I choose to exercise my fair-use right to format-shift my movies into something more convenient. Making a personal backup of movies you own is in a legal gray-area in the U.S. Historically, this sort of thing fell under fair use law, but the DMCA (1998) makes it illegal to crack the encryption. This is why backing-up CDs is commonplace while backing-up DVDs and Blu-rays is frowned upon. The encryption is where the line is drawn. You’ve been warned!


The Mac used for this tutorial is an 17″ MacBook Pro (early-2011) with a 64-bit quad-core 2.2 GHz Intel Core i7 processor, 16 GB of RAM, OS X Mountain Lion, and a standard, built-in Superdrive. The external BD-R drive is a Buffalo MediaStation 6X USB 2.0 Portable Blu-Ray Writer.

Backing-up your discs

Pretty much every Mac since the early 2000s has shipped with a DVD drive, so these are easy to come by. For backing up personal DVDs so that they can be format-shifted, RipIt is highly recommended. A license is a paltry $25, and I recommend supporting the developers of this software. Backing up is as simple as inserting the DVD, launching RipIt, and choosing “Rip”. You can expect a rip to take 15-30 minutes, depending on the size of the disc.

For Blu-ray discs, you first need a Blu-ray drive. For backing up personal Blu-rays so that they can be format-shifted, MakeMKV is highly recommended. We won’t be making .mkv files, but it has support for backups. A license is somewhere in the $60-$80 range, and I recommend supporting the developers of this software. Backing up is as simple as inserting the Blu-ray disc, launching MakeMKV, and choosing “Backup”. You can expect a rip to take 45m-1h15m, depending on the size of the disc.

If you’re on Windows, check-out AnyDVD and AnyDVD HD.

Format-Shifting to MP4/H.264/AAC

Video files are a lot more complicated than most people realize. You may have heard words like MKV, MPEG-4, AVI, MP3, AAC and other acronyms.

The short explanation is that every video file is made up of 3 different parts: the video stream, the audio stream, and the container. The audio and video are synced-up (a.k.a., “multiplexed” or “muxed”) and are bundled together into a single file using a container format.

If you want to make yourself a little more educated about this stuff, check out the “Video on the Web” chapter of Dive Into HTML5 by Mark Pilgrim. For this exercise, just know that we want to end up with an H.264 video stream and an AAC audio stream, wrapped up inside an MP4 container.

For this, we’ll use Handbrake. Handbrake will take our personal backups as input, and produce an .mp4 (or .m4v — same thing) file as output.

Handbrake comes with a good set of default settings. If you don’t know what you’re doing, feel free to use those. I’ve tweaked my settings a bit as I prefer higher-quality files at the cost of a larger file size.

See the following screenshots for information on my presets.

The biggest difference between these is that the video bitrate for DVDs is 3,000 kbps while for Blu-rays it’s 10,000 kbps.

To get started, click the Source button in the upper-left corner of the main Handbrake window. Find your backup directory, and choose Open. Handbrake will parse the files and make sure it has a complete backup to work with. If you’re using my presets, choose DVD (480p) if your source is a DVD backup, or Blu-ray (1080p) if your source is a Blu-ray backup. It may also be helpful to check out the Handbrake Quick-Start Guide if you’re new to the tool.

Next, click the Add to Queue button. Once you’ve queued-up all of the movies you want to format-shift, click the Start button. On the reference hardware listed above, DVDs typically take 45m-1h30m to fully encode a new MP4 file. Blu-rays take 4-6 hours. In both cases, Handbrake will leverage as much of your CPU and RAM as possible, so don’t expect to be able to do much with your computer until its done.

With these settings, expect a 480p MP4 to be around 1 GB/hour of video and a 1080p MP4 to be around 5 GB/hour of video. If having a 15 GB copy of Titanic is too much, lower the video bitrate for the Blu-ray (1080p) setting from 10,000 kbps. The lower the setting, the worse the quality, but the smaller the file size.

One more tip: 1080p video has a resolution of 1920×1080. The smaller the screen, the less there is for your eyes to notice, so you can be more forgiving of lower-quality. However, if you’re stretching 1920×1080 across your nice new 55″ LED TV, a low-quality file will make your whole movie-watching experience suck. The bigger the TV, the better you want the quality to be.

Metadata and Artwork

Once you have your .mp4 or .m4v file, you’ll want to give it a proper name and add the metadata and artwork to the file. The format I use is <name of movie> (<format>).mp4 (e.g., My Favorite Movie (1080p).mp4).

It’s possible that you may have heard of AtomicParsley, MetaX or MetaZ before. They all suck. Check out Subler instead.

Subler queries The Movie DB for movie data and artwork, and uses TVDB for TV show data. While The Movie DB has a pretty awesome selection of movie artwork, I’m generally unimpressed with the TV show artwork. For that, I use Get Video Artwork and download the iTunes-compatible, square-shaped TV show artwork.

Save your changes, and Subler will write the video metadata and artwork into the file.

Streaming via iTunes

I have an Xbox 360, a Playstation 3, and two Apple TVs at home. I also have an iPad 2, iPad 3 and an iPad mini. Needless to say, I watch a lot of movies and TV shows.

Because the video files tend to be so large, I use an external hard drive attached to my Mac to store the video files. I then tell iTunes where to find the movie by option-dragging the MP4 file from Finder into iTunes’ Movie pane. The option-drag tells iTunes “here’s a pointer to the movie, but don’t copy it onto my built-in hard drive”.

Now it’s time to watch your movie!

  1. As of iOS 5, iPad supports 1080p video. Simply sync the movie to your iPad and watch it on-the-go.

  2. As long as your computer running iTunes and your Apple TV are on the same network and are both configured to use the same Home Sharing account, you should be able to start streaming the movie to your Apple TV right away. (I would always recommend a hard-wired network connection, otherwise a Wireless-N connection. A Wireless-G connection is likely going to require more buffering or have choppy playback.)

  3. To stream to your Playstation 3, you’ll need to be running a DLNA server on your Mac. Medialink ($20) can be installed as a System Preference and automatically serve your iTunes content to your Playstation 3.

  4. To stream to your Xbox 360, you’ll need to be running a similar server which the Xbox understands. Connect360 ($20) can be installed as a System Preference and automatically serve your iTunes content to your Xbox 360.

  5. Since MP4/H.264/AAC is the industry-wide standard for all modern-age video, pretty much any smartphone, tablet, laptop, operating system, and streaming device created since 2004 can play this format out-of-the-box. Even ancient OS’s like Windows XP have been updated to support this format. Go nuts.

H.265 has been approved 26 Jan 2013, 1:44 am

For my fellow video nerds, the ITU announced today that its members had agreed upon the format for the successor to H.264 video — H.265, also known as “High-Efficiency Video Coding”.


H.264 and HDTV

Today, most TVs support 1080p, although most content (TV shows, most video games) are only 720p. Blu-ray movies and a handful of video games are “Full HD” (aka, 1080p). This is all thanks to a video codec called H.264 (aka, “Advanced Video Coding”, or AVC for short).

H.264 is what makes Blu-ray exist, and what allows you to watch Netflix and other video on your TV, computer and mobile devices. H.264 did for video what MP3 did for music.

CES 2013 and “4K” Ultra HDTV

At the CES 2013 trade show this month, companies like Sony, Toshiba, Panasonic and others were showing-off prototypes of their new 70+ inch TVs that support a new resolution called 4K — otherwise known as the small version of Ultra HDTV). (Kinda like how 720p is the small version of HDTV.)

The approval of H.265 makes 4K television content possible. H.265 (or possibly the future H.266, depending on how long Blu-ray sticks around) will be the basis of whatever format replaces Blu-ray discs. DVD had a good 12-year run as the disc format du jour (1998-2010). Blu-ray debuted in 2006, so if we give it the same 12-year run as DVD had (circa 2018), Blu-ray has about 5 years left before its successor overtakes it in popularity.

(As much as I would love to see Blu-ray be the final disc format, falling by the wayside in favor of all-digital streaming and downloads, I don’t think it’s going to happen just yet. The content industry needs something to sell and the average consumer needs something to buy. God forbid the general public is forced to figure out the epic clusterf**k known as UltraViolet DRM. But I digress…)

Higher quality, smaller size

For the forward-thinking folks who have already moved to all-digital, H.265 takes up half the drive space for the same quality file compared to H.264. All of my movies encoded with H.264 that take up 8-10 GB each, would only take 4-5 GB each. Alternatively, I can keep them at 8-10 GB each, and get resolutions of 3840×2160 (which would require a 4K TV to appreciate).

Then again, if your TV is bigger than about 40-46 inches, 1080p starts to lose clarity as the pixels become more noticeable. A 55-60 inch 4K TV would be equivalent to your iPhones, iPads, and other devices with a Retina Display — pixels so small that you can’t see them unless you get really close. Of course, an 80-inch “8K” Ultra HDTV with matching H.265-encoded movies would be freaking epic! Goodbye IMAX, hello my living room!)

This also means that watching video on-the-go on your smartphone or iPad will be faster, the picture will be clearer, and video will eat-up less of your monthly data plan.

What’s missing?

There are still some important pieces missing from this equation — notably hardware decoders and video content.

Decoding the video’s format into something that you can watch is a very intensive process. Doing the decoding in software requires much more processing power than decoding in hardware. Hardware decoding is what allows your iPhone, iPad or other device to play movies smoothly.

Contrast that with Android devices that support Flash. Animation and FLV playback tends to be stuttered, jarring, and chews through your battery because all of the decoding happens in software. Over the next 12-18 months, expect to start seeing H.265 decoders being shipped in new devices — especially mobile devices.

The other major piece of this equation is having H.265-encoded content. What’s the point of having all of this fancy H.265 hardware if there’s nothing to watch?

The first content will come from the hacker communities as Blu-ray movies encoded at 1080p with H.265 will start showing up on torrent sites. (These are what I call the super-alphas.) Over the next 3-5 years, the rest of the world will catch up as H.265 makes its way into the streaming content market (e.g., Netflix, Hulu, Amazon Instant Video, iTunes, Verizon, Comcast). Finally, H.265 will hit the mainstream in whatever disc format replaces Blu-ray — just a couple of years before H.265’s successor (presumably H.266) is approved, and the whole process starts over.

Not that nerdy… no, really

I said all of that to say this: H.265 may sound esoteric, but it unlocks a very bright future for video content (movies, TV shows, video games, web video, etc.) moving forward.

Aaron Swartz 12 Jan 2013, 1:46 pm

I didn’t know Aaron personally, so there’s no insight I can provide into the person who I’ve read people describe as “a brilliant soul”.

The world is now a worse place

The tech world is abuzz with the news that, at only 26 years old, Aaron Swartz decided to take his own life. I heard about it last night when I opened up Tweetbot, and saw two tweets back-to-back in my timeline:

We lost @aaronsw.

— Alex Payne (@al3x) January 12, 2013

Fuck. tech.mit.edu/V132/N61/swart…The world is now a worse place.

— dustin curtis (@dcurtis) January 12, 2013


Being part of the web world, I certainly knew Aaron by reputation. I first heard about him back when I started tinkering with RSS in 2003. While I may have started a project that simplified RSS for a legion of PHP developers, Aaron literally wrote the spec — and at 14 years old, I might add.

Cory Doctorow had this to say:

I met Aaron when he was 14 or 15. He was working on XML stuff (he co-wrote the RSS specification when he was 14) and came to San Francisco often, and would stay with Lisa Rein, a friend of mine who was also an XML person and who took care of him and assured his parents he had adult supervision. In so many ways, he was an adult, even then, with a kind of intense, fast intellect that really made me feel like he was part and parcel of the Internet society, like he belonged in the place where your thoughts are what matter, and not who you are or how old you are.

Creative Commons. PACER. Demand Progress.

Every so often throughout the last decade, his name would pop-up around topics that I was also interested in. Creative Commons. Opening up public access to court records. Demand Progress. He used technology to fight for the same sorts of causes that I fight for, evangelize for, or are otherwise close to my heart. Namely:

  • the over-criminalization of American citizens by its government, and…
  • the fact that the people we elect to represent us in government would throw us under the bus in a heartbeat if it meant more money, power and political cachet.

Cory Doctorow continues:

At one point, he singlehandedly liberated 20 percent of US law. PACER, the system that gives Americans access to their own (public domain) case-law, charged a fee for each such access. After activists built RECAP (which allowed its users to put any caselaw they paid for into a free/public repository), Aaron spent a small fortune fetching a titanic amount of data and putting it into the public domain. The feds hated this. They smeared him, the FBI investigated him, and for a while, it looked like he’d be on the pointy end of some bad legal stuff, but he escaped it all, and emerged triumphant.

Aaron was involved in the creation of an organization called Demand Progress, who “works to win progressive policy changes for ordinary people through organizing, and grassroots lobbying. In particular, we tend to focus on issues of civil liberties, civil rights, and government reform.”

It was here where I first learned about the Senate’s proposed PROTECT-IP Act (later renamed “PIPA”), and it’s House sibling, the ill-fated SOPA Act, whose negative repercussions would have been felt for generations to come.

Download too much, go to jail

From a New York Times article dated July 19, 2011:

Demand Progress said on its site that it appeared Mr. Swartz was “being charged with allegedly downloading too many scholarly journal articles from the Web.” It quoted the group’s executive director, David Segal, as saying, “It’s like trying to put someone in jail for allegedly checking too many books out of the library.”

Cory Doctorow:

Aaron snuck into MIT and planted a laptop in a utility closet, used it to download a lot of journal articles (many in the public domain), and then snuck in and retrieved it. This sort of thing is pretty par for the course around MIT, and though Aaron wasn’t an MIT student, he was a fixture in the Cambridge hacker scene, and associated with Harvard, and generally part of that gang, and Aaron hadn’t done anything with the articles (yet), so it seemed likely that it would just fizzle out.

Instead, they threw the book at him. Even though MIT and JSTOR (the journal publisher) backed down, the prosecution kept on. I heard lots of theories: the feds who’d tried unsuccessfully to nail him for the PACER/RECAP stunt had a serious hate-on for him; the feds were chasing down all the Cambridge hackers who had any connection to Bradley Manning in the hopes of turning one of them, and other, less credible theories. A couple of lawyers close to the case told me that they thought Aaron would go to jail.

And Larry Lessig:

But all this shows is that if the government proved its case, some punishment was appropriate. So what was that appropriate punishment? Was Aaron a terrorist? Or a cracker trying to profit from stolen goods? Or was this something completely different?

Early on, and to its great credit, JSTOR figured “appropriate” out: They declined to pursue their own action against Aaron, and they asked the government to drop its. MIT, to its great shame, was not as clear, and so the prosecutor had the excuse he needed to continue his war against the “criminal” who we who loved him knew as Aaron.

And an article from September by Tim Cushing from TechDirt:

Swartz, the executive director of Demand Progress, was charged with violating the Computer Fraud and Abuse Act, a catch-all designation for “computer activity the US government doesn’t like.”

Swartz had accessed MIT’s computer network to download a large number of files from JSTOR, a non-profit that hosts academic journal articles. US prosecutors claimed he “stole” several thousand files, but considering MIT offered this access for free on campus (and the files being digital), it’s pretty tough to square his massive downloading with any idea of “theft.”

Prosecutor as bully

Larry Lessig continues (reformatted paragraphs, mine):

Here is where we need a better sense of justice, and shame. For the outrageousness in this story is not just Aaron. It is also the absurdity of the prosecutor’s behavior. From the beginning, the government worked as hard as it could to characterize what Aaron did in the most extreme and absurd way.

The “property” Aaron had “stolen,” we were told, was worth “millions of dollars” — with the hint, and then the suggestion, that his aim must have been to profit from his crime. But anyone who says that there is money to be made in a stash of ACADEMIC ARTICLES is either an idiot or a liar. It was clear what this was not, yet our government continued to push as if it had caught the 9/11 terrorists red-handed.

