Sunday, 07-Oct-12 14:56
Facebook, blogs & such

I was recently in a Finnish blogger's meeting - the kind of a meeting we've been having for about ten years now. A lot of the same faces, so it's really more of an old gang that used to read each other's blogs -meeting rather than representative of today's blogosphere really. But in those days, we were a non-insignificant part of it. Now it felt more like a meeting of people who happen to be in the same Facebook group, and I didn't see a lot of people posting to their blogs; but many did post status updates to Twitter or Facebook.

But is blogging dead? Have people moved on? Not really, says Technorati's 2011 survey. It's just that blogging is now... established. Platforms like Tumblr have lowered the threshold of participation so low that they've become almost self-sufficient blogging ecosystems of their own, and a Wordpress instance is just so easy to set up that it's not funny. The old days of experimenting with this new form of self-expression have showed what one can do and what one shouldn't, and the good stuff lives on.

While I enjoy Twitter and Facebook a lot, their problem - from my point of view - is that they're a bit too easy to use. Posting has been made so easy that people do it all the time - especially Twitter seems to be a write-only-medium around whenever Apple launches something. (I habitually turn Twitter now off for 24 hrs whenever this occurs; I can read the news in a far better format elsewhere.) It's like drinking from the firehose, and that eventually means that a lot of interesting stuff I just miss because I can't be arsed to scroll back through the zillions of messages.

Now, Facebook is trying to do something about it, but I increasingly feel that their algorithms seem to be a bit broken: I'm missing even more stuff than on Twitter, because FB is hiding it (or at least feels like it's hiding it) from me deliberately. And while most of it is crap, it does occasionally hide things I would've like or needed to have seen. Yes, I know many of you are just now itching to click on the comment link to tell me that Google Plus solves all these problems. But I think it only works because there aren't that many people there. Most social software works really well when you're running a tightly knit group of people, but once everybody and your mom is there, things break.

Which takes me to why I increasingly find myself going back to blogging: With the publication threshold going a bit up now that simple thoughts can be effortlessly shared using other tools, and the blogging tools having matured, the blogs I follow just seem so much nicer, better thought out, insightful, funny, informative and, well, interesting. Now that FB and Twitter and G+ function as a first-order crap filter, only the better stuff gets through to blog level. You write about meaningful stuff; you share the cat video on Facebook. You see an interesting link and share it on Twitter; but someone else sees it, has a thought, and writes it up on a blog, whereas previously it would just go to a blog.

So Facebook isn't killing blogging. It's making it better.

And someone has to be the source of all those links that people share. ;-)

(Here's a thought: does sharing discourage original content? Is the time spent on reading and sharing links away from creating original stuff?)

Tuesday, 02-Oct-12 13:20
Tolkien Week

To celebrate the Tolkien week I wanted to share my most memorable Tolkien thing - the not-so-widely known soundtrack from Ryhmäteatteri's epic performance from 1988. Hover over the image to find more. You'll need Spotify installed - if you don't, the songs are available also from Youtube, but the quality can be low.

Friday, 28-Sep-12 09:35
Miksi tukea joukkoliikennettä

Yksi argumentti, jota en kovin usein ole nähnyt esitettävän, on yksinkertaisesti tämä:

Mitä useampi pyöräilee tai käyttää joukkoliikennettä työmatkallaan, sitä enemmän autoilijoilla on tilaa.

Noin karrikoidusti kuulostaa joskus siltä, että palavasilmäiset nuoret yrittävät vakuuttaa vanhat autoilijasedät ja -tädit luopumaan siitä omasta autostaan. Mutta näinhän ei ole, vaan joukkoliikenteen lisäämisen tavoitteena on pitää huolta siitä, että ne jotka sitä autoa haluavat tai joutuvat käyttämään, mahtuisivat sinne tielle ilman ruuhkia, kun ne jotka haluaisivat käyttää joukkoliikennettä tai pyöräillä, mutta joutuvat autoilemaan, saadaan pois sieltä häiritsemästä.

Tässä valossa on oikeasti vaikea ymmärtää, miksi kukaan vastustaisi joukkoliikenteen lisäämistä ja pyöräilyn helpottamista, koska on paljon halvempaa ja yksinkertaisempaa saada ihmisiä pois tieliikenteen jaloista kuin rakentaa lisää autoteitä. Tonttimaata kun on melko vähän ja sekin kannattaisi käyttää asuntoihin, ja maan alle ja ylle rakentaminen on hillittömän kallista...

(No juu, on tämä nyt yksinkertaistusta ja populismia. Mut hei, järkiargumentteja voi mennä lueskelemaan vaikka Otso Kivekkään blogista. ;-)

Saturday, 22-Sep-12 18:23
Radio Eyes

The story is making rounds about someone finally figuring out that you can just make a copy of a public transport ticket with an NFC phone, then use the ticket, then reset the ticket to its original state by writing the original content to it with the same NFC phone.

