99Designs experience: tragedy of the commons

To make this blog ready for wider distribution, I ran a 99Designs campaign to design a new logo for Wouter.org.
I didn’t have a good experience with 99Designs, even though it came well recommended by Tim Ferriss. This is what I suspect is happening:

The game’s rules and impacts

I have the impression that game theory is well at work here, and the results I’m seeing are because 99Designs set up the rules of the game in a specific way.

The beginning is a delicate time

As the campaign starts, the client (me) is instructed by 99Designs to give the designers low marks. I suppose the intent is to prevent you giving the highest marks immediately, and then there is no way to exceed them, but this way early submissions get penalized just for being early, even if they are great. I frequently went back to earlier designs to check if I should not actually increase their rating.

Mono-culture is not a good thing

Apparently designers can see each other’s designs and my ratings of those designs. The designers follow a strategy of going for the path of least risk of offending me (and not the path of the greatest difference).

As a result the earlier designers have the cost of finding a style that gets high scores from the client, and other artists then copy or expand only on that. The result is a lot of the same designs, and earlier designers risk being ripped off.

Then again, the earlier designs do get more attention from the client and more chances to adapt the designs.

I’ve had several “designers” that blatantly submitted replicas of earlier submissions. Part of this is of course, natural evolution, part of this does seem… opportunistic to me.

Series 1 of the convergence

OriginalLogo copies - 3Logo copies - 2Logo copies - 4Logo copies - 6Logos 2 - 5

Series 2

Original round logo by redboy_s https://en.99designs.nl/profiles/2135575 Copy cat logoCopy cat logoCopy cat logo

I think the only real way to counter this a bit as the client, is to give comments to designs, but no ratings. This might work because the comments are not visible to the others, but the changed designs will be.

Vying for attention

Near the end of the first phase, there was a clear “ballot stuffing” moment, where artists put up a series of very similar designs or even the same logo in various angles, in an apparent attempt to crowd out the others.

Another attempt to garner more attention, was sending standard or effectively empty messages. Apparently “.”  is the smallest message allowed to be sent, as it brings up the design also on the messages.

(The messaging system of 99Designs has a mediocre user interface. It was completely unclear to me what messages were new and unread. It also accepted new designs after the deadline and sent me emails about it, but were not actually shown on the website.)

Voting for your own

This didn’t surprise me to see: designers did of course vote for their own design in the poll (again, apparently the polls are also not hidden to the designers).

Redboy voting for his own design
Redboy voting for his own design

But of course, this is now also “crowd sourced”: clear ballot stuffing by cohorts of the designers was also visible:

Peer "support"
Peer “support”
Peer "support"
Peer “support”

Steering this game?

So, I was wondering just how I could turn this blatantly opportunistic behaviour to my advantage as a client.

It is not the brief

I don’t think you can use the brief (the initial instructions to the designer) effectively: only a few of the artists read the brief (it explicitly told the designers to not mimic handwriting if it was not mine, which a lot did not follow). Only one explicitly referred to the brief’s content, and included an appreciation of this (he is also the original artist using my own writing and the red “.org“, and did not end up updating his design so did not make it to the finals).

Some spectacularly did not read the brief, including misspelling my name:
Logos 2 - 4

There is no feedback mechanism

I could not find a “ban this designer” or “mark this designer as …” mechanism for feedback. I have no idea how feedback works in this domain.

All in all I got a good logo out of this exercise, helped significantly by help by the readers.
However, if you know a good graphics designer, or know someone who knows one, I’d advise going that route. This isn’t particularly cheap and in the end the whole group behaved as a single designer anyway.

With kind regards,
Wouter

99Designs logo design experience

As you early readers of my blog know, I had a design “contest” using 99Designs for a new logo. I’ll have another post on how the economics of 99Designs lead to some less desirable results.

This post however, is about how selection of the logo happened.

Setting context: The brief I gave

Title: “Create a clearly personal, yet elegant logo and FB header” by Wouter.org.

