The end of CAPTCHAs?

Looks like Google has figured out how to use a “CAPTCHA” (those awful “what are these words”, “which ones are numbers” tests) without actually using one.

CAPTCHAs have always been a bad solution to a real problem. I’m assuming this new solution is some set of client-side/user-agent evaluation, IP reputation, and behavioral (i.e. how does the mouse move on the page). This is probably going to be a similar solution to what CloudFlare does, where they’ll let traffic through to your site automatically if they trust the reputation of your IP/browser, might delay you if they need more data, or ask you to fill in an old-school CAPTCHA if they can’t tell.

While CloudFlare got there first, Google’s reCAPTCHA is so much more widely used that it could greatly reduce how often those awful (but, often, necessary) CAPTCHAs show up.

(Via Ars Technica)

This is Why We Can’t Have Nice (Free) Things

There was a little internet kerfuffle last week when Matt Mullenweg from WordPress correctly pointed out that Wix was violating the GPL. Now, he did it in maybe not the nicest way (“If I were being honest, I’d say that Wix copied WordPress without attribution, credit, or following the license”), but at it’s core, his argument was true.

A core part of Wix’s mobile editor is forked from WordPress’ GPL licensed editor library.

And that’s pretty much all there is to it. In the end, if you use something that is GPL’d in your application, you walk a fine line of needing to open source and offer your source code under the GPL as well. The GPL is a viral license (GPLv3 particularly so), and including code licensed under it is, at best, something you should do with a close reading of the license. At worst, you simply just shouldn’t include any GPL code.

Wix’s CEO posted a response and completely missed the point. As did one of their engineers. They both seem to think that intent matters. While it does matter in that it helps us understand that there was probably not any malicious intent, the GPL is the GPL and it’s pretty clear.

As Daniel Jalkut says:

if you want to link your software with GPL code, you must also make your software’s source code available … You have to give your code away. That’s the price of GPL.

Many developers understand, and view the price of GPL as perfectly justified, while others (myself included) find it unacceptable. So what am I supposed to do? Not use any GPL source code at all in any of my proprietary products? Exactly. Because the price of GPL is too much for me, and I don’t steal source code.

In my office, we’ve basically made the same rule. Even though we don’t ship code, we still stay away from GPL’d code as much as possible, simply to avoid any chance of impropriety.

I look at the GPL like Dave Matthews Band. It sucks, there’s lots of other licenses just like it that are much, much better, and it’s fans are so annoying as to make it that much worse.

Docker Beta

Docker is a really cool technology. But it’s local implementation on the Mac was just a mess of a layer on top of a VM, with a bunch of network jankyness.

It was fine for doing a little bit of prototyping, but it fought with my local VMs, added GBs of VMs to my SSD, and was just a huge pain in the ass to work with.

The new Docker beta, in my limited testing, is really nice. It’s much, much faster than the old Docker setup on the Mac, closer to the metal, and seems significantly more efficient.

Docker still doesn’t clean up exited/old containers, which I think would be a useful feature. But I guess that’s why it’s a beta.

Owning Your Own Social Media Content

I’ve been linking to Manton Reece a good bit lately, as he’s hitting on some topics that I’ve been thinking about. Namely how do you ensure that while you’re putting stuff into Twitter, Facebook, Instagram, etc., you ensure that you own the canonical versions of your files (or at least make it so that when one of those businesses pivots, gets bought, whatever, you don’t lose everything).

“I rarely post photos here on my own site. I’ve stuck with using Instagram instead.
I need to change that. I do like the Instagram app, though, so I’m going to keep using it. I’ll just copy the photos over to my site as well, and I’ll use Workflow on iOS to help automate it.”

He made a nice workflow for the Workflow app for iOS. Workflow is really cool, and sometimes you just need a little kickstart to get going.

I loved the idea of making it easy to post photos to this here blog, so I adapted his workflow a bit to make one that’s a bit more generic. You can find that here.

With it, I can take any photo on my phone and post it over to my site in about 10 seconds. You can see an example with this post about the bottle of Pretty Things I opened up the other day (two more bottles of Jack D’Or hanging out in my fridge for a special occasion).

