I sometime describe myself as “an aspiring cyclist.” I enjoy cycling a lot and recognize all its environmental and health benefits, but unfortunately like most Canadian parents my day-to-day is not very conducive to a cycling-based lifestyle. In Winnipeg, as is the case in most North American cities, the built environment abandoned the bicycle sometime in around the 1950s when we started to replace electric trams with diesel buses. So at best, I can only aspire to be a cyclist.
Earlier this February, I had the pleasure of joining the Counterpoint team in Oulu, Finland for a winter cycling retreat of sorts. Oulu is a city barely south of the Arctic Circle in Northern Finland. It has a population and land area of roughly half that of Winnipeg, yet it boasts and incredible 600km of cycle/pedestrian pathways, including over 100 underpasses. I spent 6 days (logged 100km) exploring the city by bicycle.
In addition the the many underpasses, in the few places where cyclists are required to intersect with a car crossing Oulu’s streetlights are designed to sense cycle traffic and prioritize it by switching the car traffic lights to red. With this system we were able to cycle the 10km from our suburban airbnb to the downtown core without stopping. The cycle path system also includes comprehensive way finding and a west-to-east numbering system making navigation easy, even without Google maps.
Overall it’s an incredibly well designed system, built from the ground up with cycling as a priority. Unlike our systems here where we are largely trying to wedge a cycling network into an environment built for cars.
But unpinning Oulu’s cycling network is something that Winnipeg already has. Something we could adopt in many places around the city without spending massive amounts of money building new infrastructure… two meter wide “sidewalks.”
Every single roadway in Oulu (and I can only assume much of Finland) includes a roughly 2 meter wide light traffic right of way along side at least one side of the car/truck right of way.
Have We Been Overthinking Cycling Infrastructure?
Dedicated protected bike lanes are great and super important for much of the existing road network that we have in cities like Winnipeg. But they’re also very expensive to build and they’re hard to approve since they often involve disrupting the ever-important car. Thing is, in my entire time in Finland I didn’t encounter a single “bike lane.” I’m not sure they actually have any.
And when I got in to my car for the first time after getting back and drove down Ness avenue, it immediately hit me! We already have wide sidewalks all over the city! We are just using them poorly.
Cycling On The Sidewalk
Under current city bylaws it is technically illegal for adults to cycle on the sidewalk. Many parts of the city have <1m wide sidewalks and on those narrow sidewalks it’s understandable, they’re not really wide enough for a cyclist to share with a pedestrian.
Unfortunately, this regulation sends a strange message that bikes are dangerous and completely sidesteps the real problem of sidewalks that are much too narrow.
I’d propose changing this legislation to allow for wider sidewalks to be designated shared pedestrian and cycling pathways. Explicitly, with well placed signage and a proper public awareness campaign. (Oh and while we’re at it get rid of those lame no skateboarding laws too!)
Examples of Poor Use of Space
Much of Ness Avenue has wider than average sidewalks. For some reason the utility poles and signage is in the middle of the sidewalk! Move that junk to the outside edge and suddenly you have cycling infrastructure on Ness! For much lower cost than ripping up the street and building some bike lanes.
Portage Avenue has sidewalks that would be plenty wide for cyclists to share with pedestrians, if it wasn’t for all the random garbage cans, no parking signs and other junk. Moving those out of the way would cost nothing at all. Perhaps we’d need some new regulation to explicitly describe how we are allowed this space. But do that and suddenly we have cycling infrastructure down portage!
Similar story on Southbound Henderson Highway. The sidewalk is plenty wide, but it has all kinds of random, no-sidewalk junk all over the place. Get rid of that junk and SUDDENLY WE HAVE FREE CYCLING INFRASTRUCTURE!
Conclusion: Just Do It
I’m sure I could find many many more examples like these around the city. I seem to recall the city “upgrading” these sidewalks a couple of decades ago so that they could stop replacing grass that was destroyed by the road salt every winter.
A couple of simple bylaw changes and relatively small scale projects to move a couple of light posts and garbage cans and suddenly we’ve unlocked kilometers of cycle paths.
