Pre-order London Kerning

London Kerning cover small.png

The crowdfunding campaign for London Kerning, a small book I’m researching and writing about type design, signage, and letterpress printing in London, went very well! I raised twice my goal, all of which goes towards covering the expenses for my trip and printing a small edition of books.

The ebook will ship in January 2018 and the print edition in February 2018. You can place pre-orders for either version or a discounted bundle via this page!

Three books: disease, a canal, and typesetting races

My work schedule and intensity often prevents me from focusing enough these days to read books, something I find frustrating, and am working to revise. The flip side is that I read thousands of pages of books online this summer and fall in researching articles, and that was absolutely delightful. 

I have completed three books recently, and I'm recommending them all.

Doctor, Doctor, It Hurts When I Read

The first is Get Well Soon: History's Worst Plagues and the Heroes Who Fought Them (2017, end notes, bibliography) by Jennifer Wright. Jen is delightfully funny on Twitter and also a force to be reckoned with in fighting against misogyny and cruelty. Her book on plagues seemed like a funny match to her public personality, but I enjoyed it from beginning to end. I'll say that she tries to ease us in. The book is written in a sometimes aggressively peppy and informal tone, and the book starts out heavily in that style, and then drops down into a more level pace once we understand that the title will be enjoyable and not a recitation of death and blood.

Massively annotated with citations (using end notes, to make the main text readable) and full of bits of history I never knew the full and true story about, Get Well Soon extols a lot of great people, some of whom were forgotten or maligned. She finds mostly heroes and some villains. The chapter on leprosy is particularly moving; on lobotomies, a human plague, a definition I fully agree with after reading it; and on the dancing plague surprising and bizarre. If you wonder how humanity has survived, pick this up. I particularly recommend the subsection in "Bubonic Plague" titled "The Exploding Frog Cure."

Nor the Battle to the Strong

Earlier this year, after discussing with a friend typewriting races—speed competitions for keying in words—I recalled there were words used among typesetters to test speed, too. That led me to the book The Swifts: Printers in the Age of Typesetting Races by Walker Rumble (2003, glossary, end notes, bibliography, index). What the heck?! This monograph helps you understand the life and nature of compositors or typesetters in the 19th century, and led to a number of articles and explorations I made this summer.

Typesetting was a tough job and hadn't changed much since Gutenberg. While everything else in printing sped up, including the manufacture of type, composition largely remained the same, relying on the frailty of humans working as fast as they could. As the century advanced, speed races among typesetters became a fad, and many were held. The fastest compositors were called swifts (and according to one contemporary source I found, fire eaters). But even as these races became popular, the hot-metal Linotype typesetting system became practical and shifted the majority of composition from one-at-a-time hand work to keyboards.

This was an okay change, though: the book notes that in 1850, the average age of death of a printer (including typesetters and pressmen) was 28 years. Horrifying. As the Linotype era started, despite the pots of boiling lead involved, working conditions did, too. The average death age increased year by year until it was about 53 in 1920, the same as other male adults.

It's not all bleak! The swifts had fun, and drank like fish, and had their own typographers' bars, and traveled as journeymen, and led the life of Riley. The book also covers how boys started apprenticing around age 13, the attempt by women to enter the field, and the remarkable anti-union behavior of Susan B. Anthony. The book bogs down into racing statistics at times, but it's generally a rollicking and super-informative slice of life. You understand how typesetters lived and the era that ended.

A Canal Ran Through It

This summer, I went to a talk by David B. Williams, a local author and naturalist who had a co-written book coming out in the fall called Waterway: The Story of Seattle's Locks and Ship Canal (2017, bibliography, index). As a 20-plus-year denizen of Seattle who loves the waterway that winds through the city, and with scattered historical knowledge about how it was fitting together and things cut through—we live near a passage called the Montlake Cut—I enjoyed the heck out of his talk and got the book the moment it was out.

