🌍; view from the web

by Ricardo Tavares

The Missing Links

Even if people don't go out as much these days, physical addresses are still very much recognizable to us. Although they're not perfect information, give me a city, a street name and a number and I may be able to find that location you wanted to share with me. This is an important part of public spaces, anyone can share a reference to a place with another person.

We're also familiar with phone numbers, although we're not so sure about them. First, they were very much associated with physical addresses, but now they're more of a personal address, a way to reach a specific individual. But things are not so simple once we lose physical context. A call can be routed internally by some hidden system that connects you to someone you're not expecting. And while some people may have lots of numbers associated to them, others reluctantly accept having one number that they don't even use. The context of our connection in this case has evolved to no longer be a place but instead to hopefully be a person.

If I now mention e-mails, you probably know where this is going. We still have a way to share a reference to someone with anyone, but e-mails are much easier to get than phone numbers. A lot of people have more than one inbox and e-mail gives the recipient control of whether to respond now or later, which means that we can let go of any context of space or time. All we know is that we have some possible link to a person who can now be anywhere and respond at any time. We understand this advantage, but human nature is not very comfortable with this loss of context. People send an e-mail and then call the same phone number. And then even go to that address. We feel lost when floating in the weird space of the Internet, but we can accept using e-mails because they point to another person at the other end. There's still some human and emotional connection that makes e-mail engaging.

web link structure

What we don't embrace so openly is the web: links that point to some content or service that points us to more of such links. What's the point of a link that doesn't get you a person or a place? It's not very convenient to recognize that all of us have a multitude of things that make us who we are, but web links allow us to share only aspects of ourselves. If people resent e-mail because it doesn't guarantee some immediate personal feedback, they can now resent the web even more for only exposing some facet of each person. Web links are also inconvenient for the business of driving consumer behavior. Real messy people with many interests and motivations may find power in the richness of web links, but it's easier to sell them stuff if we keep their identities well defined and have that be the only reference you can point to. The business of driving consumers wants e-mails and phone numbers. It doesn't like web links so much because those give people independent control over what they see and share. Web links compete with other web links for people's attention and no business wants to play that game unless they have to.

Wikipedia web link

But what are web links anyway? What if you do want them to be available to you? I'm sorry to say that the war against them has already started and that they're losing ground. You may still know what a browser is, but maybe your children don't, maybe they only use apps. Browsers historically have had an address bar where you can type or paste the address of any website you want to visit. That's the freedom of the open web. And nowadays that box plays double duty, it's also a search bar that passes what you type to some service that tries to find what you're looking for. It's kind of like walking down the street but always asking the police for where you want to go. That's a bit too much, so what browsers also do is remember what links you've gone to before and suggest them according to what you're typing. Browsers still try to help you if you're trying to specify a link, but they've also started to hide a lot of its information from their interface. For example, if you're at the viewfromtheweb.com/whoami page to learn more about me, some browsers will only show you viewfromtheweb.com in the address bar, obscuring the fact that you are on a particular page of this domain. If this was a physical address, it would be like having dinner in a nice restaurant downtown and only being able to remember what city you were in.

Web links are not only missing from many of our online routines but they are also getting obfuscated by social media platforms that replace them with shortened versions that they can control and track. It's a bit like how Uber doesn't just give you the contact of your driver because they need you to depend on their platform as much as possible. To be fair, web links seem scary, even more so than phone numbers. They look a lot more complicated than physical addresses, but there are possible similarities. Let's take another look at this one:

https://viewfromtheweb.com:80/whoami

Browsers nowadays help us by assuming that our links should try to connect through HTTPS and on port 80 of the destination. The port is generally omitted as it has become a common standard. HTTPS is still relevant because there are still websites that do not offer an encrypted connection and lack the S which stands for secure. But the bare minimum that we need to indicate to a modern browser is the "city" and "country" of our web address, which are the domain and the top-level domain (called TLD) separated by a dot. The com stands for commercial but has become the default "country" of the web. The viewfromtheweb is my domain which I pay to keep registered. Give viewfromtheweb.com to a browser and it will simply ask for the default page for that domain, a web link only needs to provide a domain and a TLD.

But is it recognizable to humans? The dot com helps identify it as a web link, and still you can always add the https:// at the beginning to make it obvious. However, an alternative that has become very popular is to force any domain to create a subdomain called www so that something like www.viewfromtheweb.com is more recognizable to humans as a web link. Subdomains are like neighborhoods for your domain city. I don't have a www subdomain though, I figure that this domain is sufficiently obvious and big enough already. But that's the thing that also makes web links harder to understand: whoever owns their domain gets to decide what each part of its web links does. Do you see that whoami after the first slash next to the TLD? That's called the path, it's like a street name and it could also have other slashed sections that are like the building, floor and apartment number. But I could have ignored all of that and just have that web link be whoami.viewfromtheweb.com instead of viewfromtheweb.com/whoami for example. So keep in mind that only the domain and the TLD work in the same way everywhere. Other parts of web links are subject to what their owners decide to do about them.

Web links can also have additional information after the path. Expanding from our example, we can now have something like

https://viewfromtheweb.com/whoami/?source=article&campaign=weblinks#contact

The easiest part to describe is the one after the #, that contact is an example of what is called an anchor. It's like a special note added to the end of a physical address, maybe some information for the mailman. In this case, the anchor tells the browser that after it loads the page from this web link, it should scroll to a section that will be labeled internally as contact. Again, this may work differently depending on the page, it may have no scroll and instead some popup appears with some contact form. But the part of web links that can really be anything is the one called parameters, that series of key and value pairs between the ? and the #. Each pair has an = between its key and its value. Several pairs can be indicated by putting an & between them.

what is a URL

A common case for these parameters is tracking from where each visitor to a website came from. In this example

source=article & campaign=weblinks

I'm indicating that the source from where somebody might go to the whoami page is an article on my blog. In particular, the article about web links, that's what the campaign key has in its value. Notice that in this case, the parameters are secondary to the function of getting you to somewhere on the web. You can remove them from the link and it will still work as normal, it's just some extra information that who owns the link no longer gets to have from you. However, there are also cases where these parameters are really useful to web users. For example, when searching some website, one of the parameters can be your query and the other can be how to sort the results. By having such variables on the web link itself, you are given the ability to share your specific search with someone else. Just copy the link, give it to another person and they too can query for the same terms sorted in the same way.

This is the part where web links break completely from our physical addresses or phone numbers since they can include infinite variations of different values in their parameters. It's like they get your letter to the place, they make the phone ring, but then they also start the communication in whatever manner is left open to them. And since you're now aware of how they work, this power is also open to you. For example, you may find a web link to an image and see that it has a parameter of width equal to 800. Try changing that to 1200 and maybe you get a bigger version of the same image. Web links are public information and this is the same as learning more about your city by understanding how street addresses work.

Therefore, I invite you to keep your eyes open for web links. Browser settings still allow you to have them shown to you completely in your address bar. Desktop browsers may still empower you by revealing what a web link might be when you hover your mouse over them. Right-click to copy and edit them as you see fit. Play around with parameters or known paths. For example, many WordPress blogs describe all the links they have if you go to their path on /wp-json. This data is presented in a specific format called JSON, but if you use Firefox (even just as a second browser), it displays that data perfectly.

Playstation Blog

You can also learn more about what I've quickly went through here by checking out the MDN Web Docs, namely the "What is a URL?" article. Don't let your eyes glaze over links anymore. Get to know the web and how it empowers you.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

Community home-made automations for Discord

Niche communities have an upside to being niche: you can (and maybe should) explore options that don't need to scale very much. My own experience with organising people around a small hobby has revolved around tabletop role-playing games (TTRPGs) in my country and city. If you never heard of TTRPGs, all you need to know is that they're the tabletop predecessor of computer RPGs, you can play them face-to-face but also online. For this hobby, the most recent community initiative I've been involved is a Discord server which grew unexpectedly when COVID-19 hit. But even before that spike we were already happy with our little server and its role with promoting TTRPGs in Portugal. In particular, this article is not about how we tailored our community to make the best use out of Discord, but the other way around. How we built specific automations to make Discord work the way we want it to.

RPG Portugal growth graph

I've already talked in a previous article about my first experience with making a bot, which then was built for Slack. What I've learned from that project is how you should open your options to whatever the bot may be aware of and then leverage the API to iterate on useful features. Basically, you'll probably not get your user experience right on the first time, so you need to be open to different solutions for the same problem. Some things are easy like rolling dice for games, which is the most obvious feature for having a bot in a TTRPG server. Other things are harder to pin down, like how to onboard new people into the community, how to manage having many different channels or how to handle spam from account take-overs.

