tag:blog.dcpos.ch,2013:/posts DC 2020-06-30T00:35:19Z DC tag:blog.dcpos.ch,2013:Post/1527779 2020-06-23T18:00:00Z 2020-06-30T00:35:19Z Thank you, next

A gerontocracy is a government run by old people.

Societies are usually run by people in the second half of their lives, people age 40 to 60. That's normal and healthy. Wisdom and empathy both come from experience. You cross the line into gerontocracy when power concentrates into people in their 70s and beyond.

Historically, gerontocracy has not gone well. The USSR in the early 1980s, China in the 1900s, Austria heading into WW1: if you look around you and the people in charge are all very old, expect turbulence.

The reasons from this range from the poetic to the actuarial.

First, gerontocracy represents a failure of imagination. Time horizons become compressed. It's rare for an 80 year old to start a brand new project. People at that age naturally want to complete some vision. Whatever dissonance they still feel in their own story, they want closure. That can be a beautiful impulse, but in excess it sucks the air out of the room and leaves no space for new ideas.

Second, it represents a process failure. Every society has a mechanism for generational transfer, renewal, some kind of changing of the guard. When the seats of power are filled with people over 75, it's evidence that this process has stopped working.

Finally, it predicts disruption. Someone who's 40, elected to an 8-year term in office, has a 97% chance of being able to finish.[1] Someone who's 80 today, a coin flip. And those numbers don't count all the other risks, short of dying in office. Reagan had Alzheimer's towards the end of his presidency. When those things happen, real decision-making shifts from formal leaders to other, less accountable people around them. The shift can be gradual and subtle. History shows it to be dangerous.

Source: [4], [5]

The ability to absorb new information, synthesize, and commit to decisions. The capacity for clear thinking and communication. The executive function to follow through.

The uncomfortable truth is that each of us will eventually lose those things. When too many leaders hit the steep part of their curve, the organization as a whole loses those capabilities, too. The dysfunction trickles down. Gerontocracy rusts the gears, and government seizes up.

We're in a difficult moment in America. I collected data about the top positions in our politics over the last 100 years, and it supports what I suspected. Our current political leaders are the oldest we've ever had.

Our president, the house speaker and senate majority leader were all born in the 1940s. Their median age is now 78.
Source data.

I collected the Senate Majority Leader, House Speaker and President every year back to 1920. I could've gone further, but this looks like a fair proxy for the age of our senior leadership overall. The trend holds across different parts of society. The average newly hired Fortune 500 CEO was ~45 in 2000 and almost 60 now.

A single cohort, boomers, held much of the power then and still do today. As large voting block, they seem to elect people who are even older than themselves. A 78yo is a member of the Silent Generation, growing up before movies had sound.

Regardless of what happens this year, we are on track to break that record.[6]

So the question is, what comes next?


[1] Using an actuarial table from the Social Security Administration

[2] If you want to read a much longer take in this same vein, Tim Noah at the Atlantic did a solid job.

[3]  Murman, The Impact of Age on Cognition.

[4] Salthouse, Selective review of cognitive aging.

[5] Salthouse, Consequences of Age-Related Cognitive Declines.

[8] If Biden wins and the senate flips, it'll likely be Pelosi (80) Reid (80) Biden (78) for a median of 80.

tag:blog.dcpos.ch,2013:Post/1561504 2020-06-19T00:57:32Z 2020-06-24T00:54:51Z Trying too hard

Teddy Roosevelt was a poet, in addition to being president. Unthinkable in recent decades, but hey, it was a different era. He captured what drives every entrepreneur, explorer and adventurer.

Far better is it to dare mighty things, to win glorious triumphs, even though checkered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows neither victory nor defeat.

A call to action, present bravery to avoid future regret.

But what about the opposite problem? What about the gray souls that know nothing but victory and defeat? Empty shells filled with ambition.

Let's talk about Quibi.

You can't fault them for not trying. Quibi spent the better part of $2 billion on a huge staff, a massive ad campaign, over 100 original shows, and who knows how many Exclusive parties in the Hollywood hills. Nobody has ever tried harder to make fetch happen.

And yet...

I download the app. You can't see anything until you make an account. Where are the trailers? Quibi is a new gimmick, vertical format TV. Why would we sign a subscription agreement sight unseen?

I sign up anyway. For science. The content looks like the bottom end of Netflix. Generic Adam Sandler-style comedy. Generic action. Everything on the page screams "19% on rotten tomatoes".

I open CBS's 60 Minutes, except here it's 6 minutes, "60 in 6". The free trial contains preroll ads, another unforced error. There's zero reason to degrade the experience for a brand new user just checking things out.

My first 3 seconds of actual video on Quibi: an ad

I flip from horizontal to vertical and back again. It looks exactly the same, except in side-by-side shots, vertical is panning back and forth between the two actors.

Finally, the cherry on top. So far, the points of differentiation versus Netflix are: less content, worse content, vertical video, but then I notice... the scrub bar is on the right side instead of the bottom.

Or is it?

The first time you try to scroll ahead in Quibi, a popup appears. "Prefer the left side? Click here"

I uninstall the app. This is the hallmark of a feckless, overstaffed design team. Not only did they lack the courage to commit to vertical video, insisting on "switchable" aspect ratio (which must be super annoying for the directors), they couldn't even commit to putting the scrub bar on one side or the other.

I can smell the conference room air where 12 of their Design Stakeholders debated for an hour and landed on "let's add a popup so the user can decide!"

Quibi is a product of purposeless ambition. A desire to make something huge without knowing what for.

Steve Jobs wanted to win, yes, but he was also idiosyncratic and oddly passionate about good typography. Elon is an brilliant, awkward guy with a deep, charming, slightly childish desire to go to Mars.

But when you rise and grind every morning to win and for absolutely no higher purpose, perversely, you guarantee defeat. You have to believe in something.

tag:blog.dcpos.ch,2013:Post/1520454 2020-03-16T11:11:42Z 2020-03-16T11:11:42Z Strange times

We’re in strange times.

The entire German yield curve is below 0%. Japan mostly below 0%. This week, for the first time ever, the entire US yield curve is below 1%.

Above, 30y treasury yield. Below, CPI inflation.


I'm still not sure what this means. What’s good, what’s bad? 14% back in the 80s was bad, because it went with high inflation. But even then, the real, inflation-adjusted rate was a few percent.

The real rates are now negative for the first time ever. As far as I can tell, this reflects a lot of uncertainty or pessimism. Tons of cash looking to minimize risk, even at negative real rates. It reflects lower population growth and an aging population. Above all, it reflects a failure of imagination. Finance world does not have any confidence in future growth and cannot think of enough productive ways to allocate money.

It feels like we’re at an impasse. We have obvious needs. We have third-world problems in our wealthy country. We have gaping infrastructure and education needs. And yet the collective finance world, the people we’ve delegated tons of power to since Reagan, don’t know how to meet those needs.

