Learning opsec with Nermal

A few years back, (ISC)2’s charitable trust, the Center for Cyber Safety & Education partnered up with Paws, Inc. to create four comic books putting Garfield and friends in various educational cyber situations. The topics are privacy, safe posting, downloading, and cyberbullying. The fact that the Center for Cyber Safety & Education has, seemingly, three websites all dedicated to pushing this (one, two, three), the fact that they all demand you accept their usage of cookies, the fact that the Center seems proud to partner with Nielsen and Amazon… none of these things scream ‘privacy awareness’ to me. But I was curious just what sort of advice Garf had to offer on the matter, and I have therefore read ‘Privacy: Online Friends Are Not The Same As Real Friends’. On the off chance that you, reader, do not want to acquire this masterpiece and follow along, there is also an animation, hosted on known privacy advocacy platform YouTube (lolol). For whatever reason, the animation only covers like a third of the story, but eh it’s enough to get the gist.

Let’s get plot out of the way. Garf wants to eat a bunch of doughnuts, but he can’t because Nermal is being loud. Nermal is being loud because he’s struggling at a video game, ‘CheeseQuest VII: Attack of the Cheddar Zombies’. Some random player offers to help Nermal win, he just needs Nermal’s password. Arlene catches this and convinces Garf to care. Garf is not a privacy expert, however, so he calls everyone’s favorite recurring character, Dr. Cybrina, for help. Dr. Cybrina tells Nermal a bunch of tips for staying safe online, and then in a random act of kindness, Garf shows Nermal how to beat the game. Then he leaves to chase an ice cream truck.

All of that is just set dressing to talk about privacy, of course. So, what does Dr. Cybrina teach Nermal? Not much, really. On a single page, we learn about Personally Identifiable Information (PII)1. “Like my favorite kind of pizza?” Nermal asks. Dr. Cybrina clears this up, and lists off a bunch of examples of PII: name, address, phone number, gender2, age, and plans/location. Oddly, she lumps password in here as well, which… doesn’t quite feel right, but not sharing your password is obviously good advice, so whatever. Then, Dr. Cybrina talks a bit about how little Nermal knows about this random player as well: the distinction between screen names and real names, that the player might be a big scary adult, and of course… that online friends are not your real friends. She doesn’t say anything about sharing photos of yourself, but Garf apparently knows this and changes Nermal’s profile pic. Finally, we get several pages of quizzes, with things like ‘is a story you wrote okay to share, or best kept private?’ and ‘is it okay to play games online?’ The multiple choice questions are entertaining, with choices like ‘Nermal should only give the friend his password if he gets the friend’s password too.’ And… that’s that.

So is it any good? Well, as a Garfield tale, it adds some wild realities to the canon: we get a new character, Dr. Cybrina, destined to the pit of deep lore like Ivy or Stinky Davis; we now know at least seven CheeseQuest games exist in the Garfiverse; and we learn that Garf absolutely whips at video games. But, more importantly, it… does a fine job at explaining PII, considering it is a comic for children. But it doesn’t really talk about privacy beyond this one aspect, and it only really teaches kids how to protect PII if they’re interacting with another person, or perhaps setting up a profile online. I acquired this with the intent on reviewing it’s merits on teaching privacy; I expected it to either be horribly misguided or, hopefully, have lots of bits to praise. I didn’t really expect it to be… accurate, but utterly lacking in points to discuss. Given that, it’s honestly kind of hard to assess.

I also wonder if… well, if Garfield is the right franchise to use to reach out to children in 2016 (the year of its release), or today (since they’re still clearly pushing this). At its heart, it does what it set out to, though. One of many little quirks in Garf licensing, though in keeping with Jim Davis’s dedication to education, one with an admirable goal.

  1. Oddly, they avoid using industry standard terminology and just say ‘personal information.’ I’m sticking with PII so I can abbreviate throughout. ↩︎
  2. “Are you a boy or a girl,” grr. ↩︎

Monster Care Squad

Monster Care Squad funded! Late pledges can still be made on the Kickstarter page.

I started writing this post late May. Well before the Kickstarter started. I wrote a lot; I hated it all, it all felt like I was parroting some bullshit press releases. I wouldn’t care, except… I read an extremely early copy of the rules, and I was so excited to write about it. But, I mean, the world… sucks right now. I’m horribly depressed and unmotivated. I’m floating between highs and lows, but… nothing is great. I’m doing lots of retail therapy; collecting films I meant to watch, filling up gaps in my manga collection, I bought the dang perfect scale replica of the Ohmu from Nausicaä. Shit is hard. And I’m glad in these times, folks are creating… happy things.

See, Monster Care Squad is a TTRPG from my pals at Sandy Pug Games that… is exceedingly gentle. My initial take in May was that it was fantasy James Herriot; I know I’m not alone in making this connection. You roam its world, Ald-Amura, fixing up monsters who have been afflicted by a poison: the False Gold. Somewhat uniquely, monsters in this world are… well, they coexist with humans, they’re… not villified. And accordingly, you play a roaming monster veterinarian who never encounters combat. That’s not the sort of game this is. You heal; healing is the end goal, the level-up trigger, the apex of the narrative arc. You may need to slap a monster around to get it to accept your anaesthetic, but… fighting is ancillary here. It is a gentle game, a healing game.

