Press "Enter" to skip to content

James Koole Posts

Why I’m Telling Anyone and Everyone to Try

Encryption is something we should all be using, but it’s still too hard for the average person to understand.

Apps like Signal from Open Whisper Systems are great for basic chat where you can be sure nobody will be able to intercept and read your messages. Even iMessages are pretty well protected from prying eyes. But encrypting email and sharing files between two or more people in a secure and private manner is still really tricky to setup and use and because of that, it’s not all that common.

How many people do you know that you can send a PGP encrypted email to? How many people do you know who have even heard of PGP encrypted email?

Why does this matter?

Maybe you are in the “I’ve got nothing to hide” camp. Sure…you might think that is the case, but I’m willing to bet that you actually have plenty to hide. Criminals aren’t the only people who might want to keep things private or secret. Does your company have secrets that you wouldn’t want competitors or even your own customers knowing about? website feels approachable and friendly, even to non-techie people. website feels approachable and friendly, even to non-techie people.
Perhaps you want to be able to send your credit card or banking details to your spouse in a secure way. Or maybe your doctor will want to send your latest test results to you (and only you). With encryption, you can be sure that the contents of the email can only be read by you, even if someone else accesses your data.

Look at the recent hacks of the Democratic National Committee and John Podesta that ended up on Wikileaks. Had the DNC and Clinton used PGP encryption, whoever got their hands on those emails wouldn’t have been able to read them. No embarrassing opinions about other people in the open and no media to deal with.

You’d think someone like a US Secretary of State who was using a private email server would have been smart enough to require anyone who communicated with her to do so with PGP encryption…she could have saved herself a lot of trouble!

Be smarter than she was.


Keybase is a relatively new website and service that aims to put PGP encryption into the hands of more people. It combines easier ways to encrypt, decrypt and digitally sign messages with a really interesting idea around identity validation. As they say, “Keybase maps your identity to your public keys, and vice versa”.

I have a lot of identities online. I have a Twitter account, a website or two, a Hacker News and Reddit profile, and even a Bitcoin address.

Previous to Keybase coming along, it was the case that someone could look at this website and say that it was “probably” the same person as @jameskoole on Twitter.

With Keybase, the idea of “probably” the same person becomes “provably” the same person. How does it work? Like this:

If I can post a tweet to my Twitter account, then that’s me. So Keybase gave me a very specific text to tweet and they they checked for it. Similarly, if I control the DNS entries on my domain name, then it stands to reason I could put a very specific TXT record in place that they can check for. If you dig the DNS on, you’ll see a TXT record that serves as my Keybase verification.

Here’s my Twitter “proof”, for example:

You can look at my Keybase profile to see the various identities that are “provably” me.

Encryption tools

The next big piece of the puzzle is for Keybase to provide ways to sign, encrypt and decrypt messages sent to me by others who wish to contact me securely and privately.

PGP is the key here (pun intended). OpenPGP is an open source, well-known encryption protocol that works by way of a public/private key pair. A message to me can be encrypted with my public PGP key. Once encrypted, the only thing that can decrypt that message is my private PGP key.

keybase-websiteOn Keybase, anyone can get and use my public key to create an encrypted message that only someone with my private key (in other words, only me) will be able to view. And I can do the same with anyone else on Keybase.

The idea of a PGP public key server isn’t new. But what is new is that Keybase allows users to link their online identities to those keys. So I can look someone up on Keybase by their Twitter handle and send them an encrypted message, knowing that I am sending it to the right person.

Keybase Filesystem

Encrypted Messages are great, but what if you want to send data like a text file, or a picture or a Word document. Keybase Filesystem (KBFS) extends Keybase and creates something like a secure, PGP-signed or PGP-encrypted Dropbox sharing service. You can see my public Keybase folder here which contains files that are automatically signed by me so you know that they come from me.

With KBFS, I can share things like passwords with others on my team at work as easily as dropping a text file into a folder. I can share files with anyone on Keybase, and those files are automatically signed (so people know they are from me), and encrypted (so only they can open and read/view them).

