Fixing sign in page

On my way into work today I heard various pretty intelligent critiques of and realized that the fix is easier (and the existing site stupider) than I ever expected.

The key points are:

  • The IRS provides a service for verifying a person’s income to mortgage vendors.
  • The actual signup for a plan is (I assume) in fact a transaction between a person and a private company that presumably has a website (or phone number) for signing you up, handling security, etc.
  • So the only job has to do is tell you what products are available to you and how much they cost. And, modulo disclaimers, it probably doesn’t even have to be right.

As someone on NPR pointed out, the job is very similar to selling mortgages through a site like Lending Tree or Quicken Loans. You enter the value of your house, the amount you owe, and your credit score, and you get given an estimate whose accuracy depends on the accuracy of what you put in. If you close the deal, the figures you enter are verified by the actual lender.

So, basically needs to know the price structure of the plans it is dealing with (this presumably is quite complicated, but not hideously so), and the location of the applicant. It can work with guesstimates of everything else (but there’s an existing IRS service to provide exact figures if needed). So you need a couple of simple web pages that ask the following questions:

  1. Where do you live?
  2. How much do you (and your spouse) make?
  3. How many people do you want to cover?
  4. Do you get health insurance through your employer?
  5. Based on the answers, here’s a list of available plans and their prices.
  6. Click on a button to apply for a specific plan (handed off to vendor website).

This is a little oversimplified, but only a little. (I’ve implemented life insurance application processes — and most of the things that feed into those calculations are expressly not factored into Obamacare health plans — Life Insurance is all about discriminating on the basis of pre-existing conditions.) Without income verification, this could all run client-side from static HTML. It would be technically simpler than the sign-in page shown above. Fixing this fiasco in a few weeks with a team of a dozen people is actually perfectly realistic. Fixing it with hundreds of the “best and brightest”, however, suggests that the wrong approach is being taken to the wrong problem.

Sony PS3 GTAV Special Edition Out Of Box Experience…


I wish I’d taken pictures. It’s so bad it’s almost comical.

First impressions — initial screens were horribly ugly and had badly anti-aliased text.

Then, the device didn’t detect it was plugged into a HD TV automatically — I had to tell it. The screens henceforth were nicer, but not consistent or polished. (XBox 360 is much snazzier.)

When I turned on the device, it required me to enter a bunch of information (e.g. date and time) which it could have obtained online if it had simply requested network login information first. Duh.

Initial configuration involved using multiple keyboard interfaces, one like a cellphone (multiple presses per character) and another with a more conventional layout that nevertheless was idiotic (e.g. highly inconvenient access to the @ symbol when entering email addresses).

Oh, and then it needed to download an update.

Every game I’ve played on the device, including the GTAV that came bundled with it, needs to download and install an update before it will run. The downloads are ridiculously slow and you’re repeatedly told (a) that they can’t be done in the background (why not?) and (b) not to interrupt them. (I’m writing this diatribe while I wait for LittleBIGPlanet 2 to patch itself into functional form. To be fair, most of the patches don’t take especially long, but this one is glacial.)

Every app I’ve downloaded from the menus (e.g. Netflix and Amazon Prime) immediately needed to be updated immediately after installation (and did not do so automatically, so I go off to grab a coffee or whatever, and come back to a screen requiring me to click a button to update the damn software).

When you start a game or launch an app, the screen goes blank (as in the PS3 stops sending out a video signal) for several seconds. It’s just ugly and clumsy.

Once you’re in a game, it’s a pretty nice machine except for the constant squeaking of the optical drive.

Finally — note that this is the new slimline 500GB PS3. Maybe the older, bigger, more expensive PS3 was a better put together piece of kit, but I assume it had the same lousy software. It’s quite noisy and pumps out a significant amount of hot air. In terms of build quality, it feels shoddy compared to me original Sony PS2 or my newer slimline PS2, or my XBox 360 — let alone a Mac Mini, say. I don’t know if it’s designed to stand vertically, but there are no affordances such as rubber feet.

Oh, and it’s very easy to knock the power button (which is mounted on the front edge of the device). I’ve accidentally toggled off the power mid-game twice already.