I think part of why I struggled to finish this post was that… there’s a lot of rules to dive into, and again… I fall into some trash PR writing very easily. I will say that a core dice mechanic is that of control, which shifts what dice you use based on how much you’ve succeeded or failed up until that point. It’s a neat system that makes my maths-brain dance. But honestly… all these bits are great, but they mean nothing without realizing how much heart is in the game. And, I have known this from the beginning, I know these people and I know that they care; I’ve read the initial text, and I know that it cares. But…

…here’s the thing. The Kickstarter is going very well. Which isn’t to say you shouldn’t back it; you should! But… the team is doing something amazing. They’ve set up a grants system for what amounts to fanfiction. They’re not claiming ownership over anything that comes of it; they’re essentially not setting any rules at all. They’re asking people to apply, submit community works, and potentially get paid under a patronage sort of system1. Creators potentially get paid to develop whatever the hell they want, and then… they keep the ownership. This is the sort of shit I’ve always been pushing for. This is the sort of shit that we all need to be doing when we get a wee bit of power, yet are still stuck in this capitalist hellscape. Fixing stuff on a large scale is… kind of hard to even fathom. But on a medium scale… Sandy Pug Games is doing something that feels unprecedented to me for a small games company. This is a big fucking deal.

I don’t know how to wrap this up. Monster Care Squad is… so exciting to me. I imagine it would be exciting to anyone who happens across this blog. More importantly, the creators are finding new ways to… be genuinely good. Which is… what you’re to be doing in the game, in Ald-Amura, you’re a selfless professional. It’s some full-circle shit, and I’m here for it. I hope you are too. Redundant link, just in case, y’all.

  1. Apologies for supporting GOOG, y’know how it goes. ↩︎

All of the Windows Explorers, together at last (external)

I have quite a few posts lined up, and I’m excited about all of them, but… I’m very stressed, and writing is very hard right now. So in the meantime, this post title-links to a very cool recent writeup by Gravislizard, a streamer (&c.) whose dives into retro computing I really admire. The linked post compares basically every notable revision to Windows Explorer since… before it was even called Explorer. Twenty little writeups complete with screenshots, from Windows 1.04 to Windows 10. Lovely little trip through history.

Hollow hearts

An interesting thing that I’ve noticed over the past few years of internetting is how we’ve established conventions around like, favorite, &c. buttons, and how frustrating it is when sites break those conventions. The meaning of such a button is largely determined by its context; saving for later (say bookmarking, or wishlisting) for an e-commerce site, acknowledgement or praise for social media, and somewhere in between those two for blogs and other content consumption platforms. This isn’t a hard rule, obviously. Twitter, for example, has a bookmarking function, but also lets you easily browse through liked tweets. Bookmarking is a more buried option, as its intent isn’t to display praise, and I would guess that because of this intentional design decision, a lot of people simply use likes in lieu of bookmarks.

Iconography is also generally pretty standard, often hearts or stars. This defines context in its own way; users famously had concerns when Twitter moved from stars to hearts. Which makes a lot of sense – slapping a star on the tweet ‘My cat Piddles died this AM, RIP’ has a pretty different vibe than a heart. Since this happened retroactively to everything anyone had ever starred… it was certainly jarring.

Other iconography certainly exists; bookmark-looking things clearly define their intent, pins do the same to a lesser extent, bells indicate notifications1, and sites with voting systems will often use thumbs-up/down or up/down arrows for this tri-state toggle. Medium, notably, went from a straightforward ‘recommend’ (heart) system to ‘claps’, a convoluted variable-praise system represented by a hand. While dunking on Medium is not the purpose of this post, I think it’s worth mentioning that this shift was enough to essentially prevent me from ever reading anything on the site again2. Having to rate any given article from 1-50, and then sit around clicking as I worry about that decision is anxiety-inducing agony, especially when I know it affects authors’ rankings and/or payouts. It also feels incredibly detached from the real-world phenomenon it’s supposed to mimic. Clapping for a performer in an isolated void is a very different experience than reacting in real-time with the rest of an audience. But to get back on track, clapping additionally violates our expectations by no longer being a toggle. It increases, maxes out, and if you want to reset it to zero, you have to hunt for that option.

Which brings me to my point, and my frustration. These things are usually a toggle between a hollow heart or star3 and a filled one: ♡/♥︎ or ☆/★. This is very easy to understand, it mimics the checkboxes and radio buttons we’ve been using on computers for decades. Empty thing off, filled thing on. So long as we know that this icon has meaning, and that meaning brings with it a binary on/off state4, a hollow or filled icon indicates what state the content is in. If a user can’t toggle this (a notification, say), it’s simply an indicator. If a user can, then… well, it’s a toggle, and there’s likely a counter nearby to indicate how many others have smashed that like button.