Aaron had literally done nothing in his life “to make money.” He was fortunate Reddit turned out as it did, but from his work building the RSS standard, to his work architecting Creative Commons, to his work liberating public records, to his work building a free public library, to his work supporting Change Congress/FixCongressFirst/Rootstrikers, and then Demand Progress, Aaron was always and only working for (at least his conception of) the public good.

He was brilliant, and funny. A kid genius. A soul, a conscience, the source of a question I have asked myself a million times: What would Aaron think? That person is gone today, driven to the edge by what a decent society would only call bullying.

I get wrong. But I also get proportionality. And if you don’t get both, you don’t deserve to have the power of the United States government [against] you.

For remember, we live in a world where the architects of the financial crisis regularly dine at the White House — and where even those brought to “justice” never even have to admit any wrongdoing, let alone be labeled “felons.”

And again from TechDirt:

There are now 13 felony counts in the new indictment, derived from claims of multiple instances of breaking those four laws. In specific:

  • Wire Fraud – 2 counts
  • Computer Fraud – 5 counts
  • Unlawfully Obtaining Information from a Protected Computer – 5 counts
  • Recklessly Damaging a Protected Computer – 1 count

It’s beyond my pay grade to figure out how many years in prison that all could be, when taking into account the complexities of sentencing law. Let’s leave it at a large scary number. Enough to ruin someone’s life.

And the kicker…

So, how do the new charges stack up in terms of a sentence? Tough to say. Each of the charges carries the possibility of a fine and imprisonment of up to 10-20 years per felony. Depending on how many of the counts Swartz is found guilty of, the sentence could conceivably total 50+ years and fine in the area of $4 million. All this over publicly accessed research documents that JSTOR doesn’t even feel the need to pursue further than it did.

In the end

Alan Ellis, a nationally-recognized federal criminal defense lawyer explains:

Nearly 97 percent of all federal criminal defendants will plead guilty. Of the remaining 3 percent who go to trial, as many as 75 percent will be convicted. Thus, nearly 99 percent of all federal criminal defendants will be sentenced. Of that number, 80 percent of defendants will receive jail or prison time.


  • 96.9% of federal criminal cases result in a guilty plea. (U.S. Sentencing Commission)
  • 75.6% of federal criminal defendants are convicted following trial. (U.S. Department of Justice)
  • 99% of federal defendants are sentenced.
  • 82.8% of federal criminal defendants receive a prison term. (U.S. Sentencing Commission)

In the end, while nobody knows why Aaron decided to take his own life, I could certainly posit a guess. When the federal government comes after you, you’re pretty much done for. In Aaron’s case, he pissed off the wrong federal prosecutors, and they moved to eviscerate him, legally, over downloading academic journals that MIT provided access to for free.

What a terrible, terrible shame.


As the day has gone on, more people have been sharing their thoughts on Aaron, his case, and the person he was.

A post by Aaron Swartz, dated July 2008:

There is no justice in following unjust laws. It’s time to come into the light and, in the grand tradition of civil disobedience, declare our opposition to this private theft of public culture.

We need to take information, wherever it is stored, make our copies and share them with the world. We need to take stuff that’s out of copyright and add it to the archive. We need to buy secret databases and put them on the Web. We need to download scientific journals and upload them to file sharing networks. We need to fight for Guerilla Open Access.

With enough of us, around the world, we’ll not just send a strong message opposing the privatization of knowledge — we’ll make it a thing of the past. Will you join us?

The official statement from Aaron Swartz’ family:

Aaron’s commitment to social justice was profound, and defined his life. He was instrumental to the defeat of an Internet censorship bill; he fought for a more democratic, open, and accountable political system; and he helped to create, build, and preserve a dizzying range of scholarly projects that extended the scope and accessibility of human knowledge. He used his prodigious skills as a programmer and technologist not to enrich himself but to make the Internet and the world a fairer, better place. His deeply humane writing touched minds and hearts across generations and continents. He earned the friendship of thousands and the respect and support of millions more.

From the post “My Aaron Swartz, whom I loved.,” by Quinn Norton:

He loved my daughter so much it filled the room like a mist. He was transported playing with her, and she bored right into his heart. In his darkest moments, which I couldn’t reach him, Ada could still touch him, even if only for a moment. And when he was in the light, my god. I couldn’t keep up with either of them. I would hang back and watch them spring and play and laugh, and be so grateful for them both.

Expert witness Alex Stamos, in “The Truth about Aaron Swartz’s ‘Crime’“:

In short, Aaron Swartz was not the super hacker breathlessly described in the Government’s indictment and forensic reports, and his actions did not pose a real danger to JSTOR, MIT or the public. He was an intelligent young man who found a loophole that would allow him to download a lot of documents quickly. This loophole was created intentionally by MIT and JSTOR, and was codified contractually in the piles of paperwork turned over during discovery.

If I had taken the stand as planned and had been asked by the prosecutor whether Aaron’s actions were “wrong”, I would probably have replied that what Aaron did would better be described as “inconsiderate”. In the same way it is inconsiderate to write a check at the supermarket while a dozen people queue up behind you or to check out every book at the library needed for a History 101 paper. It is inconsiderate to download lots of files on shared wifi or to spider Wikipedia too quickly, but none of these actions should lead to a young person being hounded for years and haunted by the possibility of a 35 year sentence.

Update (2013-01-20)

I’ve continued to add to the links below as I’ve come across them, but a few more interesting things are beginning to shake-out from Aaron’s prosecution.

Scott Horton from Harper’s Magazine writes (Emphasis mine):

U.S. Attorney Carmen Ortiz is fighting to hold on to her job, and to avoid an embarrassing grilling in Congress and possible professional disciplinary proceedings. Her prospects look grim. Rep. Darrell Issa (R., Calif.), chair of the House Committee on Oversight is pledging a vigorous and critical inquiry into her management of the dubious criminal prosecution of Aaron Swartz, one of the greatest computer prodigies of his generation, who committed suicide a week ago, apparently convinced that out-of-control prosecutors had destroyed his life.


At funeral services in Highland Park, Illinois, on Tuesday, Swartz’s father charged that his son had been “killed by the government.” While some might ascribe this to the anguish of a bereaved father, scholars and investigators poring over the record of the Swartz prosecution are increasingly shocked at the scope and outrageousness of the prosecutorial misconduct that he faced.


Although each of these counts bordered on the preposterous, Ortiz and Heymann clearly reckoned that at least one or two would stick during the jury-room bargaining process. More to the point, they assumed that the risk of their success even on bogus charges would be enough to pressure Swartz into accepting a guilty plea on all the counts in exchange for a reduced sentence — which is what they offered him. The process was fundamentally corrupt and shameful. But observers of the American criminal-justice system also know that it was a common one.

I first learned about this corrupt little trick, long-since leveraged by federal prosecutors, when my best-friend-since-childhood made a stupid mistake one evening that was technically a felony offense — he viewed a 30-second video clip of somebody else committing a felony.

This is the same thing that police do when they’re investigating a bank robbery. The same thing that news anchors do when they show a security tape of people smashing through the front-doors of an Apple Store to steal iPads, “more at eleven”. Had he walked by and seen it happening through a window, he wouldn’t have been prosecuted. But he saw a half-minute recording and they threw the book at him. It’s very much like how prostitution is illegal, but if you record the act, suddenly it becomes porn. Perfectly legal.

50 hours of community service would have been plenty to correct the mistake he made and make him pay more attention to his actions in the future. Instead, trumped-up charges by federal prosecutors resulted in him being sentenced to 2 years in a federal penitentiary, followed by 5 years under probation, and another 15-20 years on the Sex Offender Registry living as a social pariah.

(Studies by the U.S. Justice Department and other organizations show that recidivism rates are significantly lower for convicted sex offenders than for burglars, robbers, thieves, drug offenders and other convicts.)

He lost his home, his career, many of his friends, and because of his registry status he can’t find work — all because he made a stupid mistake. He’s doing everything he possibly can to re-assimilate back into society, but society doesn’t want him. His life was ruined. Fortunately, he’s smart, well-spoken and a hard worker. He was able to start two companies and is able to provide for his wife and 3 children. One of those companies is dedicated to helping people who were likewise abused by the federal justice system and have experienced the injustice of the Bureau of Prisons.

But I digress…

Timothy B. Lee, from Ars Technica, follows-up on Aaron’s Law:

On Tuesday, Rep. Zoe Lofgren (D-CA) took to the pages of reddit to introduce legislation she dubbed “Aaron’s Law.” Lofgren’s bill would modify the Computer Fraud and Abuse Act, the basis for Swartz’s prosecution, to clarify that its definition of unauthorized access “does not include access in violation of an agreement or contractual obligation, such as an acceptable use policy or terms of service agreement, with an Internet service provider, Internet website, or employer.” It would make a similar change to the wire fraud statute.

The language was praised by Harvard law professor Lawrence Lessig, a friend of Swartz whose wife organized his legal defense fund. “This is a CRITICALLY important change that would do incredible good,” Lessig wrote on reddit. “The CFAA was the hook for the government’s bullying of @aaronsw. This law would remove that hook.”

And more links:

My favorite Mac apps: Music and Video Apps 14 Dec 2012, 3:30 pm

As we lead-up to Christmas (and other holidays that I don’t personally celebrate), I thought I’d put together a list of a few of my favorite things — Mac apps top be specific. These are some of my favorite music and video apps.

iTunes, iTunes Match, Last.fm, Spotify & Tracks

I’ve been using iTunes to manage my music since iTunes 4.1 came out for Windows in 2003. Prior to that, I had a folder of music organized alphabetically and used Winamp for playback. (If you’re still doing that in 2012, I’m judging you.)

I use iTunes to hold all of my music, movies, TV shows and digital books. With iTunes running on my home computer, I can stream all of my media to my Apple TV, iPads and iPhones, into every room of the house.

iTunes Match is awesome! If I’m walking through downtown Seattle and have my iPhone with me, I can listen to any song in my library. If I’m riding the bus to work, I can pull out my iPad, do some reading, and listen to any song in my library. If I get to work and open up iTunes, I can listen to any song in my library. It’s super-awesome!

I use Last.fm to take my listening habits and make recommendations for new music that I might like.

I’ve spent time with both Rdio and Spotify, and I ended up settling on Spotify as a way to supplement iTunes. I can check out entire albums before I decide to get them and put them into iTunes. It’s also good for music that I don’t want to clutter up my iTunes library with, such as tracks my Miley Cyrus that my daughter likes.

Tracks is a small utility that scrobbles the music I listen to into Last.fm, and adds keyboard commands for previous/next/pause/play controls.

MakeMKV, RipIt, Handbrake, Subler and MP4 Tools

I prefer for all of my video content to be in industry standard MP4/H.264/AAC formats. It’s also convenient that Apple TV, Playstation 3, Xbox 360, iPad, iPhone and my HP TouchPad running Android 4 can all play this format.

I use MakeMKV or RipIt to make personal backups of Blu-rays or DVDs (respectively) that I own. I use Handbrake to compress the source files from the disc into MP4/H.264/AAC files. I use Subler to lookup and write the correct metadata into the files (artwork, title, chapters, etc.). Subler is far superior to older apps such as AtomicParsley, Meta X or Meta Z.

If a movie spans multiple discs, or if I’ve managed to end up with a file in an MKV container or uses AC3 audio instead of AAC, I can use MP4 Tools to fix and/or merge them.

Once I load the resulting movie into iTunes, I can sync it to any of my devices to watch on-the-go, or stream it to any TV in the house with Apple TV.


Vuze is a powerful BitTorrent client. I have nothing else to say on this matter.


Max is a really great audio encoder. I often use it when a friend of mine gives me some FLAC files or WAVs and I want to turn them into MP3s at 320kbps.

Miro Video Converter

I typically use this tool when I’m putting video on my blog, and want to provide browser-native HTML5 formats. It’s also great for creating mobile-friendly versions of video files for the wide array of devices out there.

MusicBrainz Picard

Picard is a great tool for looking up the metadata for my music from the MusicBrainz service. It’s usually pretty good, and if it makes a mistake, you can easily correct it, save the changes, and load them into iTunes.


I use this for making iPhone ringtones out of tracks I have in iTunes.


VLC can play pretty much any video format. If I’m given an MKV file, a WMV file, and MPG file or something else, I can throw it into VLC and start watching it right away.

My favorite Mac apps: Day-to-day Apps 13 Dec 2012, 3:20 pm

As we lead-up to Christmas (and other holidays that I don’t personally celebrate), I thought I’d put together a list of a few of my favorite things — Mac apps top be specific. These are some of my favorite day-to-day apps.


My favorite web browser on the Mac platform. It’s fast, has minimal UI chrome, and has precisely the extensions I need.

I used to bounce around between Firefox, Chrome and Safari, but over the past year, I haven’t felt the pain of anything missing from my browser experience.


Things is a to-do list that helps me get things done. It’s not complex, or even all that fancy, but now that it has cloud syncing across Mac/iPhone/iPad, and the ability to sync from the iOS 6 Reminders app, it helps me keep my to-dos organized.

Mail, Calendar and Messages

These are my trusty, reliable apps for managing my day. Mail and Calendar do a better job together than I’ve experienced with Outlook, Thunderbird/Sunbird/Lightning, Postbox, or even Sparrow.

I used to be a big fan of Adium, but as my needs have changed, Adium hasn’t kept up. I spend more time texting over iMessage than I do IM-ing, and Adium still doesn’t have support for audio/video conversations.

Also, Messages now supports AIM, Yahoo! and Jabber (Google Talk, Facebook Messenger) protocols, so I really have no reason to use anything else.


Fantastical is a handy utility for getting a quick view of my calendar from my menubar, and — combined with the Dictation support in Mountain Lion — I can easily open up Fantastical with a key command, tell it about an upcoming event, and I’m done. Calendar events sync across my devices over iCloud, so I just create the event and I’m done.


I can’t remember how much harder my life was before the days of 1Password. I use it to store my browser passwords, my software serial numbers, my bank account information (for use with online order forms), store secure notes (the wi-fi password at work, the backup passwords for the secondary-authentication support enabled on my Google and Facebook accounts), social security numbers, etc. My life would be a whole lot worse without 1Password.

In response to “DEAR APPLE: I’m Leaving You” 4 Nov 2012, 4:45 pm

A recent editorial on Business Insider layer out a number of reasons why the author, Ed Conway, was “leaving Apple”. This is my response.

Self-Indulgent Weiner

In his editorial, Ed Conway wrote:

Dear Tim,

There’s no easy way to put this so I’ll just come right out with it. I’m leaving you. It’s been great (mostly) but it’s over.

I figured the least I could do is to explain my decision in full – I like to think it might help protect you from nasty break-ups like this in the future.

I can’t help but think of the “self-indulgent weiner” line delivered by Nicholas Cage as Memphis Raines in the movie Gone in Sixty Seconds.

Ed, you’re going to complain in an effort to get page views. You’re trolling the Apple/anti-Apple crowds to get attention. That, sir, makes you a whore.

Long-time Apple user

I’ve been with you, with Apple I mean, for 13 years now – ever since 1999. Perhaps you’ve forgotten: I was a spotty teenager; I bought one of your cute little translucent iBooks. Slowly but surely I painted most parts of my technological life a bright shade of Apple. Let’s see: I’ve owned two iMacs, a number of iBooks, countless Macbooks (I’ve currently got two on the go, for some unknown reason), an iPhone for almost five years, an iPad since the very beginning; iPods, iPod touches, iPod nanos – I’ve had ‘em all. I even invested in an Apple TV and, wait for it, a G4 Power Mac Cube (yes, that was me!).

So, you’ve been an Apple user for a long time. That’s awesome. It’s made your life better, hasn’t it?

I’ll admit I became dependent on you – clingy, even. When I went to the States a couple of years back I shelled out hundreds of dollars to ensure I wouldn’t be without an iPhone – even though I was back at college and wasn’t exactly rolling in it. And like so many of those who fall in love with you, soon enough I found myself working part-time as your best PR spokesman: I spent hours persuading all my friends to buy your stuff. I even wrote a blog about what made Apple such a dynamic, innovative and successful company.