The tone I want to convey is me (Wouter, my first name, masculine) talking to you (the reader), one on one, person to person, not with a lot of attention on me but also not shrinking that it is me you are talking to. I’d love the logo to be very similar to my own handwritten Wouter, or quite different but inspired. The total domain name “Wouter.org” has to be quickly understandable, with .org clearly part of it.
I’ve also attached some pictures of me for possible inspiration on the header files. All are mine in terms of copyright and can be used for this.

Lessons learned

Cross cultural experiences

An important practical detail for me was that the total domain name “Wouter.org” would be immediately clear. This brought up interesting multi-cultural perspectives. As the logo was based on my (arguably not so readable) handwriting, I found out that the t is crossed differently in the US for example. I did not know that cursive writing varied that much!

Voting isn’t that distinctive

I set out a poll with friends to ask for feedback.
It turned out that the actual voting itself wasn’t as useful to me as I expected, as the voting results were pretty close to each other:

Screen Shot 2016-09-07 at 10.49.23Screen Shot 2016-09-07 at 10.49.38Screen Shot 2016-09-07 at 10.49.56Screen Shot 2016-09-07 at 10.50.13Screen Shot 2016-09-07 at 10.50.30Screen Shot 2016-09-07 at 10.50.48

Interestingly there was quite a bit of “love or hate”, i.e. designs having lots of votes in both the “1: hate it” and the “5: love it”. My conclusion: this design does stir things with the viewer. 😉

Text remarks are most actionable

Getting specific comments from people turned out to be the most useful. I could spot common themes in what worked and did not work for people, and those who had experience in graphic design gave detailed feedback.

However, quite often that feedback was completely contradicting the previous feedback in impressively new ways. The first feedback would say some aspect of the logo was very unclear, the other immediately saw me and my name in it, the third said it wasn’t me and the ‘t’ should be different.

In the end I, Wouter, make the decision

So, with conflicting signals, ultimately this was my decision to make and hold. Not much different from my technical work and other leadership positions 😉

So I decided for the one that felt the most authentically me.

Wouter.org logo
Wouter.org logo

It looks really good on shirts and a business card!

With gratitude (and a new logo),
Wouter

The new logo: thank you!

logo-transparent-background

With big thanks to you all, the new logo was selected.
With thank to Cris, these became embroidered Mizzen + Main shirts on time for the BP Conference 2016.

Wouter.org embroidered on shirts
Wouter.org embroidered on shirts

Wearing the shirts with logo felt good: it is my style clothing (nice business casual and practical), my style logo (personal, simple yet slightly out of the box), and people had an easy time spotting and reading the logo. Win!

Oxygen bar BP Conference 2016

Oxygen bar BP Conference 2016

Business card
Business card

I’ve written up how the process with 99designs and with those of you who gave feedback was too.

Again, thank you all for making this happen for me!

With gratitude (and a new logo),
Wouter

Flying as superman: Airflow by Mindride at the Bulletproof Conference 2016

I always wanted to fly a wing suit, but without the risks of actually crashing into an unforgiving ground. 😉

I got to experience that with Mindride’s “Airflow”: I got suspended in a bungee jump harness with foot straps to hang horizontally, sensors on my arms for arm inclination, an Oculus Rift on my head for virtual reality view, and fans blowing at me for the sensation of wind flight.
And off I went!

The experience is much like flying as superman. Like with a canoe, holding one arm low pivoted me around that arm, arms to the back accelerate (Naruto ninja-running style), arms open to slow down.

I found this quite an immersive experience.

The developer said they also have versions with heat lamps, CO2 puffs for cold, and water misting for even more immersion.

The main application they said they were targeting for was entertainment (hiring it out for parties and such). I imagine there is also great opportunity for working on fear of heights or flying with it.

With different software, I think it is a great opportunity for flow state hacking with this kind of setup.

My expectation is that this kind of application of virtual reality is going to be worth to keep an eye on. There are already “VirZoom” and “WideRun” virtual biking, or “Icaros” flying core workout.

Here is to flying as superman!
Wouter

In business, you outsource your shadow work

In the self-improvement world, there is a strong bias towards healing any wounds/shadow/reactive behavior. You see a weakness, you work on it. You struggle with it, finally heal yourself, and make yourself an even more perfect person. You learn to love being in that painful healing state.