Traffic in our RPG Portugal Discord server is small enough for every person to be welcomed and guided by one of the moderators. That personal touch is key as this community isn't particularly interested in lurkers, we're looking for people that engage with playing RPGs. These games are very conversational, so we've no problems with requiring some basic level of human empathy for people that stay in our server. Furthermore, a niche hobby like that of tabletop RPGs is easily misidentified and people may stumble upon the server by mistake. No, it's not for Grand Theft Auto nor Warcraft nor boardgames. Onboarding is therefore an essential part of our moderation and, without the help of automation, it can become too much of a burden. Finally, much like other similar communities, tabletop role-players are very heterogeneous which makes moderating them particularly like herding cats.

By default, Discord doesn't help very much with these challenges and it was even worse years ago when RPG Portugal started. Everyone could invite new members from anywhere and those people could read and write in too many channels, forcing moderators to try and find where that person was typing. So we created a specific user role for new people which at the time was the best way to manage permissions and even apply timeouts (instead of having to always escalate towards kicks or bans). That idea had to be automated so mods wouldn't have to assign this role by hand. And instead of having to chase down some combination of public bots that could maybe solve our problems, I was already developing and hosting our own bot. Onboarding was the priority and, since dice rolling is relatively easy, I also included it right from the start to get the buy-in from the community while I worked out the kinks on the harder stuff.

I also considered that another important side of the onboarding experience would be having a domain and website, something easy to say if you'd like to let people know about our server in a meet-up. So I built a landing page and a micro-service to feed it the invite code. In practice, this would become the only way to enter our server. Even if invite codes are ultimately public information, the convenient way for everyone is to simply visit rpgportugal.com, check our rules and click the big button. The invite code was initially created and put into the service by hand, but now our bot does this as well. Nobody creates any invites in our server, including the mods. We want every new member to come through the same funnel so they get every chance to not come into our server by mistake.

Another challenge was how to help our members deal with a growing variety of channels. Most roleplayers niche deeper into an already niche hobby and therefore want to see channels for their particular games and not so much for others. By default, Discord has kind of an opt-out option where you can mute any channel that doesn't interest you, but we wanted an opt-in feature. Therefore, we now maintain a list of channels that people won't see unless they give a bot a command to apply a specific role to them that identifies their interest for that specific RPG. Moderators can also do this by hand, of course, but the real value is in members themselves controlling what channels fill their side menu.

Years going by also brought us other challenges, namely all kinds of spammers with tactics that keep evolving, but with time our community also grew to a point where other people are also involved in developing solutions for our particular needs. You can check out all kinds of projects on RPG Portugal's GitHub. One of them includes our home-made attempt to deal with spammers: a bot that watches for a honeypot channel where everyone is warned not to post, lest they get removed from the server. Again, all to remove stress from moderation while improving our own Discord experience for everyone.

For a platform that is supported by its own users, Discord is kind of absent in its relation with its customers. You can be paying for Nitro, be offering your time moderating a community and still have no distinct way to communicate with Discord, get support and give feedback. Therefore, you're kind of forced to leverage whatever tools you have, including their API for developers. Discord basically has two poles of engagement, hyper-branded communication and quick-wins product development. Both are superficial and short-sighted, which can make communities worry about their future.

But the platform happens to present an opportunity for servers that have members learning how to code or experienced developers who want to solve issues that can quickly have a lot of positive impact. Building Discord bots is similar to the low-hanging fruit of making a website (even if hosting is not so accessible). And it doesn't matter if you still know little about coding as long as you're well aware of your unique problems and therefore are motivated and in good position to iterate on them. If you're just starting, I can recommend DiscordJS as a bot framework with good documentation for complete beginners. And eventually this DIY atitude can even enable small communities to keep an eye on self-hosted alternatives to Discord like Matrix chat. There's a lot that small communities can do to stay active and resilient through the internet.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

The Long Tail making a comeback on TikTok

When e-commerce began to flourish, the concept of the Long Tail was used to describe how digital businesses can focus on a wide variety of products or services with almost no customers. The basic idea is that you can leverage the scale of the internet to make money by selling to many tiny groups of consumers. Since they are under-served, you can attract a lot of these niche groups and profit from the almost infinite length of the Long Tail. The obvious example is Amazon. Everything that is too obscure for your local or even national store to stock, they have it. Amazon tried this concept first with books and eventually expanded to... everything, they are "simply" a logistics platform.

The Long Tail classic graphic

At first, it seemed like the Long Tail would forever make roadways for what the internet can be. Once you establish a platform to provide for an item in a way that's discoverable, you can scale that to infinite categories of items, right? Well, as usual in the history of the internet, the tech and the content are there, but the monetisation lags way behind. Although e-commerce grew and the cultural impact of the Long Tail was relevant, what scaled for Amazon hardly scaled that well for everyone else.

A well-known example of how the Long Tail happened but then it didn't is YouTube. Even today anyone can be a "youtuber", just click the button and you can be uploading a video on any particular niche. Except that discoverability on YouTube works towards putting your content inside a well-designated category of targeted ads. And since ads have no Long Tail, niche content is constantly hitting a glass ceiling of not finding an audience because there's no ad money assigned to it. This is compounded by the fact that platforms like YouTube have stopped supporting organic growth by doing as much as they can to stop users from controlling their own feeds. Again, this all ties in to monetisation. If you want to make sure you have a place in someone's feed, platforms want you to either be paying for an ad or to be attracting the right audience for an ad. It doesn't matter if users want to see your content, platforms prefer to condition them to mindlessly scroll through what they want to show them. This of course leads us to the recent success of TikTok.

The Chinese platform propelled itself to the top of people's screen time by doing what China does best: taking what has been proven to work and selling it back to the world. In this case, mindless scrolling powered by the Long Tail. Instead of hampering discoverability by having to find the right box to force users into, TikTok just lets you find your niche. The addictive algorithms that people find remarkable in TikTok are just the same mechanics that have worked for YouTube but without cutting down the Long Tail. Meanwhile, the ads can just be whatever since users can't escape them, they require the same level of entranced engagement as every other item they are scrolling through.

Niche content creators are allowed to find their audience, niche fans get to dive deep into the content they like and ads can still gain mindshare. Meta has already showed TikTok that you can pretty much break the law for the sake of tracking users, so the newcomer platform sees no need for matching content to ads. They can still offer some level of targeting by using the same fingerprinting tactics as everyone else. The only missing link here is the same as it has always been: there's no viable monetisation for the content creators of TikTok. And the platform seems uninterested in solving for that since instead it focuses on making content creation as accessible as possible. Embracing the Long Tail allows TikTok to offer a different kind of value to creators: a place where they can be themselves and still find an audience. Of course, there's still some weird content moderation issues on one hand and, on the other, the almost non-existent monetisation that I've mentioned. But the strategy seems to be clear: TikTok is taking over people's screens by offering them the most convenient Long Tail of content the internet has ever seen.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

Don't let your events go to waste

We may not talk much about how people sit on the fence of environmental issues, but we're probably aware that we're letting ourselves fall short. Specially when it envolves people who do have the means to make better decisions in how we affect our environment. We still organise our work and our holidays around consuming fossil fuels. We still eat more meat per person than humanity ever has. And we still use too many occasions as an excuse to generate paper and plastic bits that inevitably end up in the trash.

Events in particular often meet people only halfway in how we take care of our environment. It's still a given in people's minds that badges have to be printed, bags have to be filled with paper and schedules need to be handed out, even when such things are so ephemeral that their information may already be incorrect before a session starts. Our passion for generating stuff easily goes too far. We may even believe that attendees holding our piece of paper in their hands has value into itself, that such a thing is essential to the event experience. And indeed it can have value, but is it really that essential?

For decades, we've been taught the three Rs in schools: Reduce, Reuse, Recycle. How are we building upon these three pillars of sustainability? Not surprisingly, we move further along where money lights the way, thanks to the business of Recycling. But there’s also value in simply generating less stuff or in leveraging the stuff we already have. And although it may seem that the hospitality industry is not in a position to lead the way, event stakeholders can keep deciding to put stuff in front of people first and offer the digital option only as an alternative… or they can flip this decision. Offer the event app first and have the outdated printed schedule only for the people that ask for it. Have digital gifts that are guaranteed to be there when people return home from the event, these won't get lost inside some pocket or waste bin. Share contacts through the devices you already have in your pockets, not with a freshly printed batch of more business cards.

