Taking one for the team

Scene: Nick’s intermediate league baseball game.

Bottom of the last inning. Other team at bat. 2 outs. 2 on base. Winning hitter at bat. Fly to right field. Nick makes a beautiful diving catch and comes up with the ball, ending the game for his team to win…

…then runs off the field holding his arm.

One rushed trip to the office for x-rays later, and it’s confirmed: he broke the same wrist that he broke last year when he fell off his skateboard.

I’ll hand it to the kid: he plays hard. If you’re going to get hurt, you may as well do it heroically.

Signal was cheeky, but right

In her article “I Have a Lot to Say About Signal’s Cellebrite Hack”, the extremely qualified Riana Pfefferkorn argues that Signal’s blog post, “Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective”, could have been a bit more serious and professional:

On the other hand, although this was serious work with a serious point to it, the unseriousness of Signal’s tone in the blog post and video hampered public understanding of the point they were making. You aren’t helping your cause when a reporter can’t tell which parts of your blog post are jokes and which parts are serious, or what you mean by your weird coy phrasing. This blog post was plainly written in order to impress and entertain other hackers and computer people. But other hackers aren’t the real target audience; it’s lawyers and judges and the law enforcement agencies that are Cellebrite’s customers. They tend to prefer clear communication, not jokes and references to 25-year-old cult films.

To be clear, Pfefferkorn is way more qualified to have an opinion on this than I am. Still, as I said in a Hacker News comment:

Eh, I can’t be bothered to care. Cellebrite hoards 0-days so they can use them to hack phones. They know about exploitable vulnerabilities but aren’t saying anything about them because they profit from insecurity. Thing is, just because Cellebrite knows about a thing doesn’t mean, say, China’s CCP or the Russian mafia or anyone else doesn’t also know about that thing. You and I are less safe just because Cellebrite wants to profit off of those vulnerabilities.

I just can’t work up the ability to sympathize with Cellebrite. The law may have something to say about Moxie’s writing, but in my opinion he has the clear ethical upper ground in this argument.

Pfefferkorn goes on to say:

But if Cellebrite machines stop working reliably, or the evidence obtained from them is hella sus and can’t be relied upon in court, then that safety valve — the ability for the cops to get courtroom-worthy evidence off phones notwithstanding strong encryption — gets plugged up. And closing the safety valve adds more pressure. It’ll become easier for law enforcement to make the case for why smartphone encryption needs to be backdoored.

That may be true, but I contend:

I also disagree with the notion that it’s good that Cellebrite exists because without them we’d have stronger anti-encryption laws. That’s hypothetical and all we know is what we have today. I’m not thrilled that someone is peeing on my basement carpet instead of peeing in my living room; I’d rather not have someone peeing on any of my rugs.

It’s not that I disagree with Pfefferkorn on an intellectual or legal level. She’s the expert. If our factual positions disagree, listen to her, not me. It’s just that I don’t care if Signal was crude in their anti-Cellebrite post. It brought a lot of attention to Cellebrite’s awful ethical stance, and for that I’m grateful to Signal’s CEO, Moxie Marlinspike.

Review: Jellycuts

Jellycuts for iOS and iPadOS is 2 things:

  1. A text-based language for writing Shortcuts,
  2. A compiler that turns the text language into “real” Shortcuts, and
  3. An IDE for writing the language.

As a programmer, this is super exciting to me because it feels like I spend too much time fighting against the limitations of the visual language. Now I can use the programming tools I work with every day to write my little applets, and store them in version control so that I can track changes and roll back mistakes.

It’s not a perfect system as the design of the Shortcuts app means that getting the compiled code into it is a little convoluted (but automated and as smooth as possible). That’s on Apple, though, and not Jellycuts. The author has done an amazing job with the tools available to them.

Jellycuts is a game changer. I haven’t gotten far with it yet, but if it works as promised on larger projects, I see it becoming the way I write Shortcuts. Get it at https://apps.apple.com/us/app/jellycuts/id1522625245.

Review: Apple Fitness+

I’ve been using Apple’s Fitness+ service since it came available. It’s still a young product and has lots of room to improve, but its fundamentals are solid. This is what I like and dislike about it.

What I like: doing the exercises

First, the workouts themselves are excellent. They offer exercises I’m not used to, and I’ve found that working with a trainer, even a pre-recorded one that isn’t talking to me personally, motivates me to push harder than I do when I’m working out alone. At the end of a workout I’m exhausted, and the next day my body reminds me that I did something difficult.

This is the litmus test, after all. A trainer that doesn’t challenge and doesn’t push me harder than I would push myself isn’t much of a trainer. Fitness+ meets this requirement in spades.

Second, Fitness+ has a lot of workouts. When it’s time to use one, I want help picking one that’s appropriate to me. The app’s “discoverability” is… decent:

  • I pick a type of workout (like strength, core, or yoga) I’d like to try, and use the filter to choose a length of time I’d like to work out. I want to do strength training for 20 minutes? Here’s a list.
  • From that list I choose a trainer. This is convenient if there’s one I like and I want to see more of their workouts, but not as helpful for choosing between them. The app makes the trainers’ biographies available but I was overwhelmed with choices the first time.

If I know what workout I want to do, and which trainer I want to work with, Fitness+ is fine.

What I don’t like: finding the exercises

But that discoverability is barely sufficient, and leads to my sole criticism. Fitness+ could and should help me find new workouts that are appropriate for me personally, and today it doesn’t.