This is great, and intuitive, and it works very effectively. Which is why it’s extremely frustrating when sites violate this principle. Bandcamp, for example, uses a hollow heart at the top of the page to take you to your ‘collection,’ a library which is a superset of your wishlist. Wishlisting is represented by a separate on/off heart toggle. This toggle, on an individual track/album page, has a text description next to the heart; the collection button at the top of the page does not. This is utterly backward, as the toggle works intuitively, and the button… has no meaning until you click it5. Etsy, on the other hand, uses a hollow heart at the top to bring you to your favorites page. But it does two things right: it has a text label, and it brings you only to things that are directly connected with a matching heart toggle.

GoComics is an equally perplexing mess of filled hearts. A comic itself has both a heart (like) and a pin (save)6. Both are always filled, with the toggle being represented by a slight change in brightness: 88% for off, 68% for on. It’s very subtle and hard to scan. These are actual toggles, however, unlike in their comments section. Their comments also have filled hearts to indicate likes, but they only serve as indicators. To actually like a comment, you must click a text-only link that says ‘Like,’ and isn’t even next to the heart. At this point, the text does the same absurdly-slight brightness shift from #00A8E1 to #0082AE. While it’s difficult to scan the comic’s heart icon’s brightness shift, the comment’s ‘Like’ text’s brightness shift is nearly imperceptible. A comment’s heart icon doesn’t even appear until there’s at least one like, and clicking it just brings up a list of users who have liked it. Suffice it to say, I click this accidentally on a near-daily basis. Humorously, GoComics understands the hollow/filled standard: they use it on their notifications bell icon.

These are just two examples in a sea of designs that prioritize aesthetics over intuition and ease of use. Medium tacks a filled star on after the read-time estimate for no apparent reason. Lex has both a functional heart and star toggle on every post, but no immediate explanation as to what differentiates them. Amazon seemingly has a heart toggle on its mobile app, but not its website, and it’s unclear what differentiates this from the regular wishlist. Ultimately, I don’t think this is a space that needs innovation (like, arguably, Medium’s claps), or one that merits subtle aesthetics. Folks have largely realized the perils of excessively abstracting ordinary checkboxes and radio buttons, and this relatively new breed of binary toggle should intuitively work in exactly the same way.

  1. Bells are used both as a toggle (don’t forget to subscribe and hit that bell!) and as an indicator when a user has unread notifications. This is its own can of worms. ↩︎
  2. To be clear, I have never liked Medium and it has always taken a lot to convince me to click to a Medium URL. Usability-wise, it has always felt a little too walled off and detached from the web to me. Content-wise, it has tended to somehow bring out a lot of long-form writing from folks who have about two paragraphs worth of material. Visually, it takes cues from print that don’t sit well on the web (seriously, look at its drop caps). And, ethically, I’m generally not a fan of this shift to all blogs being hosted/controlled by like three or four major players. ↩︎
  3. Or a bookmark, or whatever; for the remainder of this post I’m only really talking about hearts and stars for their ubiquity, but the concept applies so long as a meaning has already been picked up on by users at large. ↩︎
  4. Voting systems, like Reddit, have a trinary state: upvote, downvote, and no vote. The individual buttons are still binary, however. ↩︎
  5. Or, wait for the tooltip to display ‘collection,’ which… still isn’t very meaningful. ↩︎
  6. Toggling the pin has some interesting behaviors as well. Toggling the pin on also toggles the heart on, but toggling the pin off leaves the heart alone. Presumably the assumption is that if you’re saving a comic, you like it! And if you’re no longer saving it, you probably still like it, just… not enough to keep bookmarked. This makes some sense, but it’s very difficult to perceive due to the subtlety explained in the rest of the referenced paragraph. ↩︎

Dismantle each and every police force. (external)

Title link goes to the donation page for Black Visions Collective. I don’t have much to say here, honestly. I’ve been kind of going about my business, writing and creating things as a way to distract my mind. Which, frankly, is the textbook definition of white privilege. I have a bunch of dorky shit that I’d love to write about, but… at this point, saying nothing may as well be an act of violence.

I’ve never had a positive encounter with the police, yet I’ve still survived all of them, come out unharmed. I truly hope that people are seeing cops instigating violence, posing as taxi drivers, taking a knee for a photo op before spraying peaceful crowds with chemical agents, showing off their might with ominous coyote brown vehicles, yelling ‘if you do not move, you will be dead’ at protestors from their armored trucks… I hope people who have given the police the benefit of the doubt are seeing this bullshit and realizing just how wrong it all is.

If there’s protest action happening in your city, there’s almost certainly an abuse of power going with it. Funds in Minneapolis, NYC, LA… they all need support. But pay attention to your community as well. Lift up those who need it, however you can. Tear down systems of oppression. Public safety can exist outside of this structure. Fuck the police.