In the business-world, you don’t. You see your weakness, you figure out what needs to be done to have that weakness resolved, and you outsource doing that – to a contractor, a piece of software, a system, a trusted employee. But not you. There is no value in struggling with your demons in business.

In business, you focus on doing what is so obvious to you and brilliant to others, what is so much your superpower, that it is simple to do that seems super-human to everyone else, what is your 10x value add.

Now stop delving deep in your shadows, just hire that accountant to do your taxes, and bring your actual gifts to the world!

With efficient passion,
Wouter

Flip Feng Shui: Perturbation attacks made it to VMs

I’ve been reading up on the Flip Feng Shui: Hammering a Needle in the Software Stack paper, and I’m enjoying that the common smart card attack considerations are coming to more mainstream software considerations.

From the paper:

We describe Flip Feng Shui (FFS), a new exploitation vector that allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS relies on two underlying primitives: (i) the ability to induce bit flips in controlled (but not predetermined) physical memory pages; (ii) the ability to control the physical memory layout to reverse-map a target physical page into a virtual memory address un- der attacker control.

This first item we call “perturbation attacks” in smartcard domain. We do those attacks all the time, by giving our poor smartcards power spikes it really shouldn’t be exposed to, prodding it with probing needles too small for the human eye, shooting it with freaking lasers, … you know: standard Monday morning stuff in the office*.

Because we’ve been doing this for ±20 years now in this domain, it takes a while for me to understand a statement like the following is not a joke:

existing cryptographic software is wholly unequipped to counter it, given that “bit flipping is not part of their threat model”.

Because in my world, bit flips are a given, considering that there is an attacker playing with the smartcard. Monday morning remember?

So how does this attack work?

The attack (mis)uses memory de-duplication, i.e. a feature in the host hypervisor that sees that the page of memory of one VM is identical to another one VM’s. When this is enabled, the host hypervisor then maps both these pages to the same page (to reduce actual used physical memory by 40-70%!). If the attacker was the one who created that page originally, he now owns the actual physical page. As long as the host software thinks this page’s content has not changed, the victim VM will read the attacker’s physical page.

So the attacker then does a Rowhammer attack to cause a bit to flip in the part of “his” page. As Rowhammer is a physical side-effect that ‘should not happen’, the host hypervisor does not see the page as changed, even though it is. So now the attacker has just caused a bit flip in his own and, more importantly, this victim’s memory.

Flipping a bit in say a RSA public key allows the attacker to factor that modified key, and generate the appropriate secret key to match. If the attacker does this with the RSA key say used to authenticate root access for SSH, or the signature key for package updates of Linux, he now has full control over that machine.

Neat! (In smartcard world we usually attack the secret key, because of how the protocols are used.)

Theory or practice?

Now, to successfully pull off this attack, several things have to be possible for the attacker:

  • predicting the memory content (this excludes attacks on confidential information such as secret keys),
  • memory de-duplication must be active (so disabling that, or setting it to “only zero pages”, seems prudent),
  • the attacker must be running his VM on the same physical machine as the victim’s VM (I don’t know if this is a realistic scenario. More on it below)
  • the memory must be sensitive to something like Rowhammer (so ECC memory is yet again a good idea, it will reduce the chances of this significantly)

Realistic to be the neighbour of your victim VM?

This attack depends on being able to run the attack VM on the same hardware as the victim VM. I have no well-founded grounds to guess if this is a realistic assumption.

I can think of the following situations where that is possible:

  • The pool of actual hardware is pretty small compared to the amount of VMs, because the hardware is very beefy or the VMs are small.
  • The amount of instances of the victim VMs is pretty big, because it is a standard VM replicated many, many times. I think about situations like massively parallel computing or streaming (Netflix?).
  • Or the targeted page is very common, and here I’m thinking of the signature files for updates for example, or company wide backup root accounts.

My conclusion: stay calm and …

Considering all the complexity of this attack, I don’t see it worm all over the Internet soon. It is however a cool warning that attack can and do cross over from these various fields.