Within selections, the main differentiator in a screenful of similar-seeming workouts is the genre of background music. I know people may have strong preferences here but I don’t. As of writing there are 15 “Strength with Gregg” workouts. At a glance, I can’t tell the difference between them. Every screenshot shows exercises for both upper and lower body, even though most workouts target certain muscles. Navigating through each available workout exposes that information but it’s a lot of work when I’m ready to start lifting weights and would rather lift than investigate. Better titles like “Leg Strength with Gregg” would help a lot here.

There’s not an option to like or dislike workouts. I want a recommendation system like Apple Music’s: tell me what I might like based on what I’ve enjoyed, not just what’s similar to what I did last time.

Descriptions of workouts are more vague than they should be. For example, one reads “the focus of this workout is upper body, with a new element added to each move as you go.” But what part of my upper body? I want to know:

  • Which exercises a workout includes. If my shoulder hurts, I might want to skip lateral raises.
  • Which muscles groups it exercises. Sometimes I’d like to target specific areas like glutes or biceps or shoulders or quads.

If Fitness+ had filters that let me specify that I’d like to work my triceps and lats for 20 minutes, or find one that includes hammer curls because that sounds good today, I’d use it a lot.

Workouts need more audio cues. I spend a lot of effort trying to look at the TV so I can pace myself with the trainer, and would like a consistent signal to complete a rep. I wish the producer would add a chime or beep after each movement so that I could follow along without contorting to see the screen.

Finally, many other Apple apps use Siri to power smart recommendations. Putting all the above together, I’d like to see a Fitness+ notification like “you skipped leg day. Here’s a good leg workout you’ll going to like.” It’s easy to rationalize skipping a workout, but harder when someone’s reminding you that you’ve been a couch potato and giving you personalized suggestions for changing that.

Summary

It’s tricky to find an exercise I want in Fitness+, but that’s because there are so very many excellent ones to choose from. And that’s the important part: once I find workouts I like, they motivate me to work harder than I would on my own. I’ve found the accountability, even if it’s to someone who can’t see me and who I’ll never meet, to keep me moving. I am stronger and healthier for using the app than I would be without it.

Apple Fitness+ may have some rough edges, but for a new service that’s still improving, I’m into it.

Review: Hook by CogSci

I’ve been playing with Hook, an app I’ve started hearing about. It’s an interesting bird, and its own docs didn’t explain why I should want to use it. That’s too bad, because after downloading it and playing around for a few days, I understand why people are excited about Hook.

Let me try my own explanation:

Hook knows how to talk to a lot of other apps (about 150 as of now) and ask or direct them to do a few things:

  • Get the ID of the active item in the app, like the omnifocus:///task/... link of the selected item in OmniFocus.
  • Open the item in the app with a given ID.
  • Get the name of the active item in the app, like the title of the front tab in Safari.
  • Create a new item in the app.

Those first 2 options are interesting because many of its supported apps don’t offer their own URL scheme. You can refer to a web page by its address or an OmniFocus object by its URL as seen above, but Apple’s own Notes app doesn’t offer a way to make a link to a specific note. Hook solves this by offering its own URL scheme. For instance, if I try to open the URL hook://notes/dt/1498065293 on my Mac, it opens the Hook app, which sees that it’s supposed to open the Notes app, and uses AppleScript or JavaScript wizardry to go straight to the desired note. Or consider emails, each with their own unique Message-ID. Hook accepts URLs like hook://email/[Message-ID] and opens them in your favorite mail app, even if you’ve moved the mail to a different folder or switch mail apps since you copied the link.

That’s slick, and if Hook only allowed me to deep link straight into Mail and Notes and Finder and iTerm (!!!) and VS Code (now you’re showing off), it would be invaluable.

The “a-ha!” moment was understanding that Hook itself stores links between objects, even if they’re not editable. For example, suppose you’re viewing a PDF and it reminds you of a web page. You can ask Hook to copy the PDF’s location in Finder. When you open the web page in Safari, you can use Hook’s “Hook to Copied Link” action to make a two-way link (the eponymous “hook”) between the PDF and the web page. That is, if you come back to that web page a week later and wonder what PDF it reminds you of, you can press the Hook shortcut and it will pop up a list of all documents “hooked” to that web page. Use the arrow keys to scroll down to the PDF and press enter, then voila!, it opens the PDF for you.

This is the magic in Hook: you can make linkages between resources that aren’t under your own control. You don’t download a webpage and then edit its metadata to link to the PDF. Hook says “oh, when you’re looking at this page, I’ll remember that it made you interested in this PDF”. And even if that PDF can’t be edited to add a link to the webpage, Hook manages that association for you.

In this sense, Hook is like a personal wiki, except that you don’t have to edit a page to associate bits of data and that doesn’t have to be in the same app. You open the first item and press a few keys, then open the second item and press a few more, and now your system knows that you think these 2 items are related and can remind you of that later. That’s powerful. It’s easy enough to make a link from a Things action to its information resources in DEVONthink. Linking from DEVONthink information back to Things so that you can bounce right back to your project planning without lifting your hands from the keyboard? That’s harder, and it’s the true value of Hook.

A note on terminology: giving things a good name is hard, but I might’ve called “Hook to Copied Link” almost anything else. My mind kept reading “Hook” as a noun, as though I were converting it to a “Copied Link” similar to calling “JPEG to PNG” in a graphics program. Instead it’s a verb: “create a link back to the item whose link is in the clipboard” is clearer to me, although too verbose.