I’m not saying we don’t need dedicated bike lanes and active transportation paths through our beautiful forest. I am just saying that if we see those as the only solutions, we are making the problem more difficult and costly than it needs to be.
With the beginning of a new year decade everybody is posting retrospectives on anything and everything. For the most part, these retrospectives have to be complied manually by compiling data from different sources. I’d argue that our lives would be more interesting if more services give us easier ways to reflect on the content we’ve posted over the decades.
In fact, services could probably get away with collecting more sensitive data if they surfaced it for us in interesting ways. For instance (despite my better judgement) I’ve had Google’s location tracking fully enabled for the past 3 years. The Google Maps timeline generates this map of everywhere I’ve been that is just totally fascinating to me. I can’t bring myself to turn if off.
This week, I started an experiment where I will be logging every single interesting link I come across online in a public twitter feed.
It would be cool to see what happened if browsers tried to include a feature like this using your local browser history. (I’m getting deja vu, was there a web 2.0 era browser that did something like this?)
WordPress Historical Posts
A few years back I created a WordPress plugin that surfaces old posts in dashboard and sidebar widgets (you can see it in the footer of my blog if you scroll down). IMHO any blogger with more than a couple of years of content could benefit from this plugin. I love seeing what I posted a decade ago. Occasionally it spawns new or update post ideas.
I know the photo services have started adding “on this day” and “then and now” features to their main products. I personally enjoy those quite a bit. Seeing my kids grow up is an acceptable of inherently anti-piracy facial recognition.
I mentioned Google Maps Timelines as another acceptable reasons to leak private data. But I actually think Google could do more with this data, especially on Android. It would be cool to automatically see all the times I’ve been at my current location and any photos or related data that I’ve logged there. Google Health could have workout data (and analysis) automatically available when I’m at the gym. Stuff like that.
Are there other services that have interesting retrospective features?
Would you be more open to giving up private data if services gave you interesting or useful data and analysis based on you private data?
The late 2010s are an interesting time for music. Streaming services have effectively commoditized music, all of the world’s music is available to everyone at any time, for next to nothing. Meanwhile, The Internet is effectively killing pop culture — at least in the sense of a common experience shared across an entire generation. There is no longer a central source of truth for “cool,” instead there are many niche communities defining themselves, propping up their own niche celebrities and musical styles. Don’t get me wrong, this is awesome! Mainstream music sucked, CDs were expensive.
Unfortunately, I feel like this current state of music is causing my kids to miss out. It seems like they are not really gloming on to music in the same way that I did growing up. It’s like the lack of a pop culture is removing the influence of music on their daily lives. As a parent I suppose I’m partially to blame, we purposely kept our kids away from terrible kids music (instead of Raffi we played Ramones) and as they’ve grown this has morphed into playing podcasts instead of pop radio.
At 9 and 11, maybe my boys are still a little young to really get into music. Regardless, in an attempt to spur some level of interest I’ve started to compile a playlist of two songs from each of my favourite albums of all time. My 11 yr old has downloaded the playlist to his phone and mentioned having Kraftwerk stuck in his head, so I think it’s working already.
Compiling this list has become quite a fun exercise but I quickly realized that it was going to be an insane task if I didn’t give myself to some criteria.
My definition of “favourite albums of all time” for the purposes of this list is essentially (a) any album that I have played on repeat at any point in the past (b) that still holds up when I listen to it today, (c) where I still enjoy the majority of the tracks on the album. I’m leaving this broad to expose my kids to as much music as possible; and narrow enough to exclude one-hit-wonders and “bad” albums.
When choosing songs, I’ve tried to pick my favourite songs on the album. When I’ve found it too difficult to choose, I’ve picked two songs that are most typical of the artist’s style. I’ve also made a conscious effort to exclude songs with rampant profanity, overt sexuality or that overtly depressing/negative.
Part one of the playlist contains 50 songs from 25 albums. I’m positive there will be a part two, maybe even a part three. For posterity, I’m going to write about my choices below. Feel free to listen to the playlist and read on.
For the sake of organization, I’ll list the albums in chronological order of release date. I am not insane enough to try to rank these in any sort of order.