Seriously, this is a piece of shit compared to current Apple hardware, let alone software. I hope the PS4 is better (my several year old XBox 360 is a freaking masterpiece compared to the PS3 in terms of user experience).

A Little Privacy

Securing data from prying eyes is pretty much a solved problem. PGP is just as good as ever. So all you need to do to receive communications securely from another person is to create a PGP Private/Public key pair, broadcast your public key (hint — it’s shorter) to anyone who might want to contact you, and then decrypt incoming messages using your private key on the way in.

This only addresses security. Authentication is a separate issue, possibly just as important, and if anything harder to address (because it involves trusting third parties), and I won’t deal with this. Privacy is plenty to deal with right now.

So we’ve heard that secure communications providers are shutting down or destroying their servers rather than surrender to demands from the US government (NSA, FBI, CIA? We don’t know which branch or branches because they’re not allowed to say — lovely, huh?). What demands might these service providers be concerned about?

  • Surrender private keys (why would they even have these)
  • Install malware on their servers or on users’ machines (why would a secure email provider install any software on its users’ machines?)
  • Help surveil users (e.g. notify government agency when a specific user addresses his/her mail)
  • Monitor metadata (e.g. while the body of an email might be encrypted, the header information has to be plaintext).

Can you think of other things?

There’s a recent thriller (you probably haven’t heard of it — it tanked at the box office) starring John Cusack called Numbers Station. The idea is that the CIA maintains a network of shortwave broadcast stations that send out encrypted messages to sleeper agents. To do this they need a specially trained cryptographer and a network of highly fortified shortwave transmitters. Or something. It’s a stupid, stupid premise. (But not as bad as 2012.)

Let’s suppose we want to communicate with field agents securely. Well, before leaving HQ our field agent creates a private/public key pair and leaves the public key behind. He/she secretes the private key on his/her person (committing it to memory is probably impossible, so it might be in a tiny subcutaneous LED projector!) and then goes on his/her merry way, having told his/her handlers to post messages on usenet using his/her public key. There’s no other step required.

Now, how do we handle authentication? Hey, I said this wasn’t about authentication! In any event, same way we handle it using any other less secure communication channel. Perhaps authentic messages are agreed to end with “Signed Bob” or “The peanut walks by night”. Doesn’t matter — we’re talking about security not authentication.

How does Double Secret Agent VII find the publicly posted messages on usenet? Any number of ways. Perhaps they’re in messages entitled “but I like wesley” on alt.wesley.crusher.die.die.die. Perhaps they’re embedded in the comment tags of PNG images posted on It doesn’t matter.

Heck, you could just use mailinator. Want to email Double Secret Agent VII? Send an email to [email protected] and use the correct key. Done.

The beauty of the usenet example is that thousands of people will be downloading the message accidentally as a matter of course, and the message will be automatically distributed to thousands of servers whether anyone reads it or not. I really don’t know how PRISM, et al, would help against a determined, competent opponent communicating this way. This is probably why PGP had the US Government so riled up back in the 90s.

So, what about losing track of Agent VII? Simple. You’re Control (or whatever). If a communications channel is compromised (e.g. Kaos figures out you’re posting messages as EXIF data in pornographic images and deletes them or posts confusing spam) then Agent VII can use the Control’s public key to phone home. It’s not complicated.

So, here’s my modest suggestion for creating a secure replacement for email that everyone can use, and which can be gradually migrated to.

  1. set up a standard mail server.
  2. configure it to bounce any email that appears not to be encrypted using PGP with a message saying “if you want to contact f[email protected] then use [email protected]’s public key to encrypt the message and provide your own public key so a secure response can be sent” and provide a link to a web page for securely sending such emails if the person doesn’t want to.
  3. outgoing emails are decorated with a public key for securely replying to the sender.
  4. account holders can have any number of handles (“email addresses”) associated with a given public key. They can access their email simply by asking for it. (Either there’s no passwords or everyone has the same password.)
  5. the server holds public keys so it can send the messages in item 2 (and provide a convenient system for sending the messages).
  6. Provide a simple to use web-based client for the service (which does all its encryption / decryption client-side) and provide links to a number of alternative open source clients. Make all the clients as transparent as possible.
  7. Provide a web-based client that deals only in encrypted data. (I.e. requires the user to manually extract and decrypt incoming messages, and encrypt outgoing messages.)
  8. Pay for all of this by charging a small amount (say $0.01) for each message sent to a user. (This is Bill Gates’s proposed solution to spam from way back, and if we’re going to migrate off email, we might as well cash in that idea.) Any profits could be donated to MSF, or the campaign to drown Jenny McCarthy in cat vomit.