Hook is available in a free version that’s focused on opening links, not making them. The idea is that you can send your coworker a link to a file stored in Git or Dropbox, or an email they were Cc’ed on, and they can go straight to it. That’s nifty, but in practice I can’t imagine my friends tolerating this: “hey Tom, I’m going to send you a link, and you’ll need to download this free app from…” “Stop right there.” Hook is cool and I’ve told several friends about it, but I’m not kidding myself about the likelihood of them all installing it.

Maybe I’ll look back on this in a few years and laugh at my own skepticism because it became the universal standard app that everyone uses, but I’m not counting on it.

Licensing

CogSci, Hook’s authors, have an interesting licensing model: if you buy the “essentials” or “pro” version, you can use any new versions that come out within 12 months of your purchase date for free, forever. If newer versions come out with features you can’t live without, you can buy a discounted renewal license that’s good for another 12 months of updates.

I love this idea. I hate renting software, and this is a nice compromise between an unsustainable “buy it once and get free support for the rest of your life” and “keeps working as long as you keep paying”. I wish this licensing model were the norm.

Drawbacks

The few things I dislike about Hook are minor:

  1. It’s not available for iPhone and iPad. I’m not sure how an iOS version of Hook would work (perhaps through the Share action? Through drag and drop?), but I wish it were on my favorite mobile platforms. I’m using my iPad for a lot of work I’d would have used my Mac for before and cross-platform tools are splendid. An mobile “Hook Lite” version that supported opening hook:// links would help a lot.
  2. I haven’t met another person using it. Although I’ve read articles about Hook, I’m the only person among my friends, family, and coworkers who has it installed. The link sharing idea could be brilliant if it becomes ubiquitous but I don’t want to be its lone evangelist among the people I know, many of whom are still annoyed by my Emacs and Amiga days.
  3. CogSci: please ask someone who doesn’t work with you to review your home page. All the information there is technically accurate, but much of it only becomes clear to users who’ve downloaded Hook and experimented with it. If I hadn’t been evaluating the app on the recommendation of a friend, I might not have downloaded it. Your app is cool. Give it some marketing love!

Summary: try it.

I like Hook. I haven’t registered it yet but I’m leaning that way. Again, if Hook only allowed me to create deep links into apps that don’t natively support them, that’s enough reason to buy it. I’m not sold on the life-changingness of the bidirectional links between documents — not because I don’t think it’s an wonderful idea, but because I’m a sucker for things that promise to be the cure for what ails ya and then become disillusioned when they’re not as amazing as I’d hoped. For example, I’d heard that Zettlekasten note keeping is the magic key to life-long productivity, but realized that it’s a nice solution to problems I don’t have. I’m being cautious about Hook for the same reason. But skepticism aside, I think its core conceit that making links between all your related resources is valuable has merit, and Hook makes this easy. I’m still in the trial period my wish is it’s as helpful as CogSci thinks it will be.

Try Hook. I think we’re going to like it.

Mastodon apps for iOS

Updated: November 11, 2022

There are several excellent Mastodon apps for iOS and iPadOS. These are the ones I’ve tried.

Criteria:

  • A good app is stable and (at least nearly) crash-free. This rules out a few apps I’ve tried that I’m not including here.
  • Mastodon evolves with new features like polls. The best apps are updated with support for these new features.
  • I use an iPhone and an iPad. Apps that don’t support both platforms are non-starters for me. It’s possible I could find a brilliant, flawless iOS-only app and a different iPadOS-only app and be happy with the combination, but that’s unlikely to happen. Bonus points for apps that have Mac versions.

Here are my recommendations that mostly meet those requirements.

Metatext

I stumbled across Metatext and I’m glad I did. It feels native in ways that other apps don’t and looks beautiful on my phone and iPad. I’ve used it as my main app since its release and recommend it to all my friends. Development has slowed down recently, but it feels “finished” without any obvious bugs or missing features. If you’re bored with your current app and want to try something new, get Metatext.

Toot!

Toot! is a favorite. It’s rock solid, updated frequently, and good looking on both iPhone and iPad. I suggest this for anyone getting started with Mastodon. The sole thing I don’t love is that it doesn’t always “feel” like a native iOS app, as opposed to say an alternative web interface. I’m picking nits, though: if you stop reading and install Toot!, you’ll be fine. It’s great.

Mast: for Mastodon

Mast looks and feels different from the other popular apps with its multi-column layout, and I appreciate its fresh take on how a Mastodon client can work. It’s a beautiful experiment. I can’t recommend it right now because it has significant bugs, like crashes and timelines which don’t refresh even when you try to manually refresh them. Its author released a popular Twitter app, Aviary, which I suspect has been taking their attention. This means it hasn’t been updated recently and I worry that it might be abandoned. Still, Mast supports iPhone and iPad and Mac and Apple Watch, which is amazing, and I’m watching it to see if the author resumes regular development. I hope they do.

Mercury for Mastodon

Mercury is a gorgeous, new, native-feeling app. I think it’s going to be a good option. It’s iPhone-only today with iPad support on their published roadmap, and I’d like to see that happen because it’s already a solid alternative for people who just use an iPhone. I’m monitoring Mercury’s development, too.

Honorable mention: Linky for Twitter and Mastodon

Linky is for posting to Mastodon, not reading it. I use this brilliant little app for sharing links to interesting websites, photos, or songs I’m listening to. It’s scriptable with x-shortcut-url, so if you’re technically savvy you can use Shortcuts, Drafts, or other apps to post things you’ve written. If you share a lot of content to Mastodon from other apps, Linky is your friend.