You can claim that this is a big security vulnerability, but in fact it really isn't. It's the equivalent of a public transport company issuing paper tickets using regular printer paper, and then punching a hole to it when it's used. You can make a photocopy of the ticket you received, and just keep making more photocopies and throw away the punched ones.

There was no security in the first place, so it's not a security breach. The only reason nobody figured this out earlier was the fact that nobody had cheap, ubiquitous NFC readers available - Radio Eyes, I call them. You've already got two perfectly good EyeBall Mk2 Photon Detection Engines installed by default, so figuring out that there's no security in a printed A4 you can put through a copy machine isn't really a big brain exercise. Calling it a security breach would be like calling stealing candy from a kid the "greatest crime since Enron."

This is an example of a technical term called "security through obscurity", which is the rather dubious practice of just making stuff hard to find instead of actually protecting things through algorithms. And I'm pretty sure a lot of the other early NFC ticket/card manufacturers have made the same mistake as the Amsterdam PTA. [Fun fact: the Ultralite cards are manufactured by NXP, Nee Philips Semiconductors, a Dutch company. And this particular trick with the travel cards has been "exposed" at least once before - though at that time you couldn't download an App to get the free trips...]. The ISO-14443 family of standards, which is the basis for NFC, has been around for a very long time, and there's a metric fuckton of still operational systems out there whose developers probably never thought an inch about security, because "it was just going to be for our use only."

In a world where everyone can have radio eyes, and you can download an app to open them for you, you just can't continue relying on obscurity.

A lot more of these coming your way soon.

Updating the story now that kids are out with their mom... As an example, this tag is on the front door of the house. My N9 tells me that it's a "Type 2 Tag", which in other words means it's a Mifare Ultralite. Now, if the developers never bothered to make it read-only, anyone could just use their phone to overwrite the contents with links to say, cat pictures.

Also, I finally found the link to the original hack of the Amsterdam transport ticket from 2007: It should be noted that the hack has been public knowledge for at least five years, and the Amsterdam PTA hasn't bothered to fix the problem yet. So there really is no security involved. :-) (The link above has plenty of other information about different attacks on the Dutch public transport system too. Interesting stuff if you're into it.)

Of course, the difference is that now you can download an app for it - which is something I've been expecting for years now ;-)

You can buy your own Mifare Ultralights for $0.50/piece from anywhere. Go hack! ;-)

Sunday, 22-Jul-12 22:25
Minor thought about Nokia's strategy...

I've kept quiet publically about my views on Nokia, my former employer, simply for the reason that quite a lot of the public discussion is just mindless bashing - the public opinion in Finland in general is quite bipolar: if things are going well, you can't say bad things; and if things are going badly, you're supposed to be competing about who can invent the most creative bashing. And I think a lot of the discussions has so far been pretty destructive, and kindly put, context-free.

Anyway, one thing that really irks me about this whole Windows Phone strategy is something that worried me already with Symbian: the fact that it's completely bound to the Windows ecosystem. Yes, Visual Studio is a nice environment, but if you take a look at the offices of any random self-respecting innovative startup, or peek at any gathering where alpha-geeks congregate, you'll see overwhelmingly nothing but Apple logos. And this has been true for the past seven or eight years or so.

Still, a few years ago, mobile development occurred on Windows and web development on Mac - mostly because mobile operating systems were their own beasts, and you needed a host environment to write stuff on them (though you could write Java code for feature phones both on Mac and Linux too, but mostly it was a pain). Now, both dominant players in the smartphone world, Android and iOS have very deep roots in Linux and BSD, respectively, and many of the engineers who built those systems are Mac and Linux users - so the development environments are available on those platforms as well.

Now, when your average alpha geek realizes that mobile is cool, are they going to ditch their existing platforms, toolchains, email clients, etc so that they could be first in a completely unknown environment? Will a hipster ditch his Mac and iPhone to use Windows to code for Nokia? Or lug two laptops into the cafe? Or reboot his machine to switch between operating systems?

I have my doubts. The preference of the work environment is ingrained pretty deeply into people. Yes, some people have the ability to keep switching between OSs, and some people just plain prefer Windows. But my guess is that whenever someone creates a mobile startup, they first code for what they're familiar with (which in these days will be iOS & Android), and only if it works, they hire an offshore consultant to replicate the experience on Windows Mobile to get the rest of the market. You can get some pretty great talent from Romania, Ukraine, Russia or India for quite cheap...

