Before they were called cubicles, the prefabricated office furniture we all now take despondently for granted was part of an idea called an “Action Office”. Though they’ve apparently lost their way at Herman Miller where the idea was born the idea was, at least in part, that:

[...] during the 20th century, the office environment had changed substantially, especially when considering the dramatic increase in the amount of information being processed. Despite the change in what an employee had to analyze, organize, and maintain on a daily basis, the basic layout of the corporate office had remained largely unchanged, with employees sitting behind rows of traditional desks in a large open room that was devoid of privacy. Propst’s studies suggested that an open environment actually reduced communication between employees, and impeded personal initiative. On this, Propst commented that “one of the regrettable conditions of present day offices is the tendency to provide a formula kind of sameness for everyone.“ In addition, the employee’s bodies were suffering from long hours of sitting in one position. Propst concluded that office workers require both privacy and interaction, depending on which of their many duties they were performing.

Action offices, in short, were meant to provide a variety of environments and physical working positions, so people weren’t forced into a single space and position for the whole day. Which, it turns out, is really really bad for you. That’s not the history of office furniture we know, of course – all it quickly became was a cheap way of providing prefab desks and air circulation to shabby, beige and slightly greenishly-lit cubefarms furnished by the lowest bidder, because the invisible hand of the free market likes nothing better than flipping off the proles. But the idea, at least, had a lot of merit.

About three weeks ago, I switched to a standing desk. It’s this bolt-on model, and while I love it, it’s not perfect. My desk has an unfortunate amount of of flex to it, making the heavy Ergotron dingus a bit bouncy, but I’ve mostly addressed that that a bit by screwing in an extra table leg just under the bracket.

I love it. A lot. I don’t think I’m going to be able to go back to using an office chair.

What moved me to do this was two things. First: after poking around, the best information available suggests that spending ten or fifteen hours a day sitting is approximately as bad for you as smoking, and in a lot of ways worse. The other thing was that largely of curiosity I picked up a Jawbone Up wristband and, doubling down on the metrics tools, a Fitbit One*.

Whatever else those Quantified Life dongles claim, the one thing they can do very accurately is tell you how much time you spend doing nothing. And would you look at that, it turns out that I spend… nineteen hours or more of a typical day basically immobile. Um, that can’t be good. I’m going to have to do something about that.

During the first week. you really feel it. All those little muscles in my back that I really hadn’t been using, they expressed considerable displeasure at being suddenly called back into active duty, and understandably given the abusive relationship I’ve had with my knees, they’re were right there in line too. But sometime late in week two, that all settled right down. Even biking to work and lifting stuff around the house, back and knee pains I’ve had for years are going away, my posture is clearly getting better and that oh-god-it’s-painful-to-stand-up process I used to experience after uncoiling from an hour or four over hunched over a terminal just doesn’t happen anymore.

I feel unaccountably strong. I doubt I’m actually any stronger than I was a month ago, but I end my day feeling like I’ve put in a day of real work and I’m looking forward to the bike ride home, rather than feeling like I’m spent and I’ve got to drag my sorry ass across town again, and that’s not nothing.

I don’t know who’s got my chair at MoTo right now, and I don’t care. I think I’m pretty much done with it.

I wouldn’t have thought that mathematics or signal processing would have a cultural bent, but I just sat through a conference call where everyone was reasonably clear except for one guy, with a pronounced central-African accent, whose voice was getting audibly butchered by the noise cancellation algorithm on the line. The beginning of every sentence, and every pause, was punctuated by a sort of wierd, static-and-squarewave tug-of-war with the background noise.

I think it’s some combination of his accent and cadence of his speech, and it was really weird to notice the trend. On reflection, it makes perfect sense – algorithms optimized for the majority, as defined by the people who wrote them, would of course have a cultural impact on people at the margins – it just hadn’t occurred to me how that would work until just now.


I was going to write this to an internal mailing list, following this week’s PRISM excitement, but I’ve decided to put it here instead. It was written (and cribbed from other stuff I’ve written elsewhere) in response to an argument that encrypting everything would somehow solve a scary-sounding though imprecisely-specified problem, a claim you may not be surprised to find out I think is foolish.

I’ve written about this elsewhere, so forgive me, but: I think that it’s a profound mistake to assume that crypto is a panacea here.

Backstory time: in 1993, the NSA released SHA, the Secure Hashing Algorithm; you’ve heard of it, I’m sure. Very soon afterwards – months, I think? – they came back and said no, stop, don’t use that. Use SHA-1 instead, here you go.

No explanation, nothing. But nobody else could even begin to make a case either way, so SHA-1 it is.

