Dreams of cryptography

I had the weirdest dream last night. Apropos of nothing, I was meeting with Ev Williams, cofounder of both Twitter and Blogger, in his office to talk about something I can’t recall. It’s weird because in real life I haven’t talked to Ev in six months, and I don’t know why he wandered into a dream, but I’m getting off track. Long ago, Ev had some trouble with password cracking, and as I walked into his office, we exchanged hellos and he turned to his computer to show me something, and before he could do anything, he had to login.

After tapping the keyboard to bring the operating system to life, his screen filled with a weird scan of a magazine page, and he tapped with his finger in several key places which lit up in red, in a specific sequence, then we saw his desktop (my quick finger-on-iPad mockups shown below). I stopped him and asked what exactly did I just see?

IMG_0028 IMG_0029

He said to thwart break-ins to his computer and accounts, every week he would grab a random page from a magazine, hold it up to his front-facing camera to take a shot of it, then would select a “password” by choosing a sequence and locations of things to tap on. I then asked if it could work for website logins too and he said yeah, the new WebRTC functionality would allow for such a thing. Then we moved on to talking about something else and I soon woke up.

It was an oddly specific dream, and I don’t normally remember this much detail, but I guess I knew at the time I was experiencing this that it might be a good idea in the real world and solve some problems people have with passwords. I’m no cryptography expert, so I don’t know if picking out features on a page is more random than coming up with strings of digits and letters. It would seem like on the surface, you could try and crack visual login systems like this with simple OCR and photo recognition, and simply make guesses to the bits that stand out the most. Another thing that came to mind in thinking about the security of this idea is how many possible tap points are there on a scanned page? Is it obviously much less than the number of possible keystrokes in a typical password? Finally, this would add an obvious problem to anyone with impaired vision, which current passwords don’t cause.

Anyway, in the spirit of sharing wacky ideas in my head in case someone else finds it useful, I present my goofy dream about image-based password security systems. Let me know if anyone builds such a thing someday.

update: Whoa, looks like Windows 8 has a sort of similar option called Picture Passwords, I imagine it could use a more complex image than a simple photo of a dog or a person and instead you could use something like a scan of a newspaper or magazine.

Gmail’s Organized Inbox is a life changer

Last month, Google’s Gmail team introduced a new auto-organized inbox feature to little fanfare among my friends. I saw a handful of tweets about it, didn’t get notified on my own account that it was available and promptly forgot about it. After a week or so I wanted to try it out and had to dig to find the feature (you have to enable it in your gmail settings). In the week or two that I’ve had it, it has completely changed my relationship with email, and it has been 100% for the better.

I probably get more email than most, but about average for someone running a sizable web site and company. I get lots of what I’d call “machine messages” where a server is telling me it is up or down, someone made a new post, or someone used paypal to sign up for the site. As much as I try to unsubscribe from everything I can, I still get numerous newsletters, offers, and coupons from businesses I like. In total, each day I probably get 4 to 5 really important emails out of 100-150 total.

Late last year I had some major life stresses that wreaked havoc on my life and my sanity. For the first time in my life, I started seeing a psychologist and we worked through some significant anxiety issues I was having. One source of stress (among many) was my bulging inbox and how every morning, I’d wake my phone and see a little red icon on the Gmail app that read something in the neighborhood of 37. Every single morning started with a combination of dread and stress over having to process a few dozen unread messages, any of which could be a bombshell (but most were innocuous, yet still take time and attention).

Working through my anxiety, I was taught a bunch of coping mechanisms that have worked wonders. When I was at my darkest early on in the process, I had to make a bunch of filters to automatically siphon off all the automated messages away from the inbox to bring my daily number down. This was a double-edged sword in that I got to wake to more sensible inbox messages like 8 or 9, but I’d know my labelled automated updates would be 20-30 more messages I couldn’t ignore and needed to look at for fears of missing something important.

Last year, Gmail tried a feature where they put everything in your inbox in two piles: Priority or normal, and it didn’t work that great for me. It didn’t properly guess which things were important with any accuracy, and if I only looked at Priority messages, I’d miss lots in my regular full email view.

Screen Shot 2013-06-14 at 4.49.12 PM

Gmail’s new feature tries to guess what kind of email has come in and now splits it into up to 5 piles: Primary (first priority), Social (automated messages from Twitter, LinkedIn, etc), Promotions (e-commerce store offers), Updates (machine messages, merchant updates, order receipts, etc), and Forums (mailing lists). The shocking part of this rough 5-bucket system of guessing on the part of Gmail is it works pretty damn well.