Now, obviously there is value in being the first-mover in Windows Mobile space - less apps is less competition. If you're really good, both MS and Nokia will use their marketing muscle to highlight your app in order to promote their own platform and phones. But still, it's an awfully big risk to start off with the small market - 'cos in order to be big, you absolutely must get to the Apple and Android stores. And someone else might make it first. If someone clones your best-selling iOS app on Windows Marketplace, well, the loss isn't great.

Of course popular apps will appear on Windows Mobile as well; once you have the concept proven, it's easy to replicate. But still, will Windows Mobile be the platform on which the Next Big Thing will be born? Or will it be the "Can Haz Too" -platform, nice and comfy for your dad to join Foursquare after all the hipsters have already done their final check-in and moved to Wherever?

I don't know, and I certainly don't want to underestimate Microsoft's marketing muscle... but it seems to me that they'll need to do something fairly radical to start winning back developer's hearts. A lot of the server-side stuff these days is pretty much "sorry, we don't really support Windows that well", and for many developers it seems that Windows is the place where you pop in to check whether your site still works on Internet Explorer. So it's hard to see why it would be different for mobile any more.

(If I'm wrong and for some reason there's some sort of a selection bias here and it just so happens that all the Macs owned by developers happen to be people I know and everyone else uses Windows, please do let me know in the comments.)

(Update: Just learned that Nokia is even kicking out excellent developers from their dev program for not developing on Windows Phone. So they're turning to Android/iOS. Oh well. Developing for Symbian wasn't ever fun, but this isn't the way to end it.)

Saturday, 14-Jul-12 23:50
Unhelpfully, he said

One thing that greatly bugs me is the tendency of some people to suggest switching operating systems or platforms whenever you have a problem. For example, if you have a problem related to an Android device, some dork will inevitably come and suggest that you should buy an iPhone. Or if you have a problem with your Mac, some other dork will come over and proclaim that if you just switched to Linux, you wouldn't have these problems. (And I'm not going to even start with the kind of comments you get if you happen to have a problem with one Linux distro - ever tried debating Debian vs Gentoo or Red Hat vs Ubuntu?)

And I do understand that people do try to be helpful. But in this case, it comes across as smug and mean, and to me it sounds like "well, it's your own problem for being so stupid you chose the wrong platform." I mean, if I choose something, it's usually the result of some thinking and balancing of benefits and disadvantages - so when someone just suggests, without understanding the context, that I should've chosen something else... well, to me it sounds like what an utterly contemptuous, stupid person would say.

But the biggest thing that irates me that the advice is always, always completely useless. If I have an 81 cent software problem, what kind of a solution it is to buy a €599 phone to solve it? In exactly which kind of an universe is that a reasonable solution? It's the rich bully kid solution, if anything - it's just like asking advice on money problems and someone telling you "well, you should've chosen to get a job that pays more", or complaining about something your spouse did and getting the extremely helpful "get a better wife" -response. Mean, prejudiced, stupid, and completely and utterly useless, and nobody in their right mind does that to people. Except that it seems fully okay when it comes to computing issues, apparently. Which is probably one of the reasons why people think geeks are dorks.

So henceforth I'll be treating any such suggestions with extreme prejudice. I've listened to this shit for 30 years. Enough is enough.

Thursday, 05-Jul-12 20:23
Ditched Facebook for a month, nobody noticed

I wouldn't call Facebook sabbaticals a trend, but I've seen a couple of people take them recently. Much like a New Year's promise - no alcohol for me in January!

Anyway, I decided completely quitely to just not go to Facebook about a month ago. I had a couple of purposes: mostly to wean myself, as I sometimes get into these fully unproductive "must refresh Facebook to see if anyone says anything interesting" -states, but also to see if anyone noticed or cared. Today I finally cracked and asked the wife, if she's noticed my absence. "No, but I did wonder a bit why you've never seen any links", she told me. My tweets do go to Facebook, so that probably kept up the appearance of me participating, but I didn't read any comments, wall posts, respond to friend requests, event invites or private messages.

Facebook is social software, yes, 'cos it gets better the more people use it (kudos to Matt Jones for this). But if I wouldn't answer my phone or talk to anyone or attend a regular hobby for a month, I would really hope someone would notice and at least ask what is going on. But in the hypersocial atmosphere of Facebook, it is enough to just make noise to fake a persona. No actual interaction is required. And there is so much noise that the loss of one voice means nothing - there are a billion others ready to step up to join the chorus of social cacophonia.

Of course, I am not an important person, and I would expect only a handful of people to really care about hearing from me. But yet... Social software like Facebook and Twitter are pretty much the only contact I have with people these days (you know, small kids keep you busy). I don't think it's really contact though; just reflections from random angled surfaces.

(Oh yeah, and about my other target: I'm getting a lot more done. Or to be specific, I've been a bit more relaxed and a bit more focused, so I feel better. Absence of distractions good. Haven't yet really decided if I'm going back to FB. Probably I'll start popping by every now and then and go away if I notice myself spending too much time in there.)

