Security vs Usability

I’ve come to a point where I do **not** update apps, plugins, software in general. I know that’s a regressive approach to safety, but safety can’t keep trumping usability all the time.

Source: My comment on Stephen’s Notebook

 

Every few days, I have a conversation about security vs usability somewhere. With my iPad Mini, I blindly trusted Apple to do the right thing and they’ve screwed me over. It’s a beloved device, destroyed completely by iOS 9.

So I’ve basically given up on this bullshit harp that companies sing of ‘security’ to shove software updates down our throats. Sometimes it’s their stupidity, and sometimes it’s just them being sinister. The new Microsoft is the old Microsoft. The benevolent Apple is an insidious Apple. Don’t get me started on Facebook, twitter, and Google. Gmail is just the latest casualty of our overzealous overlords.

Yes, security is a big problem. Yes, it needs constant vigilance. But just like national defense budgets, one key phrase doesn’t allow organizations to completely railroad people’s expectations, asks, hopes, and in this case, UX.

If you’re concerned that by not updating software, you’re living on the edge, restrict the things you do on that device, while keeping other devices that are completely updated and secured. Use only frequently updated third party browsers instead of the default options. Read up on the latest security scares on the Internet and just be aware of the situations you can get into. But most importantly – back up. Make frequent backups of things you care about. I don’t care if it’s as much as letting iCloud run its course every night, and Google Photos siphoning off your pics. Just do it so that if you brick your device, or get hacked, you’re not set back a hundred years.

99% of security is just keeping your eyes open.

How do you like them upgrades?

Every few days, my iPhone politely but firmly nudges me to ‘downgrade’ my iOS from iOS 10 to iOS 11. I say downgrade because that’s what iOS 11 is to me – a crappy OS that was shoved out with half baked ideas which work well for the latest and greatest iPhone, but not at all for any other device Apple supposedly still supports. Getting rid of that prompt requires careful jumping through a confusing menu that makes it too easy to accept a “sure go ahead with this change at night when no one is watching” option. Most of the time, I am able to do just that. But last night, in a haze of trying to actually use my phone, I must have hit the wrong button, because when I woke up, my phone had restarted and was magically on iOS 11.4.1. Yay.

Before I talk about iOS 11, I just want to say why I didn’t want to get on it –

  1. It’s terribly built – simple features such as the ability to close apps quickly (in a few years time, Apple will reveal that just like their battery nonsense, closing apps DOES actually increase the speed of the phone, as empirically witnessed by a Bajillion people), the ability to turn off the wifi completely through the Control Center, the ability to actually use the phone for half an hour without draining the battery completely (my wife got on iOS 11 as soon as it released and she had the worst experience possible with that OS) were nice to have in iOS 10.
  2. I won’t be able to use all my apps – Apple, with iOS 11, waged a war on 32 bit apps. Now, most apps (99.9% I’d say) were smart about it and went 64bit, but I still have 4 apps on my phone, two of which I was using every few days till yesterday, which are 32 bit. So long Stress Baal and Sunstroke. You will be sorely missed.
  3. It will most certainly screw up my Apple Watch – I have a Series 0 (zero) Apple Watch. When will I buy the new one? Probably not for another few years. It’s a watch. It’s somewhat smart and lets me see messages and cut phone calls, but that’s about it. Do I need LTE? If AT&T pays me $15/mo instead of charging it from me, I might. But one minute into using the new OS, I was told to update my Watch from version 3.2.3 to 4.3.2 and told that if I do not, the phone will force unpair my watch and reset it. Thanks Obama. I exited the Watch app on my phone and plan on opening it at some point in the future. My watch is no longer getting notifications and isn’t able to send heart rate data to the phone (so much for Apple’s “we’re helping you take care of your health” crap. If the data collection is conditional, it’s not really helpful, is it?). But I know that watchOS 4 will screw up the watch, the third party apps, the battery usage. Basically, this is Apple’s way of making you buy a new watch. NO.

Now, coming to iOS 11. I immediately noticed that most apps seem to work differently – Google Maps had some new and interesting UI changes, Egg Inc had AR, the photos app had an irritating number of new features it had to tell me about before it let me use the app, the screenshots were showing up at the bottom (which is nice), etc.