See also

Mastodon for iPhone and iPad is the official app brought to you by the people who made Mastodon. In spite of that, it lacks (or at least hides) vital Mastodon features, such as the local timeline. It’s ok if you’re joining one of the large, generic instances like mastodon.social that don’t have meaningful local communities, but offers a substandard experience on cozier instances.

Google v. Oracle - victory!

This morning the US Supreme Court ruled for Google in Oracle’s case against them. This is wonderful news for American software engineering as the opposite ruling would have been disastrous for the entire industry.

Consider a comprehensive, albeit farfetched, analogy that illustrates how the API is actually used by a programmer. Imagine that you can, via certain keystrokes, instruct a robot to move to a particular file cabinet, to open a certain drawer, and to pick out a specific recipe. With the recipe in hand, the robot then moves to your kitchen and gives it to a cook to prepare the dish. This example mirrors the API’s task-related organizational system. Through your simple command, the robot locates the right recipe and hands it off to the cook. In the same way, typing in a method call prompts the API to locate the correct implementing code and hand it off to your computer. And importantly, to select the dish that you want for your meal, you do not need to know the recipe’s contents, just as a programmer using an API does not need to learn the implementing code. In both situations, learning the simple command is enough.

I think that’s a great analogy, if I do say so myself.

Favorite apps: Copied

I think Copied is the best clipboard manager available for Apple devices.

I use Copied constantly. It lets me copy 3 different things I see on a web page, then quickly paste them into a text editor without bouncing between the two apps several times. It lets me search my history for stuff I’ve copied earlier, even if I’ve done other things since then. It’s one of the first apps I install on a new device.

I have a few a hard requirements for a clipboard manager:

  • It must sync across all my devices. Sometimes I start work on my iPad, or even my iPhone, and later move to a Mac. Other times I start on my Mac then switch to a portable device. I want the things I’ve copied to be available in all these places.
  • It has to be rock solid. When I’ve become used being able to access my clipboard history, and then discover it’s not available because the app has crashed and hasn’t been recording, I’m not happy.
  • It’s got to be quick. If I’m in the zone working on a project, I want to summon the app with a key press, select the item I want to paste with my keyboard, paste it with my keyboard, then have the app go away.
  • The user interface has to be simple. See above. A clipboard manager is a tool that I want to use for one thing and have it disappear until the next time I need it. I don’t want to spend more time playing with its interface than is necessary. It’s not an app I’m going to have open for a while as I poke around in it.

Copied meets all those requirements, and a one time $6 purchase (with family sharing!) covers Mac, iPad, and iPhone apps that sync together with iCloud. It’s simple, quick, reliable, and available everywhere I work. And did I mention it’s a one time purchase? There’s nothing more I could want.

Note that development had paused for a long time after its version 3 came out, and the app stopped working on macOS Catalina. In late 2020 the author released an updated version 4 that works perfectly with Catalina and Big Sur. A few old reviews lament that it broke with an OS upgrade but that’s old information.

If you’ve wished you could copy several things in a row and paste them, or recall something you copied last week, install Copied. It’s great.

Alternatives

Apple’s own Universal Clipboard is excellent, but limited: it uses only Bluetooth to sync directly between devices and requires them to be near each other, it doesn’t keep a history of previously copied items, and it doesn’t support older devices. You can’t beat free, though.

Paste is another great app, but it has two things I don’t like:

  • The user interface is pretty but much more complex. This is a matter of personal taste but I find it too powerful. Again, I want to pop in and out of a clipboard manager as quickly as possible, and don’t want anything that slows this down or breaks me out of my thinking.
  • It’s hella expensive at $10 per year, or $15 per year for the family plan. That’s way more than I want to spend for a utility that spends almost all its time in the background.

Pastebot is a wonderful Mac-only app. If it had iOS and iPad apps that it synced with, I’d have a hard time deciding between it and Copied. Alas, it doesn’t.

Gladys, Anybuffer, Yoink, and Unclutter are beautiful shelf apps, but are way more complicated than I want in a clipboard manager, and not as good at that specific task as the dedicated apps are. Several of these don’t have cross-platform sync.

Update 2022-03-29: From what I can tell, Copied is dead. Its web page is empty and it’s no longer available in the app store. That’s a pity and I miss it. Until a better option comes along, I’ve bitten the bullet and subscribed to Paste.

Smart progress bars

Progress bars suck at predicting how long things will take. I’ll tell you what I want (what I really really want): a system-wide resource that receives a description of what the progress bar will be measuring and uses it to make an informed estimate the entire process’s duration. For example, suppose that an application installer will do several things in series, one after another. Perhaps an explanation of that process could be written in a machine-readable format like this:

vendor: Foo Corp
name: My Cool App installer
stages:
- Downloading files:
  - resource: internet
    size: 1000  # Number of MB to download
- Extracting files:
  - resource: disk_read
    size: 1000  # Size of the downloaded archive file, in MB
  - resource: disk_write
    size: 2000  # Size of the extracted archive file, in MB
- Copying files into place:
  - resource: disk_read
    size: 2000  # Now we read the extracted files...
  - resource: disk_write
    size: 2000  # and copy them elsewhere.
- Configuring:
  - resource: cpu
    size: 100  # Expected CPU time in some standard-ish unit

Because I’ve used the progress bar resource before, it knows about how long each of those things might take:

  • Since I’m currently on my fast home Internet, that download will probably last about 20 seconds.
  • I have a fast SSD, so the “Extracting files” step might be 6 seconds long.
  • “Copying files into place” will run at about the same speed, for another 8 second.
  • My shiny new CPU can chew through 100 CPU units in 10 seconds.