Blog post. You wrote a blog post, you idiot. A “blog” is a collection of posts, not a single one. You don’t “write a blog”, you “write a blog post“.

But that’s neither here nor there. It simply gives me a baseline of your intelligence so that I know whether I can gear my language and logic up or down. Clearly, it’s down.

The hype

Like millions of others, I really believed the hype.

Yes, because Apple’s success has been built on hype, and hype alone. (If you believe this, then I have some ocean-front property in Arizona to sell you.)

Apple builds some of the fastest, thinnest and lightest computers with incredibly high build quality. The ones with some of the best displays (in terms of resolution (2880×1800), pixel density (326ppi) and color accuracy), best resale value, and have the highest consumer rating. They’re #1 in U.S. unit share for notebooks (Mac) (née laptops), and #1 in worldwide unit share for tablets (iPads).

The’ve created not one, but two of the most user-friendly consumer operating systems on the market. They redefined not only one, not even two, but three separate industries. And all of their devices work seamlessly together to create a really fantastic experience.

But no, it’s just hype.

More uninformed stupidity

I never thought I would utter these words, but here goes: I’m leaving you. I have already traded in my iPhone for a Samsung.

A Samsung. One whole Samsung. *facepalm*

Now, I know you don’t like lists (at least I presume that’s why you avoided including a task application in Mac OS and iOS for so many years) but it’s only right that I run through the issues:

There has been a task manager in Mac OS (classic) as far back as System 1.0, AFAICT. Mac OS X has had a task manager since back in the NeXTStep days (1990’s). iOS didn’t support multitasking until iOS 4 (2010), and even then has chosen not to allow rampant or unchecked multitasking for user experience and battery life reasons. Every single detail about your last paragraph was 100% incorrect.

iOS 6

Yes, I know I’m hardly the first to mention this – but that doesn’t make it any less valid as a complaint. It is truly, truly awful. I’m usually ready to forgive one or two niggles in a new iteration of operating system. After all, they’re usually outweighed by the improvements. In this case, I honestly can’t think of a single new feature that in any way enhances the phone. Every change you’ve made is negative.

There are zero features of iOS 6 that are positive? So then you must think that every single one of these features is a bad thing.

  • User must confirm access to Contacts, Calendars, Reminders, Photos and Location Data when an app requests them.

  • It’s easy to keep contact information up-to-date with Facebook integration.

  • Asynchronous Game Center integration which allows for fantastic games like Letterpress to exist.

  • Built-in turn-by-turn navigation. 3D flyover views in Maps.

  • Siri has been improved, supports more types of information, and is available on more devices.

  • Facebook and Twitter notifications at the OS-level.

  • Shared photo streams (accessible to everyone, not just Facebook users).

  • The immensely-useful Passbook allows me to start keeping track of gift cards, tickets and other things without having to keep them in my wallet.

  • FaceTime conversations over cellular (3G, 4G and LTE).

  • Faster JavaScript, and improved CSS 3 and HTML 5 support in Safari.

  • The ability to decline calls (regardless of which view you’re in) then send the caller a message instead if you can’t talk right now.

  • Do Not Disturb settings for all of those overnight notifications, texts and drunken phone calls.

  • Automatic syncing of tabs between Safari on Mac/iPhone/iPad over iCloud.

  • Further-improved accessibility settings for people who need them.

The maps application is utterly horrendous; you must have known this is among the most commonly-used of all functional parts of a smartphone and that to change it quite so substantially would be seriously disruptive.

The new Apple-powered (instead of Google-powered) Maps app has been an overwhelmingly positive experience for me. Maps load faster (thanks to vector-based rendering), I get turn-by-turn directions with voiceover for free (this used to cost $50 for a third-party app), and the 3D “flyover” view has allowed me to discover a bunch of cool things in downtown Seattle that I never knew existed.

The only “loss” I experienced was transit maps. This forced me to discover a number of transit mapping applications that are way better than what I used to use Google Maps in iOS for. Two apps that I use frequently are OneBusAway and Lumatic City Maps. In a pinch, I can use Google Transit Maps in Safari.

Take iTunes Match. In the previous iOS I could download any individual song in my iTunes Match library, so I could listen to it overseas without data or when in the Tube. Now your dreadful new operating system will only let me download whole albums […]

This is partially false. I use iTunes Match all the time. Yes, they’ve removed the one-by-one icons for downloading individual songs. This is a little disappointing, but not super disappointing. I often use playlists (including Smart Playlists) in iTunes, so it’s pretty easy for me to add a song that I want to a playlist, then sync down that playlist.

[…] and then won’t let me delete them afterwards, so my iPhone gets clogged up with stuff before arbitrarily deleting precious chunks of data when it reaches capacity.

Not true, but deleting songs is more complicated as you need to turn off iTunes Match, then manually delete individual songs one-by-one from the list view.

This argument is less moronic than the others… so far.

As do I find the fact that you now seem to have decided to allow the iOS to decide unilaterally to use the telephone network rather than wifi when it so chooses.

What? I have no idea what you’re talking about here.

Given how badly you screwed up with the whole secret GPS-tracking of iPhone users, I’d have thought you realised we don’t like it when you behave creepily like this. It’s seriously not cool, but then more on that later.

Oh, you mean how the complete opposite of your statement is the truth?

All the new, exciting apps you’ve brought in are, I’m afraid to say, rubbish.

Let’s take a look.

Podcasts: dismal and buggy.

Yes, Podcasts 1.0 was a terrible app. But we’re no longer talking about iOS 6.

Facebook integration: should have been there years ago.

Apple gave you what you wanted, and now you’re complaining.

Passbook: erm – seriously?

One of my favorite additions, actually. I use it frequently.

Siri’s improvements are lost on me because, like most users, the only time I’ve engaged with Siri is to see how many swear words he/she/it understands (answer: a surprising number).

I’ll now have to take back my not-so-moronic statement about you that I made earlier.

Finally, for some reason iOS also seems to have broken the tilt-scrolling in Instapaper, which I resent because, well, I just use that app a lot.

So do I. And it works. Or were you using the iOS 6 Beta which was in, you know, beta status?

You’ve lost it

This is going to sound awful, but I can’t think of any big product you’ve re-imagined well since the iPad, and that was almost three years ago.

Stupidity should be painful. It seems as though Ed believes that if things don’t change radically from one iteration to the next, then they suck. Dude, take your Ritalin and calm your ADHD-ass the **** down.

iCloud? Not as good as dropbox, and actually more confusing. FaceTime? Slick, but still pales in comparison with Skype. iMessages? Mostly annoying, particularly when it sends messages twice. Siri? See the previous point. Safari? Not as good as Chrome or Firefox. Safari’s Reader function? Not as good as Instapaper. I could go on, but I think you get the idea.

Apple has been doing this for a while, so I’m surprised that Ed — a 13-year Apple veteran — hasn’t been paying attention.

Apple does not try to replace existing apps and functionality. Rather, it seeks to chase them up the bean pole. In other words, Apple comes in to the entry level of the market (informing some people that such a market exists in the first place), and challenges the incumbents to provide mid- and advanced-level features for people who want more.

  • iCloud: Handles your fundamental syncing tasks across devices with zero effort.

  • FaceTime: Always-on. Just tap the contact info of a friend or family member with a Mac, iPhone or iPad, and the call begins. No signing up. No ads. Simple.

  • iMessages: I can send and receive messages to other Mac/iPhone/iPad users from my Mac/iPhone/iPad. Messages sync across all devices so I never have to wonder where they went.

  • Siri: Fantastic. Easy to send text messages to people via voice while I’m driving. Easy to look up turn-by-turn directions. Easy to find a list of nearby Thai restaurants, with user-submitted reviews, ratings and price information.

  • Safari: Safari is incredibly fast on Mac and iOS. It’s become by preferred browser over both Chrome and Firefox because of this.

  • Safari’s Reader function: Most people don’t realize that you can read websites with all of the ads and crap stripped out of them. Instapaper led the charge, but Pocket is also coming along. Safari Reader is an entry-level feature.

Plus, my Mac simply doesn’t work that well any more. The contacts on my iPhone don’t seem to sync very well with my laptop. Aperture is extraordinarily slow and buggy, Pages and Numbers are a bit of a nonsense. It just feels like you don’t make the best software anymore. And it doesn’t fit together as seamlessly as in the past.


I don’t have any of the technical problems Ed’s talking about (i.e., contact syncing). I like Pages, but I prefer to write in Markdown using iA Writer. I have no need for Numbers. Since all of Ed’s assertions are unqualified and he fails to explain anything, it’s clear that he’s just ranting about things he doesn’t (or hasn’t taken the time to) understand.

You’re not cool anymore

Again, this is probably a body blow, but it’s also true. It’s not merely that I now have to put up with your products being used by my mother. The fact is that Apple used to be edgy; it used to be associated with the counterculture; it used to be rebellious. I liked that. I liked the fact that you were uncompromising. […]

Yes, and Apple also almost went bankrupt in 1996. They were rebels without a clue. Now they’re wildly successful because they chose not to follow in the footsteps of other companies… and you’re mad?

When you introduced the iMac you ditched the serial ports and insisted everyone had to make do with USB ports, despite the fact there was approximately one printer in the world which worked with USB. You were the first to ditch disc drives and DVD drives. I’m not alone but I liked the way you refused to put Flash on your devices. Plus I liked the fact that unlike Google and pretty much every other big company you and your fellow execs would never go to navel-gazing networking conferences like the World Economic Forum in Davos. There was something cool about that attitude.

None… (reading…) yep, none of those things have changed.

These days, you’re all too ready to compromise. Do you want to know the beginning of the end of our relationship? It was when you decided to include an SD slot in your MacBooks. Why? I can’t imagine the Apple of old ever doing this; there is no inherent reason why you need one in your laptop, save to compromise. And in compromising, you’ve become too complex.

User research showed that lots and lots of people were using SD cards in their cameras and other devices, so Apple added an SD card reader into their laptops. Apple did what made things simpler for users.

I remember the first iMac: it was the first computer you didn’t really need an instruction manual for. When iOS came out I found myself having to download the manual and wade through its 156 pages (156, FFS Tim!) to find out what you’d done with the settings I used to use. That’s the first time I’ve ever had to use an Apple instruction manual.

You swipe. You tap. If you want to check out the settings, you tap on “Settings”. It’s really not complex. Both my son and my daughter (elementary school age) were able to pick up my iPhone (and later my iPad) and begin using them immediately with zero instruction.

What does that say about you, Ed?

Apple used to be about purity, which in turn made its products simpler and more reliable; somewhere along the way, this got lost. Or rather, Apple under Steve Jobs used to be about purity: when he wasn’t at the helm in the 90s, it also made the kind of compromises I’m talking about here.

By “compromise”, Ed means “gave customers what they were asking for”.

You’re screwing us

No: the final straw was when you decided to replace the dock on the bottom of all your iPhones and iPads with the new “lightening dock”. I’ve heard your explanations: that it’ll allow your devices to be thinner, that it’s a faster connector and all that. I don’t buy it. The main reason you did this is the main reason you seem to be bringing your products out in ever shorter product cycles: planned obsolescence.


You’re aware that the more frequently something is out-of-date, the more often we’ll have to buy more Apple stuff. Now, I was willing to put up with that when it felt as if there was genuinely progress between iterations, when there was a shred of aspiration about it, but by the time you unveiled the lightening connector I wasn’t so sure. All it means is that I have to throw out all the devices I’ve bought over the past years which plug into my iPhone: adaptors, radios, speakers and so on. It’s a really low-down thing to do – particularly since the lightening connector is patently not that much faster than the existing dock.

Firstly, it’s spelled lightning.

Secondly, I haven’t thrown out a single device I’ve purchased since 2003 when the 30-pin dock was introduced. This is mainly because I’m not a moron who goes around throwing things out. But it’s also because you can spend $29 on a converter.

My chargers are all USB chargers, so I was able to plug the new USB-based Lightning connector in where my old USB-based 30-pin connector was. Yes, I’ve invested a grand total of about $60 buying multiple USB-to-Lightning cables so that I have one for my car, my office, and my home, but considering how many years it’s been since I had to buy a cable, I’m not that stressed about it.

Lastly, Apple has said that Lightning will be the standard for “at least the next 10 years” (as per Phil Schiller). With all of Apple’s new Macs supporting USB 3.0, I’d wager a very healthy sum of money on Lightning supporting USB 3.0 speeds. It also allows the devices to become even thinner and lighter over time. This is A Good Thing™.

Anyway, I guess you could say it was a Eureka moment. Finally, I realised that you’ve been working your way here for years: the fact that you give up supporting old Macs far quicker than before; that you won’t let us download and delete our own music from your cloud. You realise there isn’t much money long-term in being a pure manufacturer. You want to turn yourself into a quasi-service, where we constantly need to buy or subscribe to one of your products. I see the point – it’s economic genius. The problem is that it’s not inspiring in the slightest; and the products are no longer wowing us enough to detract from the venality of it. And I’m just tired and, worse, bored of it.

Again, 100% of this statement is complete fiction.

Thus far, iOS devices (with the notable exception of the first-generation iPad) have received the latest OS updates for 3+ years. This is in stark contrast to Android-based devices which are lucky to see a single update ever.

Macs tend to be supported with the latest updates for 5-6+ years. The latest OS X release, Mountain Lion, supports 2007-era and newer Macs. Considering that the earliest possible Macs that they could support are the first Intel-based Macs (released in 2006), this is pretty darn good.

I don’t need you any more

I was between iPhones and I filled the lonely miserable gap with an HTC Android phone. And while I tried to ignore it at the time, the fact is, it was actually pretty good. Yes, there were niggles and a few annoyances, but we got along surprisingly well. And I’ll get on pretty well with it again, because the fact is, Tim: I’m leaving you for an Android. I can get everything I need from a phone from them as well.

Oh, you’re only looking for a phone? Well hey, knock yourself out.

Last year, I wrote about why Apple’s ecosystem is unmatched and how Android still has a long way to go. If you just want a phone that does some smartphone-like stuff, Android is just fine.

My email, my messages, maps that work, my contacts (they’re stored with Google anyway and that integrates far better into an Android phone); Evernote, Instapaper, Whatsapp, my tube timetables and bus times. I’ll probably ditch iTunes Match in favour of Amazon Cloud Player or Google Drive, and, frankly, good riddance after the way you’ve treated us mobile users of the service. I’ll miss some of the apps, I’m sure – Reeder to name just one. I’ll miss the hundreds of text messages sitting on my iPhone. I’ll miss… Actually, I can’t think of anything else right now.

If you’re invested in the Google platform for your contacts, calendars and email, then the Google mobile OS might be a good fit for you. I used Google for contacts and calendars for 4 years and have used Google for email since I got into the Gmail beta in May 2004.

But I’ll tell you: Moving my contacts and calendars to iCloud has been a very positive experience. Not only does contact syncing over iCloud work better, but sharing calendars with other people allows for notifications about changes for all people involved. I couldn’t get this with Google Calendar.

I’ve used Amazon Cloud Player on Android 4.0.4 (CyanogenMod 9) and iOS, and quite frankly, it sucks. It crashes often, it doesn’t use my album artwork, and it only supports the popular-but-inefficient MP3 audio codec. It also doesn’t integrate with iTunes on my Mac. DoubleTwist is tolerable, but the integration isn’t as good there either.

Google Music still requires you to upload all of your music. I have hundreds of gigabytes, so that simply isn’t going to happen.

I’ll hang onto my iPad for the time being. I’ll certainly keep the Macbook Air – I’m not quite ready to return to Windows yet.

Might not buy a Mac, but not ready to go back to Windows? Where else is there to go? Desktop Linux?