Johnny Cash – At Folsom Prison (1968)
I grew up mainly listening to 70s-era country music. Waylon Jennings, The Statler Brothers, Conway Twitty, Loretta Lynn, Charlie Pride, Dolly Parton, Kenny Rogers, Johnny Cash, George Jones, Tammy Wynette, etc, etc. My tweenage years even included a family trip to Nashville.
Even though country music was a big part of my childhood, but as a city boy the music didn’t really stick with me. Except for Johnny Cash.
Singing about prison at a concert in prison in Folsom Prison Blues is just about one of the most hardcore things I can think of. 25 Minutes to Go is a little grim but it’s a great example of Cash’s story telling (and I’m a fan of grim anyways). I think I’ll include more Johnny Cash in the future
Wendy Carlos – A Clockwork Orange Soundtrack (1972)
I actually had a hard time finding this one on Spotify (and I’m not certain these are the right one). The soundtrack in incredible. Even moreso when you consider the analog hardware Carlos was working with at the time. I’ve included this one mainly as historical context for the current state of electronic music.
Ramones – Ramones (1976)
Ramones invented pop punk, fight me.
Mainly, I’ve included this one because I want my kids to remember the music they rocked out to as toddlers.
Joy Division – Unknown Pleasures (1979)
To be honest, this is one of the weaker inclusion on the list in terms of “favouriteness” and it probably breaks my rule about being “too depressing.” I just feel this is an album everyone should listen to at least once. It is hugely influential to many of the other albums that come later on this list.
Kraftwerk – Computer World (1981)
Another album that I’ve included mainly for historical context. With electronic music being the root of so much music in <current year> it’s important understand its roots.
Minutemen – Double Nickels on the Dime (1984)
This is one of those albums that I wish I’d discovered much earlier in life. In my mind, I can draw a straight line between my love for Johnny Cash’s story telling style to D. Boon. I choose Viet Nam because well, most 9 yr olds don’t know anything about that war. History Lesson Part 2 is cool little song about history of punk to that point in time.
Nirvana – Bleach (1989)
Bleach is my favourite Nirvana album. I think I bought it with a Columbia House subscription on a whim and I have distinct memories of listening it on my discman in the back of my parents car circa 1994 and being totally blown away. Blew is probably about drugs but “You could do anything” is also sort of unusually positive. Love Buzz is classic Nirvana before they were classic.
Iron Maiden – Fear of the Dark (1992)
I when through a brief period when I listened to a fair bit of Maiden on repeat while programming. But in honesty, this is almost a token metal inclusion.
Nirvana – Insecticide (1992)
I don’t think I ever owned this album. Silver is a song that seems super relatable to an 11 yr old. Aneurysm is just plain amazing! Thought the live version on From The Muddy Banks of the Wishkah is arguably better, but so be it.
The Smashing Pumpkins – Siamese Dream (1993)
I picked up the guitar around around 1994, this is one album that I learned to play front to back. I think I even jammed out with a friend a few times. I couldn’t pick a favourite track. #hipsterunite
Nirvana – Nevermind (1994)
By this point you should have seen this coming. I just can’t let my kids grow up without listening to Nevermind, it would be irresponsible parenting.
There’s a great VH1 Behind the Music (I think) with Butch Vig about how he convinced Cobin to use vocal doubling on this album – by telling him John Lennon did it IIRC. I’ve never been able to unhear the vocal doubling on every single chorus on this album.
In Bloom is essentially a modern Beatles song – as brilliantly illustrated in the music video. Drain You feels like bookend to Love Buzz, sorta.
Veruca Salt – American Thighs (1994)
Veruca Salt was the opening act for the first concert I ever attended. If I recall correctly they came on stage in nude onsies (complete with tassels, it was a different time) and we we sitting just far enough away in the nose bleeds of the old Winnipeg Arena that for a few moments we weren’t sure if they were actually dressed. Seether feels like the most “90s” song on this playlist so far. Forythia taught me plant names.
Bush(x) – Sixteen Stone (1995)
Until this very moment, I did not realize that “sixteen stone” is a weight (224lbs, 102kg), I am a dummy. Due to strange copyright/trademark issues Bush will forever be “Bushx” in my mind. If memory serves, they were the headlining act that Veruca Salt opened for. Little Things and Machinehead are solid “pop grunge.”
