Dumping Dropbox? I don’t think so

March 14, 2013
by Riccardo Mori
Software

A reader of my blog has recently informed me about a website that invites Dropbox users to get rid of the service and start looking for better options, and asked me what are my thoughts on the matter. The website in question is called Dump Dropbox. Can you trust Dropbox to secure your stuff? — they ask. Then they offer a list of seven main questions & answers people should read to understand that perhaps Dropbox may not be the best option to secure their data.

And perhaps it isn’t. Honestly, of all the seven questions Dump Dropbox poses, I’m mostly concerned about N°6 and N°7, but in both cases it’s not a situation set in stone: who says Dropbox can’t introduce private encryption keys and expand its storage options outside the USA at a later date? 

But maybe a more interesting perspective to look at the whole issue is: are people naïve enough as to trust online cloud services with their most sensitive data? This, I think, is the question that should be asked in the first place. I’m not a typical user, I admit, and I come from what’s probably considered an old-school backup culture. My practices for keeping sensitive documents and data secure may seem quaint, but they never failed me in more than twenty years. The recipe is rather simple: 

  1. Identify and collect all the documents you consider sensitive (personal information, financial information, secret projects, etc.). In my case, this kind of stuff takes much less than 4 GB, and can easily be stored on DVD-Rs, USB pendrives, etc. and can also be easily moved around.
  2. Keep this core of sensitive information offline. I use multiple redundant backups on a variety of supports — from recordable DVDs to USB pendrives, from Magneto-Optical discs to PCMCIA cards, from external hard drives to floppy diskettes[1] — and I keep at least one copy off-site.
  3. Make sure whatever data you move around with any chosen cloud service isn’t sensitive. Make sure anything you consider important is copied, not moved: 85% of the contents in my Dropbox Folder, for instance, is made of files I have copied there from my MacBook Pro to make them available to three other PowerBooks, an iBook and a PowerMac G4 Cube. (The remaining 15% is unimportant stuff I just leave there for convenience and I wouldn’t lose any sleep over it if it got lost).
  4. Most importantly, though, the data I leave in my Dropbox is not essential. In my view, this fact alone is itself a security measure.

I use Dropbox for several reasons: it works remarkably well for me, it integrates seamlessly with my systems and devices, the service has always been reliable (for me — I know other people had problems related to past outages), but the main reason is probably Dropbox’s extended compatibility. When I went to download and install the latest 2.0 version, I was afraid it wouldn’t work on my (many) non-Intel Macs, but to my utter amazement it does[2]. I successfully upgraded my 12″ and 17″ PowerBook G4 running Mac OS X 10.5.8, plus my Titanium PowerBook G4, iBook G3 and PowerMac G4 Cube running Mac OS X 10.4.11. Since I still use all these machines on an almost-daily basis, it’s very important I can keep syncing files and information among them. Similar services simply don’t offer this kind of backwards compatibility: Box.com Desktop sync supports only Intel Macs (Mac OS X 10.6 Snow Leopard and higher), and same goes for SugarSync; SpiderOak does indeed support PowerPC Macs, but requires at least Mac OS X 10.5 Leopard to work. I’m sure I’m leaving out other examples of similar services. I’m not so sure there’s a service like Dropbox that still supports PowerPC Macs running Mac OS X Tiger. 

I’m not saying that the security concerns raised by Dump Dropbox aren’t legitimate. Some of them are. Although the way the site presents them strikes me as a bit FUD-mongering, so to speak, not to mention another important point Erik Schmidt expressed on App.net: I find it utterly appalling that the very people at Dump Dropbox who ask “Can you trust Dropbox to secure your stuff?” reveal nothing about who they are or what motivated them to create the site.

Sure, if you store sensitive data in the cloud and are particularly paranoid about security, Dropbox may not be your best solution. But then again, if you’re particularly paranoid about security, you’d probably want to avoid putting sensitive data online or trust third-party online services with it in the first place. And once you need and use a cloud service to just sync non-essential information among your machines and devices, then convenience, reliability, and extended compatibility become more important than security per se. At that point it’s a matter of preference, and that’s why I’m very satisfied with Dropbox and I don’t plan to ‘dump’ it anytime soon.

 

 

  • 1. You may laugh all you want, but in my experience, properly stored 3.5″ diskettes can hold data for surprisingly long periods.
  • 2. As Christopher Krycho explained to me on App.net, Python is awesome like that. (That’s what the whole Dropbox back end is written in: Python, with the UI widgets done in a combination of wxPython and native widgets.)