Decades ago, we had enough confidence in our future that we could deploy capital at scale with a strong expectation of at least a few percent real return. Apparently not today.


Ronald Reagan had a few catchphrases he liked to toss around, things he said that seem to get worse and worse with each additional year of hindsight.

The scariest ten words in the English language... I'm from the government and I'm here to help you.

He liked to talk about "starving the beast". Well, maybe he succeeded.

We’re seeing that the markets-only approach has hollowed out government institutions. It shows up in a feckless FTC that's no longer enforcing antitrust. It’s showing up dramatically in our response to Coronavirus. It showed for years in our inability to execute infrastructure projects competently.

We have a have a government that can borrow vast sums for cheaper than free, but can't build a train from LA to SF. We tried--voted for a big bond, earmarked more money than comparable rail projects in other countries, spent a multiple of what we earmarked, then gave up unfinished.

If you sap all the real power from an organization, then the kinds of people who are smart and have some vision for the future eventually evaporate. US has a lot of those. We once had them in government, but not so much today. So what’s left? Bureaucrats. Institutional decay is hard to reverse. You can’t just re-empower the hollowed-out org. The people who could wield that power competently and responsibly are no longer there.


Not sure how we fix this. It feels like a vacuum of leadership. In the public sector, we don't have the institutional capability we once had, nor does the public have much pride in our government. In the private sector, we've delegated tremendous power to the finance industry, which wields that power without much imagination and without any overarching plan.

We need a changing of the guard. But right now, it's totally unclear where the new ideas will come from.

tag:blog.dcpos.ch,2013:Post/1451074 2019-09-02T20:07:15Z 2020-01-11T06:58:57Z Voting for fun

The Economist writes... "in a world of voluntary voting, the real mystery is why so many voters turn out at all. Although votes matter in bulk, the chance of any individual vote deciding the outcome is minuscule."

And yet millions of people vote. They don't do it because they expect to actually get anything for it. Why?

In big elections, voting is fundamentally emotional, not rational. We vote, not because we have a chance of affecting the outcome, but because the act of voting feels good.

Casting a vote taps into some deep human drives. It feels good to participate. It feels good to have a say. It feels good to be on the side of what's right. If the wrong option later wins, we're inoculated: we can confidently say it wasn't our fault. If the right option wins, we celebrate that victory. Either way, we wore the colors, we showed up for our team.

Those are all emotional reasons.

Voters often understand perfectly well that they have no chance of changing the outcome. If you exit-polled a presidential election here in California, asking each person, "do you think your vote just decided our next president?", you'd get a lot of annoyed laughs. Yet they're all here. If you asked them "are you glad you voted?" you'd get a happier response.

People vote because it feels good, not for some vanishing chance of changing the result.

Now to push this to its logical conclusion. If you have no chance of changing the outcome, then it doesn't matter which outcome is actually better for you. It only matters which outcome feels better to vote for. What feels right? What helps you sleep at night?

Lots of elections make more sense once you accept this uncomfortable conclusion. Trump voters didn't do math and conclude a world in which he won would be better for them. But most of them enjoyed voting for him. Similarly most Hillary voters, even if they didn't enjoy voting for her, certainly felt satisfaction voting against him.

Pundits sometimes make the error of treating voting like a test. If you vote for an insincere blowhard, that guy wins and passes some law that helps his cousin and his hotel chain but hurts you, then you've been duped. You're a rube, you fell for something.

But it's really not a test. There's no reward for getting the right answer. It's totally rational to stay uninformed! It doesn't mean you're stupid or imply a lack of "civic duty" or any of that.

If it's not worth an hour of your time voting for a 0.000% chance of changing the outcome--it certainly not worth many hours reading information and forming a nuanced opinion in addition. The people who do read about politics do so, again, out of emotional reasons: maybe they enjoy it, maybe they're procrastinating at work, maybe they want to sound smart at the party, maybe they want to fulfill a self-image as the kind of person who knows about these kinds of things. For a security guard living in Akron, maybe none of those reasons apply. So he doesn't read about politics, because it's not fun for him.

But he does wear the Trump, Facts Don't Care About Your Feelings shirt because that makes people who don't respect him mad, which is definitely fun. It triggers the libs. And he votes, that's satisfying too. And they hate it. And it feels really good.


Many of us would like to see political change. Maybe we want different people to win here in local elections in California. Maybe we want a different governor. Maybe we want a different President. If we want these things...

We have to run people who are fun to vote for. Obama was fun to vote for. Bill Clinton, with his easy Southern humor and his saxophone, was fun to vote for. Voting is emotional: people will vote if it gives satisfaction, vindication, joy, hope, whatever you want to call it. It has to be fun. Whoever we nominate, from city council to president, has to meet that simple requirement, if we want to win. They have make people feel something. There's no consolation prize for being right.


1. Vitalik Buterin goes deep down the nerd hole on this topic. I'm not interested in "sortition voting" etc, but he did find an interesting analysis--a single voter's probability of deciding a presidential election. Apparently it's 1 in 3 million to 1 in 60 billion, depending on which state you're in. The quantifiable EV to a given voter casting a vote is nearly nothing. Whatever value they get is emotional.

2. The Economist wrote about why people vote. Same basic structure: they start by acknowledging that the EV of voting is approximately zero, then ponder why people do it anyway. But, characteristic for TE, they don't engage with emotions much. "The argument that people do something because they like it is hardly an illuminating insight". Sure, but if you fail to dig into the non-"Economist"y reasons why people like it, then you miss the plot.

3. Matt Taibbi goes straight to the point and covers the why. He's on his usual schtick, channeling Hunter S Thompson, trying to be funny and vulgar and cynical. I think he's basically right.

tag:blog.dcpos.ch,2013:Post/1378929 2019-02-26T20:28:22Z 2020-05-20T23:54:49Z Calm technology
There are two kinds of companies, those that work to try to charge more and those that work to charge less.
- Jeff Bezos

The same is true for attention. There are technologies made to capture as much of your attention as possible, and others designed to stay out of your way.

The first category includes feed apps (Facebook, Twitter, Insta) with infinite scroll; video apps with autoplay; and apps with too many notifications. The second category includes utilities like Venmo, Waze, and Shazam, and apps like Five Minute Journal.

Which kind are you working on?

In the early days at Google, they had a beautiful KPI. They tracked time spent on google.com--and the goal was to make it as short as possible! The better the search algorithm, the simpler and faster the page, the quicker people would find what they were looking for.

This is the opposite of the Average Session Time metric many apps use today, where you're trying to keep people "engaged" for as long as possible.

We need calm technology. Perfection is achieved not when there is nothing left to add, but when there is nothing left to remove.

tag:blog.dcpos.ch,2013:Post/1070550 2016-07-07T10:03:25Z 2018-08-13T06:07:50Z The Distraction Industrial Complex

People are spending huge amounts of time scrolling through feeds.

