Audacious Fox

Bohemian Coding’s Sketch is a powerful design tool for MacOS, and a number of folks at my company, including me, use it daily. In the next version (43), Sketch will be switching to a JSON-based file format, which, among other things, means that Sketch files will become openly scriptable. Jasim A. Basheer captures how exciting this is:

Can you imagine what kind of new things will now be possible? One word: design automation (okay, two words!). You want Artboards that showcase a font and its variations, like a Google Fonts page? There’s probably going to be a script to generate that file. There will be websites from which you can download freshly brewed Sketch files based on what you ask — say an image gallery, or a landing page, or a signup form. You’ll be able to pick your brand colors, choose a theme, randomize it, and voila! you have a Sketch design to start playing with. Someone could even build a Sketch equivalent that runs on the browser. The possibilities are many!

Additionally, aside from automation and cross-platform interoperability, switching to a JSON-based file format should make file versioning — tracking changes to a document over time — much simpler. Currently, if you have a Sketch file in version control, any changes you make are tracked as a single, opaque modification. With the new file format, you should be able to see not only that the document changed, but also what parts of the design were modified.

Using a JSON-based file format will let designers leverage the power and collaboration of version control, without sacrificing the context of their changes.

Tuesday, 14 March 2017

Zach Gage has an uncanny ability to design games that strike a near-perfect blend of challenge and fun. In my opinion, Mr. Gage is responsible for some of the best iOS games ever made, and his latest entry — TypeShift — looks ready to continue that reputation.

Announced on Twitter and accompanied by a short trailer, TypeShift appears to be an anagram-like word puzzle, where the player must rearrange multiple columns of letters to form words across the center row. The first few puzzles look simple, but as the number of columns and letters grow, it becomes clear how difficult later levels might be. As with all Mr. Gage’s games, the subtle sound effects and animation timings are unreasonably pleasing.

TypeShift doesn’t launch until next Saturday, which gives you plenty of time to check out Mr. Gage’s other titles: Really Bad Chess, a chess game with random pieces; Ridiculous Fishing, a surprisingly deep arcade-style game about fishing; and SpellTower, simply one of the best word games available.

Thursday, 9 March 2017

Yesterday, WikiLeaks’ Twitter account posted the following:

WikiLeaks #Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption https://wikileaks.org/ciav7p1

The link in that tweet takes you to a WikiLeaks’ press release, where the organization details their latest leak, “Vault 7”: 8,761 documents supposedly outlining a vast number of secret C.I.A. hacking tools and methods. The data dump covers 2013 to 2016, and WikiLeaks is calling it, “the largest ever publication of confidential documents on the agency.”

From this dump, the most reported bits are related to dozens of exploits and malware the C.I.A. is claimed to have used in targeting smart devices and operating systems. To start, there’s “Weeping Angel”, an attack aimed at Samsung smart TVs:

After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

That’s another hard hit against smart TVs, which only seem to get press for creepy privacy violations. Last month, VIZIO agreed to settle charges that unauthorized tracking of user’s watching habits violated the law. Next month, I can only assume we’ll read about smart TVs that secretly analyze the best times for telemarketers to robocall you.

Also heavily reported in the leak were details about C.I.A.-created malware that was used to infect iOS and Android devices:

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

The above pull quote, coupled with the aforementioned @WikiLeaks’ tweet, are where I want to focus for the moment.

There’s nothing insignificant about the information WikiLeaks released, but it’s deceiving to say the C.I.A. “can effectively bypass Signal + Telegram + WhatsApp + Confide encryption”. The named apps, and their underlying encryption, were not compromised; the device itself was. Encrypted messaging app Telegram detailed the difference in a blog post, emphasis theirs:

This is not an app issue. It is relevant on the level of devices and operating systems like iOS and Android. For this reason, naming any particular app in this context is misleading.

Even the New York Times failed to clarify this distinction, and deleted the original tweet to their story, in order to “provide more context”. The deleted tweet:

WikiLeaks release said CIA managed to bypass encryption on popular services such as Signal, WhatsApp, and Telegram

The new one, emphasis mine:

WikiLeaks release said CIA managed to bypass encryption in mobile apps by compromising the entire phone

Greg Miller and Ellen Nakashima, of the Washington Post, got it right:

In a statement, WikiLeaks said the files enable the agency to bypass popular encryption-enabled applications — including WhatsApp, Signal and Telegram — used by millions of people to safeguard their communications.