((Also, I started a simple Tumblr blog where I try to post some thinglinked space images every now and then.)

Monday, 14-May-12 21:58
My pet peeve Finnish phrase

Finnish sayings can be stupid, but this has got to be the most stupid ever:

"If you let a piece of cake fall sideways when you take it from the tray, you will get a bad mother-in-law." ("Jos kaataa kakkupalan, saa huonon anopin.")

I mean - COME ON! Your entire relationship with a possibly completely perfect human ENTIRELY RUINED by one fumbled feat of dexterity? Of which any regularly social person will have about a MILLION opportunities to fail before the wedding bells ring?

What about if the cake is just badly constructed? How would it look like if, after several years of torment from a mother-in-law-from-hell someone turned up to your doorstep with a hatchet and demanded revenge over one slippery frosting? Imagine the responsibility and diligence one would have to exercise to ensure a good life for all friends?

Friday, 04-May-12 13:17
Kaleva/Amadeus security doublefail

This is just fucking insane: Kaleva Travels (and/or Amadeus, not sure which one is the real culprit here) not only stores the user passwords in plaintext, they also routinely share them with the service desk. Check out this email I got (real password blocked out, duh, and some not-so-useful mail headers removed):

Date: Wed, 25 Apr 2012 13:33:02 +0000 (GMT)
To: xxxxxxxxxxxxxxx
Message-ID: <>
Subject: Oma salasanasi

Hyvä Janne Jalkanen,
 Salasanasi on: xxxxxxxx
 Kiitos, että käytit yrityksesi online-varausjärjestelmää. Arvostamme asiointiasi.

Note the CC-line.

How could a company at this day and age so blithely ignore customer security is completely beyond me; storing plain text passwords is bad enough, but sharing them with who knows how many people...? In this case, I didn't even request a password reset; they just decided to send it to me at random and made it useless.

I fully realize that this is all done in the name of customer service, but there are far better ways - and secure - ways of doing this than just sharing the password around like it were a big box of cookies.

Also, this highlights the importance of using a different password across all the systems. You never know who's going to leak it.

Update: Our assistant just let me know that she also received the email with my password in it. So now I have no idea how many people have received my email/password combination. This is just fucking great.

Update, May 9th: Someone from Kaleva's Marketing called me and wanted to have a chat about what they could do about this. That's a good response.

Tuesday, 24-Apr-12 12:20
Iron Sky

I finally managed to see Iron Sky, and even more finally managed to write more about it, aside from an odd tweet. I'm sort of torn: I really want to like this movie, but it just doesn't do it for me. I followed it as closely as anyone could, and chose the Sneak Preview as my method of supporting this uniquely crowdsourced movie, and it had all the right people doing it and a wonderful concept that couldn't be made by any other method than people who don't know that it's not supposed to be done this way.

The movie sounds and looks awesome: The Laibach/Torssonen -effect knocks your teeth out, and I predict a resurgence of nazi aesthetic design values after this movie (steampunk is so old, nazipunk is is the new black). The cast is just perfect, from the wonderful innocence of Julia Dietze to Udo Kier's frightening presence. My personal favourite was Kym Jackson's space commander aboard the you-know-what, who seemed like an anchor of sanity in the middle of all insanity. I would've very much liked to have seen more of her - which may have been in plans at some point, as suggested by this audition tape.

But the but... I just couldn't bring myself to like or hate the characters or the story. The jokes were obvious and bland - and turns out all the big ones had already been spoiled to me. So I guess there's disappointment at the fact that you can really spoil *all* the jokes in the movie in just a couple of paragraphs. That suggests there weren't that many to begin with. And the whole thing had a smell on it; as if too many people had tried to tweak the script instead of just one person carrying a single vision.

But the but of the but: this is still a good movie, definitely worth watching. It's not a masterpiece; it's more like a good summer blockbuster with an insane twist. With the longest both pre-movie and post-movie funding-list ever (you will have finished your popcorn by the time the list of institutions-that-gave-money ends).

I would love to see the director, Timo Vuorensola, make a smaller movie next to hone his skills. And I would love to see Mr. Torssonen, the effects wizard, do something really, really big next, 'cos he's got the skills - and is sufficiently mad - already. (And I would like to see more Kym Jackson (@aussiegirly on Twitter), obviously. :-P)

Thursday, 19-Apr-12 21:43
Just sum haloz I picked up on the way home

Hover on the images for more info. The images were captured with my N9, which most definitely isn't designed for this kind of photography, so you can see all sorts of interesting artifacts in the images.