It’s 2005 before somebody manages to generate one, just one, collision in what’s now called SHA-0, and they do that by taking a theoretical attack that gets you close to a collision, generalizing it and running it for around 80,000 CPU hours or so on a machine with 256 Itanium-2 processors running this one job flat out for two weeks.

That hardware straight up didn’t exist in 1993. That was the year the original Doom came out, for what it’s worth, so it’s very likely that the “significant weakness” they found was found by a person or team of people scribbling on a whiteboard. And, note, they found the weaknesses in that algorithm in the weeks after publication when those holes – or indeed “any holes at all” – would take the public-facing crypto community more than a decade to discover were a theoretical possibility.

Now, wash that tender morsel down with this quote from an article in Wired quoting James Bamford, longtime writer about all things NSA:

“According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”

“Many average computer users in the US”? Welp. That’s SSL, then.

So odds are good that what we here in the public and private sectors consider to be strong crypto isn’t much more of an impediment for the NSA than ROT-13. In the public sector AES-128 is considered sufficient for information up to level “secret” only; AES-256 is for “top secret”, and both are part of the NSA’s Suite B series of cryptographic algorithms, outlined here.

Suite A is unlikely to ever see the light of day, not even so much as their names. The important thing that this suggests is that the NSA may internally have a class break for their recommended Series B crypto algorithms, or at least an attack that makes decryption computationally feasible for a small set of people that includes themselves, and indeed for anything weaker, or with known design flaws.

The problem that needs to be addressed here is a policy problem, not a technical one. And that’s actually great news, because if you’re getting into a pure-math-and-computational-power arms race with the NSA, you’re gonna have a bad time.

A little while ago, the espresso machine in our office broke down. This doomsday scenario is, and I say this without the least bit of hyperbole, the most catastrophically dire situation that can exist in this or any other possible universe. If the intertubes felt slow for you the last few weeks, that’s probably why.

After a while, I started asking a colleague, Sean Martell, to ‘shop up some old war propaganda every few days, to express our dismay.

So, here you go.

We Need Coffee To Survive

It Can Happen Here

We Can Do It

Mercifully it is now fixed, and productivity should normalize in a day or two.

So, this is a cute trick that’s been making the rounds:

In Firefox, right-click your bookmarks bar and pick “new bookmark”. Call it “Quick Notepad”, and in the Location box, put:

data:text/html,<html contenteditable>

and now when you click on that bookmark, your browser window will basically become Notepad, a very light text editor. File -> Save works great, too.

Perhaps better, if you check the “Load this bookmark in the sidebar” option, that will give you an nice little way of making notes about a tab, though unfortunately this option isn’t easy to save.

I’ll level with you: I’m not very good at reading code.

I had an interview the other day that featured the dreaded read-this-code segment that’s inevitable in modernity, and reading somebody else’s Python without context, with a regex or two thrown in for kicks… I know there are people who can do that really well, but man, I’m not one of them.

To try and atone for how that went, I’ve written a thing I’ve been meaning to get done for a while, a kind of high-level analysis tool for Git repositories that will be able to give you some suggestions based on historical commit information. It’s called gitcoach, and it’s over on github if you’re interested.

The idea is that it takes look at a project’s whole commit history to see what files tend to get modified at the same time and then looks at what you’re working on now; if you’re working on some file Foo, gitcoach can tell that hey, historically anyone who’s had to change Foo has also changed Bar 92% of the time, and Baz 80% of the time. So, no guarantees, but I suggest you look at those too.

There’s more you can do with that data, perhaps obviously – the nice thing about the general idea is that whenever I mention it to somebody, they think of some other thing you can do with that data that I hadn’t even considered.

So that’s something.

It’s not a finished product – there’s some known bugs and missing features listed in the README, and some others I’m sure that I don’t see yet. But there it is, and hopefully it will be useful for people trying to find their way around a big or new projects.

Sorry about the regex question, dude.


I sent this mail today, to the Mozilla enterprise mailing lists:

Hi, everyone. Mike Hoye here from Bespoke I/O.

As I mentioned previously, I’m closing down BeSDS, the enterprise customization tool and business around it that I’ve been trying to get off the ground for the last two years.

In that time, I’ve been quite fortunate to have been able work with some excellent people and, ultimately, ship some pretty good software. BeSDS is a bit rough around the edges, but it works surprisingly well considering. The support I’ve had from people at Mozilla, and Seneca College, in getting this software shipped has been wonderful, and it’s been an honour to work with all of you. We’ve built a real thing that really works, bringing customization support to Firefox and Thunderbird, for anyone that wanted to try them.