But experts said that rather than defeating the encryption of those applications, the CIA’s methods rely on exploiting vulnerabilities in the devices on which they are installed, a method referred to as “hacking the endpoint.”

This distinction might appear to be an issue of semantics. If my “phone” is compromised, what does it matter if it’s the OS or the apps? However, understanding the difference between a compromised device and broken encryption is important. Encryption is hard, if not impossible, to break. The fact that the C.I.A. is now resorting to and focusing on device-level attacks only indicates the strength of our current encryption methods.

That said, a phone running malware-infested iOS or Android offers the same protection as letting a stranger use your device unlocked; encryption matters little if the attacker can see every keypress before it’s been encrypted. WikiLeaks noted multiple of these device-level exploits, 14 for iOS alone, classifying them as undisclosed vulnerabilities or “zero days”.

This all seems incredibly serious, but how authentic are these documents? Yesterday, the New York Times asked the C.I.A., but a spokesman, Dean Boyd, said, “We do not comment on the authenticity or content of purported intelligence documents.” However, also yesterday, when asked about the leak, Apple provided a statement to April Glaser at Recode, indicating that some of the noted iOS vulnerabilities did exist:

While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.


8,761 documents is a lot of data to dig through, so expect the reverberations of this leak to continue for a while. However, if the documents are genuine, it appears the C.I.A. has been slowly strengthening its ability to gain unauthorized access to any number of smartphones and devices, with intent to capture private data before it’s been encrypted. Unless you’re a journalist, work in government, or are simply unlucky, there’s a chance you haven’t been targeted. At this point though, it’s hard to say with any certainty to what extent or how often these tools have been used.

In the meantime, basic security advice still stands: update all your software and operating systems to the latest versions, enable two-factor authentication for your primary email address and important online accounts, and continue to rely on encrypted messaging apps for communicating sensitive information. These steps might not stop the C.I.A., but taking simple security seriously makes it harder on anyone without the resources of the United States government.

Wednesday, 8 March 2017

Released last week, The Legend of Zelda: Breath of the Wild is not only Nintendo’s debut title for the Switch, but also now one of Metacritic’s highest rated video games. Breath of the Wild currently holds the #4 spot, with a score of 98, based on 71 critical reviews. Here’s what some of those reviewers are saying:

Arthur Gies, Polygon:

I guess, in the end, it’s not just that Breath of the Wild signals that Zelda has finally evolved and moved beyond the structure it’s leaned on for so long. It’s that the evolution in question has required Nintendo to finally treat its audience like intelligent people. That newfound respect has led to something big, and different, and exciting. But in an open world full of big changes, Breath of the Wild also almost always feels like a Zelda game — and establishes itself as the first current, vital-feeling Zelda in almost 20 years.

Jason Schreier, Kotaku:

This is a game that will dominate dinner conversations. It’s a game that will lead to countless anecdotes, discoveries, and swapped stories. Already, colleagues and I have spent a great deal of time comparing notes and talking about how we solved major puzzles. For one early section in which you have to figure out how to get Link through a freezing cold mountain, three Kotaku writers found three completely different ways to proceed. We’ve discussed surprise boss encounters, hidden puzzles, and where to find all the Korok seeds that are sprinkled across Hyrule. We’ve talked about Breath of the Wild’s mysteries and weird secrets, telling tales about the time one of us jumped down to a crevasse that seemed unexplorable, but in fact contained a new shrine: the designers’ way of rewarding curious players.

Dan Ryckert, Giant Bomb:

Every night, I sat on the couch and played until I genuinely couldn’t stay awake any longer. Every morning, I couldn’t get out of bed and turn on the Switch fast enough. Near the end, I found myself getting sad as I climbed the final towers and saw the map fill in. This Hyrule gave me such a profound sense of discovery, and I never wanted the mysteries to end. Even now, I have no idea of the purpose of numerous things that I saw. Ganon may be dead and I watched the credits roll, but I want to keep jumping back in until I’ve seen everything there is to see.