Saturday, 24-Mar-12 15:49
Gimme, gimme

...your Facebook password, seem quite a few companies to say these days. I think their motivation is to ensure that they don't hire "bad" people (for some arbitrary definition of bad), but this practice is probably more damaging than beneficial at large. What people do on their spare time isn't really the employer's concern; and at least in Finland this is even codified into legislation: the Finnish officials take a very dim view on even googling your interviewee, unless they've specifically given permission for it.

(BTW, we're hiring summer interns at Thinglink - be a dear and include links to the relevant profiles that you want us to check out. For example, great Stack Overflow and Github profiles really make you look good. But if you don't tell us about them, we can't know about them...)

Anyhow, my entire issue here is really that of trust: If I, as an employer, asked you to provide your username and password to private information (something that's quite expressly prohibited by Facebook terms of service and is against the first security precaution anyone is ever taught: Never ever share your password with anyone), and you gave it to me willingly - how could I possibly trust you with any confidential information, or even a cash register, knowing that with some pressure, you will cave in and share it all with the next guy who happens to ask?

I know a lot of people don't really think that there's any harm in sharing their Facebook statuses (or their friend's statuses - giving out your password to other people also violates the trust placed on you by these other people), and that people really want these jobs, but still: stop and consider how it makes you look. Signaling that you're an untrustworthy person who will do anything for their own good isn't probably the kind of an image you want to give.

Thursday, 19-Jan-12 10:55
ESA Shoots God

Funny how your mind plays tricks on you. Hover on the image. Image is very pretty though, astronomy FTW!

Wednesday, 18-Jan-12 14:19

Today, large swaths of those parts of the internet people actually care about have gone black to protest against SOPA - the US Stop Online Piracy Act. EFF has a wonderful explanation as to why SOPA and it's evil cousin PIPA are a really bad idea - read it.

Because of the provisions in SOPA/PIPA, they give unprecedented and unchecked power to corporations, which can be trivially misused. Oh, I'm not worried at all about Pirate Bay being censored - what concerns me is that a simple accusation can shut down any web service in the world. When DMCA was enacted early this century, it's biggest users were companies who were trying to shut down their competition. Ever wonder why printer cartridges cost so much? Yup, it's because the manufacturers use DMCA - a copyright act - to shut down their competition. With PIPA and SOPA this would get a LOT worse: Essentially any company could be shut down by any other company, or harassed long enough that they would bleed out all their money in litigation costs. It's worse for companies who allow user-generated content to be uploaded or linked to - once you become a threat to anyone else's business, you get shut down real fast. Your money traffic will cease, your domain name can be seized, and you have a choice to start litigating in the USA (hard if you're not an US company) or folding. This is about as anti-competitive as it gets. has an example on how one could just erase someone's internet presence using the provisions in SOPA - not because the person is a pirate, but because they happened to piss someone off. Remember: If there's a game it will be played. People - and corporations - will play the game, if they get the chance.

However, what's awesome about the whole thing is that finally the technology companies are standing up and saying "NO" in a loud, clear voice. It annoys me to no end when people go "the internet interprets censorship as damage and routes around it", or "internet censorship doesn't work" and other inanities like that. Yes, all blocks can be circumvented, but you have to understand that the fight never ends if the other side just keeps running. The more inventive workarounds technologists create, the more draconian the measures to block them get. And it's not the technologists who suffer, it's all the innocent people who just want to live their lives peacefully, and whose privacy and rights are being infringed all the time. We can't teach everyone to use Tor, because then all the countries will forbid Tor, and employ very intrusive ways of doing it. The end of that road is the War on Regular People, with Copyright Cops breaking into homes and carrying people off into the night.

The technologists must learn how to stand and fight. We must learn how to argument our side, we must lobby, we must be clever. We must spend money (and the technology companies have most of it anyway). We must vote for the right people who understand these things, and we must, must, must educate people.

You can start by donating to EFF or their Finnish equivalent Effi, or your local Pirate Party. Even if you don't agree with everything that they do or say, there is nobody else who fights this fight, until we can convince companies like Google, Microsoft, Apple and Nokia to start spending the money.

Monday, 09-Jan-12 23:05
New Year's Rant

The house body (I live in an apartment) decided that people drive their cars too much and too fast on the walkways. They're the only way to drive close to the doors, so obviously people who need to load and unload stuff use those all the time. I sympathise with this; I have kids and sometimes people drive just too fast for my comfort out here.

The mistake happened when they decided to install gates on all the entrances to the walkways. Gates in general are a bad idea because their use pattern is

  1. Drive to gate
  2. Step out of the car to open the gate
  3. Drive through the gate
  4. Step out of the car again to close the gate
  5. Drive to door, unload
  6. Drive to gate
  7. Step out of the car to open the gate
  8. Drive through the gate
  9. Step out of the car again to close the gate
  10. Drive away

The problem here is that it relies on people to remember and bother to actually close the gates. If you don't close the gate, the sequence becomes

  1. Drive to gate
  2. Step out of the car to open the gate
  3. Drive through the gate
  4. Drive to door, unload
  5. Drive away

This is a lot simpler to do, with the added bonus that if you load/unload a lot, you'll save a ton of time if you conveniently "forget" to close the gate all the time. Like the maintenance people, for example.

