Flash Seats Usability, Security, and Privacy

The Quora Conundrum

Quora reported a data breach earlier this month and the company outlined the stolen data, what they are doing, and what you can do in an email to those affected:

The following information of yours may have been compromised:

  • Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
  • Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
  • Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)

They also have more detail in https://help.quora.com/hc/en-us/articles/360020212652

Did I even know I had a Quora account? Nope.

Quora password reset email

But lo and behold, I did, so it was time to reset my password and delete the account.

Side note, if you logged in with Google or Facebook you may not have an account password, as mentioned in the account deletion FAQ: “if you created the account via Google or Facebook, you will first need to create a password by clicking the “Change Password”

Hi,

We have processed your request for account deletion and your name and content will be completely removed from Quora in 14 days. Note: If you login during the next 14 days, your account will be reactivated and deletion will be canceled.

We’re sorry to see you go, but we hope you consider joining the Quora community in the future.

Thanks,
Quora Support

What happens to all the information Quora knows about me after the account is gone? No idea. Luckily their help page has detailed info on the account deletion process:

Once the 14-day grace period has expired and your account has been deleted, your content and profile will be permanently deleted, and personal data associated with your account will be removed from Quora’s databases.

While it is unfortunate that the breach occurred, Quora clearly disseminated information and had the support network in place to help people manage their accounts effectively.

I do not expect Flash Seats could handle a breach with similar organization and focus.

The Flash Seats Fiasco

Let me preface by saying this came about from buying tickets to an NBA game. A long running, national sports league, with a recent focus on technology. Not the D-League (G-League?) or a college game, but the National Basketball Association.

If you haven’t heard about Flash Seats, not to worry. I didn’t either, but over the course of the ticket buying experience, I learned much more about the service than I wanted to know.

So let’s get started. Select your game from the Nuggets schedule, land on tix.axs.com, choose your seats on tix.axs.com and proceed to checkout on tix.axs.com. Done!

But not so fast, that’s only how buying tickets should work. It’s just after you’ve chosen your seats and are ready to buy when the first mention of the separate Flash Seats service appears for the ticket delivery method.

Flash seats delivery method drop down

If you gloss over the defaults you don’t even notice the distinction that the tickets are not on AXS, but instead on Flash Seats.

Select the details drop down and you will find the following information about ticket delivery options:

– Tickets will be delivered electronically to your Flash Seats account within one (1) week following the official on-sale date

– The easiest, most convenient, and most flexible option. With Flash Seats® digital tickets, there are no paper tickets, and you can quickly enter the event with the Flash Seats Mobile App for IOS or Android, your credit card or driver’s license. You can also transfer tickets to friends or sell your tickets on our secure marketplace.* If applicable*

At the gate, please show your Mobile ID in the Flash Seats app (for IOS or Android), or credit card used during your purchase or your registered driver’s license.

-Your card or mobile device will be swiped at the door by a Guest Services representative using a hand-held device and you will receive a seat locator identifying your seats. For more information about Flash Seats, please visit www.altitudetickets.com/flashseats

Proceed to purchase and you can sign in or create your AXS account with your password manager of choice.

axs_create_acct.png
Notice no mention that this account is in fact for Flash Seats, not AXS as shown at the bottom.

 

Complete the purchase and you’ll get an order receipt from customerservice@altitudetickets.com. When was I on altitudetickets.com? Not sure I was, but did you read the fine print from before? www.altitudetickets.com/flashseats is a thing

Altitude Tickets is powered by AXS utilizing Flash Seats digital tickets to deliver your tickets safely and securely

What?

It feels like this service is the ticketing equivalent of the Amazon arbitragers from A Business With No End.

