AMA on Mastodon today

I’m doing an AMA (ask me anything) on Mastodon today.

Mastodon and the “Fediverse”

Update: I’m doing an AMA (ask me anything) on Mastodon today, December 18.

Over the last week, my opinion of the Mastodon project and software, as well as the “Fediverse”, has completely changed. I was pretty skeptical of it, but after giving it a chance, I’m participating and having fun.

Let’s rewind back to the skepticism. It started with the name: Mastodon. It doesn’t sound very inviting. Some people might even reach for Masta instead of Masto when spelling it. And decentralized social networking? Like a “web3” thing, with hexagons.eth/NFTs/glowing-eyes involved? Fortunately, no, but I think I was right to be concerned.

I love Twitter, full stop. But after everything that’s happened in the last few weeks, I wanted to start hedging against Twitter falling out of favor with the people I enjoy following and joking around with. Interacting with people on Twitter has facilitated some of the best moments of my life and I’m afraid of losing that.

Here’s what happened: I signed into my neglected account at mastodon.social1. I used a web app called Fedifinder to start following people who I follow on Twitter. Then, I started reading my timeline and found it to be relatively relaxing, warm, and fun! The energy and atmosphere feels a lot more positive than what’