Seriously, it would seem on paper this is a recipe for disaster in trying to guess message priority for random users with the potential for hiding an urgent message but my inbox must mimic the average Google employee’s pretty well because it’s absolutely fantastic, probably running a greater than 90% accuracy on putting the unimportant things in the other inboxes. The result of this is that I’m only alerted on my desktop or iPhone Gmail clients with the numbers of messages in my Primary inbox and it hasn’t missed one of those 4-5 really important emails each day. I get to wake up to a sane number like 8 new things, and your inbox has a pointer on mobile to the counts for the other boxes. On the desktop, you see a brief flash of numbers in other boxes, but (and this is the absolutely genius part) those numbers fade away. This is brilliant because it de-emphasizes those other inboxes appropriately so you never feel like you are spinning 5 plates at once, trying to keep them all at zero. With a click or a swipe I can take a quick glance at the other boxes and ignore them if nothing urgent has fallen into them.


The big bonus was an update to the Gmail phone clients as well, and they work just like the desktop, meshing the exact same experience into your mobile device. A simple swipe on the iPhone lets you jump from inbox to inbox in a flash and it’s not a drag on how I normally use the app. The screenshot at right shows my phone running Gmail, checking for new mail after being offline for a few hours and I only have one new important message (instead of 15), which is absolutely spot-on and totally gives me my sanity and life back.

This new feature is pretty simple but works amazingly well for my type of email and with this feature I’m basically wed to Gmail and the Gmail clients for life, as nothing else I’ve tried (Mailbox, Boxer, etc) does as good a job as this new Gmail feature. It quite literally lowers my anxiety, lowers my blood pressure, and lets me wake up each morning feeling less overwhelmed and I’ve noticed I’m just a bit happier all the time now that I’ve used this feature a bunch.

The most incredible part of it for me is that Google’s first crack at this is nearly perfect, as-is, out of the box. Few app features work that well on their initial release, but this one just plain works.

So thanks Google for releasing this and honestly making my life better. Everyone else with loads of stressful automated messages, give it a try, you’ll be glad you did.

Recent photos from rides

Ever since my favorite ride tracking site Strava added the ability to associate Instagram photos with rides, I’ve started taking a few shots on each ride to remember it. Here are some of my favorites over the past couple months

Troubleshooting my tankless water heater

I’m blogging this in the hopes that anyone else doing Google searches while trouble shooting their tankless water heater might find this info useful, because I couldn’t find any information about this on the web.

The other day, our one year old tankless water heater seemed to crap out. No hot water from any taps, and there was a faint smell of gas around the unit. After about 30 seconds, the display blinked 11 and 12, both error codes.

Screen Shot 2013-06-07 at 5.28.34 PM

Looking up the documentation on it (it’s a Rinnai RU98i), the error codes correspond to “No Ignition” and “No Flame”, both saying that the burner isn’t firing. The only homeowner tip is to check the gas lines to make sure gas is being piped into the unit. I checked mine and all the gas lines were clear and operating. Additionally it said if you smelled gas to shut the whole thing down and call a professional.

Eventually when the plumbing installer came out to troubleshoot, and we figured out the problem: the air intake/exhaust was covered up by masking tape/paper while our house was being painted. No air was going in and none was going out, so the gas smell was due to a backflow of air.

So that’s my troubleshooting tip: if your Rinnai tankless water heater ever stops working and spits out error codes of 11 or 12, not only should you check the gas lines to make sure they’re turned on, but also check the air intake/exhaust and any filters you have to make sure the unit is getting adequate new air while being able to spit out older air. I wish the documentation on the unit mentioned that, because I could have saved $150 on the plumber’s visit.

CNN’s always breaking news

Screen Shot 2013-05-22 at 11.57.44 AM

I’ve been an email subscriber to CNN’s Breaking News alerts for over a decade. In the beginning, it was sporadic and you might only get an email every couple weeks when some major disaster happened in the world. About five years ago it became once every few days, but still limited to major news events. Lately, it has become several emails per day. At this point, I can’t tell if CNN is really sharing large rare events or if they determined they could use this as a traffic source to their site to increase profits. Worse yet, instead of being limited to worldwide major events, the emails contain the results of reality shows, final scores in basketball games, or minor news about the US economy.

It’s become such a frequent email that it no longer feels like a rare alert system for tomorrow’s worldwide front page headlines, instead it feels like I’m following the most dramatic personal blog written by someone dealing with one daily tragedy after another.

Some ideas around Flickr sets




Rion totally nails something that has been sticking in my craw for the last six months or so. Ever since the rollouts of features that vastly improved the Flickr experience, the old design of the pages for holding sets of photos is really underwhelming. Here’s what an epic set of photos taken by Jon Armstrong looks like as a set:

Screen Shot 2013-05-01 at 4.32.36 PM

Kind of boring right? It doesn’t reveal too much about the incredible photography contained within when you click through one of the shots:

Screen Shot 2013-05-01 at 4.34.58 PM

I think they can do a lot more with the page for showing off a set, they could obviously go for larger photos, they could change the layout to be more like the “photos from contacts” page where images automatically expand to fill the available width and get to dominate the screen. Perhaps they could also change the sizing so that amazing small sets like Jon’s above could be much larger, where a set of maybe 100 images are still larger, but not quite as large as a small set.