Don’t take it personally. Well, do, if it helps inspire you to make better and bolder products. This need not be forever. You can still win me back: but you’ll need to do something special again, like you did in the good old days. Reinvent the TV, like you reinvented the phone. Revolutionise finance. Overhaul the home entirely. Think Different – as your predecessor Steve Jobs used to say. Perhaps the problem is you’re not the same person any more. You’re not Steve. Perhaps.

Reinventing TV takes time. You can’t just take an ancient, out-of-touch industry and change it overnight. Apple took 10 years to build out a successful media platform and top-notch mobile devices.

It’s nice that you want Apple do revolutionize everything, but understand that Apple is a business and they need to have the right motivation and opportunity before they can tackle a new market.

And by mentioning Steve, your ignorance is showing. Moron.

Either way, I’m tired of settling for mediocrity from you these days.

Some of the best made, best selling products of all time. Blockbuster, record-breaking sales around the world. But because Apple is continuing to hone their skills and continually improve their products over time, they’ve become mediocre.

Again, go find your Ritalin and settle your ADHD-ass the **** down.


So, Ed, let me get this straight.

  • You like your MacBook Air and you don’t want to go back to Windows.
  • You like your iPad (that presumably has iOS 6, and you didn’t mention how anemic the Android tablet market/experience is).
  • You’re frustrated that the tech bloggers complained loudly about Maps and iCloud, even though both work really well.
  • You complain about Apple not supporting their devices, then say you’re going to move to Android.
  • You want Apple to reinvent everything, ever. But they haven’t, so they suck.
  • You want Apple to introduce radical changes to their devices, but complain loudly when they change their mapping provider or introduce a new dock connector.

You, sir, are clearly the king of the morons. Congratulations.

Current status 2 Oct 2012, 10:22 am


App Judgment and sloppy reporting 30 Sep 2012, 8:31 pm

For some time now, I’ve been a fan of the App Judgment podcast, which discusses new apps, devices and grades them on-air. Lately, however, I’ve noticed some saddeningly ill-informed “reporting” when it comes to Apple, iOS 6 and the new iPhone 5.

Bias is bias

First of all, everybody is free to have their own opinions. If these guys prefer Android-based OSs and non-Apple hardware, there’s absolutely nothing wrong with that. If you’re in the business of reporting information, however, make sure you have your facts straight and aren’t misleading anybody by leaving out relevant information.

Anything less than that is simply sloppy reporting.

“Apple vs. Android: iPhone 5 and Galaxy S3 Specs”

In the recent episode entitled Apple vs. Android: iPhone 5 and Galaxy S3 Specs, Mauricio Balvanera (producer) and Jackie Talbott (host) compare the new Apple iPhone 5 to the Samsung Galaxy S III in a number of factors. Here are some highlights:

Being pedantic

First of all — and yes, I understand how completely pedantic I’m being — let’s break-down the accuracy of the title of the episode: “Apple vs. Android: iPhone 5 and Galaxy S3 Specs”.

  • Apple is a company, which makes both the phone hardware, as well as the phone software.
  • Android is a base operating system, which hardware vendors take, modify, and re-release as their own custom operating systems. Android is built primarily by Google.
  • iPhone 5 and Galaxy S III are both (hardware) phones made by Apple and Samsung, respectively.
    • Apple’s iPhone 5 runs iOS
    • Samsung’s Galaxy S III runs Samsung’s modified version of the base Android OS. I have no idea what the product name of their custom OS is.

This is just plain sloppy.


Mauricio: So we’re going to go over the technical differences between the two and basically decide whether or not Apple has leapfrogged Android technology.

Has it already been decided that iOS has been leapfrogged by Android? If so, I wasn’t aware that this decision had been made. There are several cases where Apple and iOS have left other devices and mobile platforms in the dust. Were these not taken into account when the decision was made that Android was ahead?

Device size

Mauricio: So, the S III obviously takes the cake on size, while the iPhone beats out the S3 on thinness […]

Yes, the S3 is physically larger. Does that mean it “wins”? I would argue not, but Mauricio seems to imply that requiring two hands is a feature. The be fair, however, he and Jackie both made it a point to mention that it can all boil down to a matter of preference, so there is neither a winner nor a loser here. Although I think they could have done a better job addressing this up-front, I’ll let this one slide.

What they didn’t talk about, however, was the weight. The iPhone 5 feels considerably lighter than both the glass-backed 4 and 4S models, and clocks in at 3.95 ounces (112 grams). The Galaxy S III clocks in at just over 4.69 ounces (133 grams).

Now, I own an iPhone 4 which clocks in at 4.8 ounces (137 grams). Various co-workers of mine have iPhone 4Ss, which clock in at 4.9 ounces (140 grams). The new iPhone 5 is 28g lighter than the 4S, and 25g lighter than the 4, and the difference in your hand is substantial. It would be reasonable to infer that being 21g lighter than the Galaxy S III would be nearly equally substantial.


There was too much banter here for me to transcribe, but they basically compare 8 MP to 8 MP with 1080p recording for each, and leave it at that. What they completely leave out is the quality of the lense, the aperture, low-light boosting, etc., which really make or break the quality of the photographs.

Now, I’m not going to pretend to be a photography buff who knows the difference from one aperture size to another, but what about providing real-world photographs comparing one device to another to see what the real-world differences are?

And that’s only for still shots. What about the quality of the recorded video? 1080p is a shorthand reference for 1920-by-1080 resolution; this has nothing to do with quality. And what about things like image stabilization during recording? I know first-hand that the last couple of iPhones have had awesome image stabilization. How does the Galaxy S III stack up?

Lightning port

First, Mauricio makes a comment about replacing the old proprietary dock for a new proprietary dock (*womp, womp*) — implying that proprietary is inherently bad. Mauricio’s bias is showing.

Mauricio follows that up by explaining that the Open Mobile Terminal Platform (OMTP) Forum chose to endorse Micro USB for power and data transport in 2007. He also added that Apple was “notably absent.”

This reminds me of the story about how Teddy Roosevelt’s own mother didn’t even vote for him! Why does the OMTP story remind me of Teddy Roosevelt’s mother? Because both statements are both true and entirely misleading. What Mauricio leaves out of his explanation are some additional facts:

  • The OMTP forum was a collection of for-profit corporations, and not an unbiased standards organization.
  • The OMTP existed from 2004-2010. It no longer exists.
  • Micro USB was selected for power and data transfer — because those are the only two things that Micro USB is capable of.
    • Apple’s 30-pin and Lightning connectors support video-out.
    • Apple’s 30-pin and Lightning connectors support controlling the iDevice from another device (including stereos and car adapters).
    • Apple’s 30-pin and Lightning connectors wrap additional functionality around the base USB 2.0 implementation.
  • Teddy Roosevelt was elected before 1918, when the 19th amendment to the U.S. Constitution was passed to allow women to vote.

USB is a “dumb” protocol, and requires the primary machine’s CPU for any data transfer. FireWire, the 30-pin and Lightning connectors are much more intelligent protocols which use an on-board device processor, allowing for more efficient data transfer than Micro USB does — even over the same USB 2.0 protocol. Most USB 2.0 devices are lucky to get 280 Mbps (35 MB/s) of real-world throughput.

Now, although the current version of the cables come in the USB 2.0 variety, do we know if the iPhone 5’s connector is capable of newer protocols such as USB 3.0 or Thunderbolt? I don’t know what the answer is, but it seems to me that starting with USB 2.0 support makes the most sense because that’s what the overwhelming number of customers have available.

During a teardown of the iPhone 5 (which, to be fair, didn’t happen until after this episode of App Judgment was recorded), Ars Technica points out that Lightning might be USB 3.0-compatible. If the Lightning connector is supposed to last us another 10 years (as claimed by Apple), this seems to make the most sense.

Things that are missing

No Micro SD […]

Yay, because:

  • Micro SD is more than 10x slower than the built-in SSD drives, and…
  • Having multiple drives attached would complicate the UX of the device.

No NFC (Boo!) […]

Near-Field Communication (NFC) is still (arguably) a solution in search of a problem. It’s a cart-before-the-horse situation. If NFC really does unlock some fantastic uses that make my life easier/better in some way, by all means, show them to me. I’d love to be proven wrong.

Phil Schiller explains the majority of use-cases that people want NFC to fit are addressed by Passbook. Passbook is still new and apps are few (iOS 6 was released to the public only 11 days ago), but being an all-software solution means that developers can deliver new features quickly without requiring third-parties to purchase and integrate new NFC hardware.

Let’s see which way the real-world usage actually goes. Realistically, it’s simply too early to tell.

No Barometer […]

What? How useful would such a feature be in the real world, when weather apps are a dime a dozen? I have no idea why this was on the list, other than to be a kitchen sink item.

And no wireless charging capabilities.

This would be an interesting feature in theory, but I’m not convinced that I’d want a bulkier phone in exchange for this feature. Also, when I plug in my phone to charge, I also want it to sync. While the iTunes WiFi Syncing in iOS 5 and later addresses this, it’s more important to me to have a faster connection while transferring data — especially with movies, TV shows and games that are typically in the 500 MB–2 GB range.

So, I’d argue that it’s an interesting feature, but I don’t know how well it’d work out practically.


Mauricio: Apple — at best — have matched Android hardware […]

From there, they sit and mock Apple and new new stuff they recently put out. They did say that Apple’s build quality is better (it is, actually), but the rest was simply mocking.

They left out all of the software-related topics (since a piece of hardware is completely worthless without matching software), and they focused exclusively on hardware specs instead of actual features (also known as “feature checklist dysfunction“).

All-in-all, I find myself so frustrated by such ill-informed reporting, that I’m rather put-off at the moment. I really hope that the hosts of App Judgment will avoid such opinion-filled, faux-reporting drivel in the future, and take the time to support their assertions with things like facts and empirical evidence. Tell the whole story, guys.

The Measurement of ‘Nice’ 23 Sep 2012, 4:39 pm

In his piece entitled iPhone 5, John Gruber made a statement that really stuck out to me:

[…] but there is no benchmark, no tech spec, to measure nice. But you can feel it.

And that is what resonates with millions of people around the world.

As soon as I read this, I was struck by how true this statement is for companies like Intel, Google and [redacted] that claim to be “metrics-driven”. The unfortunate side-effect is that they focus so much on metrics that they end up being driven only by metrics — which ultimately results in consistently sub-par experiences. Companies that are driven by metrics — at the exclusion of instinct and humanity — will never produce the kind of quality that they truly need to in order to create the best experiences for their customers.

Claiming to be both “metrics-driven” and “customer-obsessed” is going to be an untenable stance unless you’re willing to both hire and enable people who really, really understand the fundamentals of how to make really great products.

Clueless Recruiters, Issue #6 19 Sep 2012, 11:49 pm

What does Ryan do when the same recruiter keeps pinging him over and over despite all efforts to get removed from a recruiter’s mailing list? Find out in this week’s episode of Clueless Recruiters! (Cue theme music!)


There are few things that technical people are more annoyed by than technical recruiters. A very large segment of the technical recruiting industry has made a bad name for the rest of their industry by relentlessly spamming technical professionals after having not done their homework. These people hock job openings the same way that sleazy salesmen hock used cars.

These recruiting companies need to radically change how they do business with the technical crowd, and the Clueless Recruiters series is an attempt to call out clueless technical recruiters who contact me for jobs that are clearly a terrible fit. Everything here is posted from real exchanges between myself and recruiters, entirely uncut. Enjoy!

Abhishek Banerjee from SACC Inc. is a giant douchebag

Normally, I will remove or otherwise censor the names and email addresses of the recruiter and the company that they work for. This allows us to focus on the idiocy of a large sampling of the technical recruiting industry and have a few laughs while we’re at it. But not this time.

This time, I’ve had enough of one technical recruiter in particular — Abhishek Banerjee from SACC Inc. Reps from SACC have been spamming me for years. Not just 1-2 years, but more like 5-7 years. They’ve been spamming me so long, that they still send emails to an address that I haven’t used since my domain name was skyzyx.com. Yeah, that long!

I have asked Abhishek Banerjee from SACC Inc. to stop emailing me on several occasions. I’ve asked to unsubscribe. I’ve asked him to remove my information from his company database. I’ve asked him to never contact me again. I have done everything that I can think of to let this guy know that I don’t want him contacting me at all. But despite my efforts, this guy continues to send me completely irrelevant recruiting emails over and over and over again.

So now, I’m calling you out, Abhishek Banerjee from SACC Inc.

Recruiter Schlock

Dear Ryan:


If interested and available, pls. respond back asap.


LEAVE ME ALONE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!



NOTE: Local candidates preferred. Face to face may be required.

I live in SEATTLE! Why the **** are you sending this to me?!?!

The Interactive Programs Sr. Web Producer sits within a production team and is responsible for the day-to-day production of our client’s .com supply chain content.

Their main focus is to manage and lead production efforts related to downloads, public evaluations and support content and deliverables, leveraging innovative self service delivery tools and project management techniques.

Each interactive producer is expected to understand the complexities of managing supply chain web properties, how to align cross-functional teams to a common deliverable, and is highly accountable for quality control as well as precise timelines and release dates. Candidates should have experience delivering consistent and quality deliverables within working with business owners from web marketing, product marketing, IT and engineering.

Translation: I know how to work the Business Jargon Machine™ that we have sitting in the office.

In reality, you’ve said ABSOLUTELY NOTHING about ANYTHING. You’re a complete and utter moron, and you suck.


Collaborate with web marketing managers, release managers and application development teams to drive the development of engaging web properties that deliver value to the customer and leads for the company.

Translation: We’re looking for a grunt to be told five different things by five different managers. None of these managers have any idea WTF they’re doing, and if anything goes wrong, they’ll blame you.

Oversee the direction, development, and production of international and domestic web properties, with a specific focus on product life cycle activities to meet customer acquisition, retention and adoption goals.

Translation: Make a website.

Ensure that site design and workflows enhance the customer experience, making it easy for customers to understand, evaluate and purchase products.

Translation: Even though you’ll have absolutely no voice or input into anything that actually matters for the site, we’ll blame you for anything that goes wrong.

Work with cross-functional teams to develop site design documents, schedules, and functional specifications to ensure the successful delivery of web programs and initiatives.

Translation: We don’t know what the **** we’re doing.

Participate throughout the product launch process to guide timelines and manage specification documentation and content deliverables.

Translation: We really don’t know what the **** we’re doing.

Support initiatives to increase site traffic and improve lead generation and purchase conversions.

Translation: We’re the used car salesmen of the web.

Communicate regularly with internal teams to ensure content maintains a high level of accuracy and relevance.

Translation: Talk to the people you work with.

Work with web marketing managers and editorial teams to create, implement and maintain standards around SEO and content tagging.

Translation: We don’t know what SEO is… only search engine spamming. And we don’t know how to do that very well either.

Maintain a working knowledge of all brand and usability guidelines, and ensure that all web properties conform to these guidelines.

Translation: Remember stuff.

Create, manage and maintain development and QA deployment process and schedules.

Translation: DO ALL OF THE WORK!

Manage the adherence to and creation of materials for the software development lifecycle. These include information architecture layouts, wireframes, process/information flow diagrams to be included in business and functional requirement documentation.

Translation: We have no idea what we’re doing.

Clearly communicate service level agreements and enforce those standards with internal and cross-functional teams.

Translation: Our customers are businesses who also don’t know what they’re doing, but they’re paying us a lot of money.

Prepare traffic and usage reports on an as-needed basis.

Translation: Prepare traffic and usage reports on an as-needed basis.


5+ years online production experience in fast-paced, highly creative, and goal driven environments.

Translation: We don’t want slackers.

Proven contributions to web program development and execution, including content, processes, procedures and/or technologies.

Translation: We don’t want idiots.

Demonstrated success with full cycle marketing project management, multi-tasking and ability to prioritize on a real-time basis.

Translation: We don’t want slackers.

Experience working on commercial web sites with a proven understanding of web technologies, browser compatibilities and limitations, content and process management, and site implementation.

