Inflection Points

May 27, 2016

It’s been a nutty couple months.

Peter, Nick, and I sold Cloak! It turns out selling a company can keep you plenty busy.

The sale was a surprise ending for us. It’s also an exciting new beginning.

We didn’t need to sell; Cloak was happily profitable, and those profits were growing. We didn’t necessarily think we wanted to sell, either, at least at first.

However, as we began to plot out Cloak’s next eighteen months, we realized we were at an inflection point. Our investments in engineering automation had allowed us to run lean almost to a point of absurdity. But our leanest days were clearly numbered.

It didn’t take long to realize that we couldn’t take the next steps without growing our team. We needed to ship native apps for Android and Windows. We had to move aggressively to better serve our growing list of corporate customers. We wanted to scale our VPN network. We hoped to make our apps behave more gracefully even in the face of less common network failures.

All told, it was clear that Cloak in mid-2017 was going to look quite different than Cloak in early 2016. We assumed we would lead that charge… until a few potential suitors knocked on our door. The question then became: would we lead the charge? Or would we team up with a larger organization to make the next big push?

In StackPath we found an ideal suitor. Their plans nicely complemented and strengthened our own. They had a deep bench of business, sales, and marketing talent that we knew we needed. And it didn’t hurt that StackPath understood the value of what we’d built, and was willing to pay a fair price.

So here we are! I’m a full-time employee of StackPath. I have a boss. We have a mission. It’s the same as the old mission, only bigger. I’m excited to see what we can build.

An Absolutist View of Encryption

March 11, 2016

President Obama spoke at length today about privacy and encryption. He cautioned against an “absolutist view of encryption”, claiming that search warrants can apply to the virtual world just as well as the physical provided we build our technology wisely.

Alas, Obama is fundamentally wrong. Digital encryption has no analogue in the physical world. Doors locked by lost keys can be busted down. Digital doors locked by lost encryption keys can never be re-opened.

What Obama misunderstands is that “encryption absolutism” is not an ideological position. It’s a technical one.

March 3, 2016 @ 10AM

Today, Mitt Romney delivered an unprecedented speech addressing the toxic state of the 2016 presidential race. I agree with Romney completely when it comes to The Donald: Trump represents an existential threat to our country; he must be stopped.

My Microblog

February 22, 2016

A trip to the Wayback Machine reminded me that back in 2001, my blog looked like this:

What my blog looked like in 2001. It was on the domain back then.

Later, it looked like this:

What my blog looked like in 2003. It was on the domain back then.

It seems my early blog was a microblog! (I was tempted to go all hipster-than-thou about this, but I’ll refrain.)

In any case, there’s a lot of interesting energy around microblogs again today; I thought I’d revive my own.

My original plan was to import my entire Twitter history and merge that with my original microposts, but that led to sadness: Jekyll fares poorly when faced with tens of thousands of posts.

Instead, I simply revived my old microposts and placed them at New microposts will also appear on my site’s front page. To see just the meaty blog posts (and I use the word “meaty” rather loosely), you can visit I’ve also introduced new master, blog-only, and micro-only RSS feeds for your reading pleasure.

Ansible Bustedness

January 8, 2016

Ansible continues to frustrate. It’s one of those tools that looks good at the outset but as you use it more, you begin to question its fundamentals.

Here’s a simple example of an Ansible design decision that is both deeply embedded and probably deeply wrong. (This comes courtesy of my partner Peter, who did the spelunking under Ansible’s hood.)

Ansible consumes YAML that defines a configuration. YAML values can be Jinja2 template strings, if desired. (Apparently, Ansible merely sniffs for telltale opening double braces to decide whether to send a string through Jinja.) That’s useful as far as it goes.

But after rendering these mini-templates, Ansible next calls Python’s eval(...) on the resultant string. If this happens not to blow up, Ansible tosses the python instance that results down the chain rather than the rendered string. Yet there are many configuration strings that you might want to keep as strings that nevertheless happen to eval(...) successfully. For example: JSON literals, certain RabbitMQ configuration syntax, etc.

There’s no facility to be selective here. Just another day of software.

1Password for Teams

November 3, 2015 :: external link

Congrats to AgileBits on today’s launch of 1Password for Teams.

We’ve been using beta builds at Cloak and it has measurably improved our process. From where I sit, 1Password for Teams is an easy purchase for any business that needs to manage shared passwords — these days, that’s pretty much every business.

Building a tool like 1Password for Teams isn’t easy: it requires thoughtful security design and extremely careful execution. It’s not surprising, then, that the 1Password for Teams security whitepaper is an interesting read. Even the “key security features” front matter is enough to convey the sophistication and thought behind the product.