Ta-da! The whole installation should run about 44 seconds. When the installer runs, instead of updating the progress bar manually like

update_progress_bar(percent=23)

it would tell the resource how far it had gotten in its work with a series of updates like

update_progress_bar('Downloading files', internet=283)
...
update_progress_bar('Copying files into place', disk_read=500)
update_progress_bar('Copying files into place', disk_write=500)
...
update_progress_bar('Configuring', cpu=30)

The app itself would not be responsible for knowing how what percent along it is. How could it? It knows nothing about my system! Furthermore, statistical modeling could lead to more accurate predictions with observations like “Foo Corp always underestimates how many CPU units something will take compared to every other vendor so add 42% to their CPU numbers” or “Bar, Inc.’s website downloads are always slow, so cap the Internet speed at 7MB/s for them.” Hardware vendors could ship preconfigured numbers for new systems based on their disk and CPU speeds where the system can make decent estimates right out of the box. But once a new system is deployed, it gathers observations about its real performance to make better predictions that evolve as it’s used.

We should be able to do a much better job at better job of guessing how long it’s going to take to install an app. This solution needs to exist.

Little League wants all your information

To sign kids up for our city’s Little League baseball program, you have to prove that they’re residents, which is reasonable. What’s not reasonable is the amount of information you have to provide on the registration website. You have to upload scans of a document in each of 3 categories:

Proof of Residency 1 Choose one of the following: Driver’s license, School records, Vehicle records, Employment records, Insurance documents

Proof of Residency 2 Choose one of the following: Welfare/child care records, Federal records, State records, Local records, Support payment records, Homeowner or tenant records, Military records

Proof of Residency 3 Choose one of the following: Voter’s registration, Utility bills, Financial records, Medical records, Internet, cable, or satellite bills

That alone is ripe for identity theft, but couple it with their privacy policy which includes this (emphasis mine):

Without limitation, this typically requires the use of certain personal information, including registration data, event data, and other personal information, to provide program information, special offers or services through Little League and/or its trusted sponsors, partners, or licensees, to fulfill your requests for information or products/services, to maintain a list of verified and eligible participants, to maintain a list of volunteers and provide them with the operating tools to manage leagues, or to respond to your inquiries about our programs.

In other words, you have to upload your most private information and agree to allow them to do as they like with it, including sharing it with whomever they like for any reason they choose.

This is unacceptable.

Update 2021-05-20

I contacted the company that manages Little League’s registrations and asked them to delete the documents I uploaded in order to sign up. They replied that their policy is to do that as soon as they’ve been evaluated. I asked the company to verify that they’d deleted our documents specifically. They replied with a video demonstrating that the files were no longer available. Great! The video included the PII of the families on either side of us on the list. Not great!

And that’s one big reason why I didn’t want to trust them with our information in the first place.

Our info plus a couple of other families'

New favorite command: Zoxide

My favorite new command is zoxide. It’s like a faster z, autojump, or fasd.

In summary, it learns which directories you visit often with your shell’s cd command, then lets you jump to them based on pattern matching. In the event of a tie it picks the one you’ve used most frequently and recently. For instance, if I type z do then it executes cd "~/Library/Application Support/MultiDoge" for me because that’s the best match for “do” in recent history. An optional integration with fzf lets you interactively search your directory history before jumping to one.

It’s lightning fast and integrates perfectly with common shells (even Fish which is my favorite).

I didn’t even know I’d been missing a tool like this.

"Let''s Fix OmniFocus", indeed

If you use OmniFocus, you should check out Paul Sahner’s Let’s Fix OmniFocus post:

But lately there has been a growing demand for the company to rethink the user experience and interface of OmniFocus. As popular competitors like Things win acclaim for their clean, modern appearance, OmniFocus – for all of its power – appears stuck in another time period. So I wanted to see what it might take to re-imagine the OmniFocus suite of apps. The answer, it turns out, is not so simple.

Simple or not, Paul’s idea of how a unified Mac / iPad / iPhone interface might work is absolutely gorgeous. I didn’t know I could want this so badly.

Use local Git repos for personal work

I’ve heard a lot of online arguments about whether you should host your Git-based projects in GitHub or GitLab, but a lot of them miss an obvious option. Is this repo for your own personal work that you don’t intend to share with others? Great! You can host unlimited, free, completely private repositories on your own system. Here’s the complete process:

$ mkdir -p ~/src/myproject
$ cd ~/src/myproject
$ git init --bare
$ cd ~
$ git clone ~/src/myproject
$ cd myproject

There, you’re done. Now you have a 100% fully functional Git repo that doesn’t require a network connection and supports every single Git feature. Pull it, push it, branch it, revert it, whatever: it’s your own repo and you can do whatever you want with it. And you don’t have to sign up for anything, or agree to a Terms of Service, or share your work, or trust a company you don’t know very well.

If you want to move your repo to another server later, you can copy ~/src/myproject to its new home via whatever means you find most convenient, use git remote set-url origin [...] to point your existing work toward the new location, and then go on about your business as usual without changing any of your workflow.

GitHub and GitLab have a lot of nice features that may be totally irrelevant if you’re not collaborating with a team. Never forget that you can host Git projects yourself, easily and for free.

Oh, and if you do find yourself needing to work with a handful of people and don’t need all of the integration features of the commercial options, I highly recommend Gitea. It’s a tiny little service you can host yourself and it takes very few resources. I use it whenever I need my Git repo to be accessible across the Internet.

