The Future of Social Networking

Ello blew up this week. It’s new and shiny and does some interesting things. That being said, it’s not where social networking or how we use the Internet needs to go.

If you want more reading:

I had posted some of my own initial thoughts, which is that the ideal social network should be end-user controlled and distributed and decentralized. A natural pre-condition is there should be an open protocol, but it’d be worth fleshing out the type of functionality that’s required (I’ll have to revisit some relevant thinking I did in the early 2000s in decentralized SNSs, the mid-2000s on permeability/privacy, and the late-2000s on Y!OS).

FWIW, the more interesting social networking-related project I discovered is an open source, decentralized, massively-distributed 3D simulation engine called Lucidscape. It is explicitly designed for an open metaverse. (See also: Open Cobalt née Croquet)

VR Link Dump

Most people I’ve talked to the past year probably aware that VR has been something that I’ve been getting more excited/focused on.

 

Oh, somewhat unrelated, but an awesome Cashmere Cat set:

Apple: Untrustable

As excitement of Apple’s new product announcements dominate today’s press coverage, and the memory of the celebrity iCloud hacks fade to obscurity (already seemingly long forgotten), completely un-remarked and un-addressed at today’s event (a good PR move, to be sure), I felt it might be worth posting some of my personal thoughts on the matter, as the silence from Apple on the issue has been quite disquieting.

To be clear, I’m a long-time fan of Apple design and engineering, and today’s keynote is a reminder of
Apple’s best-in-class in hardware and device software. I also own a not-insignificant amount of AAPL shares, but while I’d like to give them the benefit of the doubt, it seems to be increasingly clear that Apple should not be trusted with my personal information.

It’s famously well known that despite their technical prowess in hardware and software, Apple is just not very good at hosted services. Terrible at it really. From their earliest web-based apps, to their ongoing capacity problems, or their laughable attempts at building social services (Ping, anyone?), Apple’s online components are sometimes passable or on par, but more commonly they are mediocre, not-well thought out, clunky, outdated, or just plain broken; “not serious,” was the phrase a friend used. The problem is that today, the online components are as integral to a product as the device hardware or software. They are bound together, and sadly, the weakest link will cause the chain to break. Also, unfortunately, these traits seem to carry through for security for these services as well, which is definitely serious.

Over two years ago now, a friend, Mat Honan, had his Apple account (and digital life) hacked, in much the same way (via an almost identical vector) as the recent celebrity hacks. He’s a journalist, so he wrote all about it, and got a fair amount of press along the way, appearing on news shows, getting writeups, and generally making a big hubbub about it.

If you’re not familiar with that incident, it’s worth taking a look. Also worth reading is some of the analysis on the latest compromises:

Apple issued a terse official statement last week which denied any “breach” in any Apple systems and claimed that the accounts were compromised due to “targeted attack[s].” From a lawyerly perspective, this is perhaps technically accurate, aimed at deflecting blame and absolving responsibility, if not liability. Of course, like most such statements, especially looked at in context of the afore-mentioned writeups, it is quite misleading.

The attacks used to reset passwords via security questions and acquire iCloud access and backups were so frequent and common-place that discussions and communities had formed not just on the darknet, but on public forums/websites.

Either Apple’s security was so incompetent or negligent that they have not been aware of what was going on, or they knew, but actively ignored the issue and decided that it was not worth fixing. I’ll leave it to the reader to decide which scenario is worse.

Today, Apple announced their “Most Personal Device Ever”. They also announced Apple Pay (the only mentions of “security” and “privacy” in today’s event), and are rolling out health tracking and home automation in iOS 8.

Given their feckless track record, would you really trust Apple with (even more of) your digital life?

Some notes:

  • Last week, the same day where the big Apple news was the hiring of designer Marc Newson, Mike Hearn published a fascinating writeup of his anti-spam/abuse work at Google. Maybe unfair, but it struck me as an interesting contrast.
  • Over the years that these compromises have been happening, I haven’t heard of anyone that has been informed by Apple of a compromised account, or any information on their customer-facing forensic abuse team. Ignoring the larger issues of systemic security-holes (Apple can talk about “no breaches” but between non rate-limited/info-leaking endpoints, allowing resets via VPNs, lack of device pinning/access notices, they’ve left the door wide open for widely known attack vectors), what kind of support does Apple give you once your information is stolen?
  • Much hoopla has been made on 2FA. iCloud’s 2FA is less useful than you might think.
  • Not Safe For Not Working On – Dan Kaminsky writes about some of the implications of cloud security; also worth a read is What if I was a cloud? by iBrute‘s author. It’s obvious that cloud services need to seriously rethink how they store and authenticate personal information.
  • If you’re not already using fake security answers to security questions, you should. If you are, it may also be worth considering using a password manager to store unique nonsense answers for those questions

Cornell West on Obama

The full interview is a great read, but this part of it does a good job summing it up:

So that’s my first question, it’s a lot of ground to cover but how do you feel things have worked out since then, both with the economy and with this president? That was a huge turning point, that moment in 2008, and my own feeling is that we didn’t turn.

