tommorris.org

Discussing software, the web, politics, sexuality and the unending supply of human stupidity.


It's astounding someone can build an order process so bad, but @AmericanExpress managed it

User story: I want to book a hotel room in Brighton. You know, the place with the beach and the Dome and the gays and all that.

So I go to the American Express travel booking site. Because Amex points.

I start typing in Brighton and it Ajax autocorrects it to “Brighton & Hove, GB”.

I submit the form and it tells me I’ve done fucked it up.

Alright, screw Hove, I want to stay in Brighton proper.

No, I mean Brighton—the one here in England.

If I click any of the ones that don’t have a state after them, it brings me back to this form… forever.

Then I notice I’m on the US website. Even though I’ve signed in with my username and password which is a UK account. I click “Change country” and I get taken to the UK website. It’s lost my search and my logged-in status. On the upside, the UK site has mastered the idea that Brighton is in England.

I hate computers.


I’m officially in love with BitTorrent Sync. The iOS app could do with some polish but the unbelievably simple selective sync means that things like my Downloads folder is now unified between computers.


Most people don't give a damn about surveillance

The Snowden revelations keep dripping away and revealing the nearly absurd levels of surveillance that the United States government and the ‘Five Eyes’ countries engage in—bulk, indiscriminate collection of a data to a level that should shock the conscience.

It should shock the conscience, but it doesn’t. That big technology companies like Google and Yahoo! have been deputised in programmes like PRISM and Tempora was already known in outline by most technically informed observers—Snowden merely filled in the details with evidence.

That government spooks could read your email via the big Internet companies is something any savvy journalist could have learned off-the-record by simply pouring beer into engineers who work at said big companies. I know, I’ve done it, and I’m just a guy with a blog, for fucks sake.

Everyone in the business knew it was happening already: Snowden lifted the cover on the collective doublethink about it. We already knew it was happening, but having nice PowerPoint slides up on the Guardian website short-circuited our internal plausible deniability. It made solid what was already in the air.

Except, here’s the really depressing bit: most people don’t care and won’t care. The issues are suitably abstract enough and technical enough for them to not care. People say they care but their actions belie their words.

It takes twenty minutes for a technically competent user to set up GPG. A small amount of Googling and you can get your email client set up to send 2048-bit encrypted email. I have had GPG set up for years and less than 1% of email I get is signed or encrypted.

And I work with developers, software people, people who would have no trouble getting GPG set up with their mail client. If even technology geeks can’t be fucked to send encrypted email despite military strength encryption protocols like PGP/GPG being available for 20+ years, expecting ordinary people to do so is a fools errand.

That’s not because of user experience. We could let a whole room full of top designers make the process of using something broadly like GPG into a much less awful experience, but people aren’t motivated to get it set up because it doesn’t solve something they actually in their heart of hearts think is a problem.

And there are now simple smartphone apps: TextSecure, RedPhone, Telegram. No complex key signing protocols or any of that: just free apps that are basically WhatsApp or Facebook Messages but with the nice benefit of the NSA and GCHQ not listening. These apps are riding high on the App Store and Google Play charts because of the clear user demand for surveillance-free communication, right?

My hypothesis is simple: people don’t care about privacy, they care about looking like they care about privacy. There are people I know who spend hours and hours posting links to the latest Snowden revelation, the latest stupid thing a politician said about privacy, hell, they consider themselves privacy activists—and then I click through to their website and the GPG key is… nowhere to be seen. Hell, sometimes I can’t even find an email address, so I end up sending them a Twitter DM. And that’s privacy activists.

In the time it would take for people to have all these extended conversations about privacy and surveillance on Reddit, Hacker News, Twitter and the comments section of newspaper websites, people could easily set up a secure chat app or start encrypting their email and actually make it so that the spying agencies have to try.

People scoff at “if you have nothing to hide, you have nothing to fear” as a glib political slogan without grasping that based on people’s actions, that is actually how people think about surveillance. The threat posed to individual people by the NSA and GCHQ feels pretty empty. At a certain point, it fades into the background.

When I first started commuting to London, I felt offended by CCTV cameras. I counted the number of cameras on my commute into London and across London on the tube (or I tried—I lost count after about 150). Now they are invisible—the only time they have even come to mind was when I got mugged for my iPhone in a side-street that Camden council had neglected to put CCTV on. What once felt like an Orwellian intrusion by an overbearing state is something I only notice when its absence allows a gang of thugs on motorbikes to pilfer my phone.

I don’t expect a political fix for surveillance. Politicians are surprisingly adept at grabbing on to public sentiment and squeezing votes out of it. The issue of mass internet surveillance is one that some political party would grab on to for votes. I watched the UK election coverage and I can’t recall seeing any politician of any party mentioning surveillance in the mainstream media. No votes to grab on opposing Big Brother, evidently.

Whether you think technology or politics or law is ultimately the way we fight the surveillance state, both need people. That mass of people giving a damn is missing. This is a dispiriting message for anyone who thinks these issues matter, but the first step to fixing the problem is acknowledging the reality—that most people don’t give a shit.





The lesson of Yahoo! Pipes is a brutal one: never trust big companies. They’ll offer you nice things. Politely decline and build your own.



A subculture I didn’t know existed: shoplifting bloggers. They go and steal shit, then post on Tumblr about it.

