I'm Josh Goebel, the creator of Pastie, Invoicie, and Snag the Flag. I make a living writingam a Rails pro and also dabble in photography and other geek stuff.

Running Blind

running blind... we are all running blind.

This is Running Blind. Enjoy.  

I'm Josh Goebel, the creator of Pastie, Invoicie, and Snag the Flag. I make a living writing Rails and also dabble in photography and other geek stuff.
Ask me anything

August

Thu
21

Monkey photo copyright in question as Wikipedia denies photographer's takedown request: Digital Photography Review

Since the photo in question wasn’t taken by Mr. Slater but rather the monkey, Wikimedia maintains that the copyright does not belong to the photographer. The photographer’s requests to have the photo removed from the website have been denied, and Wikimedia’s editors’ position on the matter is documented in a series of comments associated with the deletion request and a transparency report.

Copyright law states that works not originated by a human author can’t support a copyright claim, and that ‘a work owing its form to the forces of nature and lacking human authorship is not registrable.’

Can’t make it up. :)

Thu
21

The Colour and the Shape: Custom Fonts in System UI

Apple should give developers the ability to use embedded custom fonts in alerts, share sheets, action sheets, under-the-cell buttons, and so on. There’s no technical reason not to, and every philosophical reason why they should. If the concern is consistency, the right thing to do is set expectations and guidelines in the HIG, and enforce them in app review.

I think I understand the argument here, but please, god no.

Thu
21

Amazon's same-day delivery expands in six cities

Amazon has officially expanded its same-day delivery options in six cities that include Baltimore, Dallas, Indianapolis, New York City, Philadelphia and Washington, DC. You can now order from a catalog of a million common items (such as movies, games and supplies) and expect to get the shipment within hours.

This is the future - and a game changer, but this trend of turning all of us into instant gratification junkies may have it’s downsides. We’ll soon forget the simple joy and anticipation of waiting for things - sometimes that is even better than the thing itself.

Thu
21

Buy some new hardware, seriously.

August 21, 2014

Just recently I blogged about this:

I don’t understand why otherwise smart professionals with (I’m assuming) plenty of income would choose to use such outdated equipment.

I run into this in my own professional life as well. If you are a successful Ruby on Rails developer and don’t yet have an SSD drive in whatever machine you call your primary workstation… what the hell? If you don’t think you need it, you’re wrong. If you don’t think you can afford it, you’re wrong - or not charging near enough for your work.

For $137 a month you could be using a completely loaded 15-inch Retina Macbook Pro ($3,299 1 with the assumption it will last you at least 2 years). My completely amazing 13-inch Retina Macbook Pro (now two years old) cost only $1,999. That’s only $83 a month (using the same 2 year math). If for some reason you don’t love Apple I assume your options could be even less expensive - and I haven’t even explored the possibility of used equipment.

If you do professional work (esp. programming) using your computer and aren’t using a computer built in the past few years with plenty of memory and a fast SSD drive then stop right now and order one.

You’ll thank me later.


  1. I think it might be even less with the new Macbook Pros just released. 

August

Wed
20

CIA admits it broke into Senate computers; senators call for spy chief’s ouster

“This is very, very serious, and I will tell you, as a member of the committee, someone who has great respect for the CIA, I am extremely disappointed in the actions of the agents of the CIA who carried out this breach of the committee’s computers,” said Sen. Saxby Chambliss, R-Ga., the committee’s vice chairman.

Disappointed is an understatement.

Wed
20

Seriously? A captcha for my Best Buy delivery feedback survey?

What else would this be for?

Wed
20

Why the Security of USB Is Fundamentally Broken

And once a BadUSB-infected device is connected to a computer, Nohl and Lell describe a grab bag of evil tricks it can play. It can, for example, replace software being installed with with a corrupted or backdoored version. It can even impersonate a USB keyboard to suddenly start typing commands. “It can do whatever you can do with a keyboard, which is basically everything a computer does,” says Nohl.

Ok, this all makes sense. If you’re in the firmware you can do things a USB device can do, act as a keyboard, etc. It’s also easy to understand how you could corrupt data going in or out of the device.

The malware can silently hijack internet traffic too, changing a computer’s DNS settings to siphon traffic to any servers it pleases.

Someone please explain to me how this works. I have to guess they mean after your computer is infected via “replaced” software - but they don’t actually say that. I wasn’t aware that any random USB device could silently hijack my Internet traffic… or perhaps if it was acting as a USB network device - but then wouldn’t that pretty much break routing to real sites completely? I’d like to see some more information on this.