Let’s Encrypt SSLs

A couple of months back, I went through the process of trying out Let’s Encrypt to setup some SSL certs for my various little sites. Do my sites really need encryption? No. But, at this point, it’s easy enough to setup an SSL cert, and I’d rather my sites pass their data securely, even if no one cares what goes on between my site and your browser. I’m not storing credit cards or capturing info about my visitors (beyond the analytics Google captures), but in a world where the government is increasingly looking for ways to get at the data of citizens, why not do it.

Plus, it’s free.

It’s a little bit of a challenge to get setup if you’re not already used to mucking around with server management. The newer versions (as of this moment, 0.5.0) make things much easier, but you’re still going to need to be at least familiar with git, python, and sudo.

Once you’ve gotten certs and gotten your servers configured, you just need to remember that these certs expire every 3 months, unlike yearly (or longer) for more traditional certs. Currently, you’re on your own to renew them, but it sounds like they’ll be building out renewal scripts to make it easy.

SSL certs are already reasonably inexpensive (providers like Comodo often sell them for less than the cost of your annual domain renewal), but the ability to get certs for any number of subdomains for free is pretty compelling. Once the automation is in place, they’ll be almost no reason to run a server without https.

(Of course, Let’s Encrypt could be a big government ploy to get everyone to install free certs that they have the key to, and they’ll be able to eavesdrop on all of us with ease.)


Manton Reece has been working on an app/business/service that I think is really in the “own your own Twitter” space. Basically, why not own your own work, rather than just pushing it into Twitter.

It’s something I’ve thought about in the past. If I could post to Twitter and push those to my blog at the same time, it’d give me a full accounting for most of what I do on line (suck in Instagram, and you probably get the totality of it).

I’m interested to see what he comes up with. I think, often, that my Tweets only make sense in the context of the moment. A Celtics game or a concert, or whatever is happening on TV. Some are of the moment in a world sense, and make more sense standing alone.

For example,

Serial is pretty popular, so that stands up on its own alright (and, for fun, go search Bergdahl and Rand on Twitter. It’s amazing.)

This tweet, however,

only makes sense when you realize I was at the Celtics/Clippers game before the All Star break, that the Cs pulled out in overtime.

If you push your tweets/microposts to your blog, even if it’s within the context of your other tweets/posts, can you maintain that context of the moment? I’m not sure.

It’d be amazing if, whether via an app or later inside of your blogging applicaiton, you could add that context. If I could post from an app, that knows my location, and can determine I’m at the Celtics game, and add enough meta-data to that tweet to put it in the context of “Posted from the TD Garden during the Celtics victory over the Clippers”, that’d be pretty amazing.

And it’s not really out of reach today. That tweet could have had geo-data, which would put me at the Garden, during the time the game was going on. I mentioned “game”, which likely narrows the context down even further. If an app/web service could even let me go through my tweets later, tag them with context, and have that flow to my site, that would be a pretty amazingly wonderful service.

The Interesting Dichotomy of Tumblr

This week on Talking Points Memo was this interesting story about “#BlackOutDay” on Tumblr, when a few users were able to generate a meaningful social movement on Tumblr.

For three Tumblr users to radically alter the landscape of a social networking site, even just for a day, is powerful. (The residual effects reverberated long after March 6, with users posting pictures with captions like, “Too late for #blackout?”)

It’s a testament to Tumblr’s embrace of a reasonably open culture that a community was not only able to do this, but that it was able to happen as just part of the site—not as part of some larger engaged social movement. I don’t think this could have happened on Facebook. Facebook has sanded off the rough edges of the site and content, it’s algorithm ensuring that users get the content that will make them most likely to stay on the site and click the ads.

Which is why it’s not a coincidence that another story about Tumblr came out last week. This time, it’s about Yahoo’s reorg, which is at least partially to help improve Tumblr’s ad sales.

The move reflects Tumblr’s struggles to broaden its appeal beyond its core audience of of artists, teenagers and 20somethings looking for a platform to express themselves. Tumblr has served as the technology behind Yahoo’s digital magazines, but it has faced challenges in luring advertising. Tumblr’s top ad executive, Lee Brown, recently left the company and joined BuzzFeed after Yahoo integrated Tumblr’s ad sales with Yahoo’s.

I think the contrast of those two views of Tumblr is pretty striking.