Dell doesn't honor warranties

In late August 2020, I bought my kid a new Dell SE2419HX monitor for his birthday. School was starting back and his laptop’s built-in screen was turning out to be too small for him to use for remote schooling. (If you’re reading about this in the far future, this was the year of COVID.) It arrived a few days later and we plugged it into his computer, sat it on his desk, and watched him happily use it for the next few months.

In February 2021, the monitor stopped working. Although it would still turn on, it had a little window on the screen saying “No HDMI signal from your device”. I swapped in a few known working HDMI cables and even tried connecting it to another computer. Nothing worked, so it seemed clear that its HDMI port was busted. We gave the kid an older TV to use temporarily while I worked through Dell’s warranty process. This involved a few days of back-and-forth with their support department, and they eventually asked me for two pieces of information:

  1. The receipt from purchasing the monitor
  2. A photo of the support case number, my name, and the current date written on a piece of paper and held next to the monitor’s serial number sticker to prove that it really existed

The next day they replied with a terse email:

We have received an update from our internal team and unfortunately, we are unable to process the request for the Monitor replacement as the account information of the system does not match with your information.

Please contact the store/person where you purchased the system for further assistance. Proof of Possession seems to be Invalid/tampered with/fake.

What? I replied that this must be a mistake and asked them to review the evidence again. I got back a nearly identical copy of the prior email, with an apology “for any inconvenience this may have caused you”. I replied again: yes, but there’s been a mistake on Dell’s end, and please fix this. I got back another nearly-identical with the same apology, plus a cryptic “WE have limited access”.

At this point my confusion was turning to anger. I replied to insist that they fix my broken monitor, problems on their end be damned. The same support supervisor replied:

We apologize but we cannot warranty support this monitor with the available information.

At this point I vented a little on Twitter, and the @DellCares account replied to me to ask me to send them a direct message. I did, explaining the situation. They replied with a copy-and-paste of the last unhelpful email I’d received.

The happy resolution to Dell’s utter failure to honor their warranty is that Amazon made good on it. Even though the purchase was outside their normal return window, because Dell was so horrible, Amazon made an exception and allowed me to return it for a full refund. For that, I greatly thank them.

I have a guarantee of my own: under no circumstances will I allow Dell junk into my home again.

Automating this static website

I use the Hugo website generator to create this website out of a bunch of Markdown fils. A lot has been written about this approach, but the main advantages are that the site can load quickly even when it’s serving a lot of traffic, and you don’t have to worry about bugs in the blog software when there isn’t any. The downside is that you can’t post to it as easily when you’re out and about on a mobile device.

I wired up a nice little workflow for making it as easy easy to post here with my iPad as to a Wordpress site:

  • I write the blog post in Markdown in the Drafts app.
  • When done, I run an action that triggers a Shortcut which adds it to a Git repo in the Working Copy app, commits it, and pushes it to my Gitea server.
  • A cron job on the web server runs a git pull from Gitea, runs Hugo to generate the site, then copies the output to the web server.

So the plumbing is a little more complicated than just opening a website form and clicking a “post” button, but from the user’s perspective it’s every bit as simple. iOS and iPadOS are starting to get a nice ecosystem of Unix-style “do one thing and do it well” tools that can be strung together with scripting.

Security training for the masses

My company is going through its annual HIPAA privacy and security refresher training. This is a good thing and I wholeheartedly support it, as it’s always nice to be reminded of some of the details. “Oh, I forgot that we’re allowed to do X! That’s good to know.”

But the most irksome thing in the world is when you know the right answer to a test question but are required to give the wrong one to pass it. For instance, we were asked:

If you then connect with a VPN, will that ensure a file sent via email will be secure all the way through to its destination? Yes / No / Maybe

Test says: maybe! If you change nothing about your setup except adding a VPN into the mix, you may now be able to send email securely.

I say: The correct answer is “of course not”. Our company uses a “split tunnel” VPN so that only connections to certain services go over the VPN but the rest of our traffic goes over the open Internet? Do we need to route someone’s after-hours Netflix viewing through an encrypted connection? No thank you. But even without that, once you send an email to your own server, you have no control over what happens next. Does the recipient’s server support TLS connections? Are emails stored on that server encrypted at rest? Does their email app require TLS? Who knows! You sure won’t. So no, a VPN absolutely does not guarantee an email will be secure all the way through to its destination.

If you encrypt the file you are emailing, will that ensure a file sent via email will be secure all the way through to its destination?

Test says: yes! If you encrypt an email to an employee at another company, it’s guaranteed to be secure.

I say: Maybe, sure. I’d even go so far as saying it probably will. However, for all I know the recipient’s company uses some key escrow thing that lets them decrypt and analyze all inbound mail, and Joe from IT occasionally sells the interesting ones to North Korea.

Thing is, our particular training program is for the most part pretty decent, as far as such things go. Again, I’m glad we’re doing it. I just wish their post-training exams were a little more carefully worded.

Google v. Oracle, by analogy

Suppose Joe opens a restaurant. He hires a waiter who is really great at following directions, but speaks no English. Over time, Joe comes up with a way of working with this waiter that’s very precise and detailed. You can ask the waiter for things like “order burger plus cheese plus ketchup no tomato no onion” or “bring check” or “bring water”. However, you have to say things exactly the right way each time. You can’t just say “order cheeseburger” instead of “order burger plus cheese”, or “bring me some water” instead of “bring water”. If you do, the waiter will only say “I don’t understand” and wait for you to say it the right way.