It's lavishly illustrated and beautifully written. He and co-author Jennifer Ott, an environmental historical, trace the massive hydrologic and soil changes carried out by a couple generations of city leaders, local businesspeople, and the Army Corps of Engineers. It's a narrative with relatively little intrigue and corruption, but rather fights among competing visions of restructuring Seattle combined with challenging nature. A river's course is reversed. Another is blocked and effectively removed. A large portion of Elliott Bay is filled—with soil from a canal excavation that was never completed. The one that was lowered Lake Washington by nine feet.

And the book doesn't just look at it from the view of immigrants from the east, but native Americans relationships with the water, and how the reworking affected where they lived, what they ate, and their ability to continue their intertwined lives with salmon.

I think of it as a quintessential Seattle thing to know all the bodies of water and canals between Elliot Bay and Lake Washington, and I see them all with different eyes after reading this book.

(My only quibble is typographic: the book is gorgeously designed and printed in vivid full color, yet the designer opted for a fake (slanted) italic with its body face, which grates on this typographer for its inelegance—why not use a correct, more legible, harmonious italic?)

Protect, Secure, and Network Yourself with My New Book

I’ve just released A Practical Guide to Networking, Privacy, and Security in iOS 11, the latest version of a book about those three topics that I’ve been updating for about seven years in a couple of different versions. 

My intent is to give you everything you need to manage networking—Wi-Fi, Bluetooth, cellular, Personal Hotspot, AirPlay, AirDrop, and more—as well as all the ins and outs of what Apple does with your private data and how it controls and restricts access by third-party apps and Web sites to you while you use an iPhone or iPad. I also explain how to pick good passwords, turn on two-factor authentication, use passcodes and Touch ID, and find your missing iPhone or iPad. 

It's a reference work—you probably won't want to read it end to end! But whenever you have a question about any of these topics, it’s there to refer to you. You can purchase it directly from me via the link below, and you get a DRM-free ebook in three different formats, so you can read it anywhere you want on any device. The price includes any updates to this iOS 11 edition. 

Read more about the book here, including a downloadable excerpt and table of contents.

If you purchased any previous edition, you’re entitled to a low-cost upgrade; contact me if you didn’t receive email or other notification. If you’d like this book in print, you can purchase a print-on-demand edition via Amazon.

Sites Lie To You about What Makes a Good Password

Bad password advice from the 1990s continues to be repeated ad nauseam, even though it has been widely disproven and groups ranging from security firms to academic researchers to the National Institute of Standards and Technology (NIST) specifically advise against most of those principles. Below, I take this apart and offer you actual good advice. (My friend Joe Kissell covers this topic in depth in his excellent "Take Control of Your Passwords.")

You might also wonder why encrypted passwords stolen from breached sites can still be cracked and used against you. I can explain that, too.

Everything you’ve been told is wrong

P@ssw0rd1  could be cracked in a billionth the time it takes for you to recognize that the first P in this sentence is a letter.

P@ssw0rd1 could be cracked in a billionth the time it takes for you to recognize that the first P in this sentence is a letter.

You know the drill. You’re often told, when setting up an account or changing a password, that a good password should:

  • Be at least 8 characters long, but often no more than 12.
  • Contain at least one uppercase letter, one lowercase letter, one number, and one piece of punctuation (from an approved list).
  • Not contain any words found in a dictionary (in any language).
  • Change every few months.

If you follow that truly lousy advice — which may even be enforced by the server — you can wind up with dr0wssaP!, a password that passes all those rules with flying colors and can be cracked in seconds. Crackers also know the above rules and optimize their cracking routines to focus on variants of simple words combined with the obvious numbers and pieces of punctuation. This is what leads people to pick Apples1! for an eight-character password. 

Not really that strong, but it’s green! That’s good, right?

Not really that strong, but it’s green! That’s good, right?

As NIST’s 2017 standards report notes about memorized passwords, “Humans, however, have only a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed.”