Translation: We’re asking for an entry-level web developer.

Excellent verbal and written communication, as well as leadership skills that inspire others to embrace teamwork and collaboration.

Translation: We’re looking for a grunt who will do whatever we say.

Team oriented, motivated self-starter who thrives in a fast paced dynamic environment with demonstrated customer relationship skills.

Translation: We want someone who does a good job, but who we can blame when something goes wrong.

Experience with technical content management, SEO, site analytics and Web site/Internet technologies.

Translation: You need more experience than what we want to pay you for.

Focus on user experience information design.

Translation: These words sound like they kinda make sense together, don’t they?

Working knowledge and understanding of content management systems and web technologies, including HTML, DHTML, Flash, XML, etc.

Translation: We don’t know that DHTML went the way of Flash, which in-turn went the way of the Blackberry.

BA/BS degree or equivalent work experience.

Translation: You have to be smart and experienced, but your pay will not be commensurate with your background. You will be overworked and under-appreciated the entire time.

Loc: Palo Alto, CA
Dur: 6+ months

Translation: And on top of all of that, we’ll treat you like a second-class citizen.

Best Regards,

Abhishek Banerjee
(650)413-4715 (Desk)
(510)396-0691 (Direct)

For the bazillionth time, never contact me again. I don’t ever want to hear from you ever. Ever. Freaking ever.

Clueless Recruiters, Issue #5 19 Sep 2012, 11:08 pm

What do Lawyers, Evil Dictators and this week’s Clueless Recruiter have in common? A complete lack of human decency. All in this week’s episode of Clueless Recruiters! (Cue theme music!)


There are few things that technical people are more annoyed by than technical recruiters. A very large segment of the technical recruiting industry has made a bad name for the rest of their industry by relentlessly spamming technical professionals after having not done their homework. These people hock job openings the same way that sleazy salesmen hock used cars.

These recruiting companies need to radically change how they do business with the technical crowd, and the Clueless Recruiters series is an attempt to call out clueless technical recruiters who contact me for jobs that are clearly a terrible fit. Everything here is posted from real exchanges between myself and recruiters, entirely uncut. Enjoy!

Recruiter Schlock

Here’s one I got this morning from a clueless recruiter. For reference, here is my résumé.

Subject: Freelance opportunity (4-week engagement)

I… I don’t even… sigh

I found your resume online and wanted to reach out about a freelance opportunity with our company.

Oh, really? Where? Where is my online résumé?

Y’know, the one that has a link pointing to a write-up about how to prevent technical folks from hating technical recruiters.

We’re a software development firm based in River North (Chicago), and need a front end developer to help us out on a month-long project.

Since you’ve seen my résumé, and know where I live, you’d also know that I have a good job with a good company, and that I’m not willing to pack up my kids during the school year to move them halfway across the country…

…for a month.

The bar is extremely high for this project and would (first and foremost) require someone with knowledge around accessibility. Our client has their own guidelines that were specifically produced for this project, and these are stricter than the standard recommended practices.

Ah-hah! Eureka! This is the single keyword that you searched for which brought up my (and many other people’s) email address to spam.

HTML5/CSS best practices are an absolute must, and Javascript experience would go hand-in-hand with that.

Can you, [recruiter], articulate the differences between HTML 4 and HTML 5?

Also: You misspelled “JavaScript”.

Not necessary, but a huge plus, would be if you had experience in .NET (particularly in .NET MVC).

Right. Because I have .NET experience on my résumé. Y’know, the one you found online? The one you actually took the time to read?

If you feel like you have these skills and are interested […]

Muffled snicker

[…] please reach out to me with some code samples.

You mean, besides the links to the projects on my site? And besides my GitHub account which has dozens of projects I do or have worked on?

We’re looking to fill this position ASAP (ideally starting this week) […]

It’s Wednesday. Seriously?

[…] and working remotely would be acceptable as long as we can maintain proper communication.

Because, otherwise, I’d have to pack up my kids during the school year and move to Chicago. For a month.

What kind of relocation package does the company offer?

I look forward to hearing from you!

Oh-ho, I bet you do! 🙂

If the offer meets or exceeds $100/hr, I will give it serious consideration. Otherwise, it simply isn’t worth the inconvenience and hassle.

But with all seriousness: If you would’ve put in anything above the most minimal amount of effort, you’d know better than to send me — someone who has written plenty about what’s wrong with the technical recruiting industry — this kind of schlock.

Please remove me from all future communications from yourself and the company you represent.

Thank you.

iPhone 5 12 Sep 2012, 3:31 pm

The iPhone 5 was announced just moments ago, along with updates to iPod touch, iPod nano and iTunes. How close were my recent guesses?


I was way off. I did not think that they would call it “iPhone 5”, but here we are. They did the complete opposite of what I’d anticipated.

Louie Mantia had the following to say about the name:

God dammit Apple. “5”? Really? YOU HAD ONE JOB!!

Let’s see how The Infamous They did with their predictions.

An announcement on Sept. 12th and shipments on Sept. 21st

True. Daring Fireball discusses more about this rumor.

A redesigned body with a larger screen

True. Engadget discusses more about this rumor. I went out on a limb and said the following:

[I]f this is true, I’d bet on 1024×640 or 1536×960 (16:10) instead of the more awkward 16:9)

The iPhone 5 has an 1136×640, 16:9 display.

A new 8/9-pin connector

True. It’s an 8-pin, reversible connector. The Verge discusses more about this rumor. While it appears that it still uses a USB cable, I’m hoping that they’ll provide a Thunderbolt-based cable for those of us with 64 GB devices and lots of media.

Fast LTE networking

True. It’s a single-chip for data and voice, and runs on all of the major providers in the U.S. (i.e., Verizon, AT&T and Sprint; No, T-Mobile doesn’t count).

In addition, they improved their 2.4 GHz wireless-N networking to support dual-band 2.4/5.0 GHz to take advantage of the additional channels. BGR discusses more about this rumor.

Near-Field Communication (NFC) sensor

False. There was no mention of NFC in the keynote. C|Net discusses more about this rumor.

Larger storage options

False. It still tops out at 64 GB. I was really hoping for a 128 GB model. Gotta Be Mobile discusses more about this rumor.

Faster quad-core Apple A6 CPU

Maybe True: Yes, the iPhone 5 includes the Apple A6 CPU that is “up to twice as fast” as the A5 chip. (The A5X chip wasn’t compared.) What we won’t know until the tear-downs, however, is whether or not the A6 chip is quad-core, or how fast it is in absolute measurable units (i.e. gigahertz). C|Net discusses more about this rumor.

More memory

Unknown. We’ll need to wait for the tear-downs for this.


This appears to be a really solid update. Beyond these features, there were several other features that were added. I’m only a couple of months away from the end of my contract with AT&T, and I’ll be dropping some coin on the new iPhone 5.

The New iPhone 23 Aug 2012, 12:02 am

Many people have questioned what the next iPhone — widely expected to be released in under a month’s time — will be called? Let’s look at our options.

iPhone 5 or iPhone 6

“iPhone 5” is the name that people have most commonly assigned to the upcoming iPhone, but there are a number of problems with that guess. The first of which is that it’s not the fifth iPhone — it’s the sixth. We’ve had (in order):

  1. The original iPhone
  2. The iPhone 3G
  3. The iPhone 3GS
  4. The iPhone 4
  5. And the iPhone 4S

Because of this, I believe that we won’t be hearing about the “iPhone 5”. It also doesn’t make sense to jump from iPhone 4 and 4S straight to iPhone 6. Instead, I believe that when Tim Cook gets on stage next month, he’s going to call the device “the new iPhone”.

But for those of us who are geeks and care about the way that this model will be described over time, there are two obvious possibilities…

The New iPhone (5th generation)

If you’ve watched Apple for any amount of time, you may have noticed that all Apple devices have a model identifier. For example, the new 15″ Retina-enabled MacBook Pro has a model identifier of MacBookPro10,1. The third-generation iPad with Verizon LTE networking is iPad3,2, while the WiFi-only model is iPad3,1.

Let’s look at the aforementioned list of iPhone models again, this time with their model identifiers.

  • The original iPhone (iPhone1,1)
  • The iPhone 3G (iPhone1,2)
  • The iPhone 3GS (iPhone2,1)
  • The iPhone 4 (iPhone3,1 for AT&T, iPhone3,2 for Verizon)
  • And the iPhone 4S (iPhone4,1)

If we follow the pattern, the next iPhone will have a model identifier of iPhone5,1. This means that it will be the fifth-generation iPhone according to Apple’s own internal naming scheme.

Most recently, Apple switched the iPad from versioned naming (i.e., iPad, iPad 2) to the take-off-your-coat-and-stay-awhile style of naming (i.e., “the new iPad”), and only refers to it by its generation when it needs to explicitly differentiate between models.

Apple’s iPod lineup has always followed this naming convention. There was the original iPod with the mechanical scroll-wheel, followed by the iPod (2G) with the touch scroll-wheel. The first iPod I owned was a 15 GB iPod (3G). The first iPod to support photos was “iPod photo” (4G). The second iPod I owned was a glossy black 60 GB iPod (5G) with video. I currently own a 160 GB “iPod classic” (6G). Even the iPod touch has followed the same pattern. The current model is an iPod touch (4G).

The problem with the iPhone following this model is that there are different kinds of “Gs” floating around for phones that would only cause confusion. For example the iPhone 3G was not the third-generation iPhone — it was the iPhone with support for a third-generation wireless network.

The next iPhone is widely expected to have support for LTE wireless networking (i.e., real 4G), but it would be the fifth-generation iPhone. I can hear the confusing conversations amongst clueless teenagers now:

“My iPhone has 5G, but yours is only 4G.”

“Actually, mine is 3G and yours is 4G.”

“No, mine is called ‘5G’, so it’s better than your 4G.”

“You mean my ‘4S’?

…and so on. There is no way that Apple will begin throwing extra Gs around all willy-nilly like that.

The New iPhone (2012)

Because the Mac lineup has been around for so long, Apple doesn’t give their computers names like 3G, 3GS or 4. Just like with the new iPad, Apple simply refers to them at introductions as “the new iMac”, or “the new MacBook”.

When it comes to tech support, however, they use specific identifiers to determine the model. For example:

While the names are about as verbose as “HP Pavilion dv7t-7000 Quad Edition Entertainment Notebook PC“, or “Dell New Inspiron 17R Special Edition with Truelife“, they’re far more descriptive.

iPhones only come out with one model a year, where the only difference between devices of that model year is internal storage capacity. Following this pattern, the original was the iPhone (2007). I currently own an iPhone (2010) and am looking to replace it this fall with an iPhone (2012). They’re all iPhones. The model year only matters when you need to be more specific than that.

Of course, if I wanted to be even more specific, I would say that I wanted to get a “white iPhone (2012; 128 GB; Verizon LTE)”.

If I were a betting man, this is where I would put my money.

Whither the next iPhone?

The next iPhone is expected to be announced in less than a month. The most recent rumors I’ve read suggest that the next iPhone will be announced on September 12, and begin shipping on September 21.

The Infamous They also suggest that it will have a redesigned body with a larger screen (if this is true, I’d bet on 1024×640 or 1536×960 (16:10) instead of the more awkward 16:9), a new 8/9-pin connector, fast LTE networking, a near-field communication (NFC) sensor, larger storage options, a faster quad-core Apple A6 CPU, and more memory (duh).

In a few weeks, we’ll find out what I’m going to be shelling-out $399 for. 🙂

Dieter Rams on Creative Engineers 27 Jun 2012, 11:34 am

A common misunderstanding that you often find in Engineering-centric organizations is that “design” is simply the way it looks. In truth, design is the way it works.

Dieter Rams had the following to say:

“A designer who wants to achieve good design must not regard himself as an artist who, according to taste and aesthetics, is merely dressing-up products with a last-minute garment. The designer must be the gestaltingenieur or creative engineer. They synthesise the completed product from the various elements that make up its design. Their work is largely rational, meaning that aesthetic decisions are justified by an understanding of the product’s purpose.”

Steve Jobs had something very similar to say:

“In most people’s vocabularies, design means veneer. It’s interior decorating. It’s the fabric of the curtains of the sofa. But to me, nothing could be further from the meaning of design. Design is the fundamental soul of a human-made creation that ends up expressing itself in successive outer layers of the product or service.”

If you are doing UX work in an organization that either doesn’t understand or doesn’t appreciate the science of design, keep your chin up.

Clueless Recruiters, Issue #4 20 Mar 2012, 5:47 pm

Do I look like a cow? It’s the hair, isn’t it? I need a haircut. — all in this week’s issue of Clueless Recruiters. (Cue theme music!)

There are few things that technical people are more annoyed by than technical recruiters. A very large segment of the technical recruiting industry has made a bad name for the rest of their industry by relentlessly spamming technical professionals after having not done their homework. These people hock job openings the same way that sleazy salesmen hock used cars.

These recruiting companies need to radically change how they do business with the technical crowd, and the Clueless Recruiters series is an attempt to call out clueless technical recruiters who contact me for jobs that are clearly a terrible fit. Everything here is posted from real exchanges between myself and recruiters, entirely uncut. Enjoy!

Here’s one I got this morning from a clueless recruiter. For reference, here is my résumé.

Hope all is well. I wanted to reach out to you in regards to an opportunity I’m working on with [company] located in San Jose.

Hello [name], I am doing well. It’s good to put a face to a name (http://[domain-name].com/about/team). I’m curious, however as to why you’re emailing me about a position in California since I haven’t lived in that state for a few years.

A company led by a team of experienced executives, designers, and engineers from TiVo, Netflix, Vudu, Disney, MTV, MGM, Apple, Best Buy, E!, eBay, Yahoo!, and WebTV. I’m working with [name], VP of Engineering and he is looking for a solid Ruby Developer. The company is backed by blue-chip venture capital firms including NEA, Redpoint Ventures, Greycroft Partners, BV Capital, LA angel investor [name], and independent investors from the entertainment and technology industries. Please let me know if this is something you would be interested in. I have included the job req below.

When you leave Silicon Valley behind, you realize that people find the strangest things enticing about positions. Personally, I’m not even remotely interested in “status” as much as whether or not the work I’m doing will have a positive impact on the world.

[Description of company and their product.]

I know. I’ve played with it. It’s… meh. It tries to be too many things without actually being good at any one of them.

About the Position

We’re looking for a strong autonomous general programmer with great Ruby knowledge and with capacity and will to evolve. We’re currently using a custom Ruby stack with Rails components and a MongoDB backend, but are looking for someone with enough experience to adapt to new technologies as needed.

Well, this clearly doesn’t sound like me. You Googled my name before contacting me, right? To make sure that I was actually a reasonable fit for this position?

Since I know how awesome the overwhelming majority of technical recruiters are about doing their homework before contacting people, let me make sure you’ve seen my resume.

  1. http://lmgtfy.com/?q=Ryan+Parman
  2. Click “Resume”
  3. Read the resume.

Because, I mean, I’d hate to think that a technical recruiter was making a cattle call by sending messages to anybody who had “Ruby” in their resume somewhere. I don’t look like a cow, do I? (Lie to me if you think I do. It’s the hair, right? I need a haircut, don’t I?)

Desired Skills
Ruby proficiency




Other distributed databases (Riak, Memcached, Redis, Cassandra, Hbase, etc.)


Strong Traditional SQL Experience is a plus


API Design, client-Server communication experience


Caching techniques


Testing (TDD & BDD knowledge is a plus)


Start-up mentality




Desired Interests
* Scala, Go & concurrency

No desire.

Solr & search optimization

No desire.

In memory caching and indexing

Some desire.

Fault-tolerant service architecture

Well, yes. I work for Amazon Web Services. 🙂

Multi-data center and distributed data

Again, yes. The whole AWS thing.