All of this is explained on the menu, and the waiter is otherwise good enough at his job that people are willing to learn the Joe’s Cafe way of ordering their food and asking for the check afterward.

A while later, Gina decides to open a different restaurant across town from Joe’s place. Her food is nothing like Joe’s, she uses different suppliers, her kitchen has a brand new setup she invented herself, and she uses little robot dogs instead of waiters. However, she does a little market research and finds out that a lot of people in her city are use to ordering food the Joe way. To make it easier for her customers, she programs her robot dogs to respond to requests the same way that Joe’s waiter would. Then they’ll be able to order food and enjoy her restaurant without having to learn a whole new system!

Now, at Joe’s, if you say “order burger plus cheese”, the waiter writes this down, carries the order to the kitchen, and hands it to the cook. The cook follows the instructions, hands the food to the waiter, and the waiter takes it back to the table. Gina’s restaurant doesn’t have burgers, but if you tell her robot dog to “order steak plus potato”, it transmits the order via radio to the kitchen where a 3D printer makes it and then sends it to your table via a flying drone.

In other words, you place your order at Gina’s restaurant the same way you would at Joe’s, but almost everything else about the process is completely different because Gina came up with her system from scratch. As it turns out, a few orders do happen to work the same because there are only so many ways to react to “bring water”. That’s natural, though. Gina didn’t copy Joe’s “leave the table, fill a pitcher with water, bring it back to the table, and fill the empty glasses” process; that’s just the way you do it.

This is same as the relationship between Oracle and Google. Oracle bought a company who made a programming language called Java that became popular. When Google was making their Android phones, they wanted to make it easy for developers to write apps and games for it. Since so many people were already familiar with Java, they decided to let developers use it. However, they made their own Java from scratch that looks like Oracle’s Java from a programmer’s point of view but is completely different behind the scenes. As with Joe and Gina, the way you place your order is the same, but that’s where the similarity ends.

Oracle is suing Google because they say it’s unfair that Google allowed their developers to write programs in something that looks like Java, except without it actually being Java, and that Google should pay them for the privilege.

If it’s not reasonable that Gina should have to pay Joe just because her robot dog knows how to respond to “order steak plus potato”, then it’s not reasonable that Google should have to pay Oracle since they didn’t use any of Oracle’s underlying work.

Google is asking the US Supreme Court to declare that they didn’t copy Oracle’s programming code when they created their own work-alike system. For the sake of the US software industry, I hope Google wins.

As a personal note, I don’t like eating at either Joe’s or Gina’s restaurant. The food’s awful in both places. I still don’t think that Gina (or Google) owe Joe (or Oracle) anything.

November 2020 Voting Guide

These are the notes I collected to determine how I’m going to vote on November 3, 2020. I’m posting this not to tell you how you should vote, but to share my reasons for why I’m voting this way.

United States

President

Biden is the only serious candidate.

Congress

U.S. House California District 13

Barbara Lee (D, Incumbent)

California

State Assembly District 18

Rob Bonta (D, Incumbent)

State Senate District 9

Nancy Skinner (D, Incumbent)

Ballot measures

Prop 14: Stem Cell Research Institute Bond Initiative

Slightly oppose: It’s a good thing to research and support in general, but this isn’t a good time to incur more public debt.

For

  • Gavin Newsom
  • Cal Dems
  • Diabetes research
  • University of California regents

Against

  • No one organized group
  • Main argument: it’s a $5B bond issue we can’t afford right now, even if it’s probably a good thing.

Prop 15: Tax on Commercial and Industrial Properties for Education and Local Government Funding Initiative

Support. Raises taxes on large companies while specifically exempting houses, farms, and small businesses.

For

  • Everyone

Against

  • CA Republicans
  • Coalition of industrial property owners

Prop 16: Repeal Proposition 209 Affirmative Action Amendment

Support. Prop 209 ended affirmative action. This doesn’t bring it back, but allows it to be considered when it makes sense.

For

  • Cal Dems
  • Everyone else

Against

  • Cal GOP

Prop 17: Voting Rights Restoration for Persons on Parole Amendment

Support. If someone’s done their time, then they should be able to participate in society again.

For

  • Everyone

Against

  • CA Republicans

Prop 18: Primary Voting for 17-Year-Olds Amendment

Mildly support. It seems goofy to allow a 17 year old to vote in the primary for someone they can’t vote for in the actual election, but it’s probably not the end of the world

First time we have a record turnout because a YouTuber urges everyone to support Deez Nuts for the CA Democrat nomination, I’ll protest this with a pitchfork.

For

  • Gavin Newson
  • CA Dems
  • ACLU

Against

  • Not really anyone

Prop 19: Property Tax Transfers, Exemptions, and Revenue for Wildfire Agencies and Counties Amendment

Oppose. This is charity for the rich. You can sell your house and transfer the low tax basis to a new, more expensive house three times? No way. It has some good ideas but we should weigh them in a standalone proposition, or better, a state bill.

For

  • Everyone

Against

  • ACLU

Prop 20: Criminal Sentencing, Parole, and DNA Collection Initiative

Oppose. This is a charity to the prison systems. Collecting DNA on shoplifters and drug possessors? WTF.

For

  • CA Republicans
  • Police associations
  • Albertsons Safeway?

Against

  • CA Dems
  • ACLU

Prop 21: Local Rent Control Initiative

Support. It makes sense to let cities experiment. If it doesn’t work locally, change it. What’s good in Oakland may suck in San Diego and vice versa.