I'm not talking about chat apps like Snapchat or channel apps like Twitch. Those are cool.

I'm talking about algorithmic feeds of posts that scroll forever off the bottom of the page.

Posts with Upvotes or Hearts or Likes. Posts with Retweets or Shares or Revines or Reblogs.

The biggest offenders are Twitter and Facebook.

Feeds suck. 

When was the last time you scrolled thru a feed and felt refreshed and invigorated?

Felt you'd learned something new and useful?

Felt that it was time well spent?

Most of the time you read a social feed it's just a quick diversion, a way to procrastinate. It will give you a few mildly funny things to laugh at 😅 and a few terrible things to get mad about 😤 and maybe a photo of someone's suntanned feet on a white beach with a clear blue ocean in Thailand so you can feel a little #fomo.

You feel kind of bad afterwards. You know you're just wasting time, but it's hard to stop. So hard, in fact, that Facebook now has a billion daily users.

How did it get this way?

1. The companies DGAF about you

The cliche is that if you're not paying, you're not the user, you're the product.

More precisely, ad impressions are the product. Every hour you spend feed scrolling creates ad impressions, which are sold to advertisers for a few cents per thousand.

Turns out, every hour you spend scrolling is sold for surprisingly cheap.

Facebook made $18b in revenue in 2015 from about a billion daily active users, each of which use the site for an average of about half an hour a day, 365 days a year.

That means that to Facebook, an hour of your time is worth just under 10 cents.

18b USD per year / 1 billion people / 365 days a year / 0.5 hours per day = 10 cents per hour

Facebook is the blue whale. You're the plankton.

(Wait, $18 billion? Ten cents per hour? Does that mean roughly 180 billion human hours were spent Facebooking in 2015? Why yes it does! By the way there are about 400,000 waking hours in a human lifetime, so that works out to about half a million lifetimes.)

2. Feed companies make their feeds as compelling and distracting and addicting as possible

They're constantly experimenting, tweaking their product. Anything that makes you waste even more time per day, ships. This is called Driving User Engagement.

After years of optimization, they've come up with some pretty powerful ways of keeping people Engaged.

The top nav bar always hovers over your feed as you scroll, showing bright red notification bubbles, begging for clicks. The smallest things trigger new notifications. Someone you met once at a party three years ago clicked Like on a picture of your butt while you were squatting on #LegDay. Ding!

By default, everything buzzes your phone.

The feed suggests new friends. The feed suggests reposting years-old content ("Memories"). The feed suggests Liking things that your Friends Liked. The feed suggests putting a french flag in front of your profile pic.

They've reduced the effort to participate down to a single tap. Just say Yes.

All this extremely low effort content floods out to your 1000 or so closest friends' feeds. By default, almost every action you take is public.

Infinite scrolling feeds start at the very top every time you open the app. There's no way to pick up where you left off last time and efficiently catch up. Instead, you just have to scroll down and down until you notice posts you've already seen before. This is by design!

Reposts--retweets, shares, etc--and non-chronological feed algorithms mean that new and old posts are interleaved. You can scroll for a long time and never really know when you're "done". While you scroll, the bright red notification bubble lights up again because there are now "9+" new posts since you started reading. Clicking sends you all the way back up to the top.

I'm sure they A/B tested this and found that it makes the Average Session Time go up.

Such User Engagement. Wow.

3. Feeds reward the wrong stuff

Sexy photos. Baby photos. Beer drinking photos. Happy Birthday posts. Political screeds. Thoughts and prayers.

Feeds are random. They have no coherent theme. That makes them unsatisfying.

If you watch thirty minutes of Netflix, it's not exactly productive, but you do get the satisfaction of a coherent story with a beginning, middle, and end.

Thirty minutes of feed-scrolling is neither productive nor particularly satisfying. It's a random stream of bite-size miscellaneous posts.

It's just there, always in your pocket, always a finger flick away. It can be consumed anytime, anywhere, in bed, standing in line, sitting on the toilet, at lunch, or in a boring meeting. Maybe that's why 85% of video on Facebook is viewed with the sound turned off.

So the content is low effort and the consumption is low effort, too.

How do we fix it?

Well, ideally we'd nuke the Distraction Industrial Complex from orbit and build a better way of hanging out over the internet.

A new way that prioritizes quality over quantity. 

A new way that respects our attention and values our time.

If we can dream, maybe our new way will even be free from centralized control.

Until we can make that happen...

Here are a few simple fixes that worked for me

Uninstall the apps from your phone. 

You can keep Messenger, but get rid of Facebook and Twitter. At very least turn off the notifications. There's nothing healthy about having your pants buzz every time some dude from middle school Wants To Play Candy Crush Saga With You

Take a break from Twitter. 

If Sam Altman can quit, so can you.

It helps to block twitter.com from your hosts file.

Update: if you want to keep Twitter but avoid distraction, check out this new Chrome extension, Kill Tweet Stream. Nate Goldman made it after reading this post (!) and he's the boss.

Install Kill News Feed.

That way, you can keep your Facebook and use it for events and chat, but without getting sucked down the rabbit hole of "news".

Install uBlock Origin.

The faster we can get to 100% ad-blocker adoption, the faster this business model of wasting billions of hours of people's time for ten cents per hour will die.


Kill the feeds and enjoy the sunshine!
tag:blog.dcpos.ch,2013:Post/1062479 2016-06-14T01:49:15Z 2019-11-22T14:23:42Z How To Make Your Electron App Sexy

Electron is excellent.

There's a long history of ways to package HTML and Javascript into an installed desktop app. The result usually feels like a web app detached from the rest of the OS.

Electron makes it easy to do better.

Electron exposes lots of deep OS integrations thru simple Javascript APIs, so you can have a single clean codebase instead of having to code against three different C++ and Objective C libraries for Windows, Linux, and Mac.

Using npm and electron-prebuilt, you can also keep your build simple and clean. No node-gyp, no native compilation at all. Things that are a pain in most environments, like installers and automatic updates for multiple platforms, are easy here.

Feross and I used Electron to make WebTorrent Desktop recently. We were surprised by Electron's quality and attention to detail.

Here's a list of things you can do to make your Electron app feel native and pro.

(If you're new to Electron, check out the Quick Start. First things first! This post is for people who already know Electron, but want to make their apps even better.)

The List

  • Dock and tray integration
  • Notifications
  • Menus
  • Shortcuts
  • Drag and drop
  • Crash reporting
  • Signed installers for all three platforms
  • Automatic updaters for Mac and Windows
  • Fast startup
  • One-step build

WebTorrent Desktop implements 10 / 10.

How does your app score?

Dock and tray integration

On Windows and Linux, you can minimize to tray.

(You can do it on Mac too, but you probably don't need to since Mac has the dock.)

This is great for running in the background or running automatically on system startup.