Jose Otero, IGN:

The Legend of Zelda: Breath of the Wild is a masterclass in open-world design and a watershed game that reinvents a 30-year-old franchise. It presents a wonderful sandbox full of mystery, dangling dozens upon dozens of tantalizing things in front of you that just beg to be explored. I’ve had so many adventures in Breath of the Wild, and each one has a unique story behind what led me to them, making them stories on top of stories. And even after I’ve spent more than 50 hours searching the far reaches of Hyrule, I still manage to come across things I haven’t seen before. I’ll easily spend 50 to 100 more trying to track down its fascinating moments.

There are many similar reviews, but the above pull quotes capture the overall sentiment: Breath of the Wild is a landmark in the series and has near universal acclaim. As a fan of the franchise, this is incredibly heartening; even if my only way of sharing in the excitement is through reading and waiting for someone I know to get a copy.

Side note: As I was researching, I came across a quote from Zelda series creator Shigeru Miyamoto, in a 2012 interview with the Guardian’s Simon Parkin. In the interview, Mr. Miyamoto is quoted, “A delayed game is eventually good, but a rushed game is forever bad”.

This summarizes something I admire about creative companies like Nintendo, Pixar, and Apple: they’re not afraid to delay a launch or take extra time for the sake of quality and story. Many publishers extol courage, conviction, and commitment in their games, and good games attempt to translate these ideals to the player. In great titles, however, these principles are not only present, but palpable. No translation is needed, because there’s only one interpretation, and everyone understands.

Tuesday, 7 March 2017

Laura Sydell, NPR, reporting on Facebook’s recent change to its Trending topics algorithm:

As of Wednesday, the company has once again changed its trending algorithms. Personal preferences are now out of the equation. “Facebook will no longer be personalized based on someone’s interests,” Facebook says in a press release. “Everyone in the same region will see the same topics.” For now, a region is considered a country, so everyone in the U.S. should see the same topics.

Considering how individualized Facebook attempts to make its products, this is a huge pivot for Trending topics. Although region-based topics are the big story here, the Trending section will also now display the original headline and originating source for every story. Good stuff.

Thursday, 26 January 2017

Fidji Simo, Director of Product at Facebook, recently announcing a large, coordinated effort to bolster Facebook’s ability to collect, verify, and distribute online news. They’re calling it the Facebook Journalism Project, and Mr. Simo categorized the various efforts of the project into three areas: collaborative development of news products, training and tools for journalists, and training and tools for everyone.

Predictably, a number of the efforts deal with helping journalists better understand and use Facebook products. This will come primarily through a whole new series of e-learning courses, eventually certified by Poynter, that focus on Live, Instant Articles, and other Facebook tools for building a presence and distributing stories.

Of the 10 key areas Mr. Simo highlighted, three of them were particularly interesting: news-specific hackathons, focused on collaborating with news organizations; working with the News Literacy Project to develop a series of public service ads for Facebook users; and helping First Draft News, a nonprofit focused on digital trust and ethics, establish a virtual verification community for eyewitness media. These are all problems that are both important and could benefit from a company with the influence and resources as Facebook.

Yet, for some, I imagine the Facebook Journalism Project serves as a visible reminder to how rough 2016 was for Facebook and online news.

In May, Gizmodo’s Michael Nunez spoke with former Facebook workers, who said they routinely suppressed conservative stories from appearing in the Trending Topics section of the site. This kicked off a whole slew of responses, and set the stage for events later that summer.

In August, Facebook stated they had investigated the claims in Gizmodo’s piece and found “no evidence of systematic bias”. Shortly after that story, Quartz reported that Facebook had laid off the entire Trending Topics editorial staff and would be replacing them with engineers, automation, and algorithms. Then, only three days after Quart’z piece, the Washington Post reported a top post for Facebook’s Trending Topics featured a factually incorrect article about Megyn Kelly, stating she had been fired from Fox News. She hadn’t, and attention shifted from the suppression of conservative news to the unintentional elevation of fake stories.

It goes on, and the 2016 election only served to raise Facebook’s profile in the debate of fake news, responsibility, and influence.


In some ways, the Facebook Journalism Project is embarrassingly late to the party, and work to tackle the effects of reinforced ideological bubbles could have begun much sooner. In 2016, the Pew Research Center reported that 62% of U.S. adults get their news from social media, and on Facebook, which reaches about 67% of all U.S. adults, about two-thirds of its users get their news from the site. I imagine those numbers will continue to rise for the foreseeable future, as Facebook looks to push past over 1.8 billion active monthly users.