Now, practically speaking, we could use passwords simply to prevent nuisance denial of service attacks, but we’d have absolutely no problem giving those passwords to anyone who showed up to our office in a sufficiently impressive suit, or driving a big enough SUV.

So, this gives us a pretty secure email system that is fairly interoperable with existing email systems (modulo requiring users “outside” the system to opt into using it, at least to contact its users) and which doesn’t hold any private information or keys at all. Heck, it can simply expose all of its data to Google. (Indeed, it could keep its code repositories exposed so that suspicious users could review changes to its codebase.) Now, it can’t be used with idiotic services that send you your login details, but you can either use another email service (e.g. gmail or mailinator) for those or implement a cryptographic bridge (e.g. if you subscribe using an email address prefixed with “insecure-” then it might do the encryption serverside for you.

Note that as described, the system doesn’t conceal metadata. So if [email protected] sends [email protected] orders to assassinate that pesky reporter, the fact that such a communication occurred (if not its content) is stored on the server. Of course, you could use the web client to anonymously send and/or receive the message, and use Tor to avoid leaving too much of a trace of having done that, but it’s kind of inconvenient, so normal people won’t do it very often. A normal person wants an email client that Just Works (this can provide that) and to exchange email with other people (this can get you there).

The proposed system provides end-to-end encryption of message content without the server needing to store any private keys and would allow all key components of the system to run in the browser (and thus have openly inspectable runtime code that could be monitored for changes). But it won’t stop the NSA from hitting you with a $5 wrench until you tell them where you keep your private key.

It’s time for a change: Adobe jumps the shark

Grant will get you one month of Adobe Creative Cloud with an annual commitment
Grant will get you one month of Adobe Creative Cloud with an annual commitment

I love Adobe and its products, despite their eccentric UIs, awful installers, and the mystery that is Bridge. The fact is Adobe knows its shit and does it better than anyone else. However, while for many years I considered myself a “power user” of Photoshop and competent enough with Illustrator, the capabilities of Photoshop have long outstripped my needs, and Adobe’s marketing team has done a remarkable job of alienating me with pricing shenanigans.

My first experience with Adobe Software was learning to use Illustrator 88 in a production environment — mainly tracing logos. I was introduced to Barneyscan (the program that became Photoshop) when the multimedia startup I joined acquired a Barneyscan Slide Scanner. We soon discovered that Barneyscan was actually a very capable graphics program that was better for handling 24-bit color images such as scanned photographs than anything else on the market.

Then Fractal Painter and Color Studio came out and, briefly, it was a three horse race. When Photoshop introduced, in quick succession, a better implementation of Painter’s layers and editable text layers, the competition fell by the wayside. Other competitors, e.g. Macromedia’s ill-fated xRes, the amazing Live Picture, and Microsoft’s Expression Studio, came and went.

Despite its many virtues, I couldn’t justify buying my own copy of Photoshop until it started being bundled with scanners. I literally paid $500 for a scanner and didn’t use the scanner in order to get Photoshop 4. Adobe’s upgrade pricing led to my upgrading Photoshop as each new version came out until Adobe got me to upgrade to Creative Suite for not much more than the cost of just upgrading Photoshop, but then made further upgrades horribly expensive (and also made skipping versions very expensive). My last CS purchase was CS4 Web Pro academic (I was working for a University at the time) just after Adobe announced that anyone buying CS4 would receive a free CS5 upgrade.

Over the years, Adobe’s other applications rose and fell in my esteem. I used Premiere for years, and once found After Effects to be an unbeatable combination of power and usability — I haven’t touched either in years, and Apple’s $50 Motion does everything I need. (Indeed, I don’t have any use for Final Cut Pro, either.)