No, the thing is he posed as a progressive and turned out to be counterfeit. We ended up with a Wall Street presidency, a drone presidency, a national security presidency. The torturers go free. The Wall Street executives go free. The war crimes in the Middle East, especially now in Gaza, the war criminals go free. And yet, you know, he acted as if he was both a progressive and as if he was concerned about the issues of serious injustice and inequality and it turned out that he’s just another neoliberal centrist with a smile and with a nice rhetorical flair. And that’s a very sad moment in the history of the nation because we are—we’re an empire in decline. Our culture is in increasing decay. Our school systems are in deep trouble. Our political system is dysfunctional. Our leaders are more and more bought off with legalized bribery and normalized corruption in Congress and too much of our civil life. You would think that we needed somebody—a Lincoln-like figure who could revive some democratic spirit and democratic possibility.

Some Stuff

VimR is a new OS X native vim app. Pretty cool.

Interesting looking affordable hand position tracking/future haptics interface (discussion:

I mentioned in my last post buying a crappy keyboard to use. It’s been making me itch for a better travel keyboard. There are some good 60% keyboards…

I’ve spent a bunch of time the past couple weeks diving back into node.js and into node-webkit. I started building a prototype in “native” node-webkit, but went back to separating the core app as a traditional (express-based) web app so that it can be used both online and locally more easily.

Between that and work, I haven’t been exploring Berlin as much the past few weeks (plus the weather has been sort of wet and cold), but I’ll try to be doing some of that the next couple weeks before I end up back in the US.

Lunix, Still Just Works

In anticipation of my DK2 arriving in Berlin (Oculus refused to update the shipping address to Berlin, so it had to make a stop in my office in LA first; it’s currently in transit), I booted up the Linux dev box I’ve been carrying around. One problem became apparent booting up: I have a Bluetooth keyboard, but the Linux bootup sequence requires a USB keyboard because I set it up (on a whim) to run a cryptfs, and also because on an unsuccessful boot (like a powerdown) the default configuration for GRUB is for it to hang on the GRUB selection screen indefinitely (you can fix this by adding GRUB_RECORDFAIL_TIMEOUT=X to /etc/default/grub and then running update-grub).

OK, I ordered a cheap keyboard on Amazon.de. Got it.

So I’m able to boot now, except now I’m getting (this is new), kernel panics while booting… something related to the rtl8821ae wifi module… This is a little strange because this didn’t show in the office, but probably had to do w/ some combination of not being on a wired network…

Turns out, there are indeed some problems:

In the meantime I’ve blacklisted (you’ll need to remount,rw / from recovery) the rtl8821ae module. This took a lot of reboots/futzing, all told an hour+ of my life I’ll never get back.

Lunix, after a couple decades, still just working!

Location Set By GPS

For those that are interested, I’ve launched a new travel blog: Location Set By GPS where I should be updating more regularly.

I haven’t been writing as much as I should, but a couple short notes:

  • I wrote my first Slack bot and am convinced that it’d be a killer app (and they’re not so far away) if they would implement a way for non-technical end-users to easily create their own. (think Excel Macros, IFTTT, Pipes)
  • I’ve been working with inline editors. Currently Raptor, but saw two interesting WP related things. One, a pay-editor called Barley that looks pretty slick, and the other being the WordPress Front-end Editor in development
  • My DK2 finally arrived in Los Angeles, now it just needs to be shipped to Berlin…

Featured on Flickr

Late last night I started noticing something funny – I was suddenly getting a stream of Flickr notifications on my phone (I’ve actually since temporarily disabled notifications since they got a bit out of control). I jumped onto the site to see what was up, and to my surprise, there was one of my photos sitting on the sidebar. A click through lead to the blog post (the only CC licensed one!). Even neater, it’s also currently the splash image on the main blog. Here’s the pic btw if you’re too lazy to click:

Mist

While I’ve had some links from the dev blog in the past, this is actually the first time I can recall any love from the main blog (after 10 years, finally! 🙂 This also coincidentally coincided w/ hitting 1M views (not sure if this was just counting from when the stats system started) total.