Foo Fighters – Foo Fighters (1995)
Another album that I taught myself every song on. Dave Grohl really made career out of this band, but I could never get into any of the other albums after the first one. Too much of the same no-objectionable slightly-upbeat rock-ish. Hard to pick a favourite on this one too.
Hum – You’d Prefer An Astronaut (1995)
Earlier this week, I heard a new slightly shoegazing track that reminded me of the few weeks in 2002 or so when I was really in to Hum. I was surprised how well the album holds up.
Propagandhi – Less Talk, More Rock (1996)
I attended a fair number of local shows in the late 90s, early 00s but I don’t think I saw Propagandhi live until much later. For a long time my main exposure to them was the Fat Wreckords compilations. Propagandhi is probably the most important musical act from Winnipeg since The Guess Who? BTO?
Including Resisting Tyrannical Government in an attempt to corrupt my children with anarchist propaganda, also “Jesus Saves, Gretzky Scores.” Gifts isso Winnipeg.
Descendents – Everything Sucks (1996)
Descendets are just great, upbeat and fun.
The Promise Ring – Nothing Feels Good (1997)
The Promise Ring is one of the few bands on this list that Odessa & I both love equally. For that reason, they feel important. Pink Chimneys is proof that The Promise Ring should have incorporated more synth. B is For Bethlehem has one of the catchiest choruses in emo.
Saves The Day – Can’t Slow Down (1998)
Saves The Day was the first emo band to really hook me in my early 20s. Like, drive down to Minneapolis and drive back after the show, hook me. In making this playlist I skimmed through their discography and I was disappointed to find that most of their music doesn’t really appeal to me much anymore. Can’t Slow Down is a solid album.
Ed Rush & Optical – Wormhole (1998)
When I first heard Ed Rush & Optical in 1998 my impression of electronic music was forever changed. By way of a couple of friends and IRC, I managed to catch the local rave scene at the very end of its underground era. What a time to be alive.
The entire Wormhole album is chalked full of bangers that haven’t aged a day in two decades.
The Weakerthans – Fallow (1999)
“I have a headache, I have a sore back…” lyrics more poignant now that ever. Unlike Propagandhi, The Weakerthans are a band that I have seen live many many times, I think I may have even been at their first show ever? They hold a special place in my heart. If Propagandhi is the most Winnipeg band ever then The Weakerthans are the most Southern Manitoba band ever.
NOFX – War on Errorism (2003)
NOFX is one of those bands that I feel like my (much cooler) friends in highschool always listened to, but I didn’t really get in to at the time. Music streaming has just made it some much easier to track down music and go on a deep dive for a week.
The Separation of Church and Stake is a bookend to the Minutemen’s History Lesson Part 2. Franco Un-American has synths and themes of anarchy, an important combination for any growing boy.
VNV Nation – Matter Form (2005) & Of Faith, Power and Glory (2009)
VNV Nation is quite unlike any of the other music on this playlist and easily one of my top 5 artists of all time. I think that deserves some explanation. VNV coined the term Futurepop to describe themselves. The genre combines many individual elements from early trance and techno influence, with gruff, unfiltered vocals — in this sort of ultra-modern way that would fit perfectly as the back drop to some utopian steampunk thriller. Futurepop is an offshoot Industrial/EBM a genre that literally sounds negative and often discusses dark and disturbing themes. Unlike many of the artists in that scene VNV is exceedingly positive and uplifting.
Chrome is a perfect song in every way, I have listened to on repeat many times. Perpetual will be the song I play on my alarm clock in 2077. Sentinal sounds like a hymn sung in a church I’d drive my cybertruck to. Defiant is just so positive.
To Be Continued…
Ryan is the type of guy who starts a blog post bad mouthing pop music, then spends 1500 words discussing relatively popular music.
This playlist only scratches the surface of my music tastes. It’s missing entire genres of music. So if you liked this post, you’ll love part two.
Growing my family was not an early computer adopter. Computers were expensive and my parents were endlessly frugal. So I don’t share the common origin story for a lot of nerds of my generation, I never noodled around with a Commodore 64 or anything of that era.
