It’s just wood

A few months back, I decided to start a vegetable garden. I have fond memories of gardening with my folks when I was a young boy, and I figured a garden would be a good outlet from my day to day life in tech.

Looking up and down the aisles at Lowes and not finding a raised garden bed that met my needs, I inquired with a staff member:

“Sorry, we don’t carry anything like that.”

“Darn. Ok, I’ll try another store then,” I sighed with resignation.

“You know,” he said to me, “it’s just wood.”

It took me a moment to realize how liberating this statement was. To him, woodworking held no mystery at all – it was just a thing you did. If he wanted a garden bed, there’d be no question in his mind that he’d make it himself. Why spend more on something suboptimal when you can build exactly what you want?

So I did exactly that, and we now have a wonderful, custom-built gardening bed growing some very tasty kale.


Most people let mystery stop them

We resign to not knowing how to change the oil in our car, replace a busted light switch, or develop that app idea into a real app. “You need to be an expert to do that”, we say. Thinking back to the times I’ve challenged mystery and learned to do something myself, I recall it giving me great satisfaction. And once demystified, those tasks that seemed impossible before now seem trivial.

Did you know that there are over 110K videos on youtube about replacing a light switch? Or that Hack Reactor claims 99% job placement rate after graduating their 12-week developer program? The resources you need to overcome the mysteries around you are plentiful.

Challenge mystery

When you take it upon yourself to learn how to do something, you’ve not only become more self-reliant, but you’ve expanded your mind to new possibilities. If I had settled for a pre-built planter box, I wouldn’t have been able to construct exactly the kind of box I wanted, nor improve the design along the way to fit my needs. Now the next time I want to construct something out of wood, I have the confidence to know that I can figure it out.

The best part? The more you challenge the mysteries in your life, the better you’ll get at it.

What will you demystify?

Comments welcomed on Hacker News.


Musings on the future of the iPhone

When Steve Jobs died, the rumor was that he left a playbook of sorts for Future Apple to follow.

With the release of the 64-bit ARM7 in the iPhone 5S, I’ve started to ponder if this hints at one of those far-future milestones that Jobs would have laid out: that the notion of laptops and desktops will one day simply cease to exist.

Granted, credit must be given to Ubuntu Edge for demonstrating how close that world truly is, but in hindsight, this next iteration of computing just seems so obvious. Why lug around two computing devices, when in the near future, our iPhones will be as powerful as the laptops we currently carry in our backpacks, and the desktops that used to populate the space below our desks?

Going 64-bit doesn’t seem like it will improve performance in any meaningful way in the short term, but it’s an important step in the march towards making the iPhone your sole computing device. I’d imagine Apple, knowing their marching orders ahead of time, decided to make the jump to 64-bit ahead of when they needed it.

I look forward to a day when all I have to do is plug in my phone to my monitor and get to work.


If you lost your wallet at Outside Lands, your information is now public

Update: Much has changed since I wrote this blog post! I’ve written a follow-up here and I encourage you to read that first.

If you were one of were one of the many thousands that attended the Outside Lands festival in San Francisco over the weekend and were unfortunate enough to drop your wallet – your full name and private information are now available for public consumption.


Traditionally, Lost and Found is facilitated via the exchange of information; the loser of sunglasses identifies said sunglasses with enough detail to ascertain their ownership. This safeguard exists to prevent someone from stealing items that don’t belong to them.

The organizers of Outside Lands listed all the items in their Lost and Found inventory on their web site. With good intentions no doubt, they also added photos and detailed descriptions of those items. This is rather pointless, but it also effectively defeats all security – anyone could very easily claim most of these items just by using the photos and descriptions on their site.

Most importantly, they made a critical error by listing the names on the drivers licenses and credit cards they found. Not only is this absolutely pointless (no misidentification is possible), it exposes a huge privacy invasion to unsuspecting persons (who could even be minors). For instance, using name matching alone, you can clearly identify the full name of a student at University of Central Oklahoma (name listed on ID), what state she’s from (name listed on drivers license), where she went to undergrad (name listed on ID), and where she shops for gas (name listed on Credit Card).