So, here's a deceptively simple-sounding math problem:

  • Assume that for any given person A the probability of closing the gate after using it is p=0.3, if the gate was closed when he first came to it.
  • Assume that for the same person, the probability of closing the gate is p=0.01, if the gate was open (people rarely close the gate if it's open already)
  • Assume also that there's an elderly person B who closes the gate once per day, if it's open, huffing and puffing about gates and how nobody ever closes them
  • Assume 50 users of the gate per day

What is the probability of the gate being open at any given time?

My empirical study suggests that it's somewhere near p=0.99... That is, out of the five gates we have, only one is ever closed. And that's the one very few people use.

OK, so gates are a bad idea because they assume that people will co-operate on something that's actively annoying for them. So what's the solution? Speed bumps. They cannot be turned off, and in general the incentives work towards remembering them - because forgetting about them is not convenient and may damage your car.

Wednesday, 14-Dec-11 11:30
The Inherent Evilness of Email

One thing I hear a lot these days is How Email Is Evil And It Eats Your Soul And Casts Your Spirit Into a Bottomless Pit Of Despair. Then people say that Skype/Chat/Wikis/Blogs/Google Docs/Facebook/Twitter are so much better than email, and if everyone just started using those and ditched email, things would just work so much better.

I think these people get it totally wrong. Their problem isn't with the tools, it's with people. The reason email is so popular is that it is the lowest common denominator for everyone, which means that you are bound to get also thoughtless, stupid and useless emails, because the people who send them are thoughtless, stupid or useless.

The thing is that with newfangled tools, there's a certain threshold. Only people who loved wikis started to use them first. So obviously it was a lot easier to work with people who loved the tools, and were able to use them effectively. Ditto with blogs, and Facebook and all the others. If you're an early adopter, you tend to hang with the early adopter crowd. (In fact, I suspect that this is also the reason why so many people claim Google Plus is so much better than Facebook - their friends who fill their timelines with uninteresting stuff just haven't followed yet, so obviously G+ seems more interesting.)

There's also a certain selectiveness for tools - I give out my Skype address to only a limited amount of people; have a bit more friends at Facebook, and give out my email address to everyone. Not entirely unsurprisingly, the noise ratio increases for the tools which have a larger distribution. And I'm fine with that.

So to me this is more of a social issue, not so much a technological issue.

Once a technology gets popular, you will have more people using it than you can comfortably really deal with. There's no magical bullet that would make everything easier.

But of course, different tools have different capabilities. You shouldn't use email as if it were a chat program: delegate the responsibilities to different tools. The way I deal with the email onslaught is that I turn off most email notifications, and make sure that push email is off at all times. I then make my email client check for email only for regular intervals, like once an hour, tops (email inboxes that get system alerts are on a tighter schedule, but those addresses I don't distribute so much). Also, most importantly, I don't really read many emails, nor do I respond to many emails; only when I have to. I've found that that cuts down your traffic a significant amount... (My personal record is 37 MB of incoming email in about 700 emails in a single day. Wasn't that hard to deal with really.)

I also turn off all Skype and IRC notifications so that I don't see the noise of icons bouncing or Growl notifications on the top of my screen. I find myself to be more efficient when I am not interrupted all the time. Managing interruptibility is the key; you must take control of your own time.

The really awesome thing about email is that it's a decent bandwidth, equal access, easy to use, delayed communication media. You can always send a Powerpoint to someone via email, and you don't have to worry about whether that guy has Dropbox access or whether you're hogging their wireless bandwidth by sending it on Skype. It Just Works, which is why so many people use it. You can deal with your email when you have suitable time, and you don't have to drop everything just because you're online on Skype and someone decides to send you questions.

I really do like email. I like Twitter too. And Facebook. I just don't always like all the people on them all the time.

Sunday, 13-Nov-11 22:51
Clicktivism for fifth season

So, I figured why not and thinking of my previous posting, went ahead and created a Facebook page for establishing marras a fifth season in Finland. Not that I believe for a moment that it would have an impact, but then again - why not? Most of the interesting stuff in my life has started with a "why not" - and no matter what happens, it should at least be good for a laugh or two.

So go ahead and like it if you think that Finland has really five seasons :)

(Sorry, the page is in Finnish only.)