Oh wait, backup. AR. That gleaming, new, awesome technology that’s changing the world! Yeah, I used it. For about 30 seconds. Then I was done.

Literally the only thing I could imagine using AR for – Egg, Inc. With that, my AR experience has ended. Well done, Apple.

Incidentally, I only recently watched this rather interesting video about how Apple will eventually launch AR glasses and they will be more successful than Google’s half-ass attempt because, well, Apple. It’s worth a watch 🙂 –

The rest of the stuff, is as I expected – meh. The app switcher can now close apps (yay!). The wifi stupidity that Apple propagated with iOS 11 is still there (so it’s always going to drain your battery no matter what). The animations and speed of launching apps is meh. Apple really wanted to make you feel something different, and well, I feel it, but I don’t care for it. It’s more a disruption than a nice addition. Plus, if you close an app that sits at the top of the screen vs at the bottom, the animation helps you see where the app is ‘going to’, but that’s really a rather stupid thing to care for Apple. I say that because I’m sure anyone who has as many apps as I do uses the search bar to get to apps instead.

Oh, yeah, that might be the silver lining – in iOS 10, I would swipe down, type out the name of an app I want, and the phone would just sit there, like a dunce, unsure of what I want it to do. Something was really borked in the code there and sometimes the search would work perfectly and other times it would go completely for a toss. Hopefully, that experience will be more consistent with iOS 11. If not, I’ll know that Apple did not even bother improving the Siri search code underneath and just dressed it in iOS 11 style. Typical Apple. Let’s see.

I’m no Luddite. I like experimenting with new stuff. But I really was hoping to go directly from iOS 10 to iOS 12. When iOS 12 drops, it’ll most likely not support my Series 0 watch. But at least it’s purported to be better than this monstrosity Apple threw our way. It’s OK to skip an OS, it’s OK to turn off auto-upgrades and auto-updates and watch your ‘to update’ App Store list burgeon to 197 apps. It’s OK to let the latest and greatest go while developers work on hardening releases. We all do it in some sphere of our lives. It’s just that my sphere was the one I’m staring at the most during my day – my phone. I want it to be consistent, familiar, and with less fluff. Sometimes people stick to a particular iPhone for a lot longer than they can, because they like the form factor and the materials used. Well, iOS 10 was that for me. But now my phone has moved past it. Time to adopt the new and shiny and see what changes this brings. Hopefully some nice AR filters.

Running Compass on Vultr

Intro

Recently, I came across a tweet by Aaron Parecki, where he talked about a lifelogging app he built (and recently released) which tracks our location constantly.

I’ve been using Moves on-and-off over the years and partly due to it being now owned by Facebook, and partly because it’s a very crashy app (first time works fine, doesn’t open ever after that and stops tracking properly soon after; I assume the developer is now working on some darker features for the Facebook apps and so doesn’t spend as much time on his own creation), I’ve never been satisfied with Moves.

So, I downloaded Aaron’s Overland GPS Tracker app (free!) and set it up. The app is rather bare and the functionality is not well explained (within it). But it’s free, open source, a one-man job, and in line with the vision for indie dev, so it’s up to us to figure things out. I asked a few questions, got pointed to the settings explainer here. Well worth a read if you download the app.

The next step of the app was to install a remote server which ingests the data and makes it human readable and useful. As Aaron explains, the quest is to answer the question – “where was I at blah date at blah time?” The app’s official homepage recommends one of two servers to send the data to – a service called Icecondor and a server Aaron wrote called Compass. Compass looks nicer than Icecondor, is self-hosted, and I’ve been itching to play with Vultr.com‘s SSD Cloud, which competes with DigitalOcean in pricing and resources. So, here’s a walk-through for getting yourself setup with Vultr, installing Compass, and setting it up with Overland GPS to start tracking your location as creepily as Facebook and Google do it! 🙂

Vultr

Vultr is a nice competitor to DigitalOcean. At $2.50/mo for their cheapest VPS, it’s half the price of what DigitalOcean offers ($5/mo for the same RAM, storage, and CPU, but DO offers twice the bandwidth and, well, is trusted more). There had to be a caveat, right?