The Facebook Journalism Project is a good first set of acknowledgements and initiatives, but they shouldn’t be the only ones. If Facebook wants to be a “place for public discourse”, an institution that blends media and technology, the company should continue to devote money, talent, and time to projects like this one. The first step to solving a problem is recognizing there is one, and while I don’t know if the Facebook Journalism Project will solve anything, it’s uplifting that they’re trying.

Thursday, 19 January 2017

Eric Brantner, on the recent update to Google’s page rank algorithm, which targets overly obnoxious interstitial ads on mobile:

Google is targeting what they call “problematic transitions,” and gave three specific examples of pages that would be affected. The first is pages that show a pop up that opens right after a user clicks a link or as they scroll through a page, hiding the page’s content. Also affected are pages that show an interstitial ad that must be closed out before the user gets to their desired content and pages that keep content “under the fold” with an interstitial on the top of the page. Google has noted that “small” pop ups won’t be affected by these rules, but they didn’t give any details about what specific size constitutes “small.” […]

Of course, there are some caveats. The new rule applies only to the first click on a page from Google. Once you’re on a web page, there are no penalties if you encounter the ads following another link.

This change feels like a half measure. On their Webmasters Blog, Google specifies they’re only targeting (emphasis mine) “pages where content is not easily accessible to a user on the transition from the mobile search results”. Google’s only focusing on the transition from result to page; the part of the experience most closely tied to them. This is not an attempt to purge these terrible fullscreen roadblocks from the web.

To an extent, that’s fair; Google’s entitled to only focus on the parts of searching they can control: the results and the certain parts of the result itself. Additionally, judging from my own analytics, most Google traffic tends to read what they came for and leave. For those people, interstitial ads after the first page aren’t an issue.

However, if Google’s opinion is truly that “intrusive interstitials provide a poorer experience to users than other pages where content is immediately accessible”, why not apply the same site-wide expectations they do for mobile-friendly webpages? If Google’s crawler is smart enough to determine the difference between an interstitial ad (penalized) and one displayed for legal obligations (exempted), I think the new ranking algorithm should consider the entire site, not just the individual pages.

Intrusive, distasteful interstitials hurt the mobile web, and Google should oppose them on principle, not passively.

Thursday, 19 January 2017

Rob Rhyne, in his aforementioned essay:

My thinking goes like this: I can borrow someone else’s phone if I need to make a call, but I want my Mac if I need to do any sort of deep thinking. This feeling of personalization runs deep in a desktop operating system. It’s much more than wallpaper, or color schemes. My Mac is loaded with software and utilities that I have written custom for my specific use. I’m not talking about general software development, but scripting, and automation which ease my everyday tasks.

This level of customization is nigh impossible on iOS devices, by design. Might sound like I’m being facetious or setting up a strawman argument. In fact, I believe this capability for deep customization is the crux of the division between the iPad-only and Mac loyalist camps.

This last sentence clearly conveys what I’ve been struggling to articulate for a while. My argument against the every road ends with iOS conversation shouldn’t focus on functions iOS can’t perform, because that position loses ground with each passing year and software update. Rather, the more sound, sane, stance is to frame MacOS as the more malleable operating system; one that lets me tinker and customize my machine to my own thinking, instead of the other way around.

iOS is simpler, yes. Requires less maintenance, yes. Can — functionally — replace MacOS for many, yes. But for me, my Mac is irreplaceable and intertwined with a certain style of computing I love and can’t find anywhere else.

Monday, 9 January 2017

Pete Souza, Chief White House Photographer, presents his eighth and final collection of photographs from this year at the White House. Mr. Souza:

As always, the editing for this project is both subjective and personal. Yes, there are some historic moments included but mostly I was looking for behind-the-scenes moments that give people a more personal look at the President and First Lady. And I’ve included a few that I thought were just cool photos.

Interesting to see how often President Obama’s Fitbit Surge makes it into the shot. 17 out of 73 by my count. I couldn’t find any solid sources on what modifications (or limitations) this particular Surge might have, but it’d be interesting to see a.) what changes were made and by whom, and b.) if or where the health data is stored.

Saturday, 7 January 2017

There's more good stuff in the archive.