If you're making a decentralized app, you probably want to do this to keep your network healthy.

On a Mac, integrate with the dock.

Show a progress bar when the user might be waiting for something to finish.

Show a badge when work finishes while your app is in the background.

Caveat: only some Linux distros support the tray correctly. Check that you're on one of them--otherwise, your users will have no way to quit your program if you hide the window and your tray icon doesn't show up. See checkElectronTraySupport for a workaround.


Desktop notifications work on all three platforms. They're really easy to use.

Stay concise. Don't go over 256 characters, or your message will be truncated on Mac OS.

Here's an example with custom sounds: a satisfying "ding!" whenever a file finishes downloading.

Play sounds using the normal web audio API. You'll want to preload them. Here's a nice way to do that.


Electron gives you nice declarative menus on all three platforms.

You can use them in lots of places: context menus, dock icon menus, tray menus. Most are optional but the one you'll always want to implement is the window menu.

Follow each platform's conventions for what goes where. For example, if you have Preferences, Mac users will expect to click YourApp > Preferences while Windows users expect Window > Preferences and Linux users expect File > Preferences.

If you have a button for something, give it a menu item anyway. Two advantages: it makes your keyboard shortcuts discoverable, and it makes actions searchable under Help > Search on a Mac.

See it in action here: menu.js.


Electron supports two kinds of shortcuts: menu shortcuts and global shortcuts. 

Menu shortcuts are great. New users can click around and learn what's available. Power users can use your app very efficiently.

Follow each platform's keyboard shortcut conventions. Electron makes this easy: for example, you can specify "CmdOrCtrl+O" as the accelerator for Open, and it'll be Cmd+O on Mac and Ctrl+O on Windows and Linux.

Global shortcuts work even when your app is not focused. For example, if you're running WebTorrent Desktop in the background, playing an audiobook, while using Chrome in the foreground, you can still use the play/pause button on your keyboard (F8 on Mac) to control WebTorrent.

Drag and drop

If you want to let users drag files into your app, you'll need to handle three separate cases.

When someone drags files onto the window of your running app, you'll get the regular HTML5 drag-and-drop events.

When someone drags files onto the icon while your app is running, you'll get a special Electron on-file event.

When someone drags files onto the icon while your app is not running, the OS will run your main process with special command-line arguments. You'll have to handle those.

Crash Reporting

Electron has built-in Crashpad support so that you can get a report when a process crashes.

You might also want to be notified of uncaught Javascript exceptions. You can do this:

  • In the main process with process.on('uncaughtException')
  • In the renderer process using window.onerror

Your server will need an API endpoint to save the crash reports. Check out the WebTorrent website code for an example of how to make one.

Signed Installers

You must sign your installers. Otherwise, you'll get a scary full-page red warning on Windows that says your app is "untrusted", and modern Macs in their stock configuration will refuse to run your app altogether.

Here's a build script that does this for Mac and for Windows.

Getting certs:

To get a Mac signing certificate, sign up for an Apple Developer account. It costs $100 a year.

To get a Windows signing certificate, we recommend Digicert. The documentation for Windows app signing is surprisingly bad. If you go with the wrong vendor, they'll ask you to mail them notarized paperwork. That makes it a slow and annoying process to get the cert. Digicert is easier: they just send you a password via Certified Mail, you go to the post office, show your ID to pick it up, and bam, you get your signing certificate.

You do not have to go thru the Mac App Store, unless you want to. If you do, your app will be sandboxed and you may have to change the UX slightly to accommodate the extra restrictions and permission prompts.

You definitely don't need the Windows App Certification Kit. WACK is wack, and also kind of obsolete.

Consider starting an organization to own your project's domain and certs. It looks a lot more legit if a user downloads your app and sees "Do you want to run this file? ... Publisher: Webtorrent LLC", than if they see "Publisher: Jim Bob". There are other advantages as well. In California, starting an LLC costs just a few hundred dollars and a few hours of time.

Keep your signing certificates safe. At a very minimum, they must never be sent via email or checked into a Github repo, even a private one. In fact, certs should never ever be online at all. Store them offline, passphrase-protected. Back them up onto a thumb drive, preferably an encrypted thumb drive, and keep it safe.

Once you get your first million users, your auto updater is basically a botnet with a million nodes. With great power comes great responsibility.

Automatic Updaters

Your app is getting better every week. Remember Flash back in the day, nagging you to Please Upgrade To The Latest Version? Don't be that guy.

Ever since Chrome popularized autoupdaters eight years ago, users have come to expect software to just continuously get better and fix bugs automatically.

Writing your own reliable auto updater is hard. Fortunately, Electron has already integrated with Squirrel, which makes it easy.

Squirrel only works on Windows and Mac.

For Linux, I recommend checking for updates as you would on the other two platforms, and simply popping up a notification if a new version is available:

Here's a bit of code that checks for updates on all three platforms: updater.js

Your server will need an API endpoint to tell the app which version is the latest. This can be really lightweight. You can offload the heavier work of hosting binaries to Github Releases.

Here's our server code for the updater API.

One-Step Build

16 years ago, a smart guy named Joel Spolsky invented the Joel Test for whether a software project has its act together.

#2 on his list: Can You Make A Build In One Step?

Yes, you can! Electron makes it pretty easy to automate your build. And you can do it without any fancy tools like Grunt or Bower.

Check out WebTorrent Desktop's build script. With one command, npm run package, we can:

  • Run the linter and tests
  • Package the app for all three platforms
  • Create signed installers for Mac and Windows*
  • Create binary deltas for the auto updater

* (Almost. Right now we still need to do the Windows code signing on a separate Windows machine, but there's a bug that should be fixed in the next few weeks that will allow us to build an entire release in a single command on a Mac.)

Fast Startup

You want your app to start quickly and smoothly. If it doesn't, it won't feel native.

Check out Spotify, for example. After clicking the dock icon, the window takes a long time to appear. Once it does, it first flashes grey, then some DOM elements appear, then the style changes, then more elements appear. Each time, it reflows, so the elements bounce around.

It feels like a web page loading over slow internet, not like a native app. (Spotify's UI is built with HTML and Javascript, but it doesn't use Electron.)

Make your app load quickly.

Step 1. Measure

Right at the start of our main process index.js, we call console.time('init')

Then, once the window (renderer process) has started and sends us an IPC message saying it's ready, we call console.timeEnd('init')

That gives us a bottom-line number to get as low as possible: the total startup time.

Step 2. Get your DOM right the first time

If you use functional reactive programming, this i easy. What you see is a function of your state object. The state object should be correct and ready to go the first time you render your DOM---otherwise, the DOM might have to change immediately and your app first renders, and the elements will jank around.

In our case, WebTorrent Desktop loads a JSON config file before the first render. This only adds a few milliseconds to our couple-hundred-millisecond startup time.