It's not about getting rid of physical hand-outs all together. An all or nothing mindset can stand in the way of the progress we're making in preserving our environment. We don’t need to stop eating meat, it’s good enough to Reduce consumption. We don’t have to keep buying a new smartphone every year if we’re allowed to repair any damage that may stop us from Reusing them. And since we already have these devices always with us, it shouldn’t be that hard to prioritise digital tools over all this paper and plastic that can’t entirely be Recycled. Each of the three Rs relies on the other two to really be sustainable. We can't only pick Recycling as a solution and then just hope it can catch up to the amount of waste we generate.

Therefore, event stakeholders have a responsibility in finding some balance between the three Rs of sustainability. If the digital medium is only added to an event as an afterthought, the damage is already done. All the stuff has already been printed and you might as well use it. On the other hand, if you start digital, you can evaluate how well it fulfils expectations before deciding on how much physical material is actually needed. There's a quote from Douglas Adams that says "technology is a word that describes something that doesn't work yet". And I believe we'll always have technology that's powerful and useful but that relies on us to make it work. We can't wait for the tech to be 100% perfect for everyone all the time before we start saving the planet. But we can put ourselves in a position where we're able to decide how much we leverage our digital platforms to Reduce, Reuse and Recycle all the landfill we create.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

Advent of Deno, Typescript and Code

Advent of Code is a seasonal series of daily programming puzzles that can be solved in any language you choose to use. People can enjoy taking part in this yearly event in many ways: as a speed contest, interview prep, company training, university coursework, practice problems, or to challenge each other. In 2021 I decided to give it a go for the first time, as I believe it's the kind of thing you can only understand by engaging with the event. I expected it to be difficult to keep up with the challenges every day, but I still wanted to take the opportunity to try out a new language. I'm familiar with Javascript so a good compromise was to reach out towards Deno and that would implicitly force me to delve into Typescript.

With all its flaws, Javascript is the language of the web, the one that more closely represents how fast and loose the web goes by and how much people value that flexibility. However, everything has just one type in your JS code and that's where Typescript comes in. TS allows you to work with different types and then transpile your code into JS. That's all it does however, in the end you're still working with Javascript and you can always sidestep the need to declare your types. But that's where Deno comes in, a Typescript runtime that is built in Rust and has few attractive features:

  • Secure by default. No file, network, or environment access, unless explicitly enabled.
  • Ships only a single executable file.
  • Has built-in utilities like a dependency inspector and a code formatter.
  • Has a set of standard modules that are guaranteed to work with Deno.

I should also mention that in 2021 I started using Visual Studio Code (thanks to VSCodeVim) and Deno works very well with it, as does mostly anything that involves Typescript. That kind of integration with your code editor may be the most obvious advantage to having types in your Javascript. You are essentially taking errors that show up when your code runs and moving them pre-emptively to the context of your editor where they are easily found and fixed.

The trade-off is that, of course, you need to put more information about your code in a way that your editor can follow along. In this case, by defining types for your variables and describing how your objects are structured, you allow Deno's LSP (Language Server Protocol) to catch inconsistencies between what you expect of your variables and what you're doing with them. That's the thing with types, as with most things in programming: you think you need to do this because of the stupid computer, but it's actually for your benefit, you who will have to maintain this code. Much like good variable naming dispenses with a lot of comments, well-arranged types add implicit meaning to your code.

You can check out my 2021 Advent of Code in this repository. I knew that the puzzles would most likely lead me to stumble around my first attempts at Typescript as they're very much about working with large amounts of data until the correct answer falls out. But I also wanted to kick the tires of Deno itself, so I started working on this project before the Advent actually started. To save time getting myself going every day, I created a way to download each challenge that is published each day on the event's website. I had zero experience with the event, so I also expected to make a lot of adjustments to this workflow, which is fine. This gave me a reason to try out Deno's standard modules to do basic things like fetching files from the internet or managing some project folders.

My impressions of the event itself were positive, but I already had expectations that the difficulty curve would quickly increase and leave me behind. Everything was relatively new to me, which made it primarily a learning experience and not so much the thrill of solving puzzles. I also now understand the attraction that events like Advent of Code have for a lot of programmers: unlike most of what we do in our jobs, there is a definitive correct response for each problem and you can solve it in any way you like. I personally, on the other hand, kind of like the murkiness of delivering a solution that in real life is always not quite right and so we need to build upon it in feedback loops (as revealed by making a project out of the workflow itself). So I had no gripes with having it be about the journey just as much as ticking days on a calendar.

I recommend that Javascript folks give Deno a go and you can go through any of the previous editions of Advent of Code or wait until the next one. You can overcome the puzzles off-season, but there is a lot of motivation that can be gathered from joining the communities on Twitter, Reddit or Discord. There are a lot of brilliant people out there.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

Crafting events in people's screens

No matter when you came to be online, you've had the opportunity to encounter what I like to call digital craftsmanship. Building cool online experiences is not a lost art. You may have recently heard of Wordle, a simple web game made by a developer as a gift for a loved one. It has been a huge success and is therefore an easy example to reach for, but massive adoption is not what digital craftsmanship is about. The internet reaches almost everyone through massified channels and commodified content, but there's something else beyond the clickbaits, the memes and the content marketing. There's also a special sauce that's missing from most online experiences, but one that has never left the internet. There are still people that care for this medium and make great interactive content for other people to engage with.

I also like to think that the company I work for cultivates this craftsmanship by giving digital events a nice home and not just a place to stay. This article is therefore about having this level of care for your work when building live event platforms. At Shake It we make branded event apps for all screen sizes, web and mobile. "Branded" doesn't mean we take the same exact app and slap a few colors plus a logo on them. We do use a common base across all event apps, but that base is actively being worked on every week according to the feedback we receive from clients and our own ideas to make it better. On top of that, what other platforms call a "concierge service" is kind of the default for us. Our content managers can do a lot to customise each event to match exactly what it needs just-in-time before it starts. We take into consideration every time we may need to say no to a client because our platform supposedly won't solve for some issue. Furthermore, we believe that live streams and video-on-demand can be a centerpiece of well-crafted digital spaces in which people can also experience great events.

A level of craftsmanship is important to deliver a unique unifying context for online events, something that I've written about in a previous article. But it's also relevant for physical events, as the care you show for your mobile app motivates attendees to install it. And in the same way that people go to an event to move a bit from their comfort zone, finding a nice app that's not the same one you scroll through every day can be a delightful surprise. Events need special moments like this to become memorable and talked about. Also, in general, craftsmanship benefits the person who is working on making the thing because a greater understanding of the issue they're addressing bubbles up from having your hands on the thing. And this naturally improves the overall work done if that person has enough autonomy to leverage that understanding to improve on what is being delivered.

So why don't more events align themselves with this deeper connection? Why do companies consolidate around going in the opposite direction of what Shake It does? What are the challenges faced by this kind of digital craftsmanship? I would like to highlight three factors at play here: scale, stakeholders and specialisation.


Scale

The internet that most people know today was not carefully crafted by individuals with this or that special case in mind, but by automated platforms that increase their reach and growth speed by removing the human element from many decisions. By definition, craftsmanship doesn't scale and that's a good thing. Because one day AI will be able to build all these services for us, their utility will be assured, their cost will tend towards zero and many jobs will disappear. But there will always be a void that can only be filled by that quirky human touch. Ideally we need both kinds of services. One that optimises for everything to look pretty much the same and another that actually touches the screen they're working on and knows what exceptions to make and what needs to stay the same.

Stakeholders

Only smaller events can be organised by a single person and maybe financed only by attendees. Almost by definition, events bring different visions together of what different people believe needs to take place. Organisation leaders have core messages they want to broadcast. Sponsors want to occupy as much mindshare as possible. Exhibitors want to generate leads they can follow-up on. Speakers want recognition, exclusive experiences and very little friction. Much like apps, events have a lot of space for many ideas and decisions to get into the mix. And anyone who has any say is tempted to get their word into what can become a vanity fair, specially if attendees are not paying for the experience. Craftsmanship is kind of the last bastion to fall when everyone wants yet another banner, link or weird self-serving change crammed into the screen. But an appreciation for the digital experience that's being created for attendees can be easily achieved by what is commonly called "eating your own dog food". Everyone who determines what goes into an app should also be actively using it and putting themselves in the shoes of event participants. Would you come back to this browser tab after opening the live stream? Would you find value in keeping this app on your phone? Would you miss having this tool in your next event? Craftsmanship is either allowed to shine or it can get snuffed out.