Monday, 07-Nov-11 23:26
The Dead Season Again

I still believe Finland has five seasons instead of four - we're now living in marras, the dead season. I'll quote my old post from four years ago:


I've lately started to think that Finland really has five seasons instead of the usual four: The light green and energy of spring; the bright green, strong, vibrant and short summer; the autumn, full of gold and red; the dark, black wetness of marras, or what the Tolkien elves called quellë, or "fading"; and the pale blue and white cold of winter.

This "dead" season really is what I hate the most about Finland. It's a miserable period of time - and especially in Southern Finland it seems to go on for ages, maybe ending just right before Christmas.

That's why it was wonderful to see the first snow yesterday. It brings in the promise of winter, a season when you can feel alive then. And now the sun is shining, so things aren't all that bad.

But now we have no snow. Just a curtain of dark, cold, and wet.

Tuesday, 18-Oct-11 22:25
IT, what IT?

I no longer really know what my field is. Whenever people ask what I do, I just usually say something about being in the IT business, and wave my hands dismissively. But when I look at the answer myself, it is empty and hollow.

I read articles about the "IT business". They're filled with big words like ITIL and Cloud and SaaS. Yet they mean nothing to me, and whenever I try to read about them, my eyes glaze over and I wish I had something more interesting and easier to read - like Perl code written by a drunken monkey.

But yet, being the CTO in a hot startup means that by some definition I really must be in the IT business. However, it feels like I deal with far more mundane matters: I worry daily about open issues, answering to support questions, running unit tests, feature roadmapping beyond the next two weeks (with the product owner, of course), architecture design, license conditions, terms of service, developers, systems monitoring, capacity planning, functional test suites, deploying releases, continuous integration, paying service fees on time, talking to customers, making sure everyone knows what they're doing and where we're going (need to improve on this), learning a new language on the side, interviewing recruits, managing subcontracting, upgrading servers, DNS configuration, scalability, clustering, helping people through rough spots, documentation, coding rules, but most of all writing the actual code - in other words, Shit That Gets Things Done.

So when someone raves to me about how the cloud is going to change everything I usually just go "So? It's servers and data. You can either manage them yourself, or you can outsource them to some cloud provider. You make the calculation how much it costs to own, rent or cloudify your shit, factor in expansion costs and SW development and run with the one that produces a smaller number. No philosophy required."

On the other hand it is useful to put labels on stuff; it's so much easier to research on the internet if everyone agrees that a particular set of techniques is called "The Cloud", rather than everyone inventing their own name for it. However, it must be understood that these labels are only temporary and loose. Let the historians then give them proper labels once the full reach and impact of things are understood. Prior to that it's mostly about marketing, and desperate attempts of people dropping off the bandwagon to sound relevant again.

What matters is Getting Things Done. It's also useful to talk about How To Get Things Done, because it teaches others How Things Can Be Get Done, and henceforth More Things Get Done. It's far, far less useful to talk about What Does It Exactly Mean That Things Might Be Done In A Certain Way And Could We Have Another Meeting About The Impact Next Week Please?

(Here's a small idea to the Finnish IT press: write more about How To Get Things Done. You don't have to become a clone of the Make magazine, but write sometimes about companies and how they've approached certain problems, like recruiting or scalability or HR or even document change control. Help people to share the knowledge, 'cos we just don't have the time in the IT industry.)

Thursday, 13-Oct-11 16:23
Why payment isn't the killer app of NFC

I've been meaning to write this a long time, but not until now did I get some real pressure to do so.

NFC is one of those old technologies that's making a new comeback. Most of the transport in big, industrialized cities runs on NFC cards, made by a handful of companies. The payment industry is slowly moving to NFC as well, changing the cumbersome physical contact (which is always dirty or broken) into robust and durable wireless cards that you just wave at the reader.

The great thing about wireless is that you're no longer bound by the card sizes, and you can put the NFC payment chips anywhere that's big enough - a keyfob or a mobile phone for example - imagine how complicated it would be to figure out a standard for a physical connector on mobile phones that would work with every manufacturer - and still be fast and durable in use.

Mobile phones have a few other advantages as well as a payment instrument; they're connected and updateable, the NFC functionality can be turned off and be protected by a password, and you're actually far more unlikely to lose it than your wallet. (No, seriously; I'm told that it takes on the average about 2 hours to notice that your cell phone is gone, whereas wallets average around 23 hours. Unfortunately I don't have a reference to the study, so you have to take that with a grain of salt. Your mileage may of course vary; I'm pretty sure some of my readers keep losing their phone all the time and their wallet is always in place - but I claim it's because you need your phone so much more that you are actually noticing it's absence much more readily.)

There's also big money in the money business. So it's no big wonder that everyone is going apeshit on how NFC is going to transform payments and mobile technology and how it's a game-changing technology.

Sorry, but I don't really care.