A lot more work to do

Is Keybase easy enough for anyone to understand and use? No. Not yet. But with a little effort and learning, I think anyone can get set up on Keybase and start messaging and sharing securely. If you don’t have a PGP key yet, Keybase will help you create one. If you already have a PGP key, then you can use that with Keybase.

Even if you don’t know how any of this works, you can send me an encrypted message. Give it a try! Go here, and enter my username (jameskoole) in the recipient box. Type your message in the Message to encrypt box and click encrypt!

You’ll see something like the text below, which is a secret message that only I can read because it’s encrypted with my private key. And because it’s just text, you can email it to me like any other email, except nobody else will be able to read it, even if they hack into my email or tap into the network along the way.

Version: Keybase OpenPGP v2.0.58


Check it out, sign up and learn!

I’d really encourage everyone to check out and sign up for Keybase. Maybe you know a bit about encryption, or maybe not. Use this as an excuse to get educated. This stuff really matters and as time goes by, it’s going to matter more and more.

Keybase is a service that deserves to exist and that makes acquiring using encryption technology much simpler.

For a deeper explanation of the KBFS, there’s a good explanation here that spells it how it works better than I can.

Keybase is currently available via invites only, but I’ve got a bunch. Drop me a line in the comments, or hit me up on Twitter and I will get one out to you.

Leave a Comment

Keep Your Opinions to Yourself

What is it called when someone is afraid to express their opinion because of fear?

Go on Facebook and post that you think Trump might be right for America. Or take to Twitter and suggest that the debate over who can use which washroom is ridiculous.

Actually, don’t.

Because if you do, you’ll get tons of hate tweets and your “friends” will be the source of much of it.

This isn’t healthy debate. In fact, it’s entirely unhealthy and it’s making people both mentally, and sometimes even physically ill.

We’re living in a world where people call those with differing opinions their enemies. We have people who call themselves (and are called) social justice warriors. We’re constantly engaged in wars of words and those whose ideas and opinions differ are called idiots, fools, morons or worse.

Sadly, there’s no point in trying to debate this. If you try, you’ll find yourself flooded by hate. When you point out the hipocrisy of that hate pouring forth, it will generate even more of it. Waves of hate and ridicule. You’ll lose and lose badly.

The result is that many just sit there, shut up and keep their opinions to themselves out of fear. They say one thing publicly and then when nobody is looking or listening they do something else and pray that nobody ever finds out.

This needs to change.

In the meantime, keep your opinions to yourself. Not because they aren’t valid or reasonable. No, keep them to yourself because that way you won’t have to face the wrath of those who have different opinions from yours.

Comments closed

How Being a Marathon Runner Makes Me a Better Product Manager

Aside from getting hours a week to think while out running, there are some shared lessons to learn between being a marathon runner and product manager.

Here’s a few that I came up with (while out on a run, naturally):

  • It’s about having a long-term goal and a plan to achieve it — training for a marathon takes months. You map out a schedule with various runs, and your gradually build until race day. As a PM, the product roadmap is your guide and you plan out a strategy to get you there over the course of many sprints.
  • It’s about collecting and analyzing the right data — cadence, pace, heart rate, effort, what I ate, how I felt…it all goes into painting a picture of where I’m at, where I need to work and whether I’m improving. On the PM side the same holds true. Collecting and analyzing the right data gives insights into where to work on the product, and whether what we released had the intended effect or not.
  • It’s about taking thousands of small steps — when it comes to the marathon, you can’t go into it thinking about all 42.2 kilometres. You break down the training into weeks and days, and the race into kilometres and even steps. As a PM, you need to focus on getting from here to there, but not all at once. Iterate, take small steps, learn and repeat. Keep it moving.
  • It’s about learning from those around you and sharing what you’ve learned — I talk to running friends and learn from their experiences to grow as a runner. I share my experiences with others to help them grow too. It’s a community. As a PM, I learn from other product managers and study other products to learn things to apply to my own product. I share what I’ve learned with others to help them do the same. It’s a community.
  • It’s about highs and lows, and celebrating the good while learning from the bad — you have good runs, and you have bad runs. Some races it all comes together. Other races…not so much. As a PM, some releases are a reason to celebrate while others leave you scrambling to understand how you got it so wrong. In both cases, you learn from it and move forward.