Step 3. Defer loading of big modules

We bisected using console.time() calls to find out which requires() were taking the longest, and cut our startup time almost in half by loading those lazily. They are loaded either the first time we need them or five seconds after app startup, whichever comes first.

Step 4. Colors and CSS

Make sure your window background color, which electron sends down to the OS, matches your CSS background color. Otherwise, you'll see flashes of white when the app is starting and again when you resize the window quickly.


Now we're already doing a lot better than a lot of apps. The window shows up quickly and with the correct background color, then a fraction of a second later the UI shows up.

One last improvement: by adding a CSS fade-in, the window shows up and the UI smoothly but quickly fades in, instead of popping up suddenly. Try it both ways---we think this feels better:


1. Make It Native

When on Mac, your app should look and feel like a Mac app. When on Windows, it should feel like a Windows app.

2. Make It Fast

Measure your startup speed. Keep it well under a second.

3. Keep It Simple

Your users don't care if you're using Flux and Redux and React and Bower and Grunt and Less and Coffeescript. Plain npm, plain Javascript, and plain CSS go a long way. Electron supports require() natively, so you don't need Browserify.

WebTorrent Desktop uses no preprocessors at all and no build system except npm. Spend your energy on things that give your users pleasure!

Bruce Lee said it best--

The height of cultivation always runs to simplicity. 

Art is the expression of the self. The more complicated and restricted the method, the less the opportunity for expression of one's original sense of freedom.
To me a lot of this fancy stuff is not functional.

Happy Hacking!

tag:blog.dcpos.ch,2013:Post/1010674 2016-05-11T05:52:00Z 2018-03-08T13:04:20Z Silicon Valley Political Contributions

American political contributions above $200 are public record.

This Federal Election Commission database lets you search who's contributed to whom. It has lots of interesting information about all kinds of people, including some that are close to us here in Silicon Valley.

Let's take a tour!


Y Combinator

Sam Altman and Paul Graham both contribute to progressive candidates.


Marc Andreesen contributed only to Democrats and to a nonpartisan PAC that advocates tech company interests.

I found this surprising, since he sounds like a right-of-center libertarian on Twitter. I guess not.

Skewering Hillary hypocrisies is a bipartisan sport

Ben Horowitz donates mostly to Democrats. He was especially active supporting Obama.

This is pretty funny because it looks like Ben originally donated to Romney's first primary campaign way back in '07, then had a change of heart and made the maximum contribution to Obama '08.

He then made an even bigger contribution, $33,400, to the Democratic Hope Fund in 2015--and yet the donation receipt says it's for the 2012 election! How is that possible?

A. You can donate more to a Joint Fundraising Committee than to an individual candidate.

B. Political campaigns are often in debt years after they're finished and continue fundraising to pay it off.


Sergey Brin contributes to Obama and the Google PAC.

Larry Page makes yearly contributions, only to Google PAC. Yes, there's a Google PAC and they in turn fund basically everyone in congress.


Mark Zuckerberg. Funded a wide range of congresspeople including archconservative Utah Senator Orrin Hatch.

Sheryl Sandberg. Funded a bunch of people. Strictly Democrats.

Dustin Moskovitz. Contributed just once, giving the maximum allowed amount to Sean Eldrige. Eldrige is an interesting guy. He's a gay, married Canadian-born Democrat and one of the youngest people to ever run for Congress. He lost to the incumbent Republican by 29 points...

Dustin's contribution looks like it was made out of idealism and personal friendship. Sean Eldrige's husband Chris Hughes was another cofounder at Facebook.


Joe Lonsdale

Stephen Cohen

Nathan Gettings

Alex Karp

I would've thought that libertarians who once wrote for the Stanford Review would donate to the Republican party and to Liberty Caucus candidates like the Pauls Ron and Rand. Nope. Joe is the most consistently Republican, but the others are mixed, also donating to local liberals like Anna Eshoo and the occasional left-wing civil libertarian like Ron Wyden.

What about the fifth Palantir cofounder, Peter Thiel? That brings me to...

The Billionaires

Peter Thiel gave a lot of money to a lot of candidates, pretty much exclusively Republican. Peter is a gay libertarian Silicon Valley icon who sends money to hardline family-values "born-again" evangelical social conservative Ted Cruz. I don't get it either.

Jeff Bezos donates primarily to Democrats

Elon Musk donates to everyone and their mom and to both parties' committees. At least one hapless government paperwork transcriber thinks he's the CEO of "Space K". 

Anyway, for a company as reliant on federal legislation and federal contracts as "Space K", it probably makes sense to spread donations across both parties and lots of congressional districts.

Elon Musk is still the greatest. He's just doing this because he has to. The ULA has a cozy, seemingly corrupt relationship with the government that goes back decades, and Elon's imperative is to compete with them.

Don't hate the player, hate the game.

K Street in Washington DC is the Sand Hill Road of federal lobbying

What I've Learned

  • Big tech companies have their own PACs. Palantir PAC. Facebook PAC. Amazon PAC. There's even a Blue Origin PAC. They all donate to both parties.

  • Some rich donors have an ideological agenda, like Peter Thiel. They really commit to specific, ideology-driven candidates like Ted Cruz and Rand Paul.

  • More often, though, rich donors throw smaller amounts of money at both parties. The money goes to big, generic organizations like the DCCC and the RSCC. It goes to local congresspeople with safe seats, like Barbara Boxer.

    The $1k, $5k, occasionally $30k amounts involved are peanuts for these guys. It's not traditional quid-pro-quo corruption--but they are definitely paying for something. I think it's access and attention. I'd be willing to bet $10k buys you the ability to call a congressperson and talk to them directly, instead of having to leave a message with a staffer like a pleb.

  • There's a lot of variance. Some tech leaders, like Peter Thiel, donate millions year after year. Others, like Roelof Botha, don't show up in the FEC database at all.

The current system is one where the average congressperson spends more than four hours a day fundraising

Where every successful startup grows up to have its own PAC.

That doesn't seem healthy.

How can we fix it?

tag:blog.dcpos.ch,2013:Post/1003463 2016-02-29T06:02:53Z 2019-10-06T09:55:04Z Thirsty for War

I just got this banner ad trying to recruit me. Sums up the general tone of the defense industry perfectly. Hubris, nationalism, and technologically sophisticated bombers.

But what do they mean by "America Wins. Again."?

You'd never know it from our movies and TV shows and political rhetoric, but we have not in fact been winning.

We lost the war in Afghanistan. After almost $1000b, 14 years, several thousand American lives, and several hundred thousand Afghan lives, Afghanistan is a failed state. The country harbors more terrorists than when we started, the Taliban is still around, and still controls significant chunks of the country.

We lost the war in Iraq. After a staggering $1700b, 13 years and counting, and several hundred thousand lives, Iraq is more dangerous than it was under Saddam Hussein and its remaining people are worse off. The country is split into three warring parts: a nearly failed state in the south, Kurdistan in the northeast, and the Islamic State in the north. 