The most confusing thing about all this is that AXS has its own ticketing service. And the NBA uses 80% of it. Why not just use AXS 100%?

fs_email_app.png

As an aside, for those of you following along at home, here’s the flow to purchase tickets (links are only approximate as specific event links are unique and tough to for any period of time):

  1. NBA.com: https://www.nba.com/nuggets/schedule/home-schedule
  2. altitudetickets.com: https://www.altitudetickets.com/events/category/basketball
  3. tix.axs.com: (specific event link)
  4. Flash Seats: The Future of Ticketing Today (event tickets)

Download AXS app because you don’t realize until after the fact that Flash Seats is a thing.

axs_app.png

Discover the log in doesn’t work on AXS

Go back and download the flash seats app. 5 star reviews. They are similarly ranked in the Entertainment category, so Flash Seats isn’t just some one-off unused app. no matter what quality of the app lets on.

fs_app.png

Log in with the same AXS/Flash Seats log in stored in your password manager of choice. Password is still incorrect… Try online, maybe the mobile app doesn’t work. Nope.

fs_failed_login.png

Reset your password. Maybe something messed up with the password manager.

fs_reset_email.png

Nope, password manager didn’t break spontaneously only on this site. Need further investigation.

fs_further_inv.png

Call 888-360-SEAT and let the fun begin…

Remember, the game starts in 30 minutes and we can’t access the tickets we just bought. I’ll try to remain calm (somewhat unsuccessfully), but imagine this on the scale of everyone buying tickets for every NBA game every night of the season.

(It is worth noting not every NBA team uses Flash Seats. I had not been to an NBA game in a while and didn’t realize that at first. Yet the Cavaliers, Nuggets, Rockets, Clippers, Lakers, Jazz, and Timberwolves plus some NHL teams use Flash Seats to manage tickets.)

Here’s a rough transcript of the call:

Hi, thanks for calling Altitude Tickets, oh I mean AXS, hold on, Flash Seats. Hi, I have tickets to a game in 20 minutes and I can’t access my account I just created. Ok, what would you like to be your new password. Uhh, I have to create a password with you over the phone? Yep! Well that sounds secure. It’s our policy. Makes sense. So what will it be? I guess “password“. Great, that’s what I was going to suggest. The password “password” is allowed on your service? Yep, that’s our policy. Makes sense. We strive for security. So I can get my tickets now? Yep, just log in to your account with your new password. Ok. Ok. Well have a good night. And you as well sir. One more thing, can you connect me with your security department? What? Makes sense, good night.

Good news. Password “password” works. I can log in to get the tickets (and change my password to something more secure, like correcthorsebatterystaple (please don’t use that as your password)).

Just in time to get to the arena and skip line at the Flash Seats Help Desk. I think the person with the most ridiculous problem of the night won a Tundra.

fs_help_desk.jpeg
Not the best photo, but in a way, it sort of sums up the experience

The game was fun though. Nugs won! And we almost won nugs.

nugs.jpeg

Deleting the account

But wait, there’s more! I couldn’t let this account stick around. Given the airtight security measures I wanted to remove the account as soon as it was no longer needed. (Are single use accounts a thing yet?). Here’s how to delete your Flash Seats account:

Before starting, remove any contact and payment info that may have been saved in your account. Don’t trust the service to do this for you.

Then go to the Contact Us page.

Don’t worry, nothing in the form is a required field and there is no parameter validation, so just enter your email and “delete account” as your phone number and Flash Seats should get the message.

A few days later this message shows up in my inbox:

fs_acct_merge.png

Huh? What do you mean my accounts were merged? What is this deletedaccount@flashseats.com? Let’s find out…

I replied to the above email mentioning it’s confusing nature and reminded them I wanted to delete all my account information, not have them archive my info under the guise of this Deleted Account pseudonym. Here’s what they said:

Hi Ryan,

Thank you for contacting Flash Seats. That is the deletion method that we have for Flash Seats accounts.

Thank you,
Flash Seats

Fair point.

So with my new enlightenment on how Flash Seats handled user data privacy, just for fun I tried logging in to my Flash Seats account identified by deletedaccount@flashseats.com.