 

No technopanic here, just understandable concern

March 10, 2013
by Riccardo Mori
Handpicked

Jeff Jarvis has written an interesting post about Google Glass over at Medium: I See You: The Technopanic over Google Glass. Most of it is about minimising privacy-related fears expressed by other people — especially by Mark Hurst in his article The Google Glass feature no one is talking about — and Jarvis’s stance could be paraphrased as “Just calm down, guys; like with other technologies with high social impact, we’re all smart enough to figure it out. These fears over Glass are premature and largely exaggerated”. 

After reading both Hurst and Jarvis’s pieces, I’m left with the feeling that each tends to be a bit extreme — Hurst in his fears, but also Jarvis in his laid-back minimisation of Hurst’s fears. I share Hurst’s point of view when he writes:

The key experiential question of Google Glass isn’t what it’s like to wear them, it’s what it’s like to be around someone else who’s wearing them. I’ll give an easy example. Your one-on-one conversation with someone wearing Google Glass is likely to be annoying, because you’ll suspect that you don’t have their undivided attention. And you can’t comfortably ask them to take the glasses off (especially when, inevitably, the device is integrated into prescription lenses). Finally – here’s where the problems really start – you don’t know if they’re taking a video of you.

Wholesale surveillance paranoia aside, Hurst expresses a very real and annoying scenario. And it’s undeniable that, should Glass be adopted by a significant amount of people, the device will change certain interpersonal dynamics. In the debate over Glass, I’ve often heard pro-Glass people say that this is just history repeating itself: look at mobile phones in the 1990s. At first they were treated like ‘foreign objects’, but after a few years of increasing adoption, they have become completely integrated in our society. The same is going to happen with Google Glass. Jarvis says something similar, but focussing more specifically on when cameras were introduced in mobile phones:

This is the fear we hear most: That someone wearing Glass will record you — because they can now — and you won’t know it. But isn’t that what we heard when cell phones added cameras? See The New York Times from a decade ago about Chicago Alderman Edward Burke:

But what Mr. Burke saw was the peril.
“If I’m in a locker room changing clothes,” he said, “there shouldn’t be some pervert taking photos of me that could wind up on the Internet.”
Accordingly, as early as Dec. 17, the Chicago City Council is to vote on a proposal by Mr. Burke to ban the use of camera phones in public bathrooms, locker rooms and showers.

His fear didn’t materialize. Why? Because we’re civilized. We’re not as rude and stupid — as perverted — as our representative, Mr. Burke, presumed us to be.

A few things:

1. I’m not so sure Burke’s fear hasn’t materialised. I usually don’t waste time browsing YouTube videos, but I wouldn’t rule out the possibility of finding candid videos of people in public bathrooms, locker rooms and showers.

2. About us being civilised and not rude, stupid and perverted… Just try searching on Google “YouTube videos of high school student being beaten” (or “raped” or similar searches) for a few samples of ‘civilisation’.

3. I believe there is a certain difference between mobile phones and Google Glass, and I don’t think Glass is going to be accepted and integrated so easily as mobile phones have been. Glass, in my opinion, is a more controversial device because the needs of its users and the impact on surrounding non-users aren’t as well-balanced as with mobile phones and smartphones. 

In other words, when I use my iPhone in public, the device can fulfil my needs without affecting other people’s personal sphere or freedom. Sure, I can be rude and talk loudly on the phone in a public place. Or I can try to take candid shots or videos of other people. Both of these acts, though, are blatant enough to hardly go unnoticed. In these cases, my ‘needs’ create enough friction with other people around me that it’s very likely I will suffer the consequences of my actions.

But Google Glass can certainly be a stealthier device than a smartphone in this regard. It can offer a lot of convenience to the user, but make other people uncomfortable. If I am in a public place and notice a guy or a girl fiddling with their smartphone all the time, I may quietly shake my head thinking of how addictive these things have become, but unless he or she is pointing the device in my direction, I will certainly ignore them and their behaviour. But someone wearing Google Glass? Not equally easy to ignore. They may be using the device in the most innocent way, but I will perceive a violation of my personal space.