We switched reasons. First it was weapons of mass destruction, then a nation-building exercise to replace dictatorship with democracy. Thomas Friedman even tried to justify it as a generalized collective-punishment retaliation against the Arab Muslim world for 9/11. "We could have hit Saudi Arabia. We could have hit Pakistan. We hit Iraq because we could." Charming dude.

Pick any of those justifications. They all failed. There were no WMDs. The nation-building could not possibly have gone any worse. Most of the Islamic State's heavy weaponry comes from America. It's a frustratingly familiar story. We arm "the good guys" and then the weapons "fall into the wrong hands".

George Bush declaring victory twelve years ago.

We lost the war in Libya. The story played out surprisingly similarly to Iraq. The old dictator was killed. Some politicians declared victory. The resulting stable US-friendly democracy didn't quite work out that way. Just like Iraq, Libya is now split into three warring thirds, one of which is part of the Islamic State.

Hillary Clinton declaring victory four years ago.

Anyway, Lockheed, Northrop Grumman, Raytheon, and co are doing great. Profits are record. Shareholders are happy.

It's a jingoistic and amoral industry.

These companies lobby for war, though they prefer to use words like "intervention" and "military aid". They provide lucrative jobs to lots of former generals and politicians in exchange for promoting their agenda and helping them win contracts. This is called the "revolving door"--a euphemism for salary-and-bonus-based corruption.

Even now, after all of the above, they are still pushing for deeper involvement in the Middle East, telling their shareholders it would be good for business.

Many Americans want peace. 

That doesn't mean we're isolationists or pacifists. It's good to speak softly and carry the world's biggest stick. It's cool to quietly underwrite the freedom of allies like South Korea and Japan and Taiwan.

It's not cool to be in a state of endless war. The average voter couldn't even tell you which countries we're currently bombing. (Iraq and Syria by jet, Afghanistan and Pakistan by drone, and Yemen by proxy.)

War should be a last resort and strictly for self defense. We should crack down on the corruption of the military industrial complex. We need a voice. We need leaders who are serious about peace.

tag:blog.dcpos.ch,2013:Post/994847 2016-02-16T21:47:17Z 2018-10-05T01:18:07Z We Need A Better PC

My challenge: I'm trying to get a computer that doesn't suck

Like lots of people I spend about half of my waking life on my laptop, so this really matters.

However, I don't want a Mac.

Apple has great design, but they sell things that are locked down, both physically and in software. You're not supposed to open them, you're not supposed to replace parts, and if they break you're supposed to take them to your nearest "Genius Bar". Not my style. Also, Apple makes beautiful hardware, but their software is getting worse.

Whatever your opinion about Apple, we can agree that there should be a least one good alternative.

No problem, I thought, I'll get a PC

So a year ago I bought a System76 Galago UltraPro, because it's fast and sleek and it comes with Ubuntu. It's also modular and hackable, easy to take apart and put back together.

Unfortunately, it turns out System76 doesn't actually make their own stuff. The Galago is just a rebranded Taiwanese Clevo W740SU. Here's my Clevo compared to one of iFixit's Macbooks:

Like most computers that don't have a glowing white apple on the back, the Galago has questionable build quality. It's made of plastic, the screen flexes a lot, and the battery lasts three hours on a good day.

No problem, I thought, I'll get a Thinkpad

Lenovo is pretty much the only PC manufacturer that has a reputation for good industrial design and quality hardware. So I went to their website to see what I could buy.

Wow, that is some bad web design. Tons of fonts and colors. Tons of tiny text. Popups. And that's just one of their many series. They display low ratings for their own products on their own website. What.

Among all of this information overload, simple information is missing.

For example: I did my own research. For what I need, their best computer by far is the 2016 X1 Carbon, which Lenovo introduced at CES recently. It is thin and beautiful, it's solidly built, it has ten hours of battery life and a screen sharp enough that Apple would call it a Retina display. When is it coming out?

Apparently it's already available--sweet!

Except that page is deceptive, because that's actually the old X1 Carbon, with a low res screen and without the new Skylake processor. The new X1 Carbon will ship later this month according to third party news sites, so buying the old one today would be a bad deal. Intentionally or not, Lenovo's own product page tries to trick you into doing just that.

Then there's the part where Lenovo, like most PC manufacturers, bundles crapware with every computer they sell. A few months ago, in a perfect storm of malice and incompetence working together in a big corporate environment, they went one step further and decided to factory-install straight up malware. They completely broke HTTPS and left their customers insecure--all to further "monetize" you by injecting extra ads into websites you visit.

The 2016 X1 Carbon still looks really good, but after all that I would rather not give Lenovo my business.

It's downhill from there.

Lenovo comes closest to Apple in building quality hardware. Other PC manufacturers, like Acer and HTC and HP, have the same problems Lenovo has, but with worse build quality and an unfortunate penchant for injection-molded plastic. Their designs look cheap. The Microsoft Surface is well built, but that's a tablet, not a laptop. The Chromebook Pixel is good, but that's not a full PC, it's a limited system designed to run Chrome and Chrome Apps.

Conclusion: everything sucks... so far

What I want is a computer with:

  • Decent build quality
  • Decent performance and battery life
  • A decent website. It doesn't have to be an icon of web design, like apple.com. It can be simple and utilitarian, like an Amazon page. It just has to be honest and up to date. It should contain pictures, text, and a Buy button.
  • A clean OS without crapware or malware factory installed

Is that too much to ask? Make one and you can have my money!

Read next: Panopticon

tag:blog.dcpos.ch,2013:Post/953401 2016-02-01T20:03:00Z 2018-10-05T01:17:49Z Panopticon

There’s dark and scary trend in technology. A true panopticon, where bureaucrats can plot the movements of every citizen on a map minute by minute, read every message, know at all times who's talking to whom, is technically possible today to the extent that it’s not already here.

That kind of power imbalance between people and their government is a threat to freedom everywhere, both in places that have democracy and in places that don't have it yet. More powerful tools for an authoritarian state to suppress a group who desire rights or freedom or a more participatory government have never existed.

Fixing this, not just through policy but through technology, is critically important.

Panopticon refers to a 19th-century prison design. The wardens can always see you, but you can't see them. Surveillance is about control, especially when it affects a whole population simultaneously and continuously.

Here's what I think needs to happen.

  • E2E must be the norm for all personal communications. Signal and WhatsApp have delivered huge progress toward that for calls and texts. I’m working on end-to-end encrypted email.

  • Software distribution must use deterministic builds and multisigs. Gitian and bitcoind are great examples. The current norm, where every device you own can be auto-updated to run anything by a bunch of different organizations at any time, is not OK.

  • Software must be open and auditable. Closed source is acceptable on the server, but everything I run on my device should be either open source, sandboxed, or both.