During this time, however, and despite how much noise has been made over the importance of long-term stability and enterprise support, I’ve been unable to find a company of any size that has been willing to spend any money on it. I’ve had lots of good feedback and support from administrators in the K-12 and educational sector, but I’ve been unable to convince any member of the private sector to part with so much as a test case.

The frequent insistence that Internet Explorer (and rarely, but still occasionally that Outlook) is free, in these discussions, and that my services should also be free, well. The difference between what IT administrators have said they value and what they’re actually willing to invest in has been as informative as it is galling, let me tell you.

I may have failed at marketing my services effectively, or pursuing business leads and clients as aggressively as possible. Perhaps my expectations or pricing have been unreasonable, that’s true. I have other theories, though, which I suspect are at least as true. Regardless, my kids need to eat and I’m long out of runway. I’ll be closing down the customization site shortly and moving on to whatever’s next.

I still want to make it easy for schools and libraries to use Mozilla, so the Bespoke I/O deployment service is now on Github, under the Mozilla Public License. If you work in one of those places and have questions about setting it up, let me know. I’ve even got a prebuilt VM here (prohibitively large for Github) that I can send you some other way if you want to try it out.

I’m sorry, everyone. I tried to make this work.

Michael Hoye
Founder, Bespoke I/O

I’m more grateful than I can say that I’ve had the support of my colleagues, friends and family while I’ve been working on this. My wife has been a rock, and her love and support while I’ve tried to make a thing out of this have been as much as I could have asked for, and as hard as it is to close up shop and move on, it’s the right thing. I haven’t turned my wife into a startup widow and my children into strangers, and if the cost of that choice is the success of this project, so be it. That’s the right thing too.

I’m proud of what I’ve built here, and the work that I’ve done. And it’s time to move on to whatever’s next. I’m two for two now, managing the development of complicated pieces of software through to shipping on time and on budget, and I want to keep that streak alive. If you’re looking for somebody who can do that, let me know..

I asked the lazyweb: What’s the preferred SQL diff tool? I’d like to take two SQL dumps and get back an SQL file of the difference.

Sheeri Cabral delivers the answer: if you do your DB dump with the –skip-extended-insert option, you can use regular old diff to get you most of the way there. That doesn’t give you an SQL file you can use directly, but it gets you enough of the way there that it’ll do.

More Of The Same

The one thing that makes gives me more of that bone-chilling existential dread than anything else in the world, the thing that makes me question the fundamental physical underpinnings of the universe and fear the answers, is code that stops working as you’re staring at it, at the exact moment you realize that it should never have worked in the first place.

Not cool, universe. Not cool at all.

A friend I was having a conversation with the other day noted, quite correctly I think, that while Joel Spolsky has said many very silly things in his time, he’s also said about five very true things better than anyone else, so well that much can be forgiven. One of them came up today when we were talking about the high perceived cost of decent ergonomics compared to the real, properly amortized costs of wrecking up your wrists, back and workplace morale.

One of the true things Joel has said, on the real costs of buying your employees great equipment or buying them junk, is this:

“[...] The bottom line is that an Aeron only really costs $500 more over ten years, or $50 a year. One dollar per week per programmer.”

“A nice roll of toilet paper runs about a buck. Your programmers are probably using about one roll a week, each.”

“So upgrading them to an Aeron chair literally costs the same amount as you’re spending on their toilet paper, and I assure you that if you tried to bring up toilet paper in the budget committee you would be sternly told not to mess around, there were important things to discuss.”

And bear in mind: those are just the costs you can measure right there on the balance sheet. If you think cheaping out on your people doesn’t have much higher hidden costs, you keep right on doing what you’re doing. I’m perfectly OK with it, it’ll make it easier for me when the time comes for me to start hiring.

I’ve said this before myself – over a computer’s life, the difference the very best box you can get and a piece of junk is pennies per hour. It gets more extreme when you start talking about chairs, desks and ergonomics: they’re expensive, but the amortized costs are negligible and the potential downsides are huge; one manager I know here says that if it says “ergo” on it, he doesn’t even bother looking at the price before he approves the expense.

The moment you can afford, both in money and time terms, to think like this you pretty much have to.

I’m trying to get a Thing off the ground here, wranging VCs and assembling a team, and I was asked what I thought about employee expenses, tools, resources and training. What I said was:

  1. If it’s for the job, we’ll pay for it.
  2. If it seems extravagant, I’m going to ask you to make your case. If you can do that I’ll pay for it. In particular, if we can trade money for time I’ll pay for it.
  3. If we get something wrong, we fix it promptly.
  4. If you fuck us you’re fired.
  5. If we need to make more rules because of something you did, we’ll make more rules and you’re fired.