Jarvis:

How will we deal with the Glass problem? I’ll bet that people wearing Glass will learn not to shoot those around them without asking or they’ll get in trouble; they’ll be scolded or shunned or sued, which is how we negotiate norms. I’d also bet that Google will end up adding a red light — the universal symbol for “You’re on!” — to Glass. And folks around Glass users will hear them shout instructions to their machines, like dorks, saying: “OK, Glass: Record video.”

This looks to me as simplistic and maybe too optimistic a way to treat the issue. From what I’ve understood by watching the “How it feels” video Google posted on YouTube and by reading a few reviews, Glass users can also operate the device by touching its side, so they really don’t need to “shout instructions” if they want to surreptitiously record something or somebody. As for the red ‘REC’ light, it’s very possible that it’ll be added to the final product, but unless it’s as awfully bright as the AF illuminator of certain digital cameras, that too may go unnoticed. And even if you notice someone whose Glass device is recording, you won’t be able to tell for sure whether they’re recording you or only your surroundings and you just happen to be a part of some tourist’s personal video-recording. Google Glass in this instance is better than a camera or camcorder at masking intent.

This is a very delicate, nuanced matter. Perhaps people will just get used to this, but somehow I find it hard to believe: have you ever found yourself on a bus and apparently out of the blue someone asked you What are you staring at? What do you want? just because they thought you were staring at them while you were actually lost in your thoughts? If some people (many people? — I guess it depends on cultural factors) already have problems with slightly prolonged eye contact in public, I really don’t know how well Google Glass is going to be received.

From the lost drawer: “La Lettura” magazine

March 8, 2013
by Riccardo Mori
Et Cetera

Searching among my papers and folders, I found a box full of printed materials from the 1930s and 1940s that belonged to my grandfather (and, gem among the gems, a couple of pages from a 1915 newspaper). One of the best preserved items is the February 1944 issue of La Lettura, an illustrated magazine published by the Corriere Della Sera from 1901 until 1952.

From the Italian Wikipedia entry (translation is mine):

In the early years of the century the magazine, following the principles of the positivist philosophy, aimed to be a magazine featuring comprehensive scientific information, thanks to the collaboration of distinguished academics and scholars. Later, under the direction of Renato Simoni (since 1906) and Mario Ferrigni (since 1923), the magazine became more journalistic and commercial in style, but always within the limits of decorum and keeping a decent cultural standard. One notable scoop was the publication of the photographs of the Battle of Liaoyang (Russo-Japanese War, 1904) taken by Luigi Barzini, Sr. This was the first photographic documentation ever of a battlefield, and copies of the magazine sold out in a few hours. Another scoop was the publication of the first Italian radio programme, the radio drama L’Anello di Teodosio (“The Ring of Theodosius”).

Illustration was a key strength of the magazine: published articles were always accompanied by photographs, and stories and serials by drawings; from 1906 onwards the cover, too, was illustrated in colour by the most famous illustrators of the time: from Enrico Sacchetti to the eminent Marcello Dudovich, from the fantastic style of Umberto Brunelleschi to the caricatural style of Sergio Tofano.

The issue I’ve unearthed is no different. First of all, I really love the cover, which I find surprisingly minimalistic and rather tasteful in the typeface department:

La lettura 1944

And here’s the back cover, with a lovely illustrated ad for a Italian liquor:

La Lettura 1944 back

(Translation: on the top right corner, “Let’s make up”. The tag line on the bottom reads “Cures the ache for foreign liquors”).

Other nice illustrations can be found inside, especially the following three, drawn by Carlo Della Zorza for the story Domanda di Matrimonio (“Marriage Proposal”) written by Milli Dandolo.

DDM illustr 1

 

DDM illustr 2

 

DDM illustr 3

 

That’s it for now. There’s more of this kind of stuff, of course, but the scanning process is slow, mostly due to the fragility of the materials. I also found lots of war-themed postcards my grandfather sent to my grandmother from the front in 1943–44, which I intend to scan and publish here at a later date.

Life after Instagram

March 6, 2013
by Riccardo Mori
Tech Life

My last ‘real’ photo uploaded to Instagram is this one, dated December 13, 2012. As I wrote here a few days later (in Briefly, on Instagram), I didn’t like how the company handled the whole situation surrounding the change of its Terms of Service, I rapidly got tired of Instagram’s “We’re changing the TOS / Okay, no we won’t” dance, and I was still bitter for the Facebook acquisition. So I stopped being an active user, like I said I would.