I wonder when they’ll realise they can also apply this attack to modify the running code of say the password check routine

Financial growth to freedom

Lately, I’m getting questions on “how to invest” income beyond direct living costs.
Just like with GTD systems, I find it very important to have a financial system that one can relax into fully. Not having concerns about money frees up a lot of mental and emotional energy, and can shift one from a scarcity to abundance mindset.

My advice and practice is go implement this once the daily living costs have been covered, in the below stated order:

  1. Put an amount of at least 6 months of living costs + one big unforeseen cost (e.g. suddenly needing a new car due to an accident) aside in a savings account as buffer for hard times.
    Taking out a loan is very expensive, both in money (interest) and in energy (loss of abundance mindset).
  2. Invest at least 15% in a financial freedom fund, some form of savings that does not easily lose value but is accessible if you need it within half a year, relative to the way you live.
    In my case it is my own house and office, as I don’t likely need to move anytime soon. If you are like a lot of my friends and you want to stay more mobile for a while, consider an investment fund that has the same distribution as the Dow Jones, but mind the costs and risks!! I highly advise reading Tony Robbins’ “Money, master the game” on this topic. Management costs above 0.5% annually of your investment will kill any value accrued.
  3. Invest 10-30% in development of skills and contacts that make you more valuable, more productive and widely skilled, so that you upgrade your market value by at least one order every two years. Examples include workshops that really stretch you beyond what you think you could do or mastermind groups at a level you think is beyond your stature.

After the above, you can put the remainder into further tweaking of your financial growth and stability, with your choice of:

  • Extending your safety buffer to 12-24 months (I aim for 18+ months, allowing for a safety margin to abort ventures)
  • Reducing any costs you have (e.g. paying off outstanding credit card, loan or mortgage costs)
  • Investing in quality products and services that require reduced upkeep costs and make you much more productive
  • More investment in financial freedom capital
  • More investment in totally different skills and contacts

And whatever you have left and are entirely ok with losing completely, gamble that by:

  • Paying it forward to a personally worthwhile social goal. Ideally, this could be bootstrapping someone you personally care about towards their self independence, their growth, while expecting nothing in return (and probably getting a lot from that in feeling good).
  • Trying an investment in a start-up you believe in will work financially (with a return of at least 10x) and do your kind of good in the world. Then don’t touch or even look at that investment for at least 5, preferably 10+ years. Don’t expect it to return anything, be positively surprised when it does.
  • If you really must learn that lesson yourself: lose it by gambling on the stock market, stepping into or out of the latest crypto coin hype too late, or other such “I can beat the system” delusions.

I hope this view helps you decide wisely where to put your money.

For the growth!
Wouter

Time hack: speeding up podcasts and audiobooks

One of those small hacks that I enjoy a lot, is to set the playback speed of podcasts or audiobooks to 1.5-2x the normal speed. Modern players such as the iOS podcast Overcast app and Audible app will keep the pitch normal.

So the effect is similar to giving the speaker a cup of coffee, not a hit of helium and making him one of the chipmunks. Especially with speakers … who … speak … with … … profound … … silences … like Osho, this speed up saves me a lot of will power to keep listening.

Overcast

The Overcast app has a more granular setting for the speedups. Not only can you select speedups in 0.25 granularity, you can also vary the speedup per podcast (so usually slow speakers can get even higher speedups). In the speedup it also removes the pauses, which gives another 0.25-1.50x speedup without any loss of information.

The Overcast app has a few other features that make life easier: downloading of new episodes is reliable (iOS app is crap at this), skip forward button step is configurable, it automatically plays the next priority episode (iOS app stopped doing this for unknown reasons). And they are very well aware of the impact on our mental well being:

Overcast knowing the cost of attention
Overcast knowing the cost of attention

For iOS podcast app

Podcast speed is to the left of the play buttons:

Podcast speed is to the left of the play buttons

For the Audible app

I like Audible for audiobooks, and quite a few of the speakers have this profound … silence … speaking style that I’m not really interested in anymore, so this works well for me. Tapping on the lower left corner brings up the Narration Speed menu.

IMG_7632IMG_7634IMG_7633

Even more ideal would be removing the silences automatically, similar to how my videos are edited, but I’m not aware of something that does that.

Hoping I saved a few hours of your life with this,

Wouter