Specialisation

A consequence of caring for what you deliver is that you can never specialise so much that you lose sight of the bigger picture. More than that, by focusing on delivery you notice that a lot can be improved on the edges between different domains. Namely from different points of view such as communicating with stakeholders, designing user experiences or developing solutions for several platforms. Crafting good digital experiences demands that we don't see ourselves only as managers, designers or developers. Going hands-on even for a bit in two or more domains gives us that understanding that bubbles up from making things happen. In fact, the moment we start drawing lines in the sand is the moment we should consider stepping over them if it helps to solve the problem. Specialisation happens naturally as we find the time to make the best use of our talents. If we instead look for specialisation by raising walls around our work, we create blind spots where we should be seeing how bridging one skill with another would lead us to some unique surprising treasure. Craftsmanship perfects the craft but it's more about doing great work that speaks for itself.


So, given how ephemeral events are, we can choose to look at their dates on a calendar in two different ways. One is to think of it as only temporary and therefore few things really matter, throw a bunch of darts at the board and some are bound to hit. The other is to leverage this limited time to offer something unique that people will remember, pull that arrow with purpose and let it fly knowing it will hit the target. Both are valid ways if taken in tandem and some balance between them needs to be found. Hold your event as just another rectangle inside the screen of some social network and it easily becomes lost in the battlefield for people's attention. Worry about every pixel that you're going to display in your custom-made app and you'll miss the forest for the trees. Craftsmanship is an essential point for triangulating the right approach.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

Scaling socket.io across multiple nodes

Real-time web interactions are an interesting challenge that stays relevant as developers gravitate between single-page applications, server-rendered pages and everything in between. Websockets are a possible solution for interacting live with your users, specially if server sent events are not enough and polling at some sustainable interval is too slow. One popular client-server library built on top of NodeJS and Express is Socket.io, which not only implements websockets but also falls back neatly into polling. This is important for many production cases since, for example, a large European ISP like Vodafone blocks websockets on their networks.

In my particular case, if you follow this blog you may already know that I work with event apps both on mobile platforms and for the web. This means that websockets are a best case scenario that can get affected by multiple factors like corporate firewalls, bad hotel wi-fi or an area with weak mobile signal. But on the other hand, real-time interactions can add a lot to an event. And if getting questions from an audience is something that may not stress these connections too much, things are very different with live polling for example, where everyone can be sending their vote within a fifteen second window. That's why a library that focuses on resilience and not only on websocket performance is very helpful for real-time interactions that can happen from just about anywhere.

For benchmarking how these interactions can perform under load, I've been using Artillery.io which comes with Socket.io built-in and can spin-up AWS resources to scale your tests reliably. I try to setup scenarios that are as close as possible to the real use cases and lean towards the worst that could happen. Let's settle on one that is easy to understand: a livestream chat where under a five minute window everyone shows up and says hi. This involves authenticating each connection to assign it to the correct chat room and, as each person types hello, everyone receives their message. Repeated testing with a single NodeJS process helped me identify several bottlenecks and not all of them were related to Socket.io as it wrestles with polling and websockets. The services that I have working together to respond to this scenario involve NodeJS, Redis for pub/sub messaging and MySQL as the database.

Even without starting to run load tests, you can imagine not wanting to wait for database writes in this scenario and so it's natural to reach for something like Redis. So I have a main NodeJS process that handles all the connections and publishes any inserts through a messaging channel that a secondary process subscribes to and lazily puts into the database. Running tests over this setup eventually gets to a point where the application state is getting correctly cached or queued to be saved and the relevant delays are all about Socket.io handling connections to get everyone communicating to everyone else (like I said, a worst case scenario). In practice this means that, once you get above 5k people arriving within five minutes, clients successively time out as Socket.io can't keep up with the barrage of broadcasting requests. Even just above 3k you start to see this problem as upgrading each connection from polling to websockets already represents load that is made worse by having every user greet all the others. This is when I double-checked that yes indeed we can't offer only websockets as a way to connect.

For someone with still a limited experience of NodeJS, I was happy to see some performance gains while still having only one process handling all these users arriving in a short period of time. But of course the next step now was to see what I could take from Socket.io's documentation on scaling across multiple nodes. Again, because of having polling connections before upgrading them to websockets, the solution proposed involves sticky sessions that rely on NginX distributing them and Redis to coordinate between processes. However, there are not a lot of options for NginX to identify what goes where. In the case of event apps where everyone at a venue can connects out of the same IP address, it's not viable to use IPs to distinguish between sessions in NginX. Furthermore, websockets don't allow for custom headers that could alternatively fulfil that purpose.

Having also not a lot of experience with NginX, I took a step back and considered what steps actually had to happen to distribute the load across different nodes. Even if I somehow managed to implement what is suggested in the documentation, I still needed to develop the logic for processes to communicate with each other as messages get posted in chat, deleted, pinned, etc. That rabbit hole seemed to be the most relevant while the rest of the issue looked approachable without relying so much on NginX. Clients can reach directly for different endpoints distributed by some derivation of the user's identification which gets validated when they connect. And each node can be maintained by identical processes, the only difference being in this case the subdomain and respective port that each one is listening on. Through Redis, nodes can pub/sub to each other's messages to maintain a common state of the chat for each livestream.

That was what I ended up implementing and testing for up to 12k users saying hello in chat within five minutes. The added overhead of publishing and subscribing to all state changes means that you probably want at least three nodes running to justify scaling them in this way, but once you do, further nodes perform as well as you might expect. In this scenario, this means having about one node for each 3k users to guarantee you don't get any time outs, making sure that attendees coming into a virtual event get a nice reliable first experience. For other scenarios like some massive live polling, it's likely that not having to broadcast a firehose of messages to everyone may provide some breathing room that allows for that smaller duration, but that also needs to be tested.

Meanwhile, it's possible to even put Socket.io into question given how other technologies perform better than NodeJS when benchmarking for number of simultaneous websocket connections. But the batteries that come included with this well-established library are risky to dispense with. Besides the polling fallback, it includes automatic reconnections and packet buffering, all things that you may end up having to implement and battle-test yourself if you only focus on websocket performance. Also, there's the YAGNI factor of investing into another technology while this scale that NodeJS easily allows for already matches the needs of many events. And beyond that, there is also the option of going for a third-party solution like Firebase that promises to get you to numbers like 50k with a not so complex re-write. All things have trade-offs, so I guess it's a matter of relying on the right solution at the right time.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

The mixed bags of online events

I imagine that a lot of people have experienced much more online events in the past year. Now, alongside the wide variety that events offer by their very diverse nature, there are also a lot of different tech solutions that people reach for when putting their event together. I've seen online events that are very e-mail driven while others rely on live chat. Some are pretty much just a video playlist published at a specific time while others focus on interacting with the audience at the lowest stream latency they can broadcast. Some events leverage all they can from the open web while others close themselves off inside this or that social network.

There's also an important balance between offering a cohesive experience that can be seen as a true meeting point in people's minds and the need to have all the features expected of your online event. This landscape stretches out according to your familiarity with different technologies and how easily your audience can move between them. However, even if everyone has no problem jumping between platforms, each jump can jeopardise that feeling of a common digital space. I've experienced events in which the only thing reminding me of "where" they took place was the graphics and the music between speaker presentations. Otherwise, it can be easy to feel lost between something like a wall of e-mails, a landing page with a schedule hammered between sections, a couple of streams on some free video platform, a chat server on yet another platform, plus questionnaires in some other site, video-on-demand in another... events like these are just a blur. If they don't strive for some unique unifying context, online events can become quite forgettable. The one thing that can always shine through is the quality of each speaker, but event organisers probably want to generate some synergy beyond that, whether they're selling tickets, exchanging knowledge and/or rallying a community under one vision.

Fortunately, I've also experienced online events that had some nice balance between providing context and providing features. You can check out my article about my first FOSDEM here, for example. I believe you can get away with stepping outside your branded platform once or twice when you've established at least one satisfying core loop, one simple story in which the attendee is the hero. For example, in FOSDEM, you could watch every session live in a chat room dedicated to that track and then the speaker would answer questions or comments from that chat. Another helpful sequence can be bookmarking a session on the schedule and receiving a notification when it is about to start which links you back to that session where you can start watching it. Or it can be just about a sponsored session that reminds you to check out that sponsor's page inside the platform while the stream keeps playing in the corner of the screen. Indeed, it's this feeling of movement across digital space or time while still inside the context of an event that provides meaningful engagement. I'm sure that, as we move back to physical venues, online events will also learn to do better.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

Passwords cross all boundaries, how can we manage them?