At the time it was, I confess, an uneasy decision. I liked using the service. I liked the occasional interaction with other users and the familiar faces. I liked the idea of using Instagram as a sort of visual diary, catching a certain day’s mood with a few snapshots and the aid of a bunch of filters. At the same time, I didn’t like the direction Instagram was taking with their Terms of Service, and I was not comfortable being part of something that is owned by Facebook — a company I utterly and openly detest. But caving after expressing my annoyance and disagreement would have been hypocritical on my part. I’ll look for alternatives, I told myself reassuringly.

And then something happened. After ten days or so without posting to Instagram, I wasn’t missing the experience.

I’m not saying I wasn’t missing the Instagram experience (using the app, using the service) — but the whole experience of happy snapping while on the go. It all came to me with a snowball effect. I realised that it had become more of an Instagram dependence than a form of expression. I realised how mechanical a habit it had been. I realised the cheapening effect it had on my photography in general. Posting to Instagram had turned into a meaningless daily hunt for the cool ‘Instagram moment’. And many people are okay with that; all of a sudden I realised I wasn’t. 

That’s why I haven’t looked for an alternative since I left Instagram. I have realised I don’t need one. My Flickr and Momentile activity is enough for what I really need to share. And for what I want to share, which is something more selected and meaningful than quick snaps of insignificant things, hastily taken with my iPhone out of habit. Don’t get me wrong, I’m not against the æsthetics of iPhone snapshots. What I realised is that taking these snapshots had become a habit, an act often performed in auto-pilot. Look at this — click. See that? — click. Street scene — click. Nice indoor atmosphere — click. Close-up of everyday object — click. And on and on in their seemingly-infinite variants. Catch the Instagram moment. Etc.

For me the act of photographing, after Instagram, feels ‘detoxed’. It feels, once again, something carried out more purposefully. It feels less serialised, less trivial. I still take snapshots with my iPhone, of course, but since the instant-sharing part is removed, the overall pace is different, each shot tends to be more careful, and the act of ‘taking a snap for the sake of it’ has definitely vanished. 

Needless to say, these observations reflect a very personal experience, and there’s no need to read between the lines. I’m not suggesting you should follow my example and leave Instagram (or other similar photo-sharing social services). I’ve simply realised that what had started as another creative outlet, quickly became just a habit and little more. And habit and creativity are two words that usually don’t go well together in my book.

Stop whining and deal with it

March 1, 2013
by Riccardo Mori
Tech Life

Recently, Joe Kissell at TidBITS has written an excellent article about a subject I’ve been meaning to address for a while: email management and the increasingly popular idea that it’s time to ‘fix’ email. Tech writers and bloggers all have, more or less vocally, moaned about how ‘broken’ email is, how frustrating and time-consuming is the management of their inboxes, apparently as flooded by email messages as celebrities are flooded with fan (or hate) mail.

In his article, aptly titled It’s Not Email That’s Broken, It’s You, Kissell begins by writing:

I’m tired of reading about how email is fundamentally flawed and about all the clever new ways to “fix” or “reinvent” it. Email isn’t broken! Email is great. I love email; it’s my favorite way to communicate. Some email apps, servers, and protocols are better than others, but honestly, it would be OK with me if email stayed as is forever. If your relationship with email is unsatisfactory, email isn’t the problem. It’s you.

And I agree: email is my favourite way to communicate, as I wrote in my piece called Email more than a year ago. Kissell nails it completely for me when he writes:

I could give lots more examples, but it’s clear that a great many people are completely overwhelmed by email. That’s a problem, for sure, and it needs to be solved. What bothers me is when people blame the medium. […] Your email problems aren’t the fault of email as a communications system, and they’re probably not even the fault of the tools you’re using. It’s easy to pick on email because it won’t fight back. But the real problem for most people who feel email is out of control is that they haven’t taken responsibility for figuring out why the problem exists for them and how to change their habits to address it.

My very slight divergence with Kissell’s stance — and the main reason I’m adding my article to the debate — happens at this point:

I wouldn’t presume to say, “Why don’t you just grow up and deal with your problem?” as though you’re merely being too lazy to implement some obvious and foolproof fix.