All of that is bad advice. The best current recommendation is:

  • Use a password manager that creates and manages passwords for you. I rely on 1Password.
  • Use a different password on each site. A password manager makes that easy.
  • Make it longer, which I’ll discuss more below. Passwords are often 8 to 12 characters because they’re so complicated. A longer, easier to type password can be much stronger than a short impossible one.
  • For passwords you need to type regularly and can’t paste in, make up passwords from words you know, but use several of them, randomly selected; better, let your password manager do it for you.
  • Don’t change your passwords regularly. There is absolutely no reason to create and memorize or store a new password unless a breach has occurred. The only reason to avoid this rule is if you haven’t changed your password in a while and you know it’s short and weak.

You can consult my 2015 Fast Company article, “Everything You Know About Passwords Is Wrong” for more of the research background on why existing rules are bad.

You might be baffled, as I regularly am, as to why a password like Sluggy-Headache-Fedora-Man is much more more secure than KLJf@88!4=Pz9 — should a password made of words be simpler to test and match than one made of totally arbitrary characters? No, and that’s because of the brute force required. Even with crackers using techniques to walk down smarter paths for basic passwords, longer passwords just take vastly longer amounts of times through which to iterate. (I have to go and re-read the background to refresh myself on the details.)

Every character added to a password can increase the difficulty of cracking it by some factor from just a few to thousandsfold, depending on the overall set of characters chosen, repeated characters, whether words are in dictionaries, and more. Add several characters and through the power of exponents, a password could be billions or trillions of times more resistant to brute force. You can trade off a large set of characters used in a password — like mixed case, punctuation, and numbers — against a longer password that’s entirely lowercase or mixed case. (A nice variant is to use a rare punctuation character between words.)

Effectively, the choice is:

  • If you never need to type a password, and your password manager can fill it in, picking a super-complicated 20 characters long will probably survive the heat death of the universe.
  • If you ever need to type a password, especially on a mobile device, picking a longish one that's three or four words long in an unusual combination (which can be generated by 1Password and other software and algorithms) with a story that reminds you of the words gives you until the sun burns out. Or even with vastly improved computational, the rest of your life and far far beyond.

When passwords are stolen from a Web site, aren't they encrypted? Shouldn't that stop the bad guys?

Yes and no. Account databases almost always use "hashing," a one-way encryption process that transforms any input into something that can’t be reverse-engineered to discover the original information. (It performs a large number of mathematical operations that ensures that two similar pieces of starting text produce vastly different hashed outcomes. This prevents guessing and testing.)

When you log into nearly any Web site, you enter your username and password, and the password is sent through the same hashing algorithm and compared to the stored value in the site’s database. Good so far.

Since hashing is a one-way operation, the only way to crack a hashed entry is through brute force: passing a huge number of passwords through the same hashing algorithm until you find one that matches the stored value.

However, many sites long relied on an outdated hashing algorithm (SHA1) that has run afoul of Moore’s Law combined with flaws discovered later in how the algorithm was designed. Because computational power increases on exponential basis, any algorithm that has a flat level of difficulty, no matter how complex, will eventually fall to faster computers. Plus, GPUs (graphical processing units) in computers and graphics cards vastly speed up and reduce the cost of encryption and similar intensive computational tasks. As a result, criminal crackers can afford hardware that's able to perform tens of billions — maybe hundreds of billions — of passwords checks per second. Flaws in the algorithm further reduced the amount of operations required to crack passwords, providing an effective speed boost.

One simple technique could have protected even many weak passwords. Let's say your password is 123456. That's a terrible password, and could easily be broken by brute force checks that would test billions of possible password against the stored hash value. Even worse, that cracked password is now cracked across all accounts in all breaches because it's identical when passed through the hashing algorithm everywhere.