For

  • Bernie
  • Employee unions
  • Underlying theme of endorsements: “let cities decide which policies make sense for them at the local level.”

Against

  • Gavin Newsom
  • Builders unions
  • Underlying theme of opposition: “Will reduce incentive to build affordable housing.”

Prop 22: App-Based Drivers as Contractors and Labor Policies Initiative

Oppose: This is some bullshit charity for Uber, Lyft, and Door Dash.

Everything about this seems to be a lie. For example, it provides a good minimum wage, but only while the drive is actively on a run, not when they’re between runs.

For

  • GOP
  • Police unions
  • Chambers of commerce

Against

  • Everyone else

Prop 23: Dialysis Clinic Requirements Initiative

Oppose: No, and stop asking. No one wants this. As a prop, it’s super hard to get rid of if it turns out to be a horrible idea.

For

  • Healthcare workers union. This would require clinics to hire more workers. It’s a job handout.
  • Cal Dems

Against

  • Cal Republicans, oddly enough
  • Cal Medical Association. Doctors are saying this isn’t necessary.
  • Cal Nurses union

Prop 24: Consumer Personal Information Law and Agency Initiative

Oppose. I generally support privacy laws, but this has issues. The EFF described Proposition 24 as “a mixed bag of partial steps backwards and forwards.” I’m very skeptical of a privacy bill that the EFF doesn’t actively endorse.

Come back next election with a better version and I’ll totally back it.

For

  • Some CA Democrats
  • CA firefighters union?

Against

  • Republicans
  • Greens
  • CA nurses association
  • ACLU

Prop 25: Replace Cash Bail with Risk Assessments Referendum

Support. End the cash bail system. Don’t let “perfect” be the enemy of “good”. This is a good idea.

For

  • Everyone

Against

  • ACLU doesn’t like the new assessment system, which is a legit concern.

Alameda County

AC Transit District

Director At-large

Peeples (Endorsed by papers. Opponents aren’t bad, but Peeples is more experienced and seems to be pretty good at this.)

Peralta Community College District Trustee

Heyman (Incumbent; opponent doesn’t have much reason to vote for him.)

Superior Court

Condes (Supported by majority of progressive groups. Opponent isn’t awful, though.)

Measure V: Sales Tax

Support. Extends the existing sales tax.

Measure W: Sales Tax

Lightly oppose. Good to fund housing and services, but we’re already slammed with super high sales taxes and that feels regressive.

City of Alameda

Auditor

Kearney (unopposed)

AUSD board

(Best profiles, and endorsed by groups that seemed relevant.)

  • Aney
  • Little
  • Williams

City Council

(By ruling out other candidates, not as an endorsement of these)

  • Codiga
  • White

Measure AA

Mildly support. It’s goofy that voters are being asked to rule on this petty internal bickering, but here we are.

Measure Z

Mildly oppose. Allows altering existing 3-bedroom homes into 2 1-bedroom. Parking and traffic are already bad. We couldn’t live in Alameda if we couldn’t find 3-bedroom housing.

Treasurer

Kennedy (unopposed)

Sources

Staying away from WD NAS drives for now

Western Digital just admitted to Tom’s Hardware that they use a notoriously slow technology, shingled magnetic recording (SMR), in the WD Red drives they market for use in high performance storage devices. This is a very bad look for them.

I just replaced my last 6TB Red with a Seagate IronWolf over the weekend (coincidentally; it had nothing to do with this). In my experience, Reds have a nasty habit in their old age of taking performance nosedives without reporting any SMART errors. Suddenly my storage volume would be slow and pegged at 100% utilization without anything out of the ordinary running, but everything would look OK otherwise. My NAS’s resource monitor would show that all drives are at like 30% utilization, except for a single Red hovering at the top of the graph. The drive would show no errors or really any problems at all, but would be slow as molasses for no apparent reason.

This has happened to me three times now, and each time the fix is to replace the lame duck Red. My storage volume over the weekend was actually faster during the RAID rebuild than it was with the dying drive.

I don’t trust Western Digital’s drives right now, which is a pity because they use to have a great reputation and I loved them.

The Kansas City Wormhole

I’ve had one inexplicable thing happen in my life. I remembered it today and texted an old buddy about it, and his memory of it was identical to mine.

One day after high school, 3 friends and I piled into my car and drove to Kansas City to meet up with some other friends who had moved there. They weren’t home when we arrived, and at some point we had the idea to go to the zoo to kill time because we thought it was free (and we were broke). Turns out the KC zoo was very much not free, so we decided to go back to our friends’ home.

We tried to take a shortcut through the parking lot of the Blenheim Square Research Hospital next to the zoo but got turned around in a series of one-way lanes and toll gates before we were dropped back onto the surface streets. Thing is, when we got back on the road and were trying to get our bearings, none of us could see the hospital we’d just left. We pulled into a gas station a block away and asked the attendant which direction we were from the hospital.

“Which hospital? I don’t know where that is.” When we asked him to show us where we were on a map, he pointed to the corner of Lamar Ave & Shawnee Mission Parkway - which was a good half an hour drive from the hospital whose parking lot we’d been in less than 5 minutes ago.

We were utterly flummoxed. I can’t emphasize this enough: our 1 block drive dropped us 30 minutes from where we’d started. We drove through a parking lot, turned around, and were… transported?… across town. Everyone was cold sober and very freaked out. When we compared notes, we all remembered it exactly the same way. We kind of jokingly (and more than a little seriously) talked about the “wormhole” through Kansas City.

To this day, my recollection of this is crystal clear and I simply cannot explain what happened that day.