Even if users are aware of the potential for attacks, ensuring that their USB’s firmware hasn’t been tampered with is nearly impossible. The devices don’t have a restriction known as “code-signing,” a countermeasure that would make sure any new code added to the device has the unforgeable cryptographic signature of its manufacturer.

But if someone only used verified, code-signed software (like on Mac’s) it seems they’d be safe from USB firmware alterations - since the signature would no longer match.

Wed
20

Losing my Amazon Religion

Marco Arment writing about the Fire Phone:

The e-ink Kindles sell because other e-ink devices were so horrible for so long, and the Kindles’ hardware and software design flaws don’t have major impacts on the basic needs of dedicated reading devices. The Kindle Fires sell because they’re much cheaper than iPads.

But Amazon simply doesn’t have the product-design and consumer-software skills to compete in the smartphone space, where competition is fierce, typical usage extends far beyond simple media consumption, Amazon’s not dramatically undercutting prices, and prices in much of the developed world are so heavily subsidized that the potential to undercut prices in the future is limited.

August

Tue
19

Breaking Bad inspired Heisenberg Macbook Decal

Yes, please. Ordered.

Tue
19

Battle of the Box

In other words, what we have here is one of the more interesting business experiments we’ve ever seen: is it better to have established a firm foundation in the top-down enterprise market that actually matters – i.e. Box – or to have built tremendous goodwill and customer loyalty with actual users – i.e. Dropbox?

Great read about selling to consumers vs enterprises - Dropbox vs Box.

Tue
19

Making Money on Apps

This is kind of a bummer. But it also quickly answers the classic question, “why won’t people pay as much for my app as a cup of coffee?” Every additional cup of coffee costs Starbucks something to make, so, intuitively, it costs money to buy a cup of coffee. It doesn’t cost Facebook anything to deliver another copy of the Facebook app to your iPhone, so it makes sense that it’s free. There’s a longer answer, but that’s the basic difference between $0 and not-$0.

Sounds logical to me.

IN OTHER WORDS: People pay for physical stuff because physical stuff seems like it should cost something. Pixels on a screen do not seem like they should cost something. This basic human intuition is very very very hard to break. Keep that in mind!

But didn’t people pay for software for a decade or two before the recent app store economy drove prices down to $0?

August

Mon
18

Abusing Twitter API

The consumer tokens are fundamentally insecure when used within a client application. Additionaly, requesting the consumer keys to be kept secret effectively kills open-source applications.

Twitter asks developers to protect their keys in an environnment where users have complete control over the execution flow and access to full address space, so it’s impossible to prevent keys extraction.

This problem is somehow similar to the DVD / HDMI / HDCP decryption. At some point, the user has to use a machine that will load in memory cryptographic keys that will be use to decrypt the protected content. It’s just a matter of time and motivation until motivated hackers extract the keys and can replicate the decryption process.

My takeaway: OAuth sucks when if you don’t completely control the client environment. Quick strings dump or debugging session can steal both your consumer key and secret. Game over.

Mon
18

'World stands disgraced' as Israeli shelling of school kills at least 15

United Nations officials described the killing of sleeping children as a disgrace to the world and accused Israel of a serious violation of international law after a school in Gaza being used to shelter Palestinian families was shelled on Wednesday.

At least 15 people, mostly children and women, died when the school in Jabaliya refugee camp was hit by five shells during a night of relentless bombardment across Gaza. More than 100 people were injured.

Ban Ki-moon, the UN secretary general, said the attack was “outrageous and unjustifiable” and demanded “accountability and justice”. The UN said its officials had repeatedly given details of the school and its refugee population to Israel.

If there is a god (and he is a truly loving god) he must cry himself to sleep every night watching how his children conduct themselves, how little they value life, and how little they love each other.

Religion and the violence it brings to the world makes me so very sad.

Mon
18

I ❤ Tumblr

August 18, 2014

Just scheduled my first blog post ever that’s more than 9 months in the future. I really wish I could pay for Tumblr. What a great service.

August

Sun
17

Daring Fireball: 'The Government' Is Not a Single Entity

Gruber’s headline sums up Marco Arment on the subject:

The argument that we don’t want “such a dysfunctional government” regulating broadband is weak: “the government” isn’t one big coordinated bogeyman that can’t be trusted with anything. That’s just rhetoric that politicians1 use to avoid regulation so corporations can make more money at the expense of the citizens or environment. In practice, governmental regulation works so well in most cases that it’s taken for granted and too boring for most people to even think about.

This is a few months old now, but still relevant and worth remembering.