Now Adobe is essentially offering us three options: pay $50/month to get access to all Adobe software, pay $20/month to get access to Photoshop (both require one year commitments, it’s higher if you go month-to-month), or somehow get academic pricing for $20/month to get everything. The plans also come with 100GB of cloud storage (which would cost you $10/month on its own from Dropbox — of course Dropbox’s 100GB is a lot more flexible).

So for me, that means it’s time to kiss Adobe good-bye. (Except for Adobe Ideas of course — I love Adobe Ideas.)

Alternatives to Adobe’s key products

  • Photoshop: Acorn (Mac), Photoline (Mac/Windows), Pixelmator (Mac), Paintshop Pro (Windows), Painter (Mac/Windows)
  • Illustrator: Inkscape (Mac/Windows/Linux), iDraw (Mac), CorelDRAW (Windows), Intaglio (Mac), Lineform (Mac), Artboard (Mac), ZeusDraw (Mac), EasyDraw (Mac)
  • Dreamweaver: a good text editor (e.g. BBEdit (Mac), Sublime Text (Mac/Windows), Vim) or web-centric IDE (e.g. Webstorm (Mac/Windows), Coda(Mac))
  • Fireworks: no direct replacements that I know of, but UI-oriented graphics apps like Sketch (Mac) seem like replacements to me.
  • InDesign: Pages (Mac), TeX or Latex (Mac/Windows/*nix) or even Quark XPress (Mac/Win).
  • After Effects: Motion (Mac), or one of the fire-related products (Inferno, Flame, Flint, Combustion, Smoke, etc.)
  • Edge: haven’t used it, but I’m guessing something like Hype (Mac) or learn to use CSS and jQuery.

Chances are, if you’re a hardcore InDesign or After Effects user, you probably pay Adobe $600/year for the privilege and the new pricing policy doesn’t faze you. The problem you need to worry about is just how badly is Adobe going to hurt itself by its new pricing policy, because I suspect that the new pricing policy will convince a lot of people to live without Adobe for as long as possible, which will turn out to be forever.

Adobe is bucking a big trend — software is getting cheaper and more powerful — and a major perception issues — most people hate recurring expenses. See, I can splurge on a big software purchase because I’m flush with cash or have a big check coming in or some kind of weird justification. I don’t think of a $2000 camera purchase as, say, $55/month based on my using the camera for three years. No, I think of it as “can I afford a $2000 camera?” If you tried to sell me a camera that was just as good as my $2000 camera for $55/month with a one year commitment, I’d probably laugh at you. Do I need to pay as much for my camera as I do for cable internet? No way!

I strongly suspect this move by Adobe will be catastrophic. At this point in their old marketing cycle they’d be offering free upgrades to any new buyers of CS6 — instead they will at most be getting a few $50/month subscriptions. Next, they’d be offering time-windowed discounts on the new suite once it shipped. That’s not going to happen. So at best they get slightly more money than they’d have gotten with their old model, only spread out over twelve months. How likely does anyone think this is? I suspect they’ll instead get less money spread over a longer period. And they run the very significant risk of simply losing customers the way, say, Netflix did with its Quickster fiasco. My CS works fine, I’ll think about the Adobe cellphone plan when I need to. The difference here is that, as far as I can tell, time isn’t on Adobe’s side the way it, arguably, was with Netflix. Streaming video on demand is the way of the future, so Netflix (and Hulu) can probably afford to stumble. Adobe is the king of print media and web worst practices — it probably can’t afford too many mistakes.

RAW Deals

Red Panda curled up in tree

I’m pretty paranoid about my RAW photos. I keep them (and a lot of other stuff) backed up locally (albeit in desultory fashion) and in the cloud via Crashplan. My initial backup took nearly three months, but once I got over that hump it’s pretty much seamless and my computers are usually only an hour or two ahead of backups (unless I leave them in sleep mode for days, which I do — but it’s not like data are being created while they’re asleep).

Flower Chloe Loewald — Tornado Survivor

My own history of failure

Three years ago I worked with some former colleagues and friends on a startup called Photozen and later PurePhoto. The domain still exists, but it’s become a online photo art dealership (I was also involved in that pivot — I implemented the initial data migration by building a hack tool for consuming PurePhoto’s data from specific photographers’ accounts and pushing it to Shopify.)