My attempts of password, deletedaccount, and flashseats didn’t work, but it did get the account locked in the same way as my original predicament.

fs_deleted_acct.png

And that was the end of the Flash Seats fiasco. I guess my account is gone. No real way to know for sure. Suspiciously though, no one has been able to get in to any NBA games over the last month…

More account security fun

Just to ensure I wasn’t completely off base with my view of the utter mess of this service, I looked into other instances of people struggling with Flash Seats. It turns out the Detroit Lions dropped Flash Seats and the Timberwolves had to settle with season ticket holders because “use of the digital marketplace Flash Seats makes it too hard for fans to exchange tickets, sell them on the secondary market or even give them away.”

Ticketfly

Wasn’t this AXS/Flash Seats site just breached? No wait, that was Ticketfly, the site that still only allows password with length of 20 characters or less.

ticketfly_password

Ticketmaster

Another fun tidbit of ticketing information; you can send Ticketmaster a letter if you want to close your account.

Can you do this for anyone’s account?

Send Us a letter
Whether it’s pen to paper or straight from your printer, address all mail to:

Ticketmaster
Attn: Fan Support
1000 Corporate Landing
Charleston, WV 25311

Marriott

Marriott’s breach response is so bad, security experts are filling in the gaps

and What the Marriott breach says about security

 

🏀🎟🔐

21 Lessons for the 21st Century

Yuval Noah Harari on the Talks at Google podcast (and in video form)

He’s marketing his new book extremely well and a New York Times interview on the subject garnered attention:

It made him sad, he told me, to see people build things that destroy their own societies, but he works every day to maintain an academic distance and remind himself that humans are just animals. “Part of it is really coming from seeing humans as apes, that this is how they behave,” he said, adding, “They’re chimpanzees. They’re sapiens. This is what they do.”

. . .

“It’s just a rule of thumb in history that if you are so much coddled by the elites it must mean that you don’t want to frighten them,” Mr. Harari said. “They can absorb you. You can become the intellectual entertainment.”

. . .

He told the audience that free will is an illusion, and that human rights are just a story we tell ourselves. Political parties, he said, might not make sense anymore. He went on to argue that the liberal world order has relied on fictions like “the customer is always right” and “follow your heart,” and that these ideas no longer work in the age of artificial intelligence, when hearts can be manipulated at scale

Not the most heartening view of the future.

21 Lessons is also recommended by Bill Gates as one of 5 books he loved in 2018 (to further corroborate Harari’s points)

The trick for putting an end to our anxieties, he suggests, is not to stop worrying. It’s to know which things to worry about, and how much to worry about them. As he writes in his introduction: “What are today’s greatest challenges and most important changes? What should we pay attention to? What should we teach our kids?”

Or maybe we should be a bit more like Newt Scamander

My philosophy is that worrying means you suffer twice.

Short Codes (aka Messages & Two Factor Authentication from Random Five to Six Digit Numbers)

There are some cool new security features in the latest versions of iOS and Android to help you keep your accounts secure. Android’s updated Messages app and iMessage in iOS 12 both bring simplified one-time passcodes and two factor authentication (2FA) management.

iMessage – iOS 12

iMessage Security code AutoFill
Security code AutoFill. SMS one-time passcodes will appear automatically as AutoFill suggestions, so you never have to worry about memorizing them or typing them again.

 

Android Messages

Copy one-time passwords with one tap
Copy one-time passwords with one tap
Now, when you receive a message with a one-time password or code from a secure site—such as your bank—you can save time by copying that password directly from the message with a tap.

 

With both Apple and Google updating their messaging apps to ease use of text message (SMS) based two factor authentication, I’ve been thinking about why copying a verification code is the feature we need to bring more people to use 2FA. While cutting down steps required to use 2FA will make for a more streamlined experience, there seems to be an opportunity elsewhere to improve general usability of SMS based 2FA.

Understand there has been plenty of discussion regarding the security risks of these features, but putting aside discussion of the entire 2FA ecosystem and the shortcomings of SMS based 2FA, let’s look at a quirk of how people experience 2FA on their phones.