This is a great reminder to all us developers: with great power comes great responsibility. Just because you can make a Lost and Found web site doesn’t mean you should do so without first considering the implications.

Update: Soon after writing this post, I got a call from Travis Laurendine, the organizer of the hackathon that developed this web site for Outside Lands. He communicated that the site was released prematurely and he too was concerned about the points mentioned in my post. They took the initial version version down while they made repairs.

My intention in writing this post was certainly not to attack a group of hackers who stepped out on a limb and made something people want. I simply noticed what I felt like was an improper disclosure of information by a company that should know better, and wrote a blog post about it to find out what others thought (after emailing Outside Lands directly). The amount of interest the article generated was unexpected, but I very much appreciate the quick response taken by Travis & team; it is a testament to the ever interconnected world we live in. I look forward to seeing the newly revised version of the site when it is re-released.

So what do you think? I’d love to hear your perspective over on Hacker News.


The importance of privacy

In this day and age where web apps can be built in a day and released to millions, it’s vitally important that we leave time to consider the implications our products have on the world. I’m thankful that the folks at Outside Lands took notice and cared enough about their fans’ privacy to review and improve their Lost & Found web site when I wrote a blog post voicing my concerns that it exposed too much information

Anyone who has worked with me knows that I’m a proponent of rapid iteration. The best way to learn if a product is something people want is to actually get a simple version of the idea out the door for them to use. In fact, Hackathons themselves can be thought of as applied product brainstorming – the group doesn’t know which ideas will work best, but after 24 hours, you all have a pretty good idea which products will survive in the real world.

This is what makes hackathons such special places: they concentrate all our mental energy on the sole purpose of releasing a new product into the world. They remove all the red tape and unnecessary barriers that typically slow down dev cycles. A hacker who spends his time writing up a Privacy Policy isn’t doing it right!

When I learned that the Outside Lands Lost & Found web site was developed at a hackathon, I felt sad to think that my blog post, taken out of context, might negatively impact their ability to host another in the future. As a strong proponent of such events, this was never my intention, and I certainly hope this doesn’t happen. The folks behind this hack took a good idea and got it out quickly – there’s a lot of merit in that. Maybe they didn’t consider all the issues, but when the problem was brought to their attention, they fixed it and continued to iterate. This is how successful hacks become successful web sites.

I feel strongly that as software developers, it’s our responsibility to be aware of the privacy implications of the products we put out in the world. In a day and age when personal privacy is being challenged at every turn, it’s important that, even if we ourselves aren’t concerned about the privacy of our own information, we respect the rights of our users to control the privacy of their own.

This applies even if you’re releasing presumably “harmless” data as in the first iteration of the Lost & Found site, which exposed the type of credit card a person owned and where they went to school; without that person’s consent, you have no right to expose it publicly, even if it makes your product easier to use or simpler to build.

A part of this is just having an awareness of the issues – if we come from a place of respect for our users’ wishes, that respect will carry through to the products we create. But it’s also important that we recognize that protecting our users’ right to privacy is a vital part of releasing our products to the world – and that doing so is our responsibility as developers.

I’m certainly not advocating that we start inviting the EFF to hackathons (though I’m not against the idea, given the right construct!) – simply that we make considering privacy implications a step in the path towards public release, much as we might consider a production hardware upgrade. Am I retaining more information than I should about my users? Am I making it clear to them what information is being stored? Am I releasing information publicly that they wouldn’t want me releasing?

It seems to me that privacy has become a grey area over the years, with more and more people (especially us developers) no longer considering it an important right to defend. I personally don’t know what’s best for humankind as we forge ahead in this ever interconnected world we live in, all I know is that privacy matters to a lot of folks, so I’m going to do my best to respect that.

What do you think? I’d love to hear your perspective over on Hacker News.


Memories in the cloud

My wonderful grandmother Mary passed away last week. She was a beautiful person, filled with so much love for all.

My sister and I are putting together a slideshow to play during the memorial service, filled with pictures of her and my grandfather’s life together. It’s really wonderful how easy Dropbox has made it to compile photos from various family members.