However, if you add unique random data called "salt" to the one-way hashing algorithm, as little as a couple characters of text, but which can be much longer, the hashed results of otherwise identical weak passwords end up different. Even if one salted password is cracked, others won't be, because the salt will (or at least should be) different for each one. Every password has to be cracked uniquely by combining the salt with the current guess, no matter how weak the password is.

In short, because computing power continues to both increase and drop in cost, crackers continue to break more passwords from older breaches and use them to compromise accounts whose passwords remain unchanged.

Nonetheless, we're still talking about relatively weak passwords. It also turns out that many sites had no rules for password security, and even those that did often gave bad advice for choosing passwords. As a result, a lot of people chose 135792468 or p@ssw0rd for what they thought would be a perfectly unguessable password. 

Pick a better password even as sites improve their encryption choices, and you can wind up well protected. Some sites and services that use robust protection have had major breaches and no reported cracked passwords.

I originally wrote this as part of a story where it wound up ballooning out of scale, and too tangential. I revised to share here!

Amazon, T-Shirts, a Teenaged Entrepreneur, and More

Another large passel of articles I’ve written are out!

Type Geek Lanyard

Back when I started out in typesetting, production, and graphic design, we used X-Acto knives, wax, and layout boards to put the pieces together for printing. And we all, every one of us and every shop, had a variety of measuring tools that we used all the time. The type gauge and the line gauge were key ones!

As the paste-up era ended, and we moved into full pagination output and then ultimately eliminating most or all intermediate steps between digital design and the press.

But this year, in which I've spent hundreds of hours in a letterpress shop, I remember how useful it is as a designer to always have measurement tools nearby. Also this year, I met the folks at Buttonsmith, a local worker-owned, unionized, made-in-the-U.S. company that produces buttons, magnets, lanyards, and reels both in mass quantities of their own designs and custom one-off or larger orders.

Ah ha! I felt like there was something missing I wanted for myself, and so I designed it. I worked through a few of prototypes and several digital revisions with Buttonsmith to get to the desired results: a type-geek lanyard. It's a silky soft set of rulers (inches marked to 1/8th, picas to 2 points, and centimeters to 5 mm) with some handy type and leading measurement tools as well.

I made a small batch for the School of Visual Concepts' Wayzgoose yesterday—an annual printer and general public meet and greet and marketplace—and have lanyards left to sell. (Don't use these while printing on a letterpress, of course, but they're great for all other times!)

You can order directly from me, and if I sell out, I'll take pre-orders for a new batch: $15 each plus shipping, but contact me if you'd like larger quantities.

A photoshoot on letterpress, a workshop on cut letters, and a Whitman print

Three pieces of printing news.

My friend Jeff Carlson came in to take pictures for his own interest on the first day I started in on printing my book by letterpress in June and then returned on one of the final days. He worked this up into a photo essay that ran at Adobe Create! It was a great pleasure to be photographed by him, as he’s a very fine artist, and neat to be in this feature. It’s really a nice look at aspects of letterpress and the studio in which I’m printing (at the School of Visual Concepts/SVC).

Photo by Jeff Carlson

Photo by Jeff Carlson

Jenny Wilkson, SVC’s letterpress program head, and I will teach a one-day workshop that explores laser cutting and engraving and letterpress on November 11. The title? “Frikkin Lasers: Letterpress Printing with Laser-Cut Media.”

Letters being cut on a Glowforge.

Letters being cut on a Glowforge.

Finally, if you’d like a piece of my printing, I’ve researched, wrote, designed, and printed a folio—a four-page booklet—with Walt Whitman’s poem “A Font of Type” on the cover and an essay inside that you can purchase! Ships immediately worldwide.

One Ringee Dingee

Things I didn’t know my children didn’t know until we went to the Museum of Communications

  • How to dial a rotary phone.
  • How to listen for a dial tone.
  • What a switchhook was.
  • How to hold the switchhook down to hang up and then release to get a dial tone.
  • That you had to lift the receiver to dial.
  • What a busy signal sounded like.
  • Why a busy signal existed.