If digital entertainment is your passion, Fanhattan is for you:

Oh really?

an obsession for user experience…

Clearly not. The UX of the app is arguably pretty terrible.

disruptive technology…

WTF does this even mean?

high-profile investors…

Not even a little bit.

and an experienced team of designers…




and executives…

Most executives are buffoons. How are the Fanhattan execs different?

from both the technology…


and entertainment industries.

You mean the broken industries who are attempting to destroy the United States through bogus legislation? No thank you.

[name] | Technical Recruiter | [company]
Engineering, Product, Development, Leadership
Tel: [phone] | Cell: [phone]
[email address]

You are receiving this email because you are a member of our private contact database. If you do not wish to receive similar email messages in the future and to see our contact information please click here. We respect your privacy. This email fully complies with the CAN-SPAM Act.

I’ve actually sent unsubscribe messages before on multiple occasions, and my requests keep getting ignored. I actually have Gmail filter “@[domain-name].com” emails directly into the Trash because of it. I only saw this message because I accidentally deleted something and needed to pull it back to my inbox.

SOPA/PIPA 18 Jan 2012, 5:03 pm

This is a letter that I wrote to my representatives this morning, Rep. Jay Inslee, Sen. Maria Cantwell and Sen. Patty Murray.

Internet Issues: SOPA/PIPA

I am a Washington State voter, and I want to urge you to denounce, reject and vote against the SOPA & PIPA bills currently working their way through Congress.

Information: http://americancensorship.org

The MPAA/RIAA lobbyists (who naturally have an anti-technology, pro-censorship bias) have managed to get our “representatives” to push these bills into Congress in an attempt to allow private corporations to censor the Internet.

The Internet is a public utility. What if AT&T or Verizon could decide who you were allowed to call? Or who was allowed to have a telephone number at all? What if FedEx or UPS were allowed to decide whether or not you had an address to deliver packages to?

It’s anti-American, it’s unconstitutional, and it’s just plain wrong.

When the opportunity to vote on these bills comes your way, please vote with the people you represent — not with the lobbyists.

Thank you.

P.S. I find it interesting that there is no “Internet Issues” selection on your contact form. “Internet” is different from “Science and Technology”. It’s 2012. The Internet is a critical component of how people communicate and get work done.

I would encourage you to pay attention to pro-Internet voters, because there is an entire generation of millennials who will very soon make up the majority of American voters.

I encourage you all to contact your representatives in government and let them know about your disapproval of these laws (in America), or similar laws in other countries.

Update: Response from Sen. Maria Cantwell

Dear Mr. Parman,

Thank you for contacting me about the internet streaming of copyrighted material. I appreciate hearing from you on this issue.

This isn’t what I contacted you about, and both SOPA/PIPA go way beyond the simple law enforcement of streaming copyrighted material.

On May 12, 2011, Senator Leahy (D-VT) introduced S. 968, the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property (PROTECT IP) Act. While I am supportive of the goals of the bill, I am deeply concerned that the definitions and the means by which the legislation seeks to accomplish these goals will have unintended consequences and hurt innovation, job creation, and threaten online speech and security. On November 17, 2011, I signed a letter along with Senator Ron Wyden (D-OR) objecting to the bill as it is currently written.

You are correct. This is really, really bad.

On December 17, 2011, Senator Wyden introduced the “Online Protection and Enforcement of Digital Trade” (OPEN) Act (S. 2029), of which I am an original co-sponsor.

/me raises eyebrow…

The bill has been referred to the Senate Finance Committee, where it is currently awaiting further review. The OPEN Act is a more effective approach to stopping foreign web sites that are found to be primarily and willfully used to infringe intellectual property rights. The OPEN Act builds on the existing legal framework used by the International Trade Commission for addressing unfair acts in the importation of articles into the United States, or in their sale for importation, or sale within the United States after importation.

The United States government is working beyond the realm of its jurisdiction here. It might be currently legal, but this is still a bad thing. Who determines what “primarily and willfully used to infringe intellectual property rights” even means? How is this really any better?

And you’re a co-sponsor of this legislation?

Our trade laws have yet to catch up to deal with the global digital economy.

Incredibly, incredibly true. As a matter of fact, copyright law itself can be placed in this very same bucket.

The OPEN Act recognizes that the Internet has created new opportunities for foreign products to reach the U.S. market and that there is little difference between downloading a pirated movie from a foreign website and importing a counterfeit movie DVD from a foreign company. For those foreign web sites that are determined after an investigation to be primarily and willfully infringing, the International Trade Commission will issue a “Cease and Desist” order. The “Cease and Desist” order may also be served on financial intermediaries that provide services to that foreign web site, compelling financial payment processors and online advertising providers to cease doing business with the foreign site in question. This would cut off financial incentives for this illegal activity and deter these unfair imports from reaching the U.S. market.


Pay attention, because this is important: THIS IS ENTIRELY THE WRONG SOLUTION TO THE PROBLEM.

The entertainment industry has failed to innovate. They have failed to remain competitive. People want digital content. The entertainment industry has the opportunity to provide that to their customers. The fact that they often choose not to is not the fault of pirates. This is not the government’s problem to solve. Additional legislation is not the correct solution.

The OPEN Act addresses the same challenges as the PROTECT IP Act, while protecting freedom of speech, innovation, and security on the Internet.

How, specifically?

The challenge of rogue web sites is one that many nation’s face.

Provide an objective definition of “rogue web site”. Also, you have a grammatical error here. You don’t use an apostrophe when pluralizing words — like “nation”.

The United State has always been seen as a leader on Internet issues.


No. No we have not. Especially in the 13 years since the Digital Revolution was ignited.

And we are the “United States”, not the “United State”.

Laws we establish in the United States regarding the Internet are likely to be used as models around the world.

You’re right. And the purpose of creating laws is (or rather, should be) to protect the freedoms of individual citizens, not to further limit our freedoms. Remember that.

And because the Internet is global in nature, it is important that we carefully consider how the laws and policies we adopt in this area may be received and translated by other countries.


Thank you again for contacting me to share your thoughts on this matter. You may also be interested in signing up for periodic updates for Washington State residents. If you are interested in subscribing to this update, please visit my website at http://cantwell.senate.gov. Please do not hesitate to contact me in the future if I can be of further assistance.

Sen. Cantwell, your lack of understanding of the core of the issue at hand makes me realize that you are not a person who truly represents the people of this state.

You will not be receiving a vote from me come election day.

Clueless Recruiters, Issue #3 12 Jan 2012, 8:33 pm

How to prove that you are quite possibly the worst scum of the universe — all in this week’s issue of Clueless Recruiters. (Cue theme music!)

There are few things that technical people are more annoyed by than technical recruiters. A very large segment of the technical recruiting industry has made a bad name for the rest of their industry by relentlessly spamming technical professionals after having not done their homework. These people hock job openings the same way that sleazy salesmen hock used cars.

These recruiting companies need to radically change how they do business with the technical crowd, and the Clueless Recruiters series is an attempt to call out clueless technical recruiters who contact me for jobs that are clearly a terrible fit. Everything here is posted from real exchanges between myself and recruiters, entirely uncut. Enjoy!

Here’s one I got yesterday from a clueless recruiter. For reference, here is my résumé.

My name is [recruiter] with [recruiting agency]. Please go through the below requirement and let me know your interest ASAP. Reply with your update resume and expected hourly rate

You’ve already seen my résumé since you took the time to Google my name before initiating your search. Clearly, you emailed me because you thought I’d be a great fit. Thank you for maintaining the utmost integrity in your job and providing the kind of quality service that I’ve come to expect from technical recruiters!

I don’t, however, have an hourly rate because I don’t take hourly gigs.

Job Category: Information Technology

Title: SR. System Engineer

Location: Atlanta, GA (30324)

Duration: 6+months (Expected to be 36months)

A Senior System Engineer? That sounds like it’s right up my alley! Based on my interests and work experience (which you’ve seen because you’ve done your homework about me before contacting me), this could be the perfect fit!

Oh, and it’s all the way across the country! Fantastic! I can pack up my family and move my children across the country in the middle of the school year! How wonderful that will be for their academic development!

Job Description:

The Encore Environment Engineer shall possess expert level technical architecture skills including in-depth working knowledge and experience with a wide array of network topologies and protocols, Linux x86 (some Sun Solaris (legacy)) server configuration options, BEA Weblogic Application Server, CAMEL, web server (Apache), database server (Oracle), Cisco, F5 or other load balancers, firewalls, server virtualization, transaction modeling and software deployment methodologies in a multi-datacenter scenario.

Perfect! I have a background of 10 years as a front-end web development engineer, followed by nearly 2 years as a SDK developer focused on the PHP development community! I’ve spent tons of time with network topologies and protocols, Solaris, BEA, CAMEL, Oracle databases, Cisco components, F5 load balancers, and multi-datacenter scenarios!

You can tell by reading my résumé (the one you read before you sent me this email) that I’m just the man for the job!

Environment Engineer must collaborate closely with software and solution architects to design highly scalable, cost-effective and reliable physical architectures supporting Encore phases.

Ooohh! Encore phases! It all sounds so exciting!

Environment Engineer shall thoroughly diagram and specify system, interface, network, security and datacenter solutions meeting or surpassing rigorous performance criteria.

Awesome! I can’t wait to do all of that diagramming! 🙂

Candidate shall have successfully implemented technical architectures supporting real-time communications and high transaction volumes in large scale environments. Candidate shall also possess excellent written and verbal communication skills

Yep, that’s definitely me. It fits my background in PHP and web development perfectly!

Skills Inventory

Expert-level Cloud hosting, physical architectures (Required)

Entry-level Server, network, capacity & transaction analysis (Required)

Expert-level Networking, HTTP, VIP, certificates (Required)

Expert-level Wireless & Internet Comms Protocols (Required)

Yep, yep, yep and… yep. No problem. I know all of this like the back of my hand.

Expert-level Cmd Line, grep, snoop, wireshark, scripting (Required)

Nope. Never done this before. Ever.

I understand HTTP, network topology and wireless communications protocols, but I’ve never used the command line, grep or a packet sniffer.

Expert-level Application Servers, CAMEL, Weblogic (Required)

Expert-level Web Services, COMET, Resful APIs (Required)

Intermediate-level Agile/Iterative SDLC, Jira (Required)

All yeses!

Expert-level Software deployment (Required)

Nope. As a web developer who has experience with cloud computing services, I’ve never deployed software before. 🙁

Expert-level Verbal, written, documentation, diagramming (Required)

Unfortunately, no, I don’t know how to write, speak, document or diagram effectively. I hope that this doesn’t disqualify me!

Disclaimer: We respect your on-line privacy. This is not an unsolicited mail. Under Bill 1618 Title III passed by the 105th US Congress this mail cannot be considered Spam as long as we include contact information and a method to be removed from our mailing list. If you are not interested in receiving our e-mails then please reply with a “REMOVE” in the subject line or click here to remove your name from the mailing list. I am sorry for any inconvenience.

Unsolicited? You’re quite right. I agreed to receive these emails — nay, I ASKED to receive them!

And Congress says this isn’t spam? Well then! Since Congress has been doing such a bang-up job lately, they must certainly be the definitive source for all things truthful and accurate!

And it’s okay. I forgive you for the inconvenience! 🙂

Life Lesson: You can do anything you put your mind to, even if it’s “I can’t”. 7 Jan 2012, 2:23 am

Growing up, I always heard the adage “you can do anything you put your mind to”. I never really understood it because I think I took it too literally.

This post is part of a larger series written to my children entitled “Life Lessons”. Read the Introduction to learn more, or view all of the “Life Lessons” posts.

I thought to myself, “you couldn’t move a mountain if you put your mind to it, so whoever said that must be full of crap.” It wasn’t until I took a step back from the literal and started to look at the intended meaning that it finally began to make sense to me.

Putting my mind to it

I figured the first part out in my early twenties. I put my mind into doing the best job in college that I possibly could, and I graduated at the top of my (admittedly very small) class. I was determined to drive my career from the bottom to the top.

My first post-college job gave my a pay bump of $15,000 a year. My next jump was by almost $30,000. My next jump was by another $35,000. By working hard, studying my craft, striving for excellence, and continuing to aim for the top, my annual salary jumped by $80,000 in just 4 short years.

Smarts vs. Hustle

It would be misguided to say that it’s only about smarts. There are a number of people whom I’ve encountered over the years who are all incredibly smart. Some of them were doing as well as I was, some better, but many were doing worse. Why? Because they lacked hustle. By being smart, they’d gotten lazy in school and never really learned how to apply themselves.

When I was a kid, I was the same way. Year after year after year, my parents would come home from the parent-teacher conferences with the same feedback from my teachers: “Ryan is a smart kid, but he just doesn’t apply himself.”

My parents were frequently frustrated when I’d bring home bad grades from school. They’d ask why. “It’s boring,” I’d reply. “It’s too easy.” I could see the blood vessel in my dad’s forehead pulse with frustration. “Well, if it’s so easy, why don’t you just do it?” I didn’t have a good answer for him at the time, but once I figured it out in high school, it was something along the lines of “why would I go do something so boring on purpose?”


I had no motivation to do homework. I had no motivation to do well in school. Teachers would tell me how important it was to learn this stuff, but I just didn’t see the practicality of it all. Still to this day I don’t understand why I needed to learn that the Mayans grew maize, or how to multiply matricies. It was all too abstract and irrelevent. It didn’t help me meet girls, and it didn’t teach me how to play guitar, so what was the point?

It wasn’t until the day I found out I was going to be a father that I finally found my motivation to do the very best job I possibly could in all things. I was going to have a new baby girl, and she deserved the very best that I could provide for her. I knew that wasn’t going to happen delivering pizzas, so I went back to school to get my Bachelor’s, found a better paying job with a great group of people. I really started to focus on how I could provide the best possible life for my new bride and our little baby girl.

…But that’s not what I came to tell you about.

I came to tell you about the other part of the lesson — the part that most people completely overlook.

Yes you can

You can tell yourself “I can” all day long, and if you really believe it, and you’re willing to work for it, you can absolutely accomplish anything you put your mind to. Determination + Hustle (+ Perseverance) = Success.

But what if you tell yourself “I can’t”? Or how about “it’s too hard for me”? Guess what. Whether you believe that you can, or you believe that you can’t, you’re right.

My long-time fear

I’ve always had a hard time talking to girls. Well, not always, but I’ve always found that it’s easier to talk to a female as a friend than it is to talk to a female that I’m interested in. Without even meaning to, I find myself trying to come up with interesting things to say, and they always come out as inane banter. It’s when there’s no pressure and I’m comfortable being myself that I can chat up the ladies with no problem.

A couple of months after your mom left, I was out by myself exploring a new spot along Lake Washington I’d never seen before. It was nice, and the weather was great, and after a while of hanging out, I decided to go find something to eat. I was wandering around this few-block section of town where there were a lot of restaurants and ended up at this little Thai restaurant.

As I walked inside, I noticed only a single patron in the entire restaurant — a tall blonde with blue eyes and a beautiful smile. I was somewhat intimidated because she was beautiful and I was immediately attracted to her. I found another table across the restaurant, sat down, and ordered my food. The restaurant was small and we could see each other across the way. We kept making (then breaking) eye contact while we were each waiting for our meals. I thought to myself “there’s no way I can talk to her. She’s too hot, and I won’t have anything interesting to say.”

I was wrong

After spending about 10 minutes stealing glances back and forth, I finally decided that the worst thing that would happen is that a complete stranger would blow me off. Was that really a big deal? No. So I got up, walked over to her table and asked if she minded if I joined her. She said no, so I sat down, introduced myself, and asked her how she ended up at a restaurant that was so empty.

From there we ate and chatted for about 45 minutes. Then she asked me if I was interested in getting some frozen yogurt and going for a walk with her. I absolutely was, so that’s what we did.

I spent just over two hours getting to know this really cool, beautiful, attractive woman, and it made for a really fun Saturday afternoon. The little voice in my head had switched from “I can’t” to “I can!”. All I had to do was take a chance, and I was able to prove myself wrong. From there, it made it much easier to strike up conversations with people I didn’t know. Some people blew me off, sure, but it wasn’t the heartbreaking rejection that I had always thought it would be.