If I know anything about Flickr, it’s that I would bet $1,000 someone has not only redesigned the set page eons ago, but it has been through testing and is being tweaked behind the scenes and will see the light of day someday soon. I also have another idea.

Flickr should start supporting blogging

How much  more impressive would Jon’s photos from Utah be if his photo set looked more like the following mockup? (click for a larger version)

Write a title, a few short summary sentences, and then fill out the story between each photo. Yes, I know it looks a little like Medium, that’s obviously a similar kind of layout. Yahoo, post-Marrisa Mayer has been doing some interesting things and Flickr seems newly rejuvenated. I love the service to death and wish it had uptake among my friends like it once did. I really think it’s time to try some new wacky ideas on Flickr and perhaps doing something closer to something that looks like blogging, that lets people showcase their work and their prose is a way this could go.

Since Flickr doesn’t currently support this, I tend to post these sorts of things on my own blog. Last summer I took an amazing family trip across Italy and came back with loads of great photos, but here’s how they look as a Flickr set:

Screen Shot 2013-05-01 at 4.44.48 PM

And here’s how some of those photos ended up on this very site:

Screen Shot 2013-05-01 at 4.46.39 PM

I would have no qualms about publishing that same story of taking trains across Italy on Flickr instead of my own site, and in the context of the whole set’s images, it might make better sense there.

Anyway, I’d love to see more courageous moves coming out of Flickr, and one small place to start could be the sets pages.

Wired Anniversary Issue

Powell's had the new Wired early!

So I’m in the new WIRED issue! It was a little weird to see myself listed alongside industry giants, but I’ve been working on MetaFilter for 14 years now, so it probably aligned nicely with a 20th anniversary look back.

A quick note about the short interview: we talked for 20-30min but it was edited down to a pretty small space. Most of the questions I was answering were about Ask MetaFilter (the Q&A section) so they sound a bit weird when applied to MetaFilter in general. When they asked me what internet things I hated, I couldn’t actually think of any at first, and only later on in the interview I mentioned that Buzzfeed is sometimes annoying in that “stories” are often just a list of animated GIFs when I really wanted to read an article, and they might use that list of GIF as a comedy device a bit too much. But I’m not as down on Buzzfeed as the article would suggest. There are things I like at Buzzfeed, the FWD technology blog has been one of my favorites of the genre since it launched. They also do some impressive longform journalism, so they’re not all bad.

It should be in stores now and I was honored to be a part of it. Oh, and that hot tub pulled by bike for a bike-based midwife was a real suggestion on BikePortland.org.

Pulling off a surprise party in this day and age

Pulling off a surprise birthday party in this day and age isn’t as easy as it seems, especially when the subject of a surprise (Andy Baio in this case) is totally plugged in with the technology world. Every movement and moment in our digital lives can leave a trace. Think about all the status updates, phone photos, and check-ins that 25 people can produce, and now think about how hard it is to hide all that from someone that is connected to all those 25 people. It’s not easy, but it is possible. Here are some things that made one party a success:

  • I live outside of Portland and once every month or two I meet up with Andy when I head into town. Andy’s wife came up with the idea I could lure him pretty much anywhere if I just said “oh hey, I’m nearby, want to meet up at this nearby location?”
  • She created a private event Facebook group of everyone but Andy, and it actually worked. No accidental leaks into his friend timeline, everyone got status updates, calendar reminders, and could see the guest list. I’m kind of surprised this part worked, about the only hard part was stealth inviting everyone we could think of (did our Facebook friends overlap with enough/all of his?)
  • When he asked about throwing a party for his birthday, Andy’s wife lied to him saying she was too busy this weekend and maybe they could plan something a week after.
  • A couple hours before the party I faked a Foursquare check-in at the OMSI museum (I was actually driving into Portland at the time), knowing Andy might see it and think I was nearby (at the party Andy said yeah, he saw it and completely believed it).
  • At a precise time in the afternoon I sent a text that I was leaving the museum with my family, we were thinking of grabbing a beer at a pub by his house, and if he wasn’t doing anything, to drop by.
  • Andy’s wife was stalling him all day, he was dying to go out and get some fresh air and said yes immediately, and they showed up 15min later.
  • He didn’t realize it was a huge surprise until the last possible second when he walked in and saw everyone waiting for him. We even had the proverbial out-of-state friend to seal the deal and make it a really great surprise party.