Midway through the BMO Vancouver Marathon
Midway through the BMO Vancouver Marathon
I’ve been a runner since 2008, and a marathoner since 2010. I consider myself a veteran marathoner now after eight full marathons and two ultras. I learned a lot in my first few years as a runner, going from running for about 20 minutes at a time to running a 50km ultra marathon in five hours and 18 minutes.

I’m a relative rookie as a PM, only taking the job at Hover in the summer of 2013. Similarly, the first few years as a PM have been spent getting my feet under me and building up the skill set to work with our team to make a great product.

In both roles, I still have a ton of learning to do and goals to achieve.

Comments closed

Know Thy Product

If you are asked a question about the product you manage, there are only two answers that will suffice:

  1. The answer to the question.
  2. “I don’t know, but I’ll find out for you.”

If you aren’t the expert on your product, then you’ve got work to do. There should be very few stumpers when it comes to the ins-and-outs of what your product does, what it’s good for and how to use it.

Count the “I don’t knows”

It’s not the end of the world if someone asks you something and you don’t have the answer at hand. You can’t know it all. But if you find yourself saying, “I don’t know…” a little too frequently, then it’s time to dig in and give yourself an in-depth refresher on just what you are building.

Most importantly, when you don’t know something, make it a priority to get the answer. You owe it to the person who asked (especially if it’s a customer) and you owe it to yourself and your team.

But I just got here!

It’s particularly tough for product managers who didn’t work on the product from the start. It’s not an easy job to get up to speed and become an expert user. But that’s your job.

Photo credit: Christopher Sessums
Photo credit: Christopher Sessums
Don’t overlook users when it comes to learning about your product. Watch them use it. Talk to your support team and ask to watch them work.

Once you think you know everything there is to know, go back and learn some more.

Why it matters

It’s hard enough to build a great product with all of the information and experience and knowledge. Having less than the full picture puts you at a huge disadvantage.

Knowing exactly how (and why) things work the way they do gives you the great insight to understand how to make it even better. Seeing where you get frustrated, or watching your users run into roadblocks shows you where you’re coming up short.

When it comes to leading a team, not knowing how things work puts you in a tough spot. It’s a waste of a developer’s time when she or he has to explain that the feature you asked them to build is already there. Support has enough work to do supporting customers…don’t make them spend valuable time on you. Marketing should be able to lean on you to explain how something works and why it matters to your customers.

Be the expert on your product.

Comments closed

Some Thoughts on PRESTO

If there’s one thing that Greater Toronto Area commuters have strong opinions on, it’s Presto.

Presto (or PRESTO as the marketers at Metrolinx like to yell), is an electronic fare card system that is being rolled out across 11 different Ontario transit agencies from Hamilton, through the Greater Toronto Area and Ottawa.

The goal of Presto is to create and run a unified fare payment system for Ontario commuters so that those using multiple transit agencies to get around will be able to use a single fare card system to make the trip.

TTC and Presto – together at last

The TTC wasn’t exactly excited about implementing Presto, but after years of dragging their feet on switching over, they’ve recently accelerated the pace of the roll out and now expect to have it complete by the end of 2016.

Since I’m a TTC rider only, and have happily relied on monthly Metropasses for the few years, Presto has been something I’ve spent little time researching.

But in late December, after a bit of consideration, I decided to take the plunge and switch away from using a monthly TTC Metropass in favour of Presto. My reasons were three-fold:

  1. We’re moving within walking distance of my work while we renovate our house so I don’t need a Metropass for the next three months.
  2. Based on my transit usage over a year period, I think I can save a fair bit of money using Presto and paying per ride vs. buying 12 monthly passes via the Metropass Discount Plan.
  3. I want to use and understand Presto now since the TTC is planning to phase out tickets, tokens and Metropasses in favour of Presto by the end of 2016.