Yes you can

So, if there’s one lesson to learn here, it’s that you can do anything you put your mind to, even if it’s “I can’t”. The trick is to suspend your fear of whatever it is that’s holding you back — rejection, failure, shyness, or something else — and just go for it. What do you really have to lose?

Introduction to “Life Lessons” 7 Jan 2012, 2:09 am

As I’ve watched my children grow, I’ve started collecting a list of little bits of wisdom that I want to pass along to my kids.

For a number of years now, I’ve been taking notes. Sometimes these notes are funny, sometimes endearing, and sometimes very serious. But all of these notes are about experiences from my own life where I’ve learned something valuable.

Baz Luhrmann is credited as the writer of a song called Everybody’s Free To Wear Sunscreen. Toward the end of the song, it says:

“Be careful whose advice you buy, but, be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than it’s worth.”

So today, I’ve decided to take my list of notes, pick one of the topics to write about, and start a new category on my blog called “Life Lessons“. These are letters and lessons written to my children. I don’t know when they’ll read them, but I just hope that I can avoid a situation where all of my life’s experiences will someday become stories with no point.


Louis C.K. and a word about torrenting 11 Dec 2011, 2:36 am

For those who don’t know, Louis C.K. is a stand-up comedian. I personally find angry humor to be some of the funniest, and Louis C.K. is a balding, red-headed, middle-aged, middle-class, white guy who’s pissed off about everything.

I’d heard that he’d recorded a live special and was making it available, DRM-free, for $5. That’s right — five bucks. I briefly considered torrenting it since I’m sure it’s all over the place by now, but in the end I decided that watching him rant and rave was worth the five bucks.

As I clicked through to buy the video, I saw that he’d posted the following:

To those who might wish to “torrent” this video: look, I don’t really get the whole “torrent” thing. I don’t know enough about it to judge either way. But I’d just like you to consider this: I made this video extremely easy to use against well-informed advice. I was told that it would be easier to torrent the way I made it, but I chose to do it this way anyway, because I want it to be easy for people to watch and enjoy this video in any way they want without “corporate” restrictions.

Please bear in mind that I am not a company or a corporation. I’m just some guy. I paid for the production and posting of this video with my own money. I would like to be able to post more material to the fans in this way, which makes it cheaper for the buyer and more pleasant for me. So, please help me keep this being a good idea. I can’t stop you from torrenting; all I can do is politely ask you to pay your five little dollars, enjoy the video, and let other people find it in the same way.

Louis C.K.

If creators of content are willing to bite their thumbs at the idiocy of the entertainment industry by going to their customers directly, then we need to be willing to support them if we ever want things to change.

Whether or not you like Louis C.K., we should all be willing to vote with our wallets. For a comedian who is willing to cut out the middle man and offer his content DRM-free for $5, I would gladly support him. If you plan on checking the video out, I would ask that you support him too.

(Hat tip: one37)

RIM: Just cut your losses and start afresh 4 Dec 2011, 4:14 pm

Research In Motion (creator of BlackBerry devices) has been tanking for quite some time. Now, that time is up.

Matt Alexander, writing for one37, in his piece entitled “That’s Enough, RIM”:

The Playbook is dead.

It’s taken a while for you to realize that, and I’m not convinced you’re fully aware, but you should really come to acknowledge it, RIM.

Bargain hunters are not going to pick up a Playbook and say, “Wow! I can’t believe everyone spoke so negatively about this!” They’re going to say, “Well it looks a lot like a Kindle Fire, but it has none of the functionality.” Considering the Kindle Fire came so long after the Playbook, but is already becoming such a household name, that’s just embarrassing.

Stop pushing a dead product. Cut your losses and leave it be.

Jim Dalrymple, writing for The Loop and commenting on Matt’s piece:

It seems to me the problems with RIM come from the top and until the co-CEOs are replaced, the company doesn’t stand a chance of making a comeback.

Further reading…

Cult of Ignorance 28 Nov 2011, 5:15 pm

A very salient point by Isaac Asimov:

There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that “my ignorance is just as good as your knowledge.”

Amazon Web Services is hiring PHP developers 23 Nov 2011, 1:08 am

Amazon Web Services is growing and we can’t hire people fast enough. For my team, I’m looking for some really fantastic PHP developers. Interested? Read on, take my advice, then get in touch at rparman (_et_) amazon.

(This is not an Amazon-endorsed job description. These are my words and thoughts, so imagine that we’re at a meetup or conference and I’m talking to you one-on-one. If you don’t like what I’ve written here, blame me instead of Amazon.)

About me

First off, I’m not a recruiter. My name is Ryan and I’m the creator of the AWS SDK for PHP.

In 2007, I created Tarzan (later renamed to CloudFusion) which became the focus of Jeff Barr‘s book “Host Your Web Site In The Cloud: Amazon Web Services Made Easy“. In 2010, Amazon hired me to fork CloudFusion and create the official AWS SDK for PHP. I now lead the PHP team at AWS Developer Resources.

What we want

We’re eagerly looking to hire some exceptional PHP developers to help us create the next generation of our SDK, build better PHP developer tools, and a bunch of other top-secret things that haven’t been announced yet. We have lots of really awesome ideas, but we don’t have enough people to make them a reality — that’s where you come in.

About you

Our ideal cohort would be both a PHP developer as well as a computer scientist (computer scientist for the interview process, PHP developer for the actual work). Recruiting wants to see a résumé, but I want to see a GitHub account.

Demonstrable open source work/contributions and prior experience with AWS are pluses. Knowing WTF you’re doing, and having an on-fire passion for delivering the best possible user experience is a requirement as far as I’m concerned.

Our mantra

I’m a firm believer that our SDK should be so mind-blowingly awesome that it causes you to have an involuntary bowel movement when you use it. If it isn’t, then we’re not meeting our bar for quality, serendipity and user delight (the measurable metric of which is the number of tweets and blog posts gushing with praise for the SDK).

The SDK should be so intuitive that it doesn’t require a user manual — yet at the same time we should strive to provide the best documentation and learning experience on the planet.

What we do

Here is a list of things that we do regularly, so experience with these things or an aptitude for learning to swim after being thrown in the deep-end will take you far:

  • PHP and web development.
  • Unit testing, integration testing, code reviews and QA.
  • Customer support, documentation and usage examples.
  • Code profiling and benchmarking.
  • Linux, networking, web server configuration, processing lots of log files, regular expressions.
  • Compiling and debugging
  • Agile/Scrum
  • Some Ruby, some JavaScript, lots of XML and JSON.
  • Knowing the difference between done and perfect.
  • Fixing random weirdness in the middle of the night because your on-call pager went off.
  • …and a bunch of other stuff I can’t think of right now.


We work in self-directed, self-managed teams. If you’re the type of person who needs to be told what to do by a manager, you won’t fit in here.

If you can see a need, develop a solution through to completion, hassle other teams for any dependencies, and deliver in a timely manner, you’ll do well.

If you thrive in a startup environment, you’ll thrive here.

If you have strong opinions but still know how to check your ego at the door and work together to find the best solution for the customer, you’ll do well here.

If you don’t like how we’re doing something, propose something better — but be prepared to show us the evidence that backs up your assertion.

What we’re looking for

We’re not looking for rockstars, ninjas or whatever the current recruiter-speak is these days. Rockstars are egomaniacs, and you can never tell where the heck a ninja is or what he’s doing. Instead, we’re looking for someone who is passionate, inspired, has awesome engineering chops, and will bring their A-game every single time.

Programming is easy. Putting a dent in the universe is hard. You should come work with us, and help make that kind of impact in the PHP community.

P.S.: We’re also eagerly looking for Ruby, Node.js, iOS and Android developers. Heck — if you’re an exceptional developer, we want to talk to you.

Clueless Recruiters, Issue #2 14 Nov 2011, 10:24 pm

A web designer, online portfolio, XHTML, HTML 5, CSS 3, Photoshop, Dreamweaver, Microsoft Office, ASP, JavaScript and SQL Server — all in this week’s issue of Clueless Recruiters. (Cue theme music!)

There are few things that technical people are more annoyed by than technical recruiters. A very large segment of the technical recruiting industry has made a bad name for the rest of their industry by relentlessly spamming technical professionals after having not done their homework. These people hock job openings the same way that sleazy salesmen hock used cars.

These recruiting companies need to radically change how they do business with the technical crowd, and the Clueless Recruiters series is an attempt to call out clueless technical recruiters who contact me for jobs that are clearly a terrible fit. Everything here is posted from real exchanges between myself and recruiters, entirely uncut. Enjoy!

Here’s one I got today from a clueless recruiter. For reference, here is my résumé. Also, please note that the email contained multiple fonts and colors.


[Company] prides itself on being a [blah, blah, exciting description of the recruiting firm, blah.]

[Company] is currently searching for a Web Designer / Graphics Designer for one of our largest clients in [city].

WOW! That’s 2,200 miles from where I live! I’ll bet that this “large client” is going to be one heck of a company!

This is a 1+ year contract with possible yearly renewals; Must have updated Online Portfolio to present with your resume.

“Even though I’ve seen your résumé and know that you’re employed full-time, why not uproot your family during the school year to relocate halfway across the country for a contract gig?”

I’m sure that they offer a really compelling salary, benefits and relocation package!

This resource will provide progressive visual designs for Intranet Redesign effort to assist in introducing improved capabilities to employees for example; Home and subpage designs, Video Portal, and Enterprise Wiki design comps. These comps should present a modern and forward thinking approach while promoting intuitive visual design.

Which resource is this? Oh, me? I see.

Hmmm… since I know you’ve read my résumé and have an idea of how many thousands of developers I support, you still think I should come to this new company to work on an intranet site, where I would work on a homepage and subpages! Isn’t “intuitive” precisely what forward-thinking design is in the first place?

Oh, and you forgot the period that comes after “…improved capabilities to employees”. You’ve ended up with a run-on sentence that doesn’t make grammatical sense with the semi-colon used in that way.

  • Will translate information architecture and business requirements into page designs. The pages will be prototyped in Photoshop or XHTML;
  • Create working prototypes of applications for use in validating requirements, testing target audiences and training customer support representatives;
  • Models will be developed with a combination of XHTML, CSS2, Active Server Pages, SQL databases and JavaScript or dynamic HTML as identified in the approved design and specifications;
  • Apply visual design principles in defining page layout, creating images and graphics and implementing visual treatments for fonts, background;
  • Graphics and images will be created in standard web formats (gif, jpgs) with consideration for file size and display constraints.

So, wait. I thought that this was going to be one heck of a company. You want me to leave my current position at my current company (which you already know about, since you read my résumé before emailing me) to become a lowly, entry-level code monkey? And with a Microsoft-centric backend, no less?

Technical Requirements:

  • Bachelor’s degree (BA/BS) or equivalent experience in Web/Graphic/Media/Digital Design
  • Six+ years experience in website design; Experience making there own templates (not just using things like Word Press or Content Management Systems)

Yes, I have these. Also, you misspelled “their” and “WordPress”.

  • Must have excellent visual design skills and posses deep understanding of web design principles
  • Expert in XHTML, HTML 4 or 5, CSS 3, and good understanding of JavaScript (no coding from scratch, more of moving things into code)

I must be an “expert” in HTML 5 and CSS 3. Heh. Which modules of the CSS 3 spec? And which version of the HTML 5 draft spec? What about the sub-specs that were extracted from the main spec?

  • Experience with Photoshop, Dreamweaver and Microsoft Office

Yes folks, Microsoft Office.

I typically pass on candidates who explicitly list Microsoft Office on their résumés, and here’s a company who lists it in their job description. Did they want me to know how to use Acrobat Reader too?

  • Must be self-motivating and able to work well with a diverse group of people
  • Must have good communication skills, both written and verbal

“Corporate mumbo-jumbo.”

  • Must have excellent understanding of web usability and design interaction principles

If I talk to the hiring manager about WCAG and ARIA in the interview, will they know what I’m talking about?

  • Experience in designing for mobile a plus
  • Online portfolio or links to examples of work (required)

Oh look, a requirement that’s required. Yahtzee!



If interested, please contact [RECRUITER’S NAME IN ALL CAPS] at [phone number]; please email updated resume to [email address]

No, thank you. I’m perfectly happy putting a dent in the universe in my own neck of the woods.

Awesome new features coming in PHP 5.4 11 Nov 2011, 1:03 am

The next version of PHP, which saw its first release candidate today, has some really awesome new features. You can see a complete list of changes in the README, but here are the ones that caught my eye.


  • Support for Traits (i.e., mix-ins; addresses the multiple-inheritance problem).
  • Support for chaining from the constructor: (new Class)->method()
  • Support for Class::{expr}() syntax.
  • Closures inherit $this from the outer scope.
  • Added ReflectionClass::newInstanceWithoutConstructor() to create a new instance of a class without invoking its constructor.
  • Added a new typehint: callable


  • Array dereferencing and short array syntax: echo [1, 2, 3][0]
  • Multibyte support is enabled by default.
  • Faster unserialize() and ternary operator performance.
  • IPv6 support.

Fixing the cruft

  • ext/mysql, mysqli and pdo_mysql now use mysqlnd by default.
  • Removed magic quotes, safe mode, register globals, allow call-time pass-by-reference, and more!
  • Default character set is now UTF-8 instead of ISO-8859-1.

How to make technical professionals not hate your guts: A guide for technical recruiters 5 Nov 2011, 1:22 pm

I’ve been accused of not knowing how to do a Technical Recruiter’s job, so I have no business telling them how to do it. That’s a fair assertion. What I do know, however, are all of the things that Technical Recruiters do that drive me absolutely crazy.

Not all recruiters do these things so I don’t hate them all, but generally speaking, the entire technical recruiting industry has made a very bad name for itself amongst the people they’re trying to recruit. Speaking for myself, and a number of people I’ve worked with over the past 10 years, here is a list of things that drive us nuts as well as suggestions for how things could be better between us.

The key to this business is personal relationships

For those who have never seen Jerry MacGuire, Jerry is a sports agent who one day has an epiphany about how to radically improve the way his company works with its clients. Thinking back, he recalled what his mentor had to say: “The key to this business is personal relationships.” Fewer clients, less money. Jerry wrote up a manifesto, delivered it to everyone in his company, and was fired the next day.

He was mocked and abandoned by everyone he knew except for a single client who decided to stick with him. In the end, Jerry’s new philosophy pays off in spades for himself and his client. Instead of trying to be the biggest, he decided to be the best.

This is precisely what the technical recruiting industry in desperate need of — to re-focus on building personal relationships.

Who’s the customer?

I believe that this is the reason why relationship-building has fallen by the wayside: Who’s the customer? Who’s interests are the recruiter’s aligned with? Technical people or companies? The answer for most recruiting firms is the companies who write the checks.

This is how they make a living, so it’s not unreasonable, but it tends to cause a breakdown in how recruiters and professionals see each other. The companies are the customers, and we technical-folk are the products. You procure products for the customers, and let the customers pick and choose which products they want — kind of like picking out the apples you want to buy at the grocery store.

But we technical-folk don’t see ourselves as a product to be collected and sold to the customer. We see ourselves as the customers, looking for the right products (i.e., companies) to invest in.

Speaking from personal experience, there was once a recruiter who was very nice to me when I approached her about companies that may be hiring. She had one hawt startup that was looking for a rock star, and sent me some information about them. I read through it, called her back, and told her that I didn’t think it would be a good fit because they were looking for someone who did things that I didn’t, and I wasn’t particularly interested in their problem-space.