My first exposure to computer programming was writing simple routines in Logo on an Apple IIe in grade 6. Logo was very simple, but super valuable as a fundamental building block. My experience taught me the basics of looping and the idea of printing things to the screen and it certainly piqued my interest in programming at an early age.
The next code adjacent thing I remember doing was mucking around with the Windows 3.1 autoexec.bat file on my grandfather’s 386 laptop (which he had left with me for some reason), probably circa 1993. Pre-Internet I have no idea how I knew this was a file I could edit, what it did or what to do with it. Perhaps I read the MS-DOS help files. One thing I did learn quickly is that this file had the power to stop Windows from booting. And this actually taught me the important lesson of remaining calm in the face of utter, self-inflicted code disasters.
My coding memory is a huge one. It happened when my family finally got our first PC, a Compaq Presario 486, probably around 1994/95. Again, I don’t recall exactly how, but I soon discovered BBSes and door games. My favourite game by far was Legend of the Red Dragon (playable here). At this same time, I’d started to dive in to qBASIC. I poured through the source code of the demo programs and read through the included documentation. For some reason I decided to attempt to recreate a local version of LORD in qBASIC — except Star Trek: The Next Generation Themed (of course). I built an ASCII interface, ASCII procedural map generator, random encounters and a rudimentary combat system, a town with shops (armour, weapons and potions), system for tracking progress (goal, xp and levels) and that sort of thing. I retrospect, this seems like a monumental task, something I’d never even think to attempt now. With this experience, I had essentially taught myself all the fundamentals of programing I still use today: procedures, variables, control structures, logic, etc.
My first experience with HTML is probably a little more similar to other developers of my generator — Geocities and Netscape circa 1997. I distinctly remember the first website I built on geocities.com, a Star Wars: CCG “bad trader” list — basically a blacklist of people who’d screwed my friend Jon out of cards online — an HTML table on a repeating star background (groundbreaking stuff!). Having worked with the pre-written example programs source code that shipped with qBASIC years prior, the leap to view source on every single website came naturally. And by this time there were already well developed resources for learning HTML online.
I’m actually a little less certain about my introduction to PHP. I think it may have been Movable Type of my first domain (leggomyeggo.net).
Sprinkled here and there is some formal education and the rest — as they say — is history.
A few times every decade we get to witness the emergence of a truly revolutionary back-end technology breakthrough. I recall following OpenID in the mid-00’s, reading some of the early discussion groups and blog posts, eventually watching it become supplanted by OAuth. Which would go on to drastically simplify the way most people log in to websites. I wonder if we’re witness a moment like that right now with the Simple, Quick, Reliable Login (SQRL) protocol.
SQRL is a decentralized website login and authentication protocol released last week after over half a decade of work, by security researcher Steve Gibson. It is a protocol that functions like a combination of OAuth and a password manager. Like OAuth, it enables a 1 button (or QR code) login process, simply click an “authenticate with sqrl” link and you’re in. Like a password manager, it is an app that lives on your phone, desktop or a browser extension.
Unlike either of those solutions, the process that occurs in the background after you hit “authenticate” and before you’re logged in is where really groundbreaking stuffhappens.
SQRL is client-side authentication, meaning an SQRL client (on your phone, as desktop app or maybe a system service in future) negotiates with the server to validate your authentication. Let that sink in for a second… you don’t tell the server who you are or what your password is, the server ostensibly communicates with your phone to figure out who you are. The nuts and bolts of this system are complicated/technical and I’m not actually sure I fully grasp it at this point. But I do know this has the potential to be huge.
A Short List of Benefits
The client-side approach has several unique advantages and eliminates many of the problems with the current username/password schema:
The server does not store your password (zero-proof) Not only does it not store your password, the server never interacts with your password in any way. We all know websites really suck at keeping your passwords safe and secret and reusing passwords in 2019 is extremely dangerous. With SQRL only the client app has a password (and it’s highly encrypted).
The server does not know who you are As far as the technical spec goes, the server does not need a username, email address, facebook id, google account, etc to identify you. It only needs are random public key.
In practice, it a website my ask you to provide a username, but because of the pseudonymous nature of SQRL, the site would have no way of knowing that “ohryan” means “guy who write on ohryan.ca” who is also @ohryan on Twitter.