Photos are one thing, but it’s amazing how quickly you forget everyday things about someone who has died, like the sound of my grandmother’s voice. Video is still rather difficult to share and keep readily accessible, and frankly, we just don’t have much video of her.

A wonderful surprise came when I realized that because I’ve been using Google Voice for several years, I have archives of every voicemail that my grandmother ever left me. It was such a treat to hear her voice again, and be reminded of her amazing spirit in a way that no photo could.

Messages cannot be downloaded directly, but if you use Google Takeout, you can download your messages all at once as mp3 files.

As our lives move to the cloud, it’ll be easier to look back and recall cherished memories. I’m thankful for that.

Life goes by so fast.


I break stuff all the time

Continuous integration as a development practice already feels pretty magical. Imagine writing code and then deploying it to production in one seamless step, all the while knowing that your tests have run and your application is good to go. Until recently, continuous integration was one of those dev tool nice-to-haves that we hadn’t quite found time to implement.

That day changed when we came across CircleCI: Running tests is no longer a chore to remember to do and wait for before every merge to master – it’s just something that happens in the course of committing new code to your branch. We’ve only been using them for six months now and it has quickly become one of the tools we rely on daily.

CircleCI will run your tests (which have 100% code coverage like ours do, right? 😉 ) whenever you push a new commit and email you if you break something. Honestly, how many times have you deployed what seemed like a simple fix to production, forgetting to run tests first, and ended up breaking something? CircleCI makes this a thing of the past because your tests always run.

Besides being a cinch to set up, it’s the integration with GitHub that seals the deal for me. One sunny day we noticed these curious little green checkmarks next to commits in our pull requests.

Green means go!

The integration is so clean, it looks like a GitHub feature. But clicking on those glorious checkmarks reveals a deep integration with CircleCI. If the dot is yellow and the ‘Merge Pull Request’ button is grey, your tests are being run. GitHub even chides you to ‘Merge with Caution’:

Be careful, young one

Seriously, who wants to be responsible for clicking that? If it’s a red x, you know broke something. I’m particularly familiar with this state:

Seriously, this happens all the time

But if you see that green check mark, all of your tests passed and you’re good to go! It’s the best kind of magic: I don’t know how on earth they accomplished such a tight integration, but it works wonderfully for our dev flow.

Speaking of, we’ve completely switched to a Pull Request-driven development process here at Sincerely. That is, everything destined for production starts life as a branch and ends up in a Pull Request which is reviewed by one or more of your teammates. This flow enables better code collaboration (and quality!) without slowing our process by any meaningful amount. And CircleCI integration keeps us honest: GitHub makes it very clear when a PR hasn’t had its tests run yet. You’d have to be riding quite the freight train to mistakenly commit code that breaks a test in production.

Getting started with CircleCI is like the day you switched from SVN to Git. You might spend a few hours rethinking your process and getting used to your new environment, but you’ll quickly realize that you can never go back.

It’s so powerful, I’ve even caught myself and my teammates spontaneously writing unit tests. It’s a sickness I tell you.

Have you tried CircleCI? I’d love to hear your feedback. Feel free to discuss on Hacker News or follow me on Twitter.


Join me at DIYdays SF today

2:15 to 3:15pm
PANEL: The art and science of crowdsourcing
There is power in the crowd. When they rise up they can fund, create, distribute and promote. But how do you turn an audience into an active community where members become collaborators? Panelists: Slava Rubin (indieGoGo), Skot Leach (Lost Zombie), Jason Harris (Mekanism), Bryan Kennedy (, Blair Erickson (Millions of Us) Discussion Leader: Lance Weiler

I hope you come, it should be an interesting discussion!


Battling the beast within – malware attacks my computer

I don’t know how I managed to get infected with malware, let alone this little beast (details about Antivirus 2008).

Some crazy things it managed to do to Windows XP:

1) Open itself up with a window that looked like a cross between a Microsoft product and Spybot Search and Destroy (a program I use to manage malware infections). It appeared to “scan” the hard drive for “infections” and proceeded to find 800+ infections (yeah right).