But, at the time, we avoided dealing with RAWs despite the fact that, in my opinion, that’s where the real opportunity lies. There’s a lot of mythology surrounding RAW files — I’ve just had an email exchange with the redoubtable Thom Hogan (a very smart guy who, after an illustrious career in hi-tech, is making a good living as a pro photographer, which is no mean feat) over the importance of knowing how to set white balance on your high-end digital camera.

Acorn's UI wrapped around Apple's RAW converter — see that temperature slide?
Acorn’s UI wrapped around Apple’s RAW converter — see that temperature slider?

In my opinion as a RAW shooter there is almost no importance in memorizing this operation — I can second-guess the Auto-WB setting later. On the rare occasion when I need to shoot JPEG (e.g. to optimize my use of the continuous shooting buffer) I can figure it out, but it’s not that common. Thom is under the impression that white balance drives the exposure meter which determines the quality of RAW capture. I can’t verify this experimentally (my experiments indicate otherwise) and it doesn’t make sense to me (as I understand it, Nikon polls an RGB sensor array and then fuzzy-matches the result to an image database to calculate exposure meters — why you’d want to put a white balance calculation in the middle of that escapes me).

Of course Nikon doesn’t help us by using a proprietary and encrypted RAW file format (the actual image data is accessible, but the metadata — which bears directly on a discussion like this — is encrypted). In any event, there’s this mystical attachment to the original RAW file, as though it contains secret sauce, when in fact it’s just a bunch of floating point values that can be “losslessly” converted into some other format (e.g. DNG) or quasi-losslessly converted into — say — lower resolution pixel-binned images (suppose you want to keep dynamic range, but don’t need resolution). As far as I can tell, demand for tools that deal with RAW files intelligently is so low that such tools do not exist, but they’re perfectly doable.



So along comes a really neat looking startup called Everpix which promises to solve every photographer’s most annoying workflow problem — unifying all those different silos of photos under one management umbrella. Upload a photo to your iPad, snap a photo on your iPhone, dock your camera to your Mac Pro, every device you own can access every photo.

And they even promise to do things like figure out which shots are in near-identical sequences and automagically pick the best one, and automatically detect incorrect exposures and blurry shots so you don’t need to sort them out.

Of couse it only does this with JPEGs. Grrrr.

Aside: after writing this post, I discovered that — apparently — Everpix can’t upload from my main Aperture library. I also did some Googling to see if anyone else has figured this out — Adobe Revel makes no mention of RAW files even in its FAQ (seriously, no-one wonders about RAW backup to the cloud?) and SugarSync (which looks very similar to Everpix) also makes no mention of RAW support anywhere. My guess, if you’re studiously not mentioning it anywhere on your website, you aren’t dealing with it.

Look guys. You’ve gotten me to install your software on every machine I own. You can see the darn files. How about (a) figuring out which images are blurred or underexposed before you upload them, or (b) using the metadata I’ve provided (e.g. which photos I’ve given star ratings or bothered to fine-tune). This will help filter signal from noise and with the insane amounts of bandwidth you save you can upload the damn RAW files.

Note that I proposed this exact idea to my colleagues working on PurePhoto and it was set aside for after release. (Release never really happened.) Here’s the thing — I don’t need a better image editor. I don’t need a tool for sorting my pictures into folders. I really don’t care about JPEGs because those are “prints”. I can replace them. I need to deal with baggigabytes of photos, 90% of them crap, and I need it to be seamless and handle RAW.

A typical RAW file is three times larger than the corresponding “fine” JPEG. So, support RAW files and figure out a way to avoid uploading 70% of the images and you’re ahead. You’re way ahead because now you’re doing something useful.

Here’s another way of looking at it: if you save 100% of my JPEGs you’ve done nothing useful. If you save 90% of the RAW files I care about (missing 10% because your filter algorithm is imperfect) you’ve done me a huge, huge service, and I can become smarter about finessing your algorithm and you can improve your algorithm over time.

Go forth and implement something useful.