Passwords are a great solution and a huge problem. People use them every day, not only as a way to claim ownership of services and products, but also to share that access with other people they trust. Passwords are great because they stand outside everything. You're not forced to have service A in order to access service B. Passwords are portable, platform agnostic and not tied to a particular identity. Allow me to stress this aspect because you'll not hear it mentioned by corporations that are interested in locking down account ownership completely: people share passwords with their close relations. One person pays for something and then they can easily share access to it by simply giving out that password. Account details are often sent in plain text e-mails, but also in loosely encrypted chat messages. The security risks are considerable, but there are also hidden benefits to using passwords as opposed to biometrics or device keys. People who push for alternative solutions like to pretend that this is not a welcome feature that everyone sooner or later depends on.

However, passwords are bad because they're powered by cognitive load. You need to generate, remember and keep secret some strange and unique series of characters. And some other person needs to technically secure a matching hash of your password. And each time that we fail at this task, a permanent record of leaked passwords is eventually made available worldwide. Finally, each of these failures can be relatively inconspicuous, it can be possible that right now someone is taking some advantage of your leaked password and no one will ever know. Indeed, handling passwords is not a fair task. You're supposed to do it by yourself and, if there's a problem, it's possible you'll never know until maybe some money has gone missing or some unsuspecting account comes up associated with criminal activity. No pressure.

Therefore passwords are a good example of how real-world security is a balance between what features you value and the risk associated with each of those, it's always a mixed bag. If we recognise that there are both benefits and costs to using passwords, we can consider accepting and mitigating the risks of having our accounts compromised. Password managers are not a perfect solution, but they are currently the only way to keep passwords around with the degree of freedom they offer. Like other flawed solutions, password managers don't solve the problem but rather kick the can down the road. But, for those unaware of this solution, I'll describe a complete password management service that you might even want to pay for.

The service still depends on a single master password that you create following all the usual best practices. This one good password is how you access all your other passwords that the service can then generate, store and type for you wherever you need them. That's why this has to be seen as a complete solution for all your accounts across all your devices. It involves a website, iOS/Android apps and extensions for most browsers, all so you can create and use secure passwords everywhere. I do recommend not going for half-measures. If you're going through the work of having a password manager, you want it to remove 99% of the burden of juggling passwords in your head. And the reason why the best service is probably a paid one is because having just one user interface to manage your passwords only gets you halfway there. Now you want it to automatically type into login screens inside apps on your phone. You want it to save a new account you've just created in a new browser you've decided to try out. These cross-platform features unfortunately cannot happen for free. Regular development time has to be spent chasing down the inevitable changes in browsers and ecosystems. The kind of drudge work that free and/or open source software rarely finds people to do. But it all adds up to providing a user experience that can greatly improve your security. It's often forgotten how important an easy UI and a good UX are to solid security practices.

And here are some not-so-obvious benefits to using a complete password manager:

Some platform you signed-up for got hacked and now you're forced to change your password. That's easy.
This one torpedoes the usual method that people have of using some personal cypher to generate passwords from the name of each platform. For example, your Google password would be elgoog.2001 and your Yahoo one oohay.2001, for example. Now, Yahoo gets hacked and what do you do? This specific account now deviates to oohay.2002, right? Not very secure or easy to remember. With a password manager, you don't care what the password was or what the next one will be. You're not particularly bothered even if some company forces password rotations every 3 months. Just generate a new one and get on with your life.

This specific website has some strange password requirements. Not an issue for you.
Another cannonball shot at the starboard of personal cyphers. Now, let's say your bank requires two capitalized letters. Following on the previous example, you have to do something like KNab.2001,right? Again, not something we should be wasting brain power on. Password managers allow you to generate randomized text that can match any of the usual or most annoying requirements.

You can turn the magic dial up or down at your convenience.
When you switch to a password manager, you're not forced to change all your old passwords. It's an incremental solution. You can start by keeping all your not-so-secure passwords and then gradually replace them over time as you get the chance. You can also account for situations where you don't expect to have your password manager installed by generating a long pass phrase that's easy to copy by just looking at it. For example, you can check it on your phone to login in a new computer.

Sites you want to use keep asking you to create an account. An easy process.
When you don't use a password manager, you tend to shy away from creating accounts because it's another password you have to create and remember. In a way, this service plays the same role as having a virtual credit card. You're more comfortable with getting things done online because there's always some protective layer. If some website shows itself to be insecure (like by showing you they keep your password in plain text), you can cancel your account without having exposed some personal cypher you use or a password you use somewhere else. Sometimes you can even take an extra step to anonymise your account: you can generate both a random username and a password that have zero relation to any of your online identities.

I don't want to give any specific recommendation for a password manager, but I personally use 1Password and at work we have LastPass. I've also heard good things about Bitwarden which you can self-host. Like in anything involving your own security, it's best to do your own research up to a point where you make an informed decision. So thank you for reading!

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

Are we to walk down digital streets with our names tattooed on our foreheads?

When we arrive late to a meeting where people expect us to say something, most of us listen for a while before trying to contribute. Eventually, the meeting progressed far beyond what we can fully understand. And yet there's a need to come together, so what can we say? Some people may be the first to speak out by disregarding what they don't know and focusing on the obvious potential solutions. And by doing so, their confidence and influence can derail the discussion and even rewrite the agenda. This is the state of the internet right now as affected by politicians and corporate media. They arrived late to the party and never cared to understand what it was about in the first place. What's so unique about this new technology that may hurt us if we reach only for old solutions?

One of the main challenges is not new but has been accelerated by tech that keeps advancing faster than ever in human History. It's the challenge of losing context, having no common reference of space or time. For centuries, we've been able to pick up a book and read it anytime and anywhere, we can delve into the text within a context that can never be predicted by its author. We can also exchange letters with someone and may never know for sure when they will arrive or how many times they will be read or in what circumstances. We also can't be 100% certain who wrote that text or that may be able to read it. Now the internet offers very much the same issue but without giving us the time to think about it. The speed and frequency of our communication also affect the quality of the content itself. The written word, illustrations, photographs, audio recordings, video, network computing, live streams... it's always the same challenge coming at us faster and faster.

Mafalda by Quino

Up to a certain scale of interaction, the content can stand on its own without much context. But many people would not go to that internet, the one where only ideas matter and you can be anyone or anything all at once. That's too dorky, that can't be real, people seem to instinctively stay away from these abstract domains. So the obvious solution, the one that people arriving late to the internet keep reaching for, is to get as much personal data as possible associated with your internet presence. And that is a possible answer to a lack of context in our digital content. We have no idea where or when a piece of content came about but we can try to label it with something close to a real name, a real photo, etc. Again, this is not a new strategy, books have been plastered with photos of their authors for decades, but the tactics have now evolved to leverage the reach and immediacy of these new networks. You may not want to have anything to do with computers, but photos of your newborn grandson are being posted there right now, so you're almost forced to open that black box and take a good look inside.

Other approaches to providing additional context don't scale just as well as putting people in well-marked boxes with their names on them. For example, some digital platforms try to grow their user base out of some local context, like university campuses, busy street corners, or meet-ups for all kinds of hobbies. In those cases, terms of service don't usually require so much personal data to identify users. People already choose to share just enough information about themselves so they can be identified in local meet-ups if they want to. Or it may be that the purpose of those platforms is to indeed provide an anonymous venue for an already well-defined community. It can make sense so that people feel more comfortable pointing out things that need to be fixed in their city or campus. But this usually requires considerable work moderating content and it only has a kind of supplemental value, it works in parallel with your analog life. This does not generate the kind of scale where the app already comes pre-installed on your phone. Bigger networks tend to get bigger while smaller networks eventually get smaller.

The context provided by having everyone pinned down to one identity is self-evident in its value. You are there because everyone in your life is also there. Your boss, your family, your childhood friends, all the contacts on your phone. All the boundaries in your life can become blurry in a context with no space or time, only people as they perceive you across every facet of your life. Of course, this happens in gradients across the world and depends on how people exercise their freedoms. In some countries, indeed you are forced to use the internet as an identified citizen subject to social monitoring. In others, you may have some freedom but perhaps you can only access the internet through some corporate gateway where you're a well-identified consumer. But in many countries, you can choose different ways to get connected and use the internet as a free citizen. You don't have to limit yourself to a single identity that matches what's written on your passport. So there can be a lot of nuance in how many online personas you build and how they are attached to unique identifiers like your phone number, a photo of your face, your age, name, or place of work. You can enjoy going surfing or spending time with your kids without being fitted into just being "surfer girl" or "stay-at-home dad". As Erving Goffman has explained in his book "The Presentation of Self in Everyday Life", "identity is not a singular thing; identity is a role people play that shifts as audience and other contextual factors shift. The 'self' people present is never a full representation of who someone is, nor is it a fixed identity that cannot shift as other factors shift. After all, most people would act one way on a Friday night out with friends and another way on a Sunday dinner with family."