  • Hardware must be open and auditable. I should be able to check that my phone is not hardware backdoored. Anything that is not open--such as the baseband processor--should be untrusted at the hardware level.

Where do we start?

tag:blog.dcpos.ch,2013:Post/966141 2016-01-07T21:07:36Z 2018-09-09T06:57:36Z Easy Email Encryption

First, the good news. There's been a lot of progress toward letting people talk to each other securely. Signal is amazing, and it showed the world that strong cryptography can be clean and easy to use even for our smart but nontechnical friends. It proved that end-to-end encryption is not just for nerds who use PGP and Linux and go to "keysigning parties".

WhatsApp is rolling out end-to-end encryption to 800 million people, most of whom have never heard the word "cryptography" and have no idea what a "key" is. It's incomplete and imperfect, but still a huge step forward.

Unfortunately, while been lots of progress for messaging apps, email is still insecure. This sucks because email is the system of record. Messaging apps come and go. The messages themselves are often ephemeral as well. If you lose your phone, all your SMS and all your Signal messages are gone. Messengers deal in plain text... sometimes you can add pictures or emoji.

Email is more real. It's an open standard. It lasts forever. It's global. It supports rich text and attachments and everything. It's the modern replacement for mail, for quills and parchment and envelopes. Here in America, the Fourth Amendment guarantees people

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures

That there could be a big building where bureaucrats rip open every letter, read it, reseal it, and send it on to its destination, like in East Germany, sounds ridiculous. We're a free country, that's not how we roll. And yet that extra letter, the e in email, the implementation detail where mail is sent digitally rather than on literal paper, seems to void those protections. In countries like China and Kazakhstan, people are even more vulnerable. It's a chilling thought: a democracy movement, like the one that liberated Chile 25 years ago, might be impossible today because we've accidentally made it easy for states to read all mail.


To fix this, end to end encryption must be the default--not just for WhatsApp, but for email. We also need metadata security. To protect freedom of association, an observer shouldn't be able to tell who's talking to whom.

An idea...

1. You install a new mail app on your laptop. It's open source and well vetted.

2. You log into Gmail, your university mail, all the accounts you have. The app syncs your mail. You have a modern mail client with a nice UI and fast search, even when you don't have internet.

3. Bob installs the app as well. The next time you send him an email, it's automatically encrypted, signed, decrypted, & verified.

I want to do for email what Signal did for texts: I want to make end-to-end encryption easy.

Under the hood

Key exchange is automatic and centralized, like Signal. Encryption using Axlotl provides forward secrecy.

Finally, we want metadata security. We don't want to leak who's talking to whom, so we'll send all encrypted mail with a hardcoded From and Subject.

Of course, Bob's app will show him the real, decrypted From and Subject.

The last piece of the puzzle: we can’t just connect to our outgoing mail server directly. That would let it see your IP address and your recipient’s email address, again revealing both sides of the conversation.

Instead, we'll send all outgoing encrypted mail thru Tor.

Easy to use encrypted email, with modern crypto, providing both content and metadata security.

Could this work? Would you use it?

Let me know your thoughts!

tag:blog.dcpos.ch,2013:Post/960199 2015-12-30T14:30:46Z 2019-02-26T20:54:33Z Playing to Lose

Ever since the Citizens United Supreme Court decision in 2010, you can give as much money as you want to political candidates. $1000, $1m, $100m, any amount at all, through the pretty thin legal fig leaf of a Super PAC.

So people worry about corruption: about donors buying elections. Lots of people have already written about that. Glenn Greenwald wrote about it especially eloquently. I've got nothing to add there.

However, I noticed a second, more subtle bit of fuckery: donors not buying elections.

Check out this sweet graphic of all the big 2016 donors. The usual suspects, like Jeb Bush, have lots of them: Ray and Nancy Hunt gave him $2m, Trever Rees-Jones of "CHIEF OIL GAS LLC" gave him another $2m, and so on for another 45 big donors. Presumably they're hoping that he'll become president and then remember them as his supporters. In short, they're trying to buy an election.

(Not that it worked, in this case. Bush is at 3% in the latest polls, in sixth place, right behind Rand Paul. LOL!)

Bobby Jindal, by contrast, has just one single big donor: a guy named Gary Choest, who have him a nice round one million dollars. But unlike Jeb, Bobby Jindal was never expected to win. He was never in any danger of becoming the Republican nominee, let alone president --- so why would someone discard $1m like that on an extreme long shot?

Gary Choest's company gives a clue: EDISON CHOEST OFFSHORE. Offshore means offshore drilling, and a lot of that happens in the Gulf of Mexico. Sure enough, they're based in Louisiana, where Bobby Jindal is governor.

Unlike Donald Trump, who will presumably go back to playing golf and banging his Slovenian supermodel third wife in a gold plated hotel suite if this president thing doesn't work out, Bobby Jindal is a serious politician with real local clout. Jindal has already ended his presidential run and is back to governing. He has veto power over new Louisiana laws. He decides where bridges are built (hint: to the offshore oil hub of Port Fourchon, using some of the BP oil spill settlement money).

My guess is that Mr. Choest knew that Mr. Jindal wasn't going to be President, and gave him $1m anyway! Because running for President is fun. It flatters the ego. And it's cheap! A mere $1m wouldn't get you into Jeb Bush's top 10 donors, but with Jindal it makes you his one big supporter, the one who made the whole adventure possible. 

And for the CEO of a big offshore oil services company in Louisiana, that's got to be worth something.

tag:blog.dcpos.ch,2013:Post/952663 2015-12-18T18:17:56Z 2019-03-08T00:10:22Z Holy Complexity, Batman

Nylas N1 is a slick, modern email client. It is built to be extensible. All of that is awesome.

It's also staggeringly complex for a program that shows you your email.

  • It’s built as a thin client, with the actual IMAP syncing handled on separate servers

  • The server-side Sync Engine is written in Python and uses MySQL under the hood, with a lot of scaling complexity because it has to handle potentially millions of accounts.

  • The “thin client” is an Electron app, which means it bundles pretty much all of Chromium

  • The client is written in Coffeescript+React+Flux+Electron and uses Sqlite3 to cache the same data on the client. Totally different tables than the ones in MySQL on the server, though.

  • The client is a lot more complex than a typical React app, since it has a custom package architecture, complete with “ComponentRegistry”, “roles”, and so on

Cherry on top: N1 comes with its own custom ORM written in Coffeescript, complete with SQL highlighting so that it prints pretty logs.

Long story short, here’s the game of telephone that happens to show you your inbox:

How can we simplify?]]>
tag:blog.dcpos.ch,2013:Post/946798 2015-12-12T18:30:00Z 2018-03-08T13:04:19Z Auto Pwn

Once upon a time, a software upgrade was a physical box with a CD. It looked like this:

Then the internet happened, and companies started using “update managers”.