I signed up and the first thing I was told to do was to add money to the account. I had the option of not adding any cash and just attaching my credit card, but I’m going to end up using Vultr for something or the other, so I threw $10 at them (shut-up-and-take-my-money style!).

Then, they told me I can deploy a new server! I picked Seattle as my server location, Ubuntu 17.10 as my poison (which was probably a bad idea; more on that later), and scrolled down to the Server pricing. The $10/mo server was pre-selected for me and the $2.50 option was grayed out! (Seriously though, they should give names to these tiers. It’s silly to keep referring to the price.)

I googled around a bit and found out that they keep disabling the cheapest tier (they call it “Temporarily Sold Out”) as a sort of bait-and-switch model to drive new users to the more expensive options. But that sounds somewhat bullshit. If this was truly the behavior, I’d like my money back. But, and I’m glad I did this, I went back and started clicking around to look for solutions. It came in the form of New York! Turns out, they try to drive users to lesser used data centers while everyone who’s trying to set things up actually tries to use the “Silicon Valley” data center (seriously? Who the heck put a data center there???)

New York and Miami currently have open $2.50/mo tiers (ugh, that naming is so needed! I guess I’ll call it the Micro tier and the next one Mini), and networking is not a problem for me (who cares if a little more bandwidth is needed to get this non-time-sensitive data to New York and back), so I picked New York and threw my hat in the ring.

The server came up within… minutes? (Seriously, it was fast!) and I had an IP address to point to! Yay! But, what’s the password? The usual Ubuntu password didn’t work and I looked around at their docs and there wasn’t much to go by (Vultr’s docs aren’t as awesome as DigitalOcean’s. They’re good, just not there yet. They have a documentation bounty program if you’re interested, dear reader.) Then I checked the email which I would have received on server activation. It said that the password is on the dashboard (silly me!).

As I said before, Vultr’s documentation isn’t great, so I followed a mix of Vultr’s LEMP install here and DO’s LEMP stack installation instructions here. I installed PHP 7.1 with FPM (which, I must admit, was a little leap-of-faith because I wasn’t sure Aaron’s code would work without throwing up legacy issues, which it didn’t) and skipped most of the tweaking that Vultr recommends (YMMV).

Compass

Then, I copied over the Compass files (from here) and started following the Setup. The first issue was the .env file. There’s a few settings in there which are confusing, so here’s what I did –

BASE_URL -> This is your website. It uses HTTPS. More on that below.

STORAGE_DIR -> This is the data directory which is supposed to store your incoming data. Oddly enough, it doesn’t. When you use the application, the GUI prompts you to make a ‘database’ (it should be called a ‘project’ Aaron). This database makes its own folder in the Compass directory, so this variable invariably doesn’t get used. Set it anyways.

APP_KEY -> This confused me a bit. I don’t think this is a password. But I set it to something like a password. It’s a 32 char string, so have fun setting it up.

DB_CONNECTION -> Set this all up as you would any other MySQL application. Use the WordPress tutorial by DigitalOcean as a hint of what to do.

DEFAULT_AUTH_ENDPOINT -> This was one of the more confusing things I saw. Was the idea that this was some generic authorization? To figure out, I found Aaron’s own Compass website and tried to login. Turns out Aaron uses a very neat authorization process. There’s no password. All you do is tell which Indie authorization website you want to use to authenticate who you are and it’ll allow you to login. Specifying this URL will mean that if you can login to that other website, you can login to this website. The default is set to ‘https://indieauth.com/auth’. If you let this remain, it’ll mean that anyone who has an indie auth login anywhere will be able to create an account on your Compass server and potentially use it for their own data. So, I authenticated myself into Aaron’s server and now I have an account there! Of course, I don’t recommend this. I changed this Endpoint to my withKnown.com site. That way, only people who can login to my withKnown site can login to my Compass server. Who can login to my withKnown server? Only me. 🙂

There’s a piece of the puzzle which needs addressing. APP_DEBUG is set to true right now. So whenever there’s an error, Compass spits out the entire MySQL connection string, including password, as well as very important system information out to anyone to see. I suspect that once you’re done setting up this server and you trust it, you should follow the Laravel process of ‘migrating’ the application from dev mode to production. This will help secure your application.