But even when we can have all the freedom and privacy in the world, if we leave those advantages on the table, governments and corporations like to push those away from us, since propaganda and advertising don't work so well on moving targets. It's up to us citizens to realize the power of the internet as a tool that we can also forge for ourselves and not just within the parameters set by those who are in the best position to manipulate everyone else. It's like when companies tell us we are saving money when we are spending money on their products. Thinking for ourselves is irreplaceable. If we don't, somebody else will try to put the world together for us.

But let's instead put convenience above all else and consider the price tag. If we completely sacrifice anonymity to provide some familiar context to our digital networks, what do we have to lose? The thing is, once we establish this premise, some problems materialize down the line and we find ourselves constrained in our ability to solve them. For example, once we establish that your face is part of permanent records in social networks the minute that you're born, once that anchor becomes so heavy, problems like cyberbullying and general mental health become much more serious than they should be. Once you're locked into being always online and always with the same identity that's so tied up to how you see yourself, you are much more vulnerable to attacks that can ambush that persona. Once your online presence determines your ability to get a job and that identity is all you have, you may think twice before voicing political opinions. Once every online service defaults to amassing personal data, the security risks grow dramatically. Once we allow platforms to prioritize daily content that has as much personal data as possible (vlogs, stories, IRL drama, etc.), all content creators are pressured to expose their intimate lives to please ad-driven algorithms. All these cases of context collapse, a term proposed by Alice Marwick and Danah Boyd (2011), should not be mistaken for an increase in authenticity. It's simply a tendency to smash any possible context that you have together in an attempt to make it feel more real.

Indeed, if you just let go, it all clicks together as you slide into your designated consumer role. And although the rule of convenience can easily lead us to problems, it always feels much more comfortable. In an article by Emily van der Nagel and Jordan Frith entitled "Anonymity, pseudonymity, and the agency of online identity" (2015), they agree that "certainly, there is room for negativity and antisocial behavior in spaces that allow people to interact without showing their faces or 'real' names." Furthermore, "understanding anonymity as the cause of such deviant behavior is an attractive prospect, as this also identifies a simple solution to combatting incivility online: get rid of anonymity." However, "to take away, or even stigmatize, anonymous communication by moving towards a 'real name' Internet is to shut off important avenues for productive identity play, self-exploration, and behavior contextualization online." Therefore, "while safety concerns about anonymity are real, it is also true that real names can make people feel less safe and can inhibit behaviors they engage in online." We should keep arguing that "practices of anonymity and pseudonymity may be complex, but they add texture to being social on the Internet. The option of not using real names online allows people to control what they reveal about themselves and to who they reveal it."

The value of pseudonymity on the internet is part of how we lay claim to it as a public space. It matches how we see other people walking down the street and they see us. It's part of a continuum of anonymity in which we can have all kinds of satisfying interactions without exposing ourselves more than what we feel better serves that particular context. It's more real than 'real' names and it can enable true authenticity. So we should not let these hasty solutions monopolize our meetings and stop the conversation for the future of the internet, one in which every identity needs to have a voice.

My face exists,
But no asks
How it justly fits
In a million masks.

I face their cracks
As a given fact
For my ego lacks
Anything exact.

-- Ricardo Tavares

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

I tried very hard not to like my first Macbook

Due to personal circumstances that forced me to pull the trigger on my decision to eventually get a good ultrabook, I recently got the M1 Macbook Air. I'm quite happy with it, but not so happy with having purchased it. It was a combination of being pressed for time and having few viable options for my country of Portugal. Readers of this blog already know a few of the problems I have with Apple and I usually do like to vote with my wallet. Nevertheless, this laptop matches very well with what I consider to be a good ultrabook. It's a compromise.

M1 Macbook Air

My experience with Apple products has never been pleasant. I remember receiving an iPod Nano from a close relative and weeks later letting them use it instead. The absence of any customisation has always confused me as a user, makes it harder for me to do anything, not easier. I later had to interact with the Apple ecosystem as part of publishing apps to iOS and the experience hasn't been any better. Again, Apple fights you all the way if you're not using the thing to do the thing as they expect you to. If you only have a Mac Mini to compile apps, it's gonna need an update when you need it to work. If you need to test different apps in different devices, installing all of them is a pain.

Meanwhile, I had been looking for what I like to call "a real laptop", one that can easily be useful as an everyday carry. In my case, useful for development, design, working on the web and not so much gaming (although I love playing games). Theoretically, my options could range not only between the Thinkpads and the Dells, but also include the latest models from Microsoft, Asus, LG or HP. And let's not forget Linux laptops like the ones from Slimbook or Tuxedo. But in practice, a couple of important points start shooting down a lot of these options. For work, I really need a screen that's at least 16:10 or 3:2 and a keyboard layout in my native language. Also, in Portugal it seems that the only companies that actually sell these premium laptops themselves are Apple or Microsoft. And going through resellers in the middle of a spike in laptop demand means you either get price gouged or the model you're looking for isn't available anytime soon. While on the other hand, distribution wise, clearly the one company that really wants to sell you a laptop in Portugal is Apple. Their site has the thing, you buy it and they'll deliver it. This is similar to Microsoft but on a much more commited level.

Still this is not about making the choice that is possibly less bad. Until recently, I would simply never buy a macbook given its uncomfortable keyboards and questionable value for money in terms of performance per wattage. And the lack of repairability is still very much an issue. But the M1 Macbook Air changed that by leaning into what Apple does best. Yes, it's still a Mac but it's also kind of an iPad with a keyboard. Meaning, huge battery life, zero fan noise and the best performance you can get under those restraints. A lot of laptop manufacturers and reviewers are still playing in a different field, they are selling gaming rigs disguised as student laptops so parents will buy them for their kids. Or they are B2B solutions that I can't hardly access as a consumer in my country. Or they're cool independent shops but with chassis that seem to lag at least a year behind major brands. I've personally used several laptops in my life but, up to now, they were never truly portable. Even my Microsoft Surface Pro required charging it throughout the day and had issues with sleep mode. This Macbook Air weights almost just as much, the charger stays home and I almost never shut it down.

The final hurdle that I couldn't be bothered to jump over was MacOS. Only used it at work and I still think that it has a very weird learning curve. You either do exactly as Apple wants you to or you're suddenly confronted with hidden hotkeys and terminal commands. Still, learning a new OS is not some gigantic task, I just had to be willing to invest the time (I've used every version of Windows and a few Linux distros). Unlike iOS, you can still change a lot about your MacOS setup. And one thing that makes it usable that also matches my long-time workflow, is using it with the trackpad and putting everything in full screen. I personally don't like splitting the screen too much and prefer switching between virtual desktops. The other thing that MacOS kind of requires if you want to make it work for you is deliberately paying for software. Again, I don't have an issue with that, specially when you can still make a one-time purchase and get the full application.

These are still my first impressions, so I'll just end this very subjective purchase review with a few things that surprised me with my current setup and my first Macbook in general:

  • The zsh command line is always just a key press away (iTerm2).

  • It's easy to monitor temperature, network usage and other system stats from the menu bar (iStatsMenu).

  • Passwords can be very accessible with the fingerprint reader (1Password).

  • Non-native electron apps like Discord have the worst performance... and yet I've been in a group video-chat for a whole afternoon and the battery was still above 10%.

  • Vivaldi is actually a good option on MacOS since you can move your tabs to the bottom of the window which, in full screen, avoids having the menu bar pop up every time you reach for them. On the other hand, Firefox is noticeably slower in this OS.

  • The screenshot tool that can also record your screen is actually very configurable and definitely better than the one on Windows.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

Hybrid events and my first FOSDEM

Events moving towards online has become one of the definitive trends of the decade. Not that people want to stay home, but once we've been forced to, the advantages become evident. Any event can reach out beyond its usual physical time and space to bring more people together. Even if nothing can beat the hallway track of a fully-present context, I don't believe the online facet of large events can just go away now, specially when video-on-demand allows us to go back to any content we'd like to watch. The technology was always there, it just didn't seem so relevant as it has become now.

In a lot of ways, FOSDEM is an unique case among big annual events. As it says on this year's website "every year, thousands of developers of free and open source software from all over the world gather at the event in Brussels. In 2021, they will gather online." And they did, maintaining a long tradition of filling countless tracks with an overwhelming variety of talks. Usually, FOSDEM fills rooms to full capacity as anyone can drop by to check out the event, it is both a free experience and an exercise in freedom. This year, instead of testing the capacity of its venue, FOSDEM tested the limits of its online infrastructure, specially during the first hour of the first day. It was a rocky start but one to be expected: an undetermined large amount of people arrives all at the same time to set up a profile, browse tracks, open streams, live chat... I'm not sure if people realize the unique value of having a huge event you can attend without giving out any personal details before hand.