First Impressions

Getting a card was fairly easy. I could have purchased one at a TTC subway station, some Gateway newstands or at Union Station, but instead I chose to order one via the Presto website and have it mailed to our house.

The card itself costs $6 and you need to pre-load it with some money. I put $25 on mine, so the total cost was $31.

When the card arrived, I went back to the Presto website and registered the card to my account. This allows you to track usage, protect the funds on the card if it’s lost or stolen, and it also allows you to setup autofund so I won’t find yourself without funds on your card.

The site advised me that I needed to use the card within 30 days to activate it, and that tapping the card on any Presto device would do just that.

Declined 🙁

My first try using Presto was a failure. I tapped the card on the Presto reader on a 504 King streetcar and was greeted with a “declined” message. I paid with a token instead and got in touch with Presto via Twitter for help.

They suggested I visit the Presto kiosk at King St. subway station to check the status of the card there. I stopped in and checked on the machine there which reported the card was registered, active and had $25 loaded.

Later that day, I logged into my Presto account to see if the card status was updated…it wasn’t.

That led me to do a bunch of research on how Presto works. That research helped me understand why there was a discrepancy between what the kiosk said, and what the website said. And it also helped me understand why my initial attempt to use Presto failed (more on that in a bit).

The next morning I logged in and my card was active (as I expected it would be). I try using Presto again on a 504 King streetcar to go to work and everything worked as designed. Within about 4 hours, the trip showed up in my Presto account online and the balance shown was accurate – $25.00 minus the $2.90 for my one TTC ride.

Lesson One: Patience!

First up, Presto cards use a proven technology used by many other fare card systems around the world, including London’s Oyster and Vancouver’s new Compass.

Like those other fare card systems, there are some quirks to get used to.

The one thing that trips a lot of users up initially is that everything takes a few hours to a day to actually happen, including adding funds to cards. The reason everything is delayed by hours (adding funds, showing trips taken, etc.) is that the card is where all the info is stored and the many Presto readers you tap aren’t connected to the Presto system at all times.

When you tap on a streetcar, the device and the card interact. There isn’t any communication with the Presto system at this point. Instead, the card keeps track of everything itself and updates the Presto device with its new information (funds balance, and trip info).

At some point periodically during the day, or overnight, the vehicle the Presto device is on connects to Presto. In some cases that overnight when it’s in the garage. It appears that TTC streetcars connect more often, perhaps using the cellular connection already in place for the Nextbus tracking system. When the readers connect, they uploads all the data to Presto. That updates the system with any trips registered so the remaining on the card can be determined.

The same delay would apply when you add funds to your card online, but in reverse. Once you add funds (or use autoload to add funds), the information needs to get to the card itself.

The Presto system sends all the updates to every single device (many, many thousands of them) when the devices ask for an update. Since devices on vehicles are only connected to Presto periodically, that data can’t filter out to every device immediately. It could take 24 hours or even longer to make it to every device on the system.

The next time you tap your card, the device and the card share data and the card learns that it has been loaded with more funds. In the case of some kiosks that have a persistent connection (apparently the ones at Union Station, for example), this can happen quickly as the funds can be added into the system, and then your card can immediately learn of its new balance via the built in reader in the kiosk.

In the case of a brand new card, once it’s registered, every device across the entire Presto system (province-wide) has to be told that the card exists to make it usable.

That data is sent to all Presto readers by the system as each device connects, and the user of the card then has 30 days to tap the card on a device to make it active. If a card is unactivated for more than 30 days, the Presto device drops the information because it can only store so much data and un-activated cards aren’t worth wasting space on.

If you attempt to use a new card where the Presto device hasn’t learned about your card yet, it’ll fail like mine did. Likely the reader on the streetcar I boarded hadn’t been updated in quite some time and I was just unlucky.