 

After this, I moved on to running Composer to install all the dependencies which I needed for Compass. Here’s all the issues I faced there –

“Composer not installed” – Install using

"apt install composer"

“danielstjules/stringy 1.10.0 requires ext-mbstring” –

"apt install php7.1-mbstring"

“phpunit/phpunit 4.8.21 requires ext-dom” –

"apt install phpunit"

“zip extension and unzip command are both missing” –

"apt install zip unzip"

Now, you can run ‘composer install’ and it’ll work.

 

nginx

I recommend using nginx. You’ve got a small server and you don’t want Apache to drown the memory, so just use nginx.

Aaron’s config for nginx were clear, but not helpful, because it doesn’t go with the usual nginx config floating around tutorials. So here’s mine (relevant portions only) –

index index.php index.html index.htm;
root /var/www/nitinkhanna/html/compass/public;

location / { 
    try_files $uri /index.php?$args; 
}
location /index.php { 
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;    
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ \.php$ {
    include snippets/fastcgi-php.conf; 
    fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}

At this point, I thought I was done. But then, when I tried to open the site, I ran into some very nice errors in the application. First of all, notice the root. The root of the application is not the compass folder itself, but the public folder inside it. This is not mentioned anywhere in the documentation and was well worth twenty minutes of “what the heck?” and then some. But you have it on good authority that this is what you’re supposed to do.

Secondly, the application wasn’t done making me install stuff. So I also had to install curl –

apt install php-curl

Then, I wanted to digress a little and make my life a little more difficult (or easy, depending on who you ask). Aaron’s own Compass server uses Let’s Encrypt based SSL. I’ve always wanted to secure my own sites using SSL, but I’m lazy. For this, I thought, why not!

I found the CertBot instructions for installing with nginx and Ubuntu here. They’re pretty straightforward, with a small error that I ran into – Cloudflare. I use Cloudflare as my DNS, security, loadbalancer, God of Small Things. Cloudflare provides SSL. It’s literally a one click. When you add a new A record to your domain (such as compass.p3k.io), it adds DNS and security itself by routing traffic through Cloudflare’s network. CertBot doesn’t work with that. CertBot needs direct access to the server. So, I had to disable Cloudflare’s lovely protection for my subdomain and let certbot do it’s job. It did so. It automatically modified the nginx config to accept HTTPS-only connections and to route all traffic to HTTPS. I was even able to setup crontab to auto-renew certs –

43 6 * * * certbot renew --post-hook "service nginx restart"

After this, you run the job queue commands as listed by Aaron and you should technically have a running website. But there’s a catch, as there always is. This server that I’ve got is not a ‘mini’. It’s a ‘micro’. 512 MB RAM is not enough to run MySQL, Ubuntu 17.10, nginx, php-fpm, and actually run an application on top of that. So, I ran into a very cryptic error –

[PDOException]                                    
SQLSTATE[HY000] [2002] No such file or directory 

At this point, I had the application running and I was able to visit the site and all, but try to login and it threw this error. The php artisan command also started throwing this error (by the way, you’re supposed to run the ‘php artisan queue:listen’ command in the background for this server. Follow the instructions here to set up supervisord to do so). Most people on StackOverflow seemed to think that if you replace ‘localhost’ with ‘127.0.0.1’ in the app’s settings, it’ll start working again. But that didn’t help. Finally, someone recommended (not in real-time. I’ve only once ever in my life used StackOverflow in real-time to get answers to a question) restarting MySQL. Well duh.

Oh? MySQL won’t restart. Why???

It was this community question on DigitalOcean that gave me the answer I was looking for – I had run out of RAM. Turns out, 512 MB is just enough to play with a server, but not enough to run it for reals. Nonsense. Let’s just add a swap!