I've always been curious about the event, so this online edition was a no-brainer. By creating an account a few days before the event, I avoided that bottleneck and only had trouble playing live streams in the Element Matrix client for the first couple of hours. The tracks I chose to keep tabs open on were the main ones plus Mozilla, Javascript, Open Source Design and Real Time Communications.

Screenshot of my online FOSDEM experience

Here are a few talks that I can recommend from watching them live:

And here are a few that I've watched through the VODs (which are an essential feature in the case of FOSDEM):

Looking towards the future, I am definitely more interested now in attending FOSDEM in person. Watching the event online does allow you to keep an eye on several tracks all at the same time and to jump between them depending on which session is more engaging. But I'm sure that the in-person experience can have an unique interpersonal value that is very much a part of free and open source software. This is a kind of software development that is all about people coming together, with or without a physical context. By always thinking about their audience on a larger scope, I hope that indeed many events tap into the potential of having both a physical and a digital venue.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

iOS devs working as unpaid salesmen for Apple

One of the ways through which Apple has posted new records in their services revenue is by having you buy a developer account and then forcing you to make other people buy developer accounts. How does that work? Well, let's turn this around and say that you're not a developer in any shape or form. Your job is, I don't know, geologist or something.

You're the president of the geology society in your country. And every year you have a couple of meet-ups that involve a few thousands associates, students and maybe some sponsors when you're lucky. Like in every other similar institution, you organise all of these as a side-project, a lot of it is done up to the last minute, but as long as you keep everyone posted on what's happening, all tends to go well. You already have a website and a newsletter, but your members would also appreciate having real-time information of all those last minute changes that happen in your events. Plus, your website kind of sucks on phones, so you're thinking of getting a mobile app for your next event. Let's say you can do that with the help of some sponsor. You contact an app developer and ask them what do you need to get some push notifications going out to your associates. They need to ask you a few questions before answering that.

You answer "of course" when they ask you if you need both an Android and an iOS app (most of your associates wouldn't even understand the question). And you answer "that's not an option" when they ask you if you'd like to feature your meet-up inside their own multi-event app. Your sponsor wouldn't accept not having an app with the brand of your geology society front and center. Plus, installing some random event app would make the whole process too confusing for your associates. It seems the app developer has had this conversation many times already with clients in the same situation. They explain that you need to buy a developer account from Apple. What? Yes, it all sounds much more complicated than what you expected. Apparently, your iOS app has to be published by the content owner, meaning the geology society itself. You tell the app developer you know nothing about having anything on the app store. They say it's OK, they were forced to go through this process many times already with other clients and they can take care of everything if you follow a few critical steps with Apple directly. They're not making any money with this process, it's just the only way that Apple eventually allows you to have a push-notification with your brand on it. Well then, guess you're a developer now...

People who have ever used App Store Connect probably remember there's a little drop-down menu in the corner for any possible accounts associated with your profile. Years ago, there was not much of a reason to click that, you had your one account and the big My Apps icon for all your stuff. Now, our friend Tim Cook has found a way to generate revenue by populating that drop-down menu for many iOS devs that publish apps for clients. The same apps are getting published, but now the devs have to do that little song and dance explained above to essentially move them from the big My Apps icon into dozens of new developer accounts they need to control now. Never underestimate the power of capitalism to make more money for shareholders in exchange for keeping things pretty much the same while generating useless busy work.

Still, this is not even last year's news. As always, any corporation will keep pushing for as long as they're allowed to and, since the drive towards alternative revenue sources is working, they won't stop going. Apple is not only continuing to require developer accounts from non-developers, but also taking strides to "uberize" iOS devs by finding every possible excuse for in-app purchases to be used or else your app gets rejected. Apple also lags behind with supporting web apps as an alternative to the App Store when a lot of what you find in the iOS store could work entirely from the web. And Apple has this dream that your geologist society is going to buy an enterprise account to be able to deploy private apps only for their members, that's yet another potential cause for rejection.

Overall, there's a lot of risk associated with publishing in the App Store that comes from Apple themselves. Unless you aim to build exactly the kind of app that they can easily categorize and monetize, you have to think carefully about investing in the platform. And, with the drive towards everything not getting payed for with money, that problem is exacerbated by the lack of viable competition from other ecosystems. It's like a choice between the gig economy or unemployment. We have to break outside this box.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

PHP Upgrade Story: Four Lessons Learned

Back at the day job, we have your usual PHP code base that runs a lot of the business and we needed an upgrade from 5 to 7. Business involves a variety of small to large services plus different one-time projects that may require maintenance. So, upgrading had to be a gradual process of isolating a domain that could be upgraded, making/testing changes and benchmarking PHP performance. I've already written about a specific challenge with database encoding that was probably the most difficult and time-consuming to overcome. You can read all about it here. This time, I'm looking back with a more general look on managing different PHP versions with cPanel's MultiPHP approach. MultiPHP edits .htaccess files and maintains different php.ini configurations, making it seem easy to jump between versions with just a few clicks. As one might expect, things are never so simple. Here's what I learned:

1) Be Warned

Starting with the more obvious one, the history of PHP moving forward is one that goes from seeing you shoot yourself in the foot and showering you with guns to tapping you on the shoulder and letting you know what you might be aiming at. For years, PHP has let you push code with potential problems that later on may explode in ways that are hard to pin down. With newer versions, PHP becomes more strict, so the easiest first step when considering an upgrade is to turn up your errors. Let those warnings all come out so you can investigate any type mismatches or assumptions that are unsafe to rely on. This already makes your code more resilient even before upgrading.

2) I Am Root

Onto a more practical matter, MultiPHP does nothing about your cron jobs, so you need to manually configure them to call on a specific php bin like /opt/cpanel/ea-php73/root/usr/bin/php instead of just php. However, as you do so, you will find out that the default working directory will be the root of your home and not the folder where your .php file resides. This may have lots of unexpected consequences if you're relying on relative paths. You should probably change those to absolute, but for simple scripts you can get away with simply adding something like chdir(dirname(__FILE__)) to maintain the same behavior.

3) Runs In the Family

If cPanel is just another tool that you use while still setting up your own folders in your server, eventually MultiPHP is lying to you when it says you are assigning some version to a specific domain. What it does do is write in an .htaccess file at the root folder of that domain, which means that anything you have under it will be affected by that configuration, even if being called from a different domain. This normally shouldn't be a problem as some projects you might want to isolate probably have nothing to do inside the directory structure of another domain.

4) Apples to Apples

I've been using artillery.io to benchmark web applications, so I also wrote a few tests to monitor possible differences in performance with the upgrade from 5 to 7. If you try this after applying a default upgrade to some domain, you might be surprised to see much worse performance. What's happening really is that the new php.ini is probably not allowing each process to have as much memory. You need to check whatever variables are relevant (like memory_limit) and manually match each one so that both versions are indeed running under the same conditions. Depending on your workloads, version 7 should indeed perform better than 5. In my case, the tests that matched our use cases were very much dependent on database performance, so the difference in speed was not considerable.

With PHP being used by about 80% of all websites with a known server-side programming language, I hope these few tips may still be of use, specially for people upgrading out of 5, which is still a considerable percentage of installations. Thank you for reading and I wish you all the best if you are working on one of these legacy code bases.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

My Love Story with Podcasts

Playable on-demand broadcasts (podcasts) are a simple case of people using open technologies to come together over a new medium that should be accessible to everyone. They are my favorite example not only of how useful RSS feeds can be, but also of the evolution towards audio files that are small, sound good and can be easy to catalog. Pretty much anyone with a laptop can record a podcast, the challenge as always is distribution. But the thing about just having a file that people want to listen to is how flexible it can be. You can put it on a website, send a link through a newsletter, have a full archive inside a torrent and no listener needs to have an account on any specific platform or even has to be online to listen.

My own history with the medium began about a decade ago when I was looking for independent content about games, namely tabletop RPGs. I became fascinated with the idea that you could kind of make your own personal radio to listen at your own pace anywhere. And also by the feeling of connection you get with people who are not very much different from you. They just sit if front of a microphone and talk (and then maybe edit the recording for hours, but let's not ruin the magic). And although some radios still have an experimental side to them, most of them have long become sequences of playlists and ads, while many podcasts still retain the ability to surprise you in every episode. More than that, some series can even be considered timeless, they are a contribution to the public library of an open internet.