Fundamentally, NFC payment and ticketing is a replacement business. Changing the underlying technology for credit cards is unlikely to make a person to consume and pay more as there's no fundamental reason why paying with a phone is easier or faster than with a plastic card. Yes, it may be more secure, but that's not usually a consideration for people. We're funny that way.

Then why is NFC being pushed for payments? Two reasons: it's a lot harder to copy a mobile phone than it's to copy a plastic card. It's not impossible by any means, but credit cards are essentially a risk management business. If a credit card company can save X billion a year simply by switching to a more secure technology to reduce fraud, even if it's not absolutely secure, it's obviously worth doing.

The second reason is that it introduces new players into the market: the mobile phone operators like to think they own the customer. So do the banks. So do the credit cards. You can't make an NFC payment system that works on phones without talking to the operators first, who'll want to take a small cut from every transaction. And this is all fine, but it's a very good reason for them to push the technology.

But herein lies the problem: if we have a replacement technology, and the amount of money in the system stays the same, then multiple players means less money for everyone.

What this all means is that NFC payments are a big boy's game. In order to get your payment application on the secure chip on the phone in any usable amounts, you need to have someone else's permission. Then it becomes a matter of agreements and deals and SLAs and revenue share and all that jazz that bigco's are very good at, but which takes a long time to happen.

So fundamentally, I don't believe that NFC payments and the whole secure game are at all interesting. It's just the same old stuff, hashed in a new way, split even more thinly among rich players. Even if Apple enters the payment game (and they're the only one with enough clout to ignore the operators and make their own payment system) it's still going to stay a closed ecosystem.

But what makes NFC really interesting is it's potential for creative hackery. Every NFC phone can also talk to other NFC phones, and every NFC phone will also carry a card writer, not just a card reader - and these are accessible by all developers. For many applications, you don't need banking/military grade security. You could even develop money transfer applications - imagine e.g direct BitCoin transfers from phone to phone; untraceable virtual money transactions. There's a disruptive business model right there. Skype for money, anyone?

Also, I'm really stoked to see what people will create when it becomes possible to annotate physical objects in a whole new way. Unlike 2D barcodes - which, while cheap, just don't look that nice in a lot of places - NFC tags can be embedded pretty much anywhere with only the faintest signal of their existence (this can obviously be a suspicious thing too). Also, NFC tags can be dynamic - their value can change over time (say you could have a tiny chip which measures temperature and moisture directly baked into your bathroom wall - just read it with your mobile phone whenever you're suspecting a problem.)

I'm not going to go and wave the big red security flag here. NFC has some advantages, which allows fairly secure systems to be built around it, though in quite a few cases security isn't really that important because of the short range imposed by physics. Eavesdropping on an NFC transaction can be done, but it's not trivial by any means (quite often the examples are very contrived, for example the infamous "exploding trash canister if you happen to hump it with your passport in your front pocket" -video). Security is still all about risk-management; as long as the possible gain is bigger than the cost, there's motivation for someone to break it, no matter how exquisite the security is. The practicality of the attack always needs to be factored in, and these days there's pretty much nothing easier to copy than the old magnetic stripes, which still are on the credit cards for legacy reasons. At least with an NFC phone you have to make a big effort...

Now that everyone and their cousin is rolling out NFC phones, the real power will be in the hands of the hackers. I don't think that the big guys can really innovate anything that's going to take people by the storm (except perhaps Apple, but the fact that they haven't done so yet shows that it's not easy for them either. They don't in general roll out new features unless there's a way to tie a user more tightly into the Apple ecosystem. Obviously this will be heralded as the greatest revolution of all times, but even then the real power will be in the fact that NFC phones will be available to masses.) Google is showing only weak usecases that remind me of the ideas that everyone else had around 2003 already; even if they've got NFC support in Android, their power will be in providing great development tools for startups (which they will subsequently acquire and integrate - or kill).

There's interesting potential for location-based gaming. For example, imagine a game of Shadow Cities where you can go for an item hunt, and by touching the item can get temporary superpowers. A sort of real-world capture-the-flag. The nature of NFC makes it easily embeddable in all sorts of narratives. Rovio is already shipping a version of Angry Birds, where you can unlock new fields by finding other players and asking them if they'd be willing to enable your fields by touching your phone - instant social component to a solo game. There's already an NFC-enabled geocache out there.

All in all, I'm pretty excited about NFC entering the consumer market right now. But not for the reasons that everyone else seems to be - I don't really care at all about NFC payment and ticketing. It's boring. It does not create new business. It's about big players shuffling money in a new way, that brings only incremental benefits to the consumer. The real power, the real innovation, and the real revolution will be in the NFC applications created by passionate people who wish to change the world.

Private comments? Drop me an email. Or complain in a nearby pub - that'll help.

More info...  
"Main" last changed on 10-Aug-2015 21:44:03 EEST by JanneJalkanen.

My latest photos