An example

Android Messages two factor authentication shortcut

Take the Capitol One notification from this article discussing the “copy 2FA code” feature in Android Messages. The message from number 227898 says “From Capitol One” and provides a code: 939966. There are two things we need to figure out here. One, that this is in fact the message from Capitol One, and two, this message contains the 2FA one-time passcode we need to complete the log on process.

First off, while the message says it’s from Capitol One, we know from our phishing lessons that we shouldn’t use the content of a message to influence our trust decision making process. The timing of getting this message in relation to attempting to log in to a bank account would make it seem like the message is legitimately from Capitol One, but how can we be sure? What is that 227898 number? Can we look it up like a phone number to verify it is registered to Capitol One?

The second bit of confusion is recognizing the 2FA verification code is 939966 not the big bold 227898 number at the top of the message. Usually the distinction between sender and message is clear with a regular 10 digit phone number or a message from someone in your contact list, but when you are sent a six digit code from a six digit number you need to do more mental processing choose the right number. Google has partially resolved the issue by giving an explicit action to copy the 2FA code, but it feels a little strange not being able to see the actual code in the message.

An aside

Slightly off topic, but while researching YubiKeys (after listening to Scott Hanselman’s podcast with Sarah Squire), I came across Two Factor Auth which maintains a list of sites that support, well, two factor auth. Exploring the various service, I noticed very few banks support usb hardware tokens. Wells Fargo seemed the only big bank with support. Clicking though the WF link from the Two Factor Auth chart, I ended up on the Advanced Access page trying figure out how WF does U2F. It turns out they use RSA SecurID (not usb U2F) which was uninteresting, but the footnote caught my attention:

We always send our text messages from 93557. Incoming calls with an Advanced Access code will come from 1-800-956-4442. We recommend adding these numbers to your phone’s address book so you can easily identify our incoming text messages and calls.

via Wells Fargo Advanced Access

Is this really the case? Every Wells Fargo communication and two factor authentication message comes from 93557? What’s the significance of 93557? And does every company always use the same number?

If so, this is a fantastic piece of advice buried in a random support page

We recommend adding these numbers to your phone’s address book so you can easily identify our incoming text messages and calls.

Why doesn’t every company and service mention this?

An investigation

To figure that out, I first needed to learn what that 5 digit non-phone number is really called. Naturally, I went online and searched “what is the number for two factor sms?”

This article from The Verge was at the top: Facebook admits SMS notifications sent using two-factor number was caused by bug

Not what I was looking for, but at least a clue.

Facebook uses the automated number 362-65, or “FBOOK,” as its two-factor authentication number

So these numbers have some T9 significance (remember landlines and flip phones?).

I figured that if facebook’s number is known, maybe there are some resources that include more of these numbers, so I quickly searched 362-65 and got 297. 😑

After getting rid of the minus sign, there was this Facebook Support link with people confused after receiving a random text seemingly from Facebook with a link to “fb.com”, a non-“facebook.com” website (here’s another example).

They are right to be concerned.

A little more searching, and boom: short codes

Short Codes

Is this a name people knew about? It’s the first time I came across the phrase “short code” even though I have been using the things for some time now.

It turns out there is an official US Short Code registrar run by CTIA and icontectiv:

Short Code Registry

Short Codes offer marketers unique opportunities to engage their audiences via text messaging. Short Codes are five- or six-digit codes that may be personalized to spell out a company, organization or a related word. Many organizations may choose to use Short Codes to send premium messages, which may charge subscribers additional fees for informative or promotional services such as coupons or news updates.

The Short Code Registry maintains a single database of available, reserved and registered short codes. CTIA administers the Common Short Code program, and iconectiv became the official U.S. Short Code Registry service provider in January, 2016.

For more information, please see the Short Code Registry’s Best Practices and the Short Code Monitoring Handbook.

The iconectiv site routes to https://usshortcodes.com/ where you can learn all about registering, case studies, and best practices. But I still want to know how to verify the sender of that 2FA message.

This is where US Short Code Directory comes in.

The U.S. Short Code Directory and the team at Tatango has assumed responsibility for the indexing of these unique phone numbers, creating the industry’s only public address book.

via https://usshortcodedirectory.com/about/

What do you know, the first code in the directory: Facebook, 32665. But wait, that’s not what’s listed in the Verge article… That’s 32665 vs 36265. Not sure what the deal is there, but may be a typo by The Verge (3-F, 2-B, 6-O, 6-O, 5-K in T9).

Just for a sanity check, does the Wells Fargo short code match their Advanced Access list? Yep! And so does the Capitol One code.

Cool! We figured out a way to verify the sender of SMS based 2FA! Remember though, this does not only apply to 2FA, but also other SMS based communication from the company.

Short Codes in the Wild

Check out this recent Wells Fargo ad on YouTube.

Wells Fargo account alert text message from YouTube ad

At the 17 second mark the narrator mentions “alerting you to certain card activity we find suspicious“. How do they do this? By SMS of course. And what number is the alert from? 93733!? NOOOOO! That’s not 93557.  WF was so close. Missed an opportunity to tie everything back to that random support page. The ad has a caveat “Screen images simulated”, so ¯\_(ツ)_/¯. For what it’s worth the phone number to call is in fact for WF Customer Service.

Questions, Concerns & Opportunities

This feels like the tip of the short code iceberg and I still have a lot of questions. How long do short codes last? Do companies change numbers? Can short code be reused? Can I trust that the next time I receive a message from a short code number that it is from the same company as last time? Can messaging apps label the code like caller id?

I don’t have all the answers, but there are definitely more things to be done to help fight the next generation of phishing. As more companies continue to recommend 2FA and send updates over SMS, we need tools in place to ensure we can trust the messages we receive.

Wells Fargo’s advice to add their numbers to your address book is good, as long as the short code (and normal telephone) numbers do not change over time. While it may be uncommon, it is possible for companies switch numbers, and (possibly more common) previously used numbers can become available for a different company to re-register. In the former, people will see an unknown number seemingly masquerading as a service they do use, which should be a cause for suspicion (although benign). For the latter, people will assume trust in the content from number they recognize (creating a phishing opportunity). While instances of these issues may be unsubstantiated (there’s very little info on how short code numbers change hands and “Best Practices” are all about marketing), this is a reason to have service driven trust management keeping track of ownership and identity.

There is an opportunity for services like US Short Code Directory and tatango to provide access to their index of short codes, so companies like Apple and Google can continue to improve their messaging services. If the Short Code Directory had a public API to query and verify short codes, messaging apps could implement a new style of caller id (essentially a DNS for SMS, but not this) to let you know the message from 227898 that says its “From Capitol One”, is legitimately from Capitol One.

At the end of the day, it should be easier to stay safe online, even if improving short codes are just an obscure part of the solution. Now to see if I can get Wells Fargo and The Verge to fix their typos.

Popular Company Short Codes

Disclaimer, I have not received messages from all of these numbers, so I cannot verify their legitimacy nor comprehensiveness. Given the issues noted above, these numbers may change or companies may start using additional numbers for SMS communication (Google already has at least 5. They may consolidate or add another).

Facebook: 32665 and 3266

Twitter: 40404

Google: 22000, 23333 and others

Apple: 272273 and others

Microsoft: 365365, 51789 and others

Amazon: 262966, 58988 and others

Capital One: 227898 and others

Chase: 28107,  24273 and others

Wells Fargo: 93557 and others

Bank of America: 73981 and others

American Express: 25684 and others

Intuit: 75341 and others

Discover: 347268 and others

PayPal: 729725777539

Venmo: 86753

AT&T: 88170, 883773 and others

Verizon: 27589 and others

T-Mobile: 37981

FedEx: 37473 and others

USPS: 28777 and others

Walmart: 40303 and others

Twilio: 22395 and others

Uber: 82722289203

Additional Reading

Workplace Design

Coffee mug and open notebook on a wooden desk

My team is moving back from open to private offices, so it’s an opportune time to find inspiration for the new space. There are all sorts of studies about collaboration and productivity level in open space vs closed offices, but Joel Spolsky and Anil Dash from Stack Overflow and Fog Creek have perspectives from the lens of software engineers that still hold nearly fifteen years later.

Office space seems to be the one thing that nobody can get right and nobody can do anything about. There’s a ten year lease, and whenever the company moves the last person anybody asks about how to design the space is the manager of the software team, who finds out what his new veal-fattening pens, uh, cubicle farm is going to be like for the first time on the Monday after the move-in.

Well, it’s my own damn company and I can do something about it, so I did.

Bionic Office by Joel Spolsky

Mindset

Building great office space for software developers serves two purposes: increased productivity, and increased recruiting pull. Private offices with doors that close prevent programmers from interruptions allowing them to concentrate on code without being forced to stop and listen to every interesting conversation in the room. And the nice offices wow our job candidates, making it easier for us to attract, hire, and retain the great developers we need to make software profitably. It’s worth it, especially in a world where so many software jobs provide only the most rudimentary and depressing cubicle farms.

The New Fog Creek Office by Joel Spolsky

Just take a look at the long list of requirements for the office space:

  • Gobs of well-lit perimeter offices
  • Desks designed for programming
  • Glass whiteboards
  • Coffee bar and lunchroom
  • A huge salt water aquarium
  • Plenty of meeting space
  • A library
  • A shower
  • Wood floors, carpet, concrete

The link to photos of the space is broken, but not because the space didn’t work out; Joel’s ideas on workplace design outlasted Picasa. Luckily the NYTimes article on the Fog Creek office still has a few thumbnail sized images. Plus street view is still a thing.

They used bold, playful colors and bright common areas to foster in-the-trenches camaraderie and created private soundproof offices where the programmers can go to get their jobs done.

A Software Designer Knows His Office Space, Too via NYTimes

Spolsky wanted a space designed intentionally for deep work and collaboration, and he put a considerable amount of thought to ensure he built a productive environment for the people at Fog Creek. It paid off.

Results

Spolsky has a treasure trove of knowledge on his blog that spills out amongst others on his team. The rich history is pervasive across those he influences.

With a private office, you’re in control of your space and attention: you can choose when to close the door and avoid interruptions, and when to go play ping-pong, talk with coworkers or work out of the coffee bar. In an open office you’re at the mercy of the people around you: if they’re talking, the best you can do is crank up your headphones and hope to drown them out, and if they’re playing foosball then good luck.

Everybody has their own rhythm. People come in at different times, take breaks at different times, need to socialize at different times, and have their most productive hours at different times. Management’s job is to accommodate that and create a space where all those conflicting needs don’t congeal into a persistent hum of distraction — not to enforce some top-down ideal of openness and creativity. Private offices put the people who do the actual work in control.

Why We (Still) Believe in Private Offices by David Fullerton

Fullerton’s post shows how teams can create a “magnificent culture of non-distraction” by using technology to keep people in control of how they work. At first, the idea typing out a chat, going back and forth seems less efficient than tapping someone on the shoulder for help, but leveraging technology as a tool to help people stay in the flow actually makes sense.

Whenever we get a new hire in the office, I make it a point to sit down with them in their first week and explain that they should not go to someone’s office when they have a question. Instead, ping them in chat and then jump on a hangout. The result is exactly the sort of culture that open offices are supposed to promote but better:

  • If someone else sees the message, they can chime in with the answer
  • If someone else is interested in the discussion, they can jump onto the hangout
  • And, crucially, if someone is working heads-down and doesn’t want to be distracted, all they have to do is close the chat window.

But what about marketing and design? And how about expanding teams?

We don’t actually even give everyone private offices: some people are doubled up in offices, and the sales and marketing teams sit in larger open spaces because they feel that’s an important part of how they work.

Evolution

Putting employees first is always at the heart of how we create great places to work.

In 2017 Fog Creek moved to it’s fourth headquarters (1, 2, 3, 4). They could have recreated a bigger version of their office 3.0, but instead they reflected on their team dynamic and arrived at a design that allows people to work in a variety of ways. With a largely remote workforce and a larger percentage of people in non-technical roles, Anil Dash (Fog Creek CEO as of December 2016) understood the existing office design could be enhanced.

The new office also includes a variety of work spaces that accommodate different work modes. Anil mentioned personal offices for standalone work, but they also work well for collaborative work like pair programming. There are workstations for independent or individual co-working, and phone booths for external communication such as sales calls or podcast appearances. There’s also our conference room — known as the “quiet car” — which can be used across a number of different work modes. And true to the nature of our office being flexible and experimental, we are already re-configuring some of these spaces based on how we use them.

Beyond Open Offices: The New Fog Creek Headquarters by Maurice Cherry

Fog Creek treats their office like any other product they produce. With Spolsky at the helm, the company researched best designs, planned with it’s people in mind, built it’s ideal vision, and iterated on the product, improving with each new update.

As the company has grown and changed over the years, so has our office space. Joel’s grand visions for what a work environment should do for employees have been part of Fog Creek from the very beginning, and we have tried to honor that legacy. We also have plenty of plans for the future, and look forward to continuing our tradition of incubating new teams and ideas from within our company and beyond.

Inspiration

For those of you looking to revitalize your open space or bring the aesthetics of open plan spaces to a private office from Design Milk 2017 Where I Work Year in Review. Since these aren’t Fog Creek offices, the productivity may not be at the same level, but they look cool.

All the links

View story at Medium.com

View story at Medium.com

Edge Computing

Self-driving cars are, as far as I’m aware, the ultimate example of edge computing. Due to latency, privacy, and bandwidth, you can’t feed all the numerous sensors of a self-driving car up to the cloud and wait for a response. Your trip can’t survive that kind of latency, and even if it could, the cellular network is too inconsistent to rely on it for this kind of work.

But cars also represent a full shift away from user responsibility for the software they run on their devices. A self-driving car almost has to be managed centrally. It needs to get updates from the manufacturer automatically, it needs to send processed data back to the cloud to improve the algorithm

What is edge computing? via The Verge

The decision to avoid an obstacle or slam on the brakes needs to happen instantaneously. A self driving car does not have the luxury of time to wait for a decision to beam down from the cloud. A car must have the latest decision-making ability available on board, so it can react to inputs using it’s current understanding and update the model in the cloud to enhance the driving capabilities of the entire fleet cars.

Further reading/viewing:

The End of Cloud Computing by Peter Levine

Aggregation and Integration

breaking up a formerly integrated system — commoditizing and modularizing it — destroys incumbent value while simultaneously allowing a new entrant to integrate a different part of the value chain and thus capture new value.

Why aggregation matters is that it is the means by which new integrations are achieved:

  • Netflix leveraged its position as an aggregator of video content into the integration of the customer relationship and content creation, undoing the integration of linear channels and content creation
  • Airbnb/Uber and other similar services integrate the customer relationship with the driver/homeowner relationship, undoing the integration of cars/property with payment
  • Google and Facebook integrated content discovery with advertising, undoing the integration of editorial and advertising

Zillow is embracing a model that, should it be successful, tears down the status quo: this will not only enrage Zillow’s customers, but also endanger Zillow’s primary revenue stream.

Thompson outlines evolving his method of explaining trends in technology. While his initial thoughts on aggregation theory captured most of the story, Zillow’s recent news expanded his thinking such that aggregation must leverage integration to transform value chains. This pivot does not discount his previous mindset but gives an opportunity to reflect on older insights and use the new frame of reference going forward.

Zillow, Aggregation, and Integration via Stratechery

 

Slow Social Media

In his recent posts, Cal Newport outlines why our attention will benefit from individuals owing their own domains. We may need tools to help us do it, but companies will assist us from behind the scenes allowing us to build our own brands. People should be able to move their brand (and data) from one platform to another when improvements come along. This is the social internet, and it will power the economy of the future. Value online comes from those who create it. All we can do as technologists is empower others to make their art with greater efficiency.