I used this excellent and very easy DO tutorial to add swap to my VPS. Notice the shade it throws at you for trying to use swap on SSDs. They specifically say that it doesn’t recommend using swap for DO “or any other provider that utilizes SSD storage” and that this degrades hardware performance for you and “your neighbors”. DO recommends upgrading your instance so it has more RAM instead of using swap. We don’t listen.

Added swap and voila! It’s working! MySQL fires up and the app stops throwing silly errors! I ran htop all night on the instance to monitor for Memory and Swap use and it works just fine! At last, we can login!

 

Overland

OK, we logged in using our designated Indie Auth website! Now what? You’re staring at the blank screen that recommends you create a database. Do it. You give it a fancy name and it spits out a bunch of configuration. Now what? First of all, change the Timezone in the settings to where you are. It’s set to UTC right now, but for me, it’s PST. Also, use

dpkg-reconfigure tzdata

in your Ubuntu command line to change the timezone of your server to where you are. Remember, my server is in New York. But I told it that its timezone is America/Los Angeles. Because.

OK! You’re good to go! You can throw some data at this server! Head over to the Overland GPS app and add this endpoint to it. Only, what’s the endpoint? I added just my compass server’s URL and that didn’t seem to work. Then I looked at the app screenshots and there it was –

https://compass.p3k.io/api/input?token=E6ncEYWxT...

That’s your Receiver endpoint! But, where should I find this? In your Compass ‘database’ settings, You’ve got a read token and a write token. Next to the write token is a link which says “show API endpoint”. Click it and out pops another line which shows you the above. Simply copy this and magically move it to your phone (I WhatsApp myself these things) and you can plug it into the app and start sending data! The first time you plug it in, the app will collect all the data you’ve accumulated till then (I had some 25000 points of data to transmit) and smoothly move everything to the server (Aaron really has done a great job with the app). After that, it’ll move the data in batches the size of which you can specify (God knows why).

But. You’ll see some odd things. For example, in the afternoon, the server’s map changed the date over to the next data (I suspect this is because my server was still on UTC time. Running the tzdata command above should solve this). Also, whenever there’s no data (or the data hasn’t loaded yet), the map points to Portland. I get that Aaron is from there, but I think we should be able to configure this (Seattle, woooo!) because it’s a little jarring. Finally, this will teach you how bad your GPS data is anyways. Most of the time, the map has me squarely in the water, or swimming out and coming back, or has me cross the I-90 bridge by, well, not crossing the bridge but swimming along it). But, that’s just the world we live in.

 

Questions/Issues
  1. Why does this server need MySQL? The Compass documentation says that the data is stored in flat files. Then is the MySQL database only used for temporary storage of data before it’s processed and saved to flat files?
  2. Is HTTPS a requirement of the server or a nice-to-have? I am not sure about this and I just took the safer route.
  3. The app, in debug mode, spits out way too much information which it shouldn’t. I’d like clear instructions on migrating it off debug mode.
  4. Did I decipher the meaning of DEFAULT_AUTH_ENDPOINT correctly? Not sure. Also, Aaron, if you’re reading this – what do I do with my login on your Compass server? Can you allow people to store their data on there, just for visualization (and wiped every night so as not to flood your server).
  5. I still don’t know what the best configuration is for the app (battery-use to tracking). If you’ve got pointers, throw them in the comments below!

No updates please

I was an avid software updater. I would read the updates list, hit the update button and see the download happen. I enjoyed doing this manually because it’s a fun process to acknowledge all the work someone has put into this update that I’m downloading. In that sense, websites are no fun – they change suddenly and have no changelist to describe what all has changed and what new features are available.

But then I got bitten. First, on my iPad Mini (Series 1). iOS 9 slowed everything to a crawl. I still have use for the iPad, but it’s limited to two apps – Scrivener and Kindle. Everything else is basically unusable. I don’t even browse the web on it. It’s just easier to bring out my iPhone 7 Plus for that.

Then, went my Macbook Pro. The main reason is under-use. When I’m developing something, I’ll update the packages, update Xcode, get the latest and greatest of iTunes. But when I’m browsing or reading on it, Safari suffices. Chrome is a crybaby on OSX, so I dumped it and never looked back. Perhaps the lack of Chrome Sync is what drove my usage down? Not sure. All I know is that my Mac cries for updates and I deny it. I don’t even know what version of OS I have. It’s a pain to find out and keep track. I don’t have Siri on it. APFS, you ask? Not gonna do it.