While I rarely look at the stats, I figured this merited some special attention, so after a full day (Flickr’s internal stats segment on UTC), here’s some tidbits:

  • Total traffic was about 25-30K views
  • Less than 100 visits came from the Flickr blog! Most of the rest (~25K) came from the Flickr site itself (sort of makes sense but the sidebar links to the blog post so who knows what’s up)
  • Only 1,088 of the views went to the specific picture. It acquired 233 likes. (21.4% of people who saw it liked it?!?)
  • Probably most interesting, is that over a dozen other photos had 300+ views and over 50 other photos had 200+ views that day – this is an incredibly long tail, and I think while there’s been much bellyaching about the new Flickr design, I think that sort of engagement has a lot to do w/ how quick/easy/rewarding it is to page through streams.

It’ll be fun to see what all these new followers think about my China pics (I’ll be uploading in the next couple days).

The Future of VR

I’ve been pretty excited about the future of VR for the past few months (I’ve been gathering notes here). I was an original DK1 Kickstarter backer and have been following Oculus’ growth and development pretty closely lately. While an eventual acquisition was always a possibility (after a $90M B round at the end of last year), today’s announcement of a $2B Facebook acquisition came as a bit of a surprise, if only for the timing.

You can read Palmer Luckey’s announcement on the Oculus sub-Reddit, which doesn’t inspire much confidence, or Palmer’s comment responses, which are is a little more interesting. cliffyb and tycho have written interesting counterpoints/rebuttals to some of the knee-jerk responses.

Notch (Minecraft) has written a pretty insightful commentary, as has Max Temkin (Cards Against Humanity), which do a good job of summing up some of the unease/issues, particularly among enthusiasts and developers, are experiencing. cliffyb wrote an interesting counterpoint/rebuttal.

Rather than write something cogent and expressive, I’ll just collect some thoughts:

  • From Facebook’s perspective, buying Oculus right now for $2B is a steal. As Chris Dixon tweeted, it’s the equivalent of Google’s investment in Android. It’s quite clear that VR is likely the next big computing platform. Honestly, it’s about time Facebook got some ambition about the future. (Google’s been making everyone besides Musk look pretty shortsighted) What’s unclear right now is what Oculus has to gain, especially when there are reports of not just other bidders (which probably would have been much worse for Oculus) but also that investors had offered Oculus more funding. It’s unclear whether “more” in this context means more than the FB sale, but assuming the same $2B valuation, Oculus should have been able to pick up at least another $200M. Beyond the exit price (which goes to investors and the team), the question is, what did FB offer Oculus in terms additional resources to make this worthwhile – $1B? $2B? The Oculus team certainly left money on the table, so the question really revolves around FB’s value add beyond the costs that all acquisitions entail. Hints are being dropped, but we’ll have to see what pans out.
  • Part of the cringing I have reading Palmer’s announcement, of course is how familiar it is. Heck, I remember writing one very much like it about 10 years ago. I don’t doubt its authenticity/everyone’s best intentions, but having seen the cycle play out many times, I do think that the Oculus team may underestimate what the loss of independence means. Obviously enthusiasts will find it hard to root for Facebook, and developers should be justly worried (terrified, really) about Facebook’s developer/platform track record and manifold conflicts of interest, but beyond that, even though Oculus has assembled a fantastic team (the best team of creative technologists in field, and possibly across all of tech), what is the appeal for the best and brightest to work at Facebook? (That being said, I’m sure there are many bright people working at Facebook that would be excited to work on the Rift) While autonomy has been promised, maintaining focus as a subdivision of a large, publicly traded tech company has its own pressures/constraints and maintaining focus and drive requires a huge and different type of commitment over the long term.
  • That all being said, people canceling their DK2 orders are being irrational. The current hardware is locked in. It’s awesome. There will be drivers available, and almost assuredly open alternatives will emerge if the worst happens. There are cross-platform APIs available, and while there’s a concerns with patents (if Facebook is serious about creating a new VR market, a commitment to FRAND licensing, open standards, and open source would do much to settle everyone’s nerves). As of right now, all the components for compelling VR are known/available. Future developments like virtual retinal displays, foveated rendering, inside-out tracking are open to whomever has the resources, vision, and willingness to invest.
  • There’s no question that Facebook, Google, et al will want in on the Metaverse. Owning Oculus will give FB a big advantage and all but guarantees a seat at the table (make no mistake, this is the endgame), but I think everyone’s smart enough to realize that a walled garden will end up leading to AOL, not the Internet. No one wants the former (sorry, Shingy 😉 and there’s a lot more money to be made with the latter if there’s enough patience/vision.

Having slept on it, I think a lot of the knee-jerk reaction has merely been about the perceived “cash out”, but also that it feels a bit like giving up before actually taking a shot. While Palmer mentions partnership multiple times, at the end of the day, it’s an acquisition, which carries a lot of existential and practical baggage (and pitfalls) related to autonomy/agency/execution. Here’s hoping there’s enough momentum to carry things through.