You can’t be tracked Because SQRL generates unique public keys on a per domain basis, the protocol does not enable cross-site tracking in the same way as something like OAuth does.
Your identity can’t be hacked A centralized system like a password manager or an OAuth provider lives in the cloud, so there is always a remote possibility of a massive breach exposing your master password on any given service. With SQRL, your identity stays in the client which is in hardware in your pocket, not one central source that every hacker in the universe can target.
It’s open SQRL is an open standard. Anybody can create a client, with any additional bells, whistles and improvement they want (including addressing some of the security concerns I talk about below). Apple/Windows/Google could add native OS support. The world’s smartest security researcher can all contribute to the project, write server-side implementations, etc, etc.
In my opinion, based on my understanding of the protocol today, SQRL has one really big problem and a few smaller problems.
Major Concern: No Deauthorization Mechanism
Simply put, if you lose control of your SQRL identity (say your phone is stolen) the protocol has no way to invalidate the authorizations you’ve given to websites with the stolen identity. It has no way to block an attacker from accessing those sites with your stolen identity (assuming the attacker also has access to your phone password and your SQRL client password). The protocol does have a really robust set of mechanisms to retrieve your identity (including something like the bitcoin paper key system), so you will ultimately not lose access to those sites. But the way the protocol is setup, it is only once you access the site with your recovered identity that the site will learn to distrust your old identity.
Unlike Oauth, where a password reset triggers deauthentication across all previously authorized site. With SQRL, you would have to manually visit each authorized site to deauthorize that stolen identity.
So in this way, SQRL actually behaves somewhat like a password manager. If you lose a device that contains access to a 1password library you’d be similarly screwed. To be 100% secure, you would have to manually reset the passwords on all the hundreds of sites you’d stored in your password manager. Fortunately, in both the cases a thief is unlikely to knowledge of your master password. I just feel like this is a real concern that the Gibson dismisses or doesn’t take as seriously as he should.
Phishing is sorta trivial
Since SQRL depends on the user being able to scan arbitrary QR codes to gain access to a site. It’s conceivable to imagine a scenario in which a bad actor could impersonate your bank, create a fake SQRL QR code at www.mybankk.com, hope you don’t notice the misspelling and then subsequently ask for your banking info and steal all your money once you’re in.
The thing is, OAuth is vulnerable to this same type of phishing attempt. A creative bad actor could spoof the entire “sign in with google” process and if the user is not paying close attention to domain name, then the user would be clueless about the spoof.
Hell, I bet there are chat logs between me and notian discussing this very thing when OpenID first started bubbling up.
To my knowledge these types of phishing attempts never materialized against OpenID or OAuth (though I could be wrong).
At worst SQRL is no worse than the status quo. At best SQRL clients may be in a unique position to improve this situation (though there idea to harden SQRL against this attack by using IP addresses is a non-starter IMHO, but I won’t get in to that here).
Since SQRL is an open standard any random bad actor could create a malicious client to do malicious things, like stealing your password.
The best solution to this problem is to make the “official” the best possible app, such that the poor quality, slapped-together nature of malicious apps will be obvious. Unfortunately, I’m afraid this will require a real development investment and it’s not clear anyone is willing to pick up the tab.
The project has a long way to go to get there, but then again, it’s essentially day one.
This final concern isn’t really a problem with SQRL as a protocol. It’s more that… We’ve had decades of trying to teach mom & pop how to use usernames and passwords safely and it’s really not going very well. Getting them to adopt a brand new paradigm is going to be hard.
First of all, if you’re read this far and you haven’t tried it out. Do it now. Grab on of the apps and try logging in to the official forms at https://sqrl.grc.com/. It will blow your mind.
SQRL seems to be the password solution I’ve always wanted. The concept of decentralization seems inherently right and good, it feels like the natural state of the internet. Decentralization by way of having an on your phone store the sensitive data and do the hard computation, just makes, so, much, sense.
It’s hard to say where this technology will end up. I know Gibson is seen as a bit of a fringe wonk in some circles. I’m very interested to see what real security experts have to say, both about the implementation as well as the underlying crypto.