Finally, the iPhone. Oh, the iPhone. I still enjoyed downloading and updating apps on it for the longest time. It’s the most used device I have (and I have the Apple Watch strapped to my wrist most of the day. It’s just not used in the same way). I have truly enjoyed watching app updates change the way I use my iPhone and what I keep on my main home screen.

Then, the inevitable happened. I got bitten. The app update didn’t mention that Terminology 3 was going to change one of the main features of the app – opening on the search view. I thought the cries of a thousand users would make the developer reconsider. I don’t even know where that debate went.

Then, I updated an app I was just trying and the developer put an ad at the beginning of the app, destroying the experience completely. I gave my first ever App Store review – a 1 star with a few choice bad words. I calmed down after a day and updated the 1 to 4 stars. But I made the developer notice. I made sure they understood that not mentioning the ads in the app update is the reason why they got the bad review. They changed the update text to include mention of the ads.

I don’t mind change. I’d just like to have it mentioned to me. Today, browsing the app updates page, I saw that Delta Dental had updated their app. I opened the details and all it said was “bug fixes”. There’s more effort made to inform users of what’s changing in SnapChat than what’s changing in an insurance company’s app. There’s technology for you.

Twitter changed. Instagram changed. Facebook changed. I see more ads and more crap ‘features’ in these apps that anyone around me. Maybe they’ve labelled me guinea pig?

One day, I updated Google Search’s app. There was a time I used it as my main search app. The app team had added Cards to the app. The feature destroyed the app. It had slowed down to a crawl, it was not even loading the cards properly and wouldn’t let me jump right into a search. Google eventually fixed the cards and made the thing faster, but the app’s main focus is still ‘showing information’ instead of letting me ‘search for information’. My main ‘search’ now happens through Safari – it’s got adblocking, it’s got session retention (Google Search app is crap for that), and it’s just nicer to use.

I’d like to remember what exactly it was that broke the camel’s back, but there’s just a very long list to look through. One day, I was just not updating apps with the same zeal and the same frequency. I realized that the release notes were a joke, and features were going to keep changing at whatever terrible pace the developers decided was right. I’m a developer, I know that it’s very easy to decide to change something (and very difficult to implement it). So I respect the devs who put hours into these updates. But I’m just not going to update apps (and OS versions) as frequently as they come out with them.

Since the last few days, we’ve been talking about iOS 11. My wife has been asking me to backup her phone and update it. She’s never been this excited about an OS update. But I couldn’t be farther away from it. I’m not excited about HEIF/HEVC. I’m not interested in iOS 11 ‘degrading’ my phone. I’m not even excited about all the bugs they’ll eventually iron out with a point release in a month or two.

But, I’ve readied my phone for it. I’ve deleted about thirteen thousand photos from my phone, primarily because I was tired of keeping them around (is it true that less storage used translated to better battery life?). I’ve taken a backup or two. Maybe I’ll update my phone today. Maybe I’ll update my wife’s phone first and see how that goes.

But app updates? No, thank you.

Apple needs to release a Mind-Body-Soul LifeKit

How many miles did you walk today?
How long did you sleep?
What was your calorie intake and expenditure over the weekend?

These are questions that your iPhone can answer right now.

How many pages of a book have you read in the last week?
How much time have you spent meditating using one of the meditation apps on your iPad?
How much time have you spent on twitter, Facebook, Instagram or Reddit today?
Are your iMessages mostly positive or negative?

These are some of the questions that Apple’s iOS cannot answer right now. Continue reading

Well, what about the jailbreak?

iOS8 is here today and as I always do before an iOS update, it’s time to audit my jailbreak. Of late, I’ve grown distant from the jailbreak idea as such. I still have a jailbroken iPhone 4S and iPad Mini 1, but there’s barely much happening there.

RAM? What’s that?