Some links:

The Wirecutter Is Always Wrong

A lot of my friends are big fans of the The Wirecutter, and I am too, at least in concept – a site that focuses on doing the research to simply find the best gadget, what’s not to like?

I’m a bit of a gadget-head, and my goal is typically the same (to find the “best” product in a category), and unfortunately, I’ve found over and over again, that in areas where I’ve done personal testing, the Wirecutter’s recommendations have been, without exception, wrong.

This year I’ve instituted a bit of a one-in-one out policy and plan on publishing more on the tools I use (and what I end up replacing). For now though, I’ll just start off with a list of things that the Wirecutter recommends and my personal findings.

  • The Best $100 In-Ear Headphones – The “final straw.” Wirecutter recommends the Sony XBA-C10IPs and commends them for having outstanding audio quality and being quite cheap. They were cheap, however, the audio quality was, to put it frankly, awful. My mind is boggled by their recommendation.

    As background, I enjoy my headphones/IEMs and was looking for a quick/cheap replacement for a pair of
    Phonak Audéo PFE 232’s (these are fantastic, BTW) I lost while traveling. I was looking for a cheaper stopgap replacement, and I’ve owned many IEM’s in the $100 range, so my expectations were set realistically – for that price, you can definitely get very decent sound.

    I picked up the XBA-C10’s unheard due to the recommendation in Taipei’s Guang Hua Digital Plaza, but was pretty much forced to get another pair immediately due to how terrible the sound was. I ended up going to 音悦音響有限公司 in Taipei (highly recommended) later in the evening to audition some headphones.

    Both the HIFIMAN RE-400 and the Shure SE215 Special Editions were far superior at the $100 price level. It wasn’t even close. I bought the Shures because I’m a big fan of Comply Foam tips. Note: the Shures have replaceable cables with standard MMCX connectors. People don’t seem to like their iPhone cables, but using the UE900 cables seem like the cheaper & better way to go.

    Note: I subsequently auditioned a bunch more headsets in Singapore at Jaben Audio (also highly recommended – they have some serious gear) and ended up picking up a $150 pair Etymotic HF3s – typical Etymotic lack-of-bass, but the clarity, isolation, and iPhone controls made it worthwhile. If I lose my saving throw against shiny I may end up picking up a “good” pair of IEMs.

  • The Best Travel Power Strip (with USB) – Wirecutter recommends the Accell D080B-011K. Their recommendation/review is just plain wrong. Do they even travel? If they spent any amount of time in airports/hotel rooms even domestically (not to mention internationally), they’d realize that the cable-less form-factor basically makes it useless in many situations. Which might be fine if you didn’t need the power strip, but if you did, then you are now fucked. They note that the strips they tested weren’t rated for 220V/international use as well, which makes the definition of “travel” pretty limited.

    While they’re a terrible company, I have yet to find a superior alternative to the Monster OTG400 (there is a 3-plug+USB OTG300 but I don’t recommend it since the USB is only 1A and I’ve found that I almost always would rather have the extra plug). The only other cabled alternative is the Tripp Lite TRAVELER3USB – it has the advantage of surge protection, but is also 1A USB and does not have 220V support. It’s also twice as large.

    Here is the uber-compact international travel adapter I use. Besides supporting most countries (basically everything except UK plugs actually UK plugs supported via clever use of EU plug; tested in HK), it also serves as a 2-prong adapter. I haven’t seen this for sale in the US. Note: I’ve also upgraded this in HK to a version that has a 1A USB plug built in.

  • The Best USB battery pack for travel – while we’re talking about power, the Wirecutter’s recommendation isn’t particularly offensive, there are just better options. The Anker Astro 3E 10000mA is 2/3 the price and otherwise equivalent. I’m currently carrying the Anker Astro 3 12000mA which is a bit heavier but has 3 USB ports (up to 4A) – the Astro Pro looks better if I were buying today. (Note: I’ve just bought an Astro Pro and a Limefuel and will write up a comparison shortly).

    In Tokyo, I picked up a cheapie 100g 4000mA battery for carrying around everywhere since my iPhone battery tends to not last at all out here.

  • The Best Mirrorless Camera Under $1,000 – The Wirecutter recommends the Sony NEX-6 (and the NEX-5 before it) even though it has the worst lens selection ever. There are other issues (handling for example), but I wouldn’t recommend a NEX camera to someone unless I hated them.

    While there’s a good argument for the Fuji X-Series (especially w/ the X-T1), but if you want an X, you should know. For people who actually need camera advice, I’d recommend m43 in general, and the GX7 in particular for <$1,000.