2) Remain open/active despite repeated efforts to close

3) Add gross desktop shortcut icons to porn-themed “applications” and then warn me about the “legal” implications of having them on my hard drive. God, I’d hate to be a n00b right about now.

4) Use the balloon window to inform me about “viruses found” (ala above screenshot)

5) Literally take over IE, in that any time I’d open it, I was confronted with several pop-ups prompting me to purchase “Antivirus 2008” to save my computer (blackmail anyone?)

6) Changed the desktop background to a warning message that says “Virus Detected!”. I liked my desktop background. This is pissing me off.

7) DISABLED THE TASK MANAGER! Why in god’s name would windows permit such an action, but somehow CTL-ALT-DEL resulted in a window with a disabled Task Manager button.

8) Unlink Explorer action: Somehow they managed to prevent Explorer from handling the directories – a double-click on the C drive resulted in a “How would you like to open this file?” dialog. For a freakin directory. And of course you can’t assign “always open this with explorer”. So each time I wanted to open a new window I’d have to call Explorer directly and type in the location. Sigh. This is not looking good.

9) Disable the Tools->Folder Options->View preferences screen in that “Show Hidden Files and Folders” was permanently disabled and unchangable. Presumably to hide its internals.

10) It changed the freakin “AM/PM” somewhere in the Windows language files to read “VIRUS DETECTED!!!”, so the taskbar time read “3:30 VIRUS DETECTED!!!”, and all the timestamps on my files as well. WTF? Why on earth can an application in XP possibly do this?

11) Bonus Round! It was horrible, but I had tools dammit! I managed to open Spybot, did a scan, and removed some items it found. Some couldn’t be removed, so it restarted to run on startup. The startup scan was interrupted by a Blue Screen of Death. Holy shit! We’re losing the battle, men! I’m beginning to think this sucker will force me to reinstall. So I forced the machine to hard-restart.

On next boot, good ol Spybot started scanning again, and sent me to a BSOD again. Crap! However, this time I waited a few minutes (to pout a little I guess) and the BSOD disappeared. WTF?? The freakin malware/virus actually EMULATED A BLUE SCREEN OF DEATH in an attempt to force me to restart in the middle of the scan (presumably by some background process that invokes the faux BSOD to get me to hard-reset the computer and therefore stop any scan that was delaying boot-up!!)


I wish I could say that I was successful in killing off this monster. I was eventually able to cut off its head by removing its main DLLs (thanks to Spybot and a tool called Unlocker), but I couldn’t seem to undo some of the underlying damage it did (like the annoying AM/PM change). So I just did what we’ve all become too accustomed to doing: reinstall XP.

To this day I can’t figure out how I got infected. I’m usually very careful about these things, don’t open attachments, and keep up to date on my Spybot checks. The only oddity was that I had JUST uninstalled “Avast! Antivirus”, a free antivirus program. Though the timing was suspicious, I hesitate to implicate them, as no one else has mentioned this and they come highly recommended, but I don’t plan on using that product again, just in case! A more likely case was that it was on my memory card when I returned from Peru, because I’d used it in an internet cafe there.

But I ask again: How did this little program possibly obtain enough permissions to make such fundamental and extreme changes to the OS and settings? Yeah, I’m planning on moving on to OS X someday soon to avoid this chaos in the future. But aren’t we all?


Synergy: An alternative to KVM switches for multiple computers

I have three monitors and two computers: one laptop, one desktop. The desktop is powering one of the monitors, and the laptop is powering the other two.

I used to use a simple USB KVM switch to move keyboard and mouse control between the computers, but then, almost randomly, I came across Synergy. It seamlessly connects two computers such that you can share a keyboard and mouse without a KVM switch.

The experience is fantastic. My two computers behave like they were one – as I move the mouse to the left of my middle monitor, the mouse and keyboard hop to the other computer as if they were the same machine. Better still, I’m using two different operating systems (windows on the laptop and fedora core 7 on the desktop).

It’s a little tricky to set up but there are tutorials on the web to lead you through it. I highly recommend this method of sharing a keyboard and monitor with two computers.


Trying out the new Likebetter embeddable

This won’t work out very well yet: