phiffer.org

Dan Phiffer Dan Phiffer builds websites, makes art, and teaches in NYC

Multi-factor authentication for busy people

Multi-factor authentication (aka “two-factor,” or “two-step,” or 2FA) is a really great way to protect yourself (and anyone you’ve ever emailed). There are excellent and detailed guides out there, but the sheer amount of information about how to do things properly can be daunting for someone who has other important things to get done. I’m not saying don’t read all the nuanced details about security, just don’t put off setting it up right now if it seems too complicated.

If you do nothing else to protect your privacy, do this. (If you do two things, start using a password manager.)

You should set up multi-factor authentication on every account that offers it, but because each of those accounts all have a “password reset email” feature, securing your email account is extra important. If you use Gmail, it’s really easy, and you should literally stop and do this right now if you haven’t already. (I use FastMail as my email service provider, and they also support multi-factor authentication.)

Enable it!
Enable it!
  1. Go to myaccount.google.com and click “Sign-in & security”
  2. Scroll to the box that includes the “2-Step Verification” button and click on it
  3. Follow the steps to confirm your phone number (gotcha: it’s easy to confuse the “from” phone number with the code you need to type in)
  4. Click the “Turn on” link to activate the telephone-based confirmation step
  5. Print the backup security codes and stash them somewhere safe (in case future-you loses a phone)
Turn On 2-step verification
Turn On 2-step verification

What happens next? From now on you will need your phone to sign in with your Google account. This can be inconvenient, but it will make your account much harder to hack.

Do you use an email client like Mail.app? Did that email client stop working suddenly? You may need to configure your mail client to use App Passwords. If you changed the mail client to use the App Password and it still doesn’t work, try deleting the account and setting it up from scratch. I know all of this feels like a big hassle right now, but it’s mostly something you can set up and forget about.

Extra-credit (do this later if you don’t have time right now)

There is an known attack on SMS- or phone call-based multi-factor authentication where an adversary can trick your cell phone provider into assigning your phone number to a different phone (this falls into the category of hacking called social engineering). This tactic has been used on high profile activists, so you should consider taking one additional step to improve your security.

Setup an Authenticator app
Setup an Authenticator app
  1. Install the Google Authenticator app or Authy
  2. Go back to that 2-Step Verification page and scroll down to the “Set up alternative second step” section
  3. Click on the “Setup” link for Authenticator App
  4. Open the app you just installed on your phone and take a photo of the QR code
  5. Your phone will show a code and a countdown timer, type that code into the web form

Well done, you did it! Or maybe you got stuck? Please get in touch and let me know what gave you trouble. And then get back to all of your amazing work.

Why is software so complicated?medium.com

Aaron Boodman on the inevitability of software complexity:

So why is software so complicated? Because we want to build complicated things. Things with lots of features and options. Things that require thousands of computers spread across multiple continents. Things that can go to Mars and back. Things that drive themselves on the freeway. These things that we want to build are inherently complicated. Software is just the distillation of that complexity. Software is complexity.

See also: The Rise of “Worse is Better”

Link

Dark neutralmedium.com

I am 100% in favor of “flesh tones” reflecting a broader range than the usual “pasty white.”

On August 25th, Slack unveiled a new way for developers to connect to Slack, the “Add to Slack” button. It was the culmination of a great deal of work from many Slack employees, and just the beginning of what we have in store for Slack in the near future. Today, though, I want to talk about a seemingly small detail that has been more important to me than I would have expected: the skin color of the hand in the launch graphics.

[Just Press ‘Add to Slack’](http://slackhq.com/post/127498327415/addtoslack)
“Just Press ‘Add to Slack’”

I’m also 100% in favor of writing up the thinking behind these kinds of choices.

Diógenes, Brown Person: This hand should totally be brown. I’m brown.
Diogenes, Person: I’m trying to get good design work done and get this project out, not become an activist and start a movement or something.
Diógenes, Brown Person: It’s not a big deal, you’re the designer, you get to make it brown.
Diogenes, Person: Yea but, I’m going to ask Matt to do it, that’s like, making a thing of it.

More of us should make a thing of it. Especially us pasty folk.

Link via Belong.io

Enchanting by Numberstoe.prx.org

Theory of Everything recently posted an addendum to last year’s Enchanting by Numbers. Both episodes are very worthwhile, and both include the same segment talking about how misunderstood Facebook algorithms are to most of its users.

Be sure to listen to the interview with Suw Charman-Anderson, founder of Ada Lovelace Day, which is today! That part starts at 14:30 in part 1.

Part 1


Download MP3

Part 2


Download MP3

Ada Lovelace created the first algorithm, and discovered the first computer bug.
Ada Lovelace created the first algorithm, and discovered the first computer bug. Source: Wikipedia

See also: Ada’s Algorithm, the author was also interviewed in the Ada Lovelace segment. And Betsy Morais’s New Yorker article.

Link

Margaret Hamiltonen.wikipedia.org

Margaret Hamilton oversaw the guidance software on the Apollo program. Thanks to sophisticated error-handling in that code, her engineering efforts prevented an abort of the Apollo 11 landing.

Three minutes before the Lunar lander reached the Moon’s surface, several computer alarms were triggered. The computer was overloaded with incoming data, because the rendezvous radar system (not necessary for landing) updated an involuntary counter in the computer, which stole cycles from the computer. Due to its robust architecture, the computer was able to keep running; the Apollo onboard flight software was developed using an asynchronous executive so that higher priority jobs (important for landing) could interrupt lower priority jobs.

Margaret Hamilton standing next to listings of the actual Apollo Guidance Computer (AGC) source code
Margaret Hamilton standing next to listings of the actual Apollo Guidance Computer (AGC) source code

This was on a 2 MHz machine with 1 MB of RAM. Even the term software engineering was coined by Hamilton, who also helped develop “concepts of asynchronous software, priority scheduling, end-to-end testing, and human-in-the-loop decision capability.”

A safe mantra to keep in mind with software is “all software has bugs,” which so often means “don’t expect too much.” Margaret Hamilton was instrumental in creating processes to ensure that software can systematically accommodate surprises and continue functioning as expected.

See also: an appreciation of Margaret Hamilton by Three Fingered Fox.

Link

Metadata+ is dead, long live Ephemeral+ (updated)

In Spring 2014 I was driving through Boston on my way to visit family in New Hampshire. I started researching what some good lunch options might be along the route we were taking and decided to try out a new app I’d just installed called Jelly. It’s kind of like an instant, mobile app version of Quora: you can ask the app a question that gets broadcast out to your friends and friends-of-friends. Then, within a few minutes, answers are beamed back to your phone. Presto, I can get local recommendations for a lunch spot!

I’d recently finished reading Ethan Zuckerman’s Rewire. The book discusses how the scope of information we encounter—what ideas we’re exposed to—is limited by the boundaries of our pre-established social networks, an important aspect of the filter bubble phenomenon. I was thinking about how my lunch scenario fit into what I’d just been reading, me leveraging my social connections to solve the most first world of problems. And then this notification unexpectedly pops up on my phone, instead of the lunch tip I was waiting for.

Oof.

This was a notification from Josh Begley’s Metadata+, another app I’d recently installed. The app has a vague name, but its purpose is very particular. Whenever details emerge about a U.S. drone strike, it broadcasts a notification (also available via the Twitter handle @dronestream). It’s an invited interruption, a gentle reminder about how interconnectedness also includes 67-year-old midwives from North Waziristan.

Begley’s app is a great example of critical design. The first, and most obvious critique, is of the U.S. Government’s reliance on drone strikes abroad. The experience of living with this app shows just how infrequently we’re reminded that we are still at war, going on 14 years as of next Wednesday.

The other critique is about the capricious power Apple wields over digital culture. The name Metadata+ was chosen to obfuscate its purpose from app store reviewers, who rejected it repeatedly saying it was “not useful or entertaining enough.” Both Apple and Google have the last word on what software is deemed legitimate enough to install on a mobile phone. And as mobile phones increasingly become a default computing platform, it’s not hard to see the danger involved with censoring apps on the basis of political sensitivity. We’ve ceded control over the boundaries of permissible thought to corporate entities.

Which brings us to this past Sunday, when Apple decided to remove Metadata+ from the app store because of “excessively crude or objectionable content.”

Apple has a long and storied history of arbitrarily applying its decency policies to reject apps. As Sam Biddle has pointed out in Gawker, there are many, many other apps of questionable value that get approved all the time. It’s both a matter of inconsistency, and that political speech is being confined to those computers that happen to have keyboards and file systems.

But the larger issue, as pointed out by Zuckerman in his book, isn’t necessarily about what information is available to us, but rather that we care enough to seek it out. The removal of Metadata+ is about not being able to imagine why you’d want such a thing. And the extent that companies cater to our desires to be endlessly amused by safe and familiar material. We need these gatekeeper corporations to treat us more like digital cosmopolitans, to use Zuckerman’s phrase.

I was glad to learn from the Gawker piece that Begley is one step ahead of Apple on this one. He’s already released an identical version of the app, just with a different name: Ephemeral+.

Download it before it’s censored. Update: that one got pulled too.

Also, I highly recommend Life Alive for lunch, it’s a lovely vegetarian place in Salem, MA.

ows.offline code releasedgithub.com

I’ve finally set up a GitHub repository! It also includes some documentation on how to configure OpenWRT to behave like a captive portal. I’m trying to think of a better fake-TLD than “.offline”. Dot-occupy? I’m open to suggestions.

Update: I’ve renamed the project to occupy.here! More soon…

Proposal for ows.offline

Occupy Wall Street

Like many New Yorkers I’ve been observing and processing the occupation of Zuccatti Park with a sense of cautious enthusiasm. It took me a few days to figure out what it’s actually about, and I’ve come around to accept their position that protesting with no stated agenda is legitimate. Here are some resources I’ve found useful, but really the best way to get a sense for things is to walk around and talk to people in the park.

In short, there are two separate things happening:

  1. The occupation itself (also): a group of activists with a range of leftist politics (plus some Ron Paul supporters) are using occupation as a tactic
  2. The New York City General Assembly: an experimental process of political deliberation and decision making is being used to guide the occupation

One challenge I’ve been working through is how to best express my sympathy for the occupation without bailing on my existing responsibilities. My Fall schedule has been really busy, which has made it especially difficult to participate.

Of course there are a variety of things one can do to show support and I’m hoping to contribute in a way that plays to my strengths. Below is a project proposal I’ve submitted to the Occupennial art exhibition (more info).

ows.offline proposal

I’ve been working on hacking a Linksys WRT54GL wifi router to run very simple web forum software I developed. It’s part of an art process that I’m calling Situated Net Art. Like other instances of net art it relies on web technologies such as HTML, but is intended to be experienced from a specific physical location rather than adopting the more universal context of the World Wide Web.

The motivation behind ows.offline is that the web offers a fantastic array of communication tools, but often the conversation suffers from certain trade-offs as the number of participants rises. Proximity could be a useful filter for those with the greatest need for better communication tools. The forum is an attempt to complement the existing deliberative process of the NYC General Assembly and offer its constituents a text-based forum to hash out their ideas with greater subtlety.

Another component I’m interested in exploring is how access to the necessary hardware is or is not available to occupiers. I would like to develop some kind of social contract that stipulates the laptop or smartphone being used to access the forum might be lent to those without access. A similar type of arrangement was used in Heath Bunting’s BorderXing database, where users of the site must agree to become internet providers in a kind of peer-to-peer distributed net cafe.

Photo courtesy of Flickr user shankbone

What next?

I’m not sure an art context is the best way to pursue this, but at least it’s a process I’m familiar with. I’m still pretty uncertain about the logistics of maintaining electricity and shepherding my little wireless router through the chaos of the plaza. Perhaps inclusion in an art exhibition is a way to keep the hardware safe and dry. The software itself is already written, I’m just trying to figure out the best way to deploy it. I’ll release the software soon on GitHub with instructions on how others might use it with their own wifi routers.

Of course I’m open to feedback, so please feel free to comment below.