Context: On Social Media and its Discontents and Beyond Delete Facebook by Cal Newport

Fixing the Blog

Hammer and bent nails on a wood block

Thank you Jetpack Support

First of all, Jetpack support is amazing. Automattic is known for its customer service oriented culture, and it shows. I was running into an issue where Jetpack would not connect to my site, so I reached out to their support team. They were responsive in helping me figure out the tech at all hours of the day, and they even researched how to solve a problem with a non-Automattic product. Great stuff, I appreciate it!

Here’s the link if you need help with Jetpack.

WordPress and Site Address URL

The first issue has been with the site since day one. For custom WordPress installs, the WordPress Address and Site Address URLs should be the same (both set to https://ryancropp.com in this case) no matter what they say:

Site Address (URL):

Enter the address here if you want your site home page to be different from your WordPress installation directory.

Just don’t try to manually update WordPress and Site address to your custom domain from wp-admin dashboard. You will get locked out.

To fix the issue you need to FTP into your site and update the siteurl in the functions.php file for your installed theme:

update_option('siteurl','https://ryancropp.com');
update_option('home','https://ryancropp.com');

Refresh WordPress admin and then remove the update_option code.

Clear site cache

Just for good measure, clear the Project Nami blob cache so no old site configurations are left hanging around. The instructions are in the readme of the Blob-cache download (why!?).

An aside on Cron expressions

They’re kind of fun, but how are these still a thing? I guess we have Unix to thank. I need to use them 0 0 0 0 0 ? 2018/2 or 0 0 0 0 0 ? 2018/3 at best. Here are some docs from Oracle and Quartz to figure out what that means.

Jetpack and Project Nami

Turns out everything up to this point had nothing to do with getting Jetpack to work. It certainly didn’t hurt, but attempting to link Jetpack still showed the error “Verification secrets not found”.

Jetpack verification secrets error message

On a whim I decided to look into the compatibility issues with Jetpack and Project Nami, the caching mechanism for WordPress on Azure. And what do you know, Issue #237 on the Project Nami GitHub had the answer.

One should now be able to solve the issue by adding the following to the site’s wp-config.php:

define( ‘JETPACK_DISABLE_RAW_OPTIONS’, true );

See Automattic/jetpack#7875 for more info.

So finally, if you’re following along at home, disable Jetpack raw options for Project Nami…

And it works!

You can sign up for email subscriptions in the sidebar.

A red-herring extension

Turning off browser extensions may or may not have helped. I turned off Ghostery in the middle of the process, forgot about it, then realized it was still off some time later.

Happy blogging

The Apple Experience

iPhone X innards with batteries showing

At this point, people don’t need to upgrade their phones every two years. Phones are fast enough and the bump from the last generation A10 fusion chip to the latest A11 bionic really isn’t that important. Apple has even started added some fancy name to the end to uphold the experience of getting a new, more powerful phone. As a result, the deliberate slowdown was seen as user hostile to deceptively increase user delight when upgrading to a new phone and artificially enhancing the “this is so much smoother than my old phone” feeling. If the last iPhone started at 100% performance and degraded to 75%, the jump to 125% feels more significant.

From A Message to Our Customers about iPhone Batteries and Performance

It should go without saying that we think sudden, unexpected shutdowns are unacceptable. We don’t want any of our users to lose a call, miss taking a picture or have any other part of their iPhone experience interrupted if we can avoid it.

Apple mentions there are three contributions to battery life and performance:

  • a normal, temporary performance impact when upgrading the operating system as iPhone installs new software and updates apps
  • minor bugs in the initial release which have since been fixed
  • continued chemical aging of the batteries in older iPhone 6 and iPhone 6s devices, many of which are still running on their original batteries.

As always, our team is working on ways to make the user experience even better, including improving how we manage performance and avoid unexpected shutdowns as batteries age.

As they should. Apple has always been the experience company. The Apple walled garden is carefully designed in the ethos that people don’t know what they want until you show it to them. Maybe we need a little more clarity into how Apple creates people’s preferences.