So why doesn’t Presto just work like my Starbucks card?

Unlike your Starbucks or Tim Horton’s card, Presto cards are smart. While a Starbucks card is literally just a barcode or magstripe and nothing else, the Presto card contains a small computer and secure memory that keeps track of how much money is on the card, along with other info like whether you are a student, or have a monthly pass.

Your Starbucks card number (not the card itself) is used by the Starbucks point of sale (POS) system to draw funds from your account.

Think of the combination of your Presto card and a Presto reader as being like the POS computer.

The Starbucks POS relies on a persistent connection between the POS system and the Starbucks card servers back at Starbucks HQ. If that connection between the POS and server is lost, you aren’t buying coffee.

A Starbucks card is literally just a plastic card with a number on it that does nothing and has no ability to store your balance or stars or even your name. Your Presto card on the other hand, does have all this info stored on the card, plus a computer system to process transactions.

Along with (eventually) millions of Presto cards, there are literally tens of thousands of Presto devices across Ontario in 11 different transit agencies stations and on thousands of vehicles. To have a persistent Internet connection for each device is unreasonable and would slow everything down immensly if Presto were to use non-smart cards.

Picture the boarding process if every transaction required communcation between the device and a main server somewhere over the Internet. Each tap could take 4-5 seconds like they do with your Starbucks card, and the delays would pile up.

Or imagine if you were boarding a bus and the bus lost its Internet connection for some reason. Instantly, there would be no way to pay for your ride and everything would grind to a halt. Now envision that potentially happening across thousands of vehicles in different locations across Ontario.

Even on a good day, when everything was working well, just maintaining a connection to each and every Presto device would be a challenge with moving buses, tunnels, underground stations, weather, etc., nevermind handling the tens of thousands of simultaneous transactions.

Instead, the Presto card itself smart and the device connects only periodically to exchange info between itself and the system, and to get information that needs to be provided to the card.

In this way, each device doesn’t need to be connected constantly, and there’s no reliance on a persistent connection to transact which improves reliability and speeds up individual fare taps to where it’s instantaneous.

Yes, there are a few downsides to that approach (the delays in transactions being posted and money being added being the most significant). The benefits of the approach used by Presto means it’s far less likely that riders will face a scenario where a Presto failure means they can’t tap to ride a vehicle.

Some other considerations

There has been a lot of discussion around Presto being a waste of money, or needlessly complex. Some have suggested that Metrolinx should have just bought an existing system and implemented that.

Those arguements fail to take into account the unique challenge that Metrolinx has in integrating multiple transit agencies under a single fare card system.

For example, while most existing fare systems need to work only with a single agency, in the case of Presto, it’s 11 agencies and each agency has different fare rules and pass types. For example, a single user might do a trip with a Presto card on Durham Transit with one set of rules, then a GO Train trip with zone-based fares, and the also a TTC trip with it’s own rules about transfers and things like student fares.

Presto also has to work across a very large geographic area stretching from Hamilton to Ottawa today, and even further in the future. That also means millions and millions of people using Presto daily.

Roll out challenges

While it’s taken quite some time to roll Presto out across all systems in Ontario, keep in mind that even rolling out to a single agency represents a huge undertaking.

The TTC in particular has multiple challenges including a large fleet of 250 streetcars (with 2-3 Presto readers per vehicle) and 1,200 buses (with 1-2 readers per vehicle). Add in subway stations (with asbestos and other issues) that need to be retrofitted with Internet access, kiosks and new fare gates to allow the Presto devices to connect underground, and you can see the scope of the work required.

With all that taken into account, I’m fairly pleased with how Presto works for me today. It’s a single card that I know I can use for the TTC, and for the occasional time I take a GO Train. There are a few gaps in the system now (lack of Presto devices on TTC buses and many subway stations), but nothing that I can’t workaround by carrying a backup token or two.

We’ll see how the rest of the city reacts over the next 12 months as Presto becomes the payment system for everyone.

Comments closed