I will venture to make that presumption and say this: if you have problems with email, stop whining and deal with it, possibly with methods that don’t make you a rude moron in the eyes of your correspondents. As I tweeted back in December, all these prominent tech bloggers who keep saying they can’t deal with all the email messages they receive are refusing to accept that it’s part of the game. Yes, since they sometimes stir up some controversial debate, it’s obvious that part of the feedback they receive via email is going to be hate-mail or generally harsh and impolite messages which are certainly not meant to invite a constructive and in-depth exchange. And I fully understand how this kind of spammy emails keep adding to the pile and make things less than ideal to manage. 

But ignoring or deleting messages indiscriminately, in my opinion, is not a solution. And it annoys me how some people flippantly claim to be managing their email this way, because it comes across as rude and thoughtless behaviour. Among those messages they chose to ignore or delete there are polite requests and nice communications. I know this from experience, both as someone who wrote such polite requests and nice, disinterested messages (which remained largely unanswered, of course), and as someone who has been on the receiving end of such kind of emails.

I can’t excuse this rude behaviour because, as I said, handling a generous amount of email feedback is part of the game, where by ‘game’ I mean being a well-known figure in the world of technology commentary. “I want to write whatever the hell I want, I don’t support comments in my blog, and receiving all this feedback via email is incredibly annoying and exhausting, so leave me alone” — is the childish attitude of people still trapped in their adolescence. After all, they put themselves in that position. You don’t want to deal with this kind of feedback? Don’t put contact information on your website. Or write some guidelines in order to place a filter as early as possible in the communication chain: this way, people inclined to write you will know beforehand what’s going to happen and may even decide not to write you. It’s a time-saver for both parties, and you don’t come across as rude as you would by mass ignoring/deleting the emails you receive, whatever their nature. Not to mention that some of this high-profile tech writers live of their blogs/products: the least they could do is deal with people who helped make them successful.

A true Inbox Zero stage has little to do with the number zero

Mat Honan said it well:

Inbox zero is just a construct. It doesn’t matter if you do or don’t have a clean inbox — what matters is that you act on your incoming mail as necessary. Inbox zero is simply an organizational technique to help you accomplish the things you really need to. It is not the end goal; it’s simply a process. Too many people conflate the process of inbox zero with the goal of being more productive.

And too many people take the number zero literally and find themselves engulfed in a state of ’email angst’ of their own creation. Oh god, oh god, the ‘red badge of discourage[ment]’ alerting of those 58 unread messages! Delete this, mark that as read, dismiss, dismiss… until zero is reached. Isn’t this just silly? From experience, what I can say on the matter is that by always ignoring the Inbox Zero kind of email management, I often find myself at the end of the day (or of the weekend) with an Inbox that truly has zero unread messages. To reach that point is all a matter of triage, triage, triage. 

I can’t suggest a method or process that’s valid for everyone: I’ve found out that for me the worst approach is the ‘deal with this later’. The earliest I act when I receive new messages, the better the overall management. Where ‘to act’ most commonly means ‘to assess’, not necessarily ‘to reply’. Instead of having too many email folders, I prefer to have a dozen different email accounts. I use a certain account to sign up for newsletters, another for social networks and related services, another for joining the few mailing lists I follow, etcetera. All the low-traffic accounts and the accounts that are set to receive ‘impersonal email’ (again, newsletters, promotions, shopping suggestions, mailing lists…) are handled by a separate email client (Mailsmith) and I check them every 3–4 days. 99.99% of the spam I receive is efficiently handled by Gmail itself and by the ever-wonderful SpamSieve.

The few accounts set to receive important work-related email, feedback related to what I write here, important personal email, and the like, are handled by Mail.app — my primary email client — and I monitor them much more frequently than the others. (Only these accounts are configured in my iPhone and iPad.) This two-tier approach may seem chaotic and complicated, but it’s rather simple once the wheels start moving. In the end it’s just a matter of setting up an effective filtering system. I devised this approach over a weekend years ago, and it hasn’t changed much since. Sometimes I don’t reply to messages and requests right away, but I eventually get back to people. And if I ignore certain messages, chances are the sender hasn’t followed my guidelines.

What’s important, however, is that I devised this email management system because I care. I care about email as a means of communication. I care about helping people if they write me with a (reasonable) request, I care about feedback and I’m open to suggestions or tips to expand my knowledge or point of view on a variety of subjects. Many times my correspondents have shared useful advice or asked to know more about certain topics, and sometimes that has led to a constructive correspondence which I like to think enriched both parties. Email is not broken, per se — attitudes are.