She then told me that I would never get anywhere in this industry if I wasn’t willing to grow, and decided to schedule an interview for me anyway. She asked me when I could talk to them, and I naïvely said “in about an hour” thinking it would be a phone interview. She scheduled an in-person interview instead, even though I lived two-hours away. I caved, told her to push out the interview by an hour, and went and talked to them. After the interview, I still felt like it wasn’t a good fit. I called her back, told her that I wasn’t interested in pursuing this company any further, and asked if she had anything else. I never heard from her again.

Because of who writes the checks, recruiting agencies typically align themselves with the companies they’re hiring for instead of the people they’re trying to recruit. Out of necessity or not, this alone puts technical people at odds with technical recruiters.

Should you send that email or not?

One of the things I learned in college was how to put together a quality résumé, and how to apply for a professional job.

We had the opportunity to have a chat with an HR/Recruiting manager from a local business who explained that businesses get tons of résumés every day, and that a lot of people were applying for positions that they were clearly not qualified for. So she explained to us:

“Do your homework. Don’t apply for a job where you’re clearly not a good fit with the hope that maybe you’ll have a chance.”

I really wish technical recruiters would have taken that same course.

There’s a game that’s played during the recruiting process called “Buzzword Bingo”. Both sides play it, but because technical-folk have the skills that the companies are looking for, technical-folk play it a lot better than recruiters do.

A technical résumé might explain a process by which a very large dataset was iteratively filtered down to a singular result. The hiring company knows that this process is called MapReduce. The technical person knows that this process is called MapReduce. Recruiters don’t typically know that this is called MapReduce. So, technical people will explicitly list “MapReduce” on their résumé so that it can get matched in recruiter databases.

Unfortunately, some recruiters will simply search their databases for “MapReduce” and send messages to everyone that matches. The hiring company may be doing MapReduce in Java in a traditional datacenter, while a technical person may be doing MapReduce in Python in a cloud computing environment. The hiring company is not a match for the technical person, and vice-versa.

As a result of last week’s Clueless Recruiters piece, there was a little more conversation that happened after I had stopped writing, where it was explained that that firm’s thought process is, “Well, what’s the harm of sending the email? If it’s not a good fit, most people just ignore it. But not you.”

This is exactly what’s wrong with technical recruiting agencies — they don’t do their homework first before sending an email. In doing so, they waste everybody’s time and attention with what ends up being tantamount to spam.

Don’t ask for my colleagues’ information

We technical-folk are very aware that the way recruiters make money is by matching people with companies. It’s pretty ballsy, and quite frankly rude, when you ask “If you or anyone you know is interested…”. We don’t believe that you’re trying to help anyone get a job. What we do believe, however, is that you’re trying to get paid. True or false, this is what we believe. When we read this, we can’t help but think “Wait, you want me to do your job for you? No thanks.” You clearly didn’t bother to do your homework when you contacted me. Why would I think that you would treat my colleague any better?

Stop being lazy and do your own job.

Don’t call me at work, or email me at work

If you do, you are a particularly stupid person. For obvious reasons.

Stick to professional networks

There are plenty of social networks that are geared toward professionals. LinkedIn, Plaxo, Zerply, and good ol’ email. If you’re going to try to recruit someone, stick to places like these. Even Twitter is tolerable.

You know what’s intolerable? Here’s a message I received this morning on Facebook from someone I don’t know.

Hi Ryan,

i have a JAVA position in Santa Clara,CA,PLZ Send me your updated to resume to [email],if you are interested.

I swear I can’t make this shit up.

But you know what will earn you an I-will-punch-you-in-the-throat,-bitch reaction? Trying to recruit me on Match.com.

Over the summer, I was meeting girls and going on dates. There was one girl who was cute, and we seemed to have a lot in common. We were talking, trying to figure out the details of our first date together. After we settled on the time and place, we had the following conversation over text message:

Her: So, do you know Java, JBoss or Spring?

Me: ‘scuse me? No. Why?

Her: Shoot! I have an open req’ to fill, and it would make me a lot of money. Do you know anybody who does?

Me: Hold on — you’re asking me to pimp out my professional network to you before we’ve even had our first date? Are you a recruiter or something?

Her: Yeah, why?

Me: I’m sorry. You seem like a really nice girl and I wish you the best of luck, but I don’t think this is going to work out.

I was so completely appalled by this woman’s behavior, that I just sat there with stunned speechlessness for about 20 minutes. Now, granted, this was a pretty extreme abuse of social networking, but it does happen.


I generally find that whenever I talk about my distaste for technical recruiters, to technical recruiters, the responses typically fall into one of two camps:

  1. Defensive: These are the people who defend what they do, come Hell or high-water, and then turn around to accuse me of not knowing anything about recruiting so I should just shut-up. These are the recruiters who think that they’re doing us all a service and we should be thankful for their work.

  2. Understanding: These are the people who know that the recruiting industry is a mess, and are actively trying to change the reputation their industry has developed with technical-folk. These are the people I’m far more inclined to work with.

Recruiters claim that they don’t have enough time to Google each and every person they send messages to. That’s… unfortunate. I’m certain that if more effort were applied to ensuring that the messages that recruiters sent to technical-folk were a likely fit instead of simply blasting out cattle-calls, people wouldn’t hate recruiters so much, and there would be a better working relationship all the way around.

See Also…

Here are some similar thoughts by other people, which bear a striking resemblance to the qualms I have with the technical recruiting industry:

Update (2012-02-28)

Speaking of people who send out emails without actually bothering to do any homework first, here’s a great example of the kind of idiocy that these people portray. While this person isn’t a technical recruiter per sé, he has shown the same sort of neglect for the details that the majority of technical recruiters do.

In case you’re not sure what you’re looking at, this person emailed Werner Vogels, CTO of Amazon.com, about promoting Rackspace on his personal blog. Rackspace is a direct competitor to Amazon Web Services in the Cloud Computing market. If Zach Burton had bothered to do even a few minutes worth of homework before opening his mouth (or keyboard), he wouldn’t have made so much an ass of himself.

These are the kinds of people that I enjoy skewering in my Clueless Recruiters pieces — the people who are simply too lazy to do a good job.

Update (2013-03-23)

Matt Youell has some very similar thoughts on the matter.

“Tech companies seem to be having trouble finding good technical talent. Maybe I can help. For you, the hiring person who is having trouble finding programming talent, I’ve created this brief hiring guide. It is based on my experience over the years both as a prospective employee and as a person doing the hiring.”

Clueless Recruiters 26 Oct 2011, 2:42 pm

Inspired by Daring Fireball’s Jackass of the Week columns, I’ve decided to do something similar for clueless technical recruiters who contact me for jobs that are clearly a terrible fit.

There are few things that technical people are more annoyed by than technical recruiters. A very large segment of the technical recruiting industry has made a bad name for the rest of their industry by relentlessly spamming technical professionals after having not done their homework. These people hock job openings the same way that sleazy salesmen hock used cars.

These recruiting companies need to radically change how they do business with the technical crowd, and the Clueless Recruiters series is an attempt to call out clueless technical recruiters who contact me for jobs that are clearly a terrible fit. Everything here is posted from real exchanges between myself and recruiters, entirely uncut. Enjoy!

Here’s one I got today from a clueless recruiter. For reference, here is my résumé.

Hi Ryan,

We have an exciting opportunity with a client in the networking and telecommunications industry. Looking for an overall awesome Front-End Designer/Developer who would enjoy working for a global company that promotes a start-up environment.

I already work for a global company that promotes a start-up environment. You would already know that if you spent 12 freaking seconds to Google my name.

Location is Santa Clara, CA. Might you be interested? If so, please send a copy of your resume along with your required hourly rate. This is a 3-6 month contract.

Yes, let me leave my full-time job in Seattle, and uproot my entire family during the school year to move to Santa Clara for 3 months. Great idea!

Interested candidate must have an understanding of the practical benefits and limitations of Web technologies…


…and comprehensive knowledge of interface design principles and best practices for content organization, user-centric design, and site navigation patterns.

* Develop front-end code using HTML, CSS, and JavaScript
* Collaborate with product managers, designers, engineers, and infrastructure teams to build a quality experience for users.
* Create a compelling user experience using code polished to near perfection, leaving no detail unfinished.

In other words, be a typical code monkey. *yawn*

•7+ years of Web application and web service development.
•Passion for developing great user interfaces, Experience in creating user-centric design.
•Thorough understanding of user behavior and interaction design patterns

Sure I have these. But if you’re looking to fill a 3-6 month contract, you’re not actually looking for them.

•Thorough understanding of SharePoint Master Pages, Page Layouts and CSS files
•Experience with using the SharePoint content deployment features
•Experience with SharePoint Designer for master page customization, style sheet modification, data view configuration
•Experience migrating content from one SharePoint tier or site collection to another
•Thorough knowledge of “Web 2.0” features of SharePoint: Blogs, Wikis, Social Networking (Profiles & Communities)
•Understanding and previous experience with Blogs, tweets, RSS, CHAT and other collaboration and communication technologies as it relates to social networking and intranet integration
•Working knowledge of SQL Server and scripting skills
•5+ years working with Microsoft Web development tools
•Microsoft .net framework, ASP, .Net, and C#
•SQL Server Reporting Services integration experience

Microsoft, Microsoft, Microsoft. Clearly I’m a great fit because I have all sorts of Microsoft-centric experience on my résumé.

•Java Scripting, Visual Studio, HTML, XML, HTML & Client side scripting (Javascript, AJAX, JSON and JS libraries (jQuery, YUI, etc),DHTML, XSL, XSLT, XHTML, CAML)

Oh, you can script Java now? That must be a new thing. (See what I did there?)

•Experience with creating content types and site columns


•Portfolio that includes sample web-based projects (required)

Oh look, a requirement that’s required!

•Computer Science or related degree

So… you want a designer with a CS degree?

Seriously? And people wonder why I hate recruiters. (Actually, no. No they don’t.)


I’m sorry, Ryan, I didn’t mean to fuel your hatred for recruiters.

I forgive you.

The search was keyword generated.


I know it must be a nuisance for great and awesome people such as yourself, but for some who may be really in need of an opportunity to come his or her way, who I may miss without the particular tool that recruiters use…

You’re helping? Really? By not making any attempt to learn about what best fits me? What about paying attention to relationship-building more than cattle calls?

…your hatred and sarcasm are shining personality traits I have accepteed to welcome my way.

Ah, see there? You can do sarcasm too!

But for the most part, my apologies.

My mother taught me that saying sorry means you’ll never do it again.

Update #2

Finally, something honest.

Evils of recruiting… really, unfortunately I’m not smart enough to code something that will give me good results based on my 50 mile radius search of resumes (you’re in WA, how did that happen?), nor fast enough to read each and every resume out there in time to meet the client’s expectation of submittals right away.

The answer is simple: Fewer clients, less money. The key to this business is personal relationships. Just ask Jerry MacGuire.

I really do feel your pain. I honestly just don’t think that wishing death to recruiters is, well, nice.

Technical people hate technical recruiters. That much is a fact. The question is, what will you do to change the perception that technical people have of recruiters? How can you be better than the status quo?

And no, I wasn’t being sarcastic by saying you’re awesome and great and that your shining traits include hatred and sarcasm. They were genuine. As genuine as your displeasure with recruiters. Truly. No, like, really.

This whole correspondence is actually funny. Disagreement is healthy and hopefully there is no super personal offense on your part because there is none on my part- though you tried to slice me with your sharp words or make me cower with your ‘wittiness’. (Again, I reserve the right to disagree.)

No personal offense on my part. Just — be better than the other people in your industry. Prove to me that I’m wrong about technical recruiters.

Have a nice day. I hope this left you smiling on some level. A grin. A smirk. Anything resembling a smile. I am smiling as I type this. Wait, can we be facebook, linked in friends? (That was a joke. Or not.)

Yes, this was fun. Let’s do it again sometime, eh?

Update #3: Response from their co-worker

Ryan is just one of those “I’m better and smarter than everyone else” types and spends way too much time replying to recruiters just for the sake of being snide.

Nope. Just you.

For every one of you little sarcastic haters out there, we have a dozen people who thank us cheerfully for the service we offer them.

Good. 🙂

We do more in depth recruiting, but [recruiter] was only using a tool that starts things out by helping to get the word out quickly.

I don’t think your tool does a very good job, then.

Rarely do we get a reply as neurotic and pathetic as yours but it does happen on occasion.

Neurotic and pathetic? Shoot. I was going for sarcastic first, then educational.

Usually we post these type of replies on our blog (of course we remove your name and other telling info), and share it for the enjoyment of others.

Awesome! I want to be Internet-famous.

Also as a warning to people on the market as how not to reply to an email as IT and Software is a small world in many ways. I’ve had some real whammies, people who say they hate Indians, etc, usually good for a laugh because of the absurdity (which is what I did when I read your replies).

I do the same thing, as a warning to technical people about how bad technical recruiters tend to be.

And apparently it’s absurd that I want a recruiter to take a few minutes to ensure that I’m a likely fit before they contact me. Oh wait — it’s the tool’s fault. My bad.

Sorry that the weather in Seattle has you so depressed that you spend so much time out of your days trying to make others feel bad.

I didn’t want you to feel bad as much as I wanted to raise the awareness of how bad the recruiting experience is for “better and smarter than everyone else” people. Like me.

Here in California the days are bright and we’re all nice people.

I grew up in California, and you, sir, are a liar.

[recruiter] did you too much of a courtesy by apologizing to you.

Most definitely.

You don’t know the life of a recruiter, just as we are not engineers and therefore couldn’t know the life of a hack such as yourself. To tell us the best way of doing our job is like me telling you how to be a code monkey. No we don’t Google each of the hundreds of people we talk to per day, and neither can we read each single line of each resume.

And that’s exactly the problem. Precisely. To the T. You’ve nailed it.

Unfortunately, it sounds like you think your lack of research is a good thing.

Don’t worry, we wouldn’t bother contacting someone like yourself again.

Oh, good.

No way we could get you hired anywhere. LOL.

I think of it as a win-win.

A miracle that you have a job at all with that attitude but I’m happy for you that you’re employed with a market like this. Have fun in your little world where you are the king of the world and everyone is here to listen to you try to be witty.

I will. Thanks. 🙂

Update #4

My very gallant co-worker and mentor took offense on my part. Please spare him?

Oh, that’s perfectly fine. It simply goes to show how completely disconnected technical people and technical recruiters are.

I’m not really angry and hateful — I’m just tired of all of the spam (emails from recruiters who don’t bother to do any homework before contacting me). You’re right, I don’t know what it’s like to be a technical recruiter. I won’t pretend to. But what I DO know is that the actions that are commonplace in the recruiting industry are loathed by people in mine.

I would love for someone to change my perception — prove to me that there’s a recruiting firm worth talking to, who cares about placing me somewhere that’s a good fit for me, rather than simply trying to get paid for an open req. The first step in providing this level of customer service is taking a few minutes to learn about the person you’re about to contact.

Whatever perceptions I currently have about recruiters, [co-worker] simply reinforced them. He can deflect blame for his industry’s approach all he wants, but until he’s willing to help bridge the gap between technical people and technical recruiters, I really couldn’t care less what he thinks of me.

Anyway, you’ve turned out to be quite cool. Have a nice day. 🙂

Update #5

*sigh* I think it would be too much to ask for you not to reply to [co-worker] anymore? I did the same but he probably would, still. At least it looks like your email is happier now- with smiley face. I’m glad we did that for you. 🙂

Talk to you soon… (and I apologize in advance if you get a ‘spam’ from us again, it’s um, unavoidable, which we do try to avoid, honestly.)

No, I’m done. Take care. 🙂

iPhone 4S and Siri 21 Oct 2011, 10:37 am

I’m not able to upgrade my iPhone until next summer when the next iPhone will presumably be out. That said, I find this sort of technology absolutely fascinating and I absolutely love how easy Apple has made it all.

Page processed in 3.838 seconds.

Powered by SimplePie 1.3.1, Build 20180524042856. Run the SimplePie Compatibility Test. SimplePie is © 2004–2018, Ryan Parman and Geoffrey Sneddon, and licensed under the BSD License.