The first problem with my jailbreak is that it’s on a device that’s now, well, old. The iPhone 4S has 512 MB of RAM and as much as Apple fanboys will tell you that you don’t need RAM because Apple has a) tight integration with their hardware or b) amazing tricks up their sleeves that put apps to ‘sleep’ as soon as you minimize them, the truth is that if you jailbreak, you need RAM. Continue reading

Facebook Messenger’s Genius Inputs

Ah, Facebook! You’ve been at the center of so much controversy about privacy, callousness towards users and crappy advertising strategies. But if there’s one thing you do well, it’s the ability to slip in some gems of code into your apps and platforms. The latest one, I discovered recently, is the variety and innovation of inputs in your iOS Messenger app. Chatting is something that comes naturally to people. The quick and painless flow of information (hey, gossip is information) is vital to relationships and of late, we’ve been doing a lot of that on mobile phones. iOS, in it’s standardizing tone, has set up the following method of sending information to others – fire up an app, type something you want to send and hit Enter. If you want to send a photo, press a dedicated button to select a few images or take one and send it. If you want to send emoji, press a dedicated button, select the emoji and it’ll be added to your text input. All of this is fine, except the photo sharing part. Recently, I was looking at how redundant that is. The entire process of selecting photos to send (and many apps only allow one photo at a time) and the process of using a single Camera UI to decide if you want to upload old pics or take a new one, is restrictive and kludgy. In comes Facebook Messenger, with the following UI – Continue reading

To the Team behind Threes

Today, I read one of the most awesome blog posts I’ve ever read about the creation of something. The post was by the team behind the popular mobile game Threes (yes, the one that spawned the even more popular 2048 series of games) detailing the 570 emails and 45,000+ words exchanged between them over a period of one and a half years to make a game that has broken away from the entire mobile gaming market and shown us what wonders can be done on a four by four game board.

I must confess, I did not read the whole thing. I read about a quarter into the page before skipping down to look at the artwork and reading the conclusion. I found the developers talking about how Threes has turned out to be a lot more famous than they had imagined and how amazed they are at the growing community around it. They are also highly critical of the fakes, the ‘inspired’ games and the outright rip-offs that are flooding the markets.

But here’s the thing – 2048 became famous because it’s gimmicky. The clones are famous because of the original, not on their own merit. But Threes? Threes is unique. There’s no match for the excellent game, the wonderful team behind it and the level of innovation that’s gone into the making of the game.

Along the way, in the article, you can download early prototypes that can be played on both Mac and Windows and are excellent games in themselves. They are different from the gameplay of the final game, yet are impressive in their own right. Here’s one such game that I downloaded and played and was instantly addicted. It’s a brilliant take on Threes, twisting the game with a new angle of gameplay.

So this is what I have to say to the team behind Threes –

Do not lose heart. Scammers will come and go, but your hard work is what stands before the public today. They will approve.

But do not stand on your laurels either. I believe it was the CEO of Rovio (behind Angry Birds) who said, “Piracy may not be a bad thing: it can get us more business at the end of the day.” He’s not wrong. You called out 2048 as a game that’s inherently flawed as it can be finished too easily. That’s true. But it’s popular and it’s a derivative of your work. So go ahead, steal what is already yours and add it as a fun mode to your game.

Do not hide your excellence. You are a runaway success. You may need more money, but get more people, finish those games you have showcased in the blog post and show them to the world. The one I played is nothing short of amazing. It made me fall in love with Threes all over again. It’ll bring people back to you. You are at a similar stage which Angry Birds was at with their games. They innovated only a bit every time but every game they released was an instant hit. Your ideas are already a hit. Bring them forth.

Finally, yes, pursue the Mobile App Stores. Tell them to remove the fakes and the rip-offs. But don’t wait for them to do anything. The thieves don’t have the one thing you do – an original idea. They’ll disappear into ignominy soon, but Threes will live on.

 

For all Threes lovers, I leave you with this artwork that I hope will inspire you to keep playing Threes and keep aiming for the Lion. Cheers!

The Threes Monsters.

The Threes Monsters. Source – http://asherv.com/threes/threemails/

And some other Threes Artwork –

Stacking the Cards

The Pirate

Threes is infinite. No, really.