Some claim that it is fake: that they actually buy the stuff for real and then post it on their shoplifting blog to get some unearned street cred or to role play, and some add legal disclaimers of the form “this is for entertainment purposes only”.



hoxton beard owners looking uncomfortable in a suit dot tumblr dot com - make this happen please.




50 Lies Programmers Believe

  1. The naming convention for the majority of the people in my country is the paradigm case and nobody really does anything differently.
  2. Names are all representable in US ASCII.
  3. Unicode has properly solved the problem of language encoding.
  4. Gender is immutable and fits cleanly into an enumerated list of two options.
  5. A person’s legal name is how they identify to the world.
  6. In general, openness is preferable to privacy.
  7. Postcodes or ZIP codes are a good way to identify the location someone is in rather than an arbitrary string used for routing mail.
  8. Everyone has a phone number and that phone numbers map 1-to-1 with people.
  9. Objects of any size can be delivered to one’s home at any time.
  10. Users give a fuck about security.
  11. The tech industry is a meritocracy.
  12. The tech industry is magically free of the prejudices of wider society.
  13. Date and times are precise rather than vague.
  14. We now have the one true data representation format: JSON.
  15. Names can be easily categorised by gender.
  16. Single sign-on services reduce complexity and ease user registration.
  17. Users have a single sign-on for the single sign-on provider.
  18. There is a meaningful distinction between an HTTP resource that has been called an API and one that serves HTML.
  19. A web app is a distinct and meaningfully different animal than a web site.
  20. CSS can be “object-oriented” or “functional” rather than a declarative rules language with a moderately complex inheritance model.
  21. Unit tests catch all the problems that type checkers or static analysers would.
  22. Writing unit tests is fun rather than a tiresome necessity.
  23. Getting 100% test coverage ensures bug free software.
  24. A methodology propagated primarily through expensive training courses will lead to the production of significantly better software.
  25. Reformulating an understandable bug report (“the Froobnicator class throws an uncaught exception when the input contains UTF-8”) into a long-winded user story (“as a developer, I want to be able to run this software without seeing a 500 line stack trace when…”) will magically make it easier to plan work.
  26. Having people wholly unfamiliar with a code base performing a quick review of code style and variable naming practices will ensure that bugs are caught.
  27. Having team members unfamiliar with a particular facet of a code base come up with arbitrary estimates based on their hunches will solve all estimation woes.
  28. “Rock stars” will fix all problems.
  29. This cool new thing you saw on Hacker News will solve all your problems and can be put directly into production with no issues.
  30. Security is simply a “layer” one need add to a piece of software.
  31. GPS signals are usually reasonably accurate in most circumstances.
  32. Only mobile devices need to provide geolocation support.
  33. Anything that runs Windows, Mac OS X or non-Android flavours of Linux should not be thought of as a mobile device even if it is a teeny ultraportable laptop you carry around with you everywhere.
  34. Mobile devices are used on the move with low bandwidth, even if they are being used by someone sitting on a sofa watching TV.
  35. Syncing over the Internet rather than directly between two computers is the simplest and most efficient way to share data.
  36. Distributed version control is made even more awesome by having GitHub as a single point of failure.
  37. There are no technical fixes to societal problems.
  38. Bitcoin is a technical fix for a societal problem.
  39. apt-get install bitcoin-qt solves the usability problems of Bitcoin. (I’m not making this one up.)
  40. People basically act rationally. (Don’t worry, the majority of economists believe this one too in spite of the existence of astrologers, homeopaths, theologians, the National Lottery, and psychics claiming to be able to talk to your dead pets.)
  41. People update their software frequently.
  42. If you have too many options in your software, you just hide them away in a “hamburger” menu and the problem is solved.
  43. The social networks used by programmers in the Western world broadly reflect the social networks used by people around the world.
  44. My behaviour-driven development tool’s fancy colourful feature list HTML output is ever looked at by non-technical management.
  45. Stated MIME types accurately reflect payload content.
  46. Being able to check code in at 30,000 feet using Git (or Mercurial etc.) is a feature I shall use, rather than taking advantage of all the free alcohol on the plane to make air travel slightly more tolerable.
  47. Seconds since epoch is a sensible date format. (And there is a commonly agreed epoch.)
  48. One’s database or application framework recognising timezone-aware dates solves timezone-related issues.
  49. Arguments about methodology will produce better software.
  50. Installing homebrew to install npm to install bower to install Angular (etc.) to avoid writing a raw AJAX call is reasonable.

Software is terrible.


Codeship Manager for iOS has amazing notifications. I push some code up, my phone flashes up that the build has started. Then I get a home screen notification and a subtle little audio notification to tell me whether the build has passed or failed. Love it.


Been reading about hackathons where the code ends up belonging to the organiser, but the legal liability (e.g. against patent troll) rests with the developer. The lawyers that came up with that nasty, exploitative little wheeze are truly engaging in some pretty clever disruption.



I finally tried out BitTorrent Sync today. It’s ludicrously simple and unlike Dropbox, they don’t scan your private files for DMCA violations or have former senior U.S. politicians on their board (Condoleeza Rice has openly supported illegal, warrantless NSA wiretapping).

Dropbox is still something I use as there are various ways I can’t not use it. I’d prefer it if BitTorrent Sync were open source—if only so it can get a proper security audit—but I trust it more than I trust Dropbox. I’m starting slow and using BitTorrent Sync for some pretty simple stuff (syncing my ~/Library/Fonts folder is what prompted me to try it).