Things got spammy. Every time you’d turn on a computer, it would ask you if you want to update Java and please upgrade to the latest Adobe Acrobat Reader.

A lot of people just ignored the upgrades, leading to version skew. (That where people are using many different versions of the same software.)

So if you made a web app as recently as 2011, you had to make sure it works in Internet Explorers 9, 8, 7, and best of all 6. Fun!

But in 2008, Google shipped Chrome with a new invention to fix this problem.

As Chrome developer Ben Goodger explains,

Autoupdate is one of Chrome's killer features. [...] Long before we launched publicly in 2008, the autoupdate project was one of the very first we started working on. The idea was to give people a blank window with an autoupdater. If they installed that, over time the blank window would grow into a browser.

How cool is that! 

No more version skew. No popups. Every time you run Chrome you get the latest greatest version. 

There was just one problem.

It worked so well that auto update became ubiquitous. Today, the thermostat where I live auto updates itself, over WiFi. Things that used to be simple are now complex and flaky. For example, my phone will occasionally just grow a new bug one morning and, say, the camera stops working. Not all teams are nearly as reliable and careful and awesome as the Chrome guys.

Not all teams are as trustworthy as the Chrome guys, either, which means there's a much bigger problem:

Through ubiquitous auto updaters, we’ve totally pwned ourselves.

There are now probably 10+ separate organizations that can run arbitrary code on my laptop whenever they want. Same for my phone. Fundamentally, that’s how most auto update mechanisms work.

Most updaters connect to a central server, and if there’s a new version available, they automatically download it and run it.

That’s convenient, but now you're at the mercy of whoever controls that server and has that signing key (assuming they even sign updates, which not all of them do). Just last week, Kazakhstan announced they’re going to MITM all HTTPS traffic in their country. Other governments with similar impulses but a bit more subtlety can leave HTTPS alone but compel their companies to issue an autoupdate. If they want to be sneaky, they can serve a clean version to most users and a compromised version only to specific people, filtered by IP. Compelling Google to do that for you is probably hard, but what about some dude who wrote a Notepad++ plugin?

A popular program with an autoupdater is a lot like a botnet. The owners can push some code. Within a few days and without any more human intervention, millions of computers are running it. The difference is users install them by choice!

How can we fix this?

Autoupdaters aren't going anywhere. They're too useful. So the question is not "how do we get rid of autoupdaters", it's "how can we make a secure autoupdater".

If we must have autoupdaters, I’d like mine to use multisigs and deterministic builds.

It works like this: multiple people have to sign each update, say four out of a list of six trusted keys. Those are held by six different people, ideally spread across different countries. Trustworthy people and organizations, the same ones who are doing the code reviews and audits. When a new version is ready, each of those six checks out the code and builds it themselves. Because it’s a deterministic build, if they’re all using the same commit hash, they’ll all get the same binary, byte for byte. Finally, they sign with their key.

This makes pwning people thru the auto updater a lot harder. There’s no single private key that one person can lose, giving an attacker that power. Getting four out of the six signers to sign an update with, say, a backdoor, is a lot harder than one.

Finally, it would add some accountability. Companies, auditors, and open source developers would be signing their name to each release. I’d like to know which people have the power to run code on my machine. Today, there are a lot of people who have that power, and I have no idea who they are.

Let's fix it!
tag:blog.dcpos.ch,2013:Post/946604 2015-08-01T16:30:00Z 2015-12-20T19:16:22Z Yanis & the United States of Europe

The first time I heard of Yanis Varoufakis was in 2012, because Valve had just hired him as Economist in Residence. Valve, the games company. He described himself as a Marxist, wrote an essay called “Arbitrage and Equilibrium in the Team Fortress 2 Economy”, and I was amused.

The second time I heard of Yanis was three years later. The Communists had won an election, Greece was on the verge of default, and as Finance Minister, he was leading the bailout talks. Wow.

Lots of people have already written about Yanis’ style, or his politics. Even more people have written their opinions about Greece--whether it’s better for ordinary Greeks to stay in the Euro or leave, whether Europe’s richer countries should forgive part of the Greek debt or risk a Grexit where they’d see none of it, whether Greece should have ever joined the Euro in the first place, and on and on. I have nothing to add there.

Instead, I wanted to write about the idea of a united Europe--a “US of E”, where people would think of themselves as Europeans first and Germans, Dutch or Italian second.

It’s a beautiful idea. You can feel hints of it already today, driving down the highway from France, when the only sign you’ve left the country is the one that lifts all speed limits, next to the one that says Welcome to Germany / Willkommen in Deutschland. No checkpoints. It’s starting to happen. A Danish grandmother and a Dutch one might have a hard time understanding each other, but the young and educated all speak pretty good English. They travel and increasingly they share a common culture.

You can feel it at Tomorrowland in Belgium. Look at all of the different flags flying above the crowd!

Or check out this astronaut’s Twitter. Why does he describe himself as a “European of German nationality”? Maybe because calling yourself “a German” or “a Frenchman” seems a bit petty when you’re in Low Earth Orbit, circumnavigating the globe every 90 minutes.

The US of E is coming.

No country needs this idea more than Greece. Greece is a mess. 50% of its young people can’t find a job. They need investors from the rest of Europe to help grow their cities and rebuild their industry. They need immigrant entrepreneurs, the kind America has so many of and takes for granted. They need tourists. Some of their smartest and most talented kids want to go to ETH Zurich in Switzerland or Oxford or Cambridge. Greeks need to move freely to places like London and Berlin and back, to live and work and learn. Their businesses need to sell to all of Europe and buy from all of Europe.

Most immediately, they need help.

The more we feel like we’re in this together, helping our fellow Europeans, the better for Greece. The more we are “Euroskeptics”, Germans or Dutch or Danish or whatever, trying to collect a bad debt from a foreign country, the worse off they’ll be.

So what has Yanis done to help?

  • Belittled the other European leaders. He wrote a blog post called “A lesson in democracy for Mrs Merkel”

  • Got especially mad at the creditors. Criticized the “terrorist methods by which they blackmail us”. (Video.)

  • Went to Germany. Played the Nazi card in a pretty crass way. His party also demanded $300 billion -- about five thousand euros from every German citizen -- in new war reparations. That went over well.

  • After being asked to resign, he wrote that he’d “wear the creditors’ loathing with pride”

He’ll certainly get to do that. If you watch the summit videos, Angela Merkel, Jean-Claude Juncker, Mario Draghi and the others are visibly, personally angry at Syriza in general and Yanis in particular.

I think Yanis will be used as a case study for a long time. He’s a cautionary tale for anyone who needs to negotiate, and a reminder of the importance of being nice. Simple kindness goes a long way, and the relationship between the different Euro nations has to be one of unity and respect.

Life will get better for the Greeks. Maybe Yanis will go back to working on Team Fortress. And maybe it will take another few decades, but I'm optimistic that we'll eventually have a unified federal Europe.