After about a year of listening to podcasts, much like how people who read books eventually try to write since it's such a accessible craft, I created my own podcast and developed a taste for all the work that goes into it. For about four years, I committed to publishing something every two weeks and stopped after a long season of 101 episodes. Being dedicated to the niche of tabletop RPGs, I was the only podcast in my country on that topic, so I tried to cover just about every approach possible: reviews, interviews, essays, recording sessions, live panels, original music, round-table discussions, etc. Knowing zero about preparing a script, sound engineering or audio editing, I'm still just an amateur but I did learn a bit of how and why some podcasts are the way they are. Namely, the huge difference it can make having a team instead of going solo or having a good microphone in a decent room as opposed to trying to clean it up when editing. So maybe it's not that accessible, but the most basic setup sure can work for at least a few dozen episodes. And you still get to grow an audience, I made friends across the Atlantic Ocean, people that I would've never met if not for the podcast. This medium can truly embody the best of what an open internet has to offer us.

If you're looking for recommendations, the classic starting point that's mentioned when people want you to take podcasts seriously is Dan Carlin's Wrath of the Khans series from the Hardcore History podcast. You definitely can't go wrong with that (although I believe it's behind a paywall now), but I can also mention some of my personal favorites. Tech related, I recommend subscribing to Reply All (website, RSS feed). It stands out not only for the level of audio production, but mainly for putting humans at the center of how we deal with technology. For a completed series that may have timeless value, I can recommend More Perfect by Radio Labs (website, RSS feed). As a non-American who sees the value in understanding American history, learning about the evolution of the constitution and the supreme court is surprisingly useful. Finally, another easy recommendation if you ever thought about the importance of design in our lives, is 99 Percent Invisible by Roman Mars (website, RSS feed). Another great example of how to tell stories through radio that is playable on-demand. Trust me, this is a completely different experience from trying out audio-books.

However, like many other open platforms, podcasts also are what we make of them. And it's not like there's some clear corporate branding touting the advantages of playable on-demand broadcasts. Each podcaster really can do whatever and each audience member maybe finds out what a podcast can be and looks to see that promise fulfilled. Not surprisingly, what ends up happening are things like listeners who are content with going to a website, clicking play and keeping that page open to stream an audio file they could have downloaded and listen anytime anywhere. No wonder they have ended up limiting themselves to Spotify. An even more tragic misunderstanding is people who thought you needed an Apple device to listen to podcasts and in their minds have forever stuck an open platform into a closed ecosystem. Now, I'm not sure if I believe in love-at-first-sight, but convenience-at-first-sight sure is a popular all-or-nothing approach to technology. As if everything had to be right here right now for it to exist. Is convenience the only personal value that guides our actions? That would be a digital world without distance, one in which all things have to be targeted and pushed towards us since we won't walk towards them or even just pull them to use in our own time and with our own hands. So, it's only partly true, it's how things are for a lot of people who did not yet have the time to engage with the technology. We're still talking about podcasts, but it's also pretty much the history of the web, for example.

Anyway, if you're looking to get started, the easiest way to consume podcasts is to pick an app for your smartphone that does the work of managing your RSS feeds, namely automatically downloading the latest episodes so you can listen to them offline at your leisure. I have used BeyondPod and Pocket Casts, but now have switched to Podcast Addict. The best podcast clients inevitably become paid apps, ask for subscriptions and/or are assimilated by corporations that are interested in controlling the access to this open platform. Just remember that, at the end of the day, you are just going through a list of RSS entries to download an .mp3 file. That's what you want, not some closed source live stream that injects ads into your episodes. But, by the way, you should also realize that this remarkable ease-of-access also means that podcasters have very limited knowledge of the kind of engagement they are having. They basically know how many times an episode has been downloaded and that's it. So, if you enjoy a podcast, consider telling those people that you love their work and give them some feedback. It does make a huge difference.

If you liked this article, you might want to subscribe to the RSS feed, maybe follow my Twitter or learn more about me.

Our online lives lack context, they should also lack friction

It's an understatement to say that humans are complicated creatures. How we function depends on more than facts and feelings. We also respond to what is left unsaid and we act according to how we imagine that we'll be perceived by others. Even without other people, we still don't exist in a vacuum, inevitably we are influenced by time and space. Like all biological creatures, we have cycles that are naturally sensitive to the time of day.
And, if you step through a doorway, that change in space may for a moment make you forget what you were about to do. Context matters and all of these factors play a part in it: our reasoning, how we feel, the signals we implicitly broadcast between us, our place in the physical world as it changes across time... and yet we can pretend like a lot of these factors are irrelevant when we are online. All the analog content in the world is converted to digital and nobody notices the difference, right? Well, it's complicated indeed.

The digital medium in general and the online venues in particular allow us to negotiate away much of their context in exchange for a lot less friction. Or at least that's the idea, right? You can now attend some conference or a business meeting from your bedroom or kitchen table. So you can give away all the background story and implicit signalling of getting there in exchange for a lot more convenience. However, we can paraphrase Douglas Adams to say that technology is a word for when things don't work yet. If doing all our work online just worked, we wouldn't be talking about "learning the technology" it would just be something that we did. And that could be very valuable for everyone, digital networks are a common good that can empower our education, decrease pollution, give us more time with our families... but they are also merely a tool that can be leveraged to harm everyone, make us dumber, drive us to consume more and pull us away from our loved ones. So, although they can be very convenient, we shouldn't fool ourselves into thinking that one of those conveniences is ignorance. Or going to the extreme of electing politicians that know as little as we do about "the technology". If we don't care about it, there will always be technology, the thing that doesn't work... at least for us. Because the thing does work, but just not for the common good.

People can automate systematic stock trading across continents and yet a teacher still has to drive to the top of a mountain every day in search for a signal to get their smartphone ready for online classes. And the students for those classes also can't find a decent laptop because those are getting harder to repair and are made to become obsolete. The computers most people have access to are closed platforms made for consumers, not citizens. Like the windows of street shops, they are pieces of glass filled with ads and calls-to-action. If we don't have a vision for what "the technology" can do for us, somebody else will take advantage of it. And that is why the clothes don't seem to fit when we reach for something to keep us warm in those virtual realities devoid of context. The internet is no good because your street doesn't seem profitable enough to install infrastructure. Or because the network on our house is just a set of screens that other people want to control to show you ads. Or because arrangements have been made between providers and their prices won't go down to where we can afford them. Or because these companies have come to the conclusion that they don't actually need to hire people to fix things for their customers. Or because we've gotten used to "the technology" just being something that sucks. "The Wi-Fi is down again, I guess. Let's see what's on TV instead..."

Growth of laptop imports in Europe during 2020

As we've seen from the COVID-19 pandemic, "the technology" isn't ready for primetime yet. It's not just the lack of infrastructure, equipment or housing where people can actually have somewhere to work. There is also organizational friction against working remotely. Given the rise of bullshit jobs, as described by David Graeber in his book with the same name, how can those exist in an online world that discards context? These are the jobs that are exactly all about showing up to work. And for as long as we don't claim the public value that advancements in technology can have in terms of giving us less stuff to do and more free time, we are maintaining jobs that no longer need to exist while letting private interests take the initiative towards ending those jobs and capturing the value of automation. Many people are forced to go to work so that the status quo that justifies bullshit jobs can remain unchallenged. Many companies are not willing to spend money to make money by committing to getting employees out of the office and giving them what they need to work from home. Many public services won't improve their processes to a point where they can employ less servants while serving the public better. Overall, remote work forces us to rethink the context on which organisations are built. Without a shared analog space, all that we are left with is that organization's culture as perceived by each person across the internet. Since that's very close to leaving it to speculation, how many organisations are comfortable with that level of individual autonomy? To them, it can almost seem counter-intuitive to have less context and less friction, so of course they act like hitting the breaks when a car starts moving on its own.

As we retreat back to the analog world with few good memories from our online confinement, do we want everything to go back to how things were? Or maybe we caught a glimpse of a level of freedom and power that people would like to have online. Right now, it's an exercise of imagination but no longer science-fiction, it's like we've already been to the moon. We feel like it can be liberating to float detached of context if you're not constantly bumping into obstacles and can control where you're going. Digital networks don't have to be a scary frontier or a distant horizon, they can be public spaces just like a park, a street or a beach. And as much as workplaces extend into our homes, this higher level of democracy and individual power can also extend into our work. Boundaries are being drawn in all these fresh maps of a new digital world, we probably should pick up a pen as well. Any common good can be used against itself if not enough people care for it. So, thank you very much for reading. I hope we all learn more about what we can do and start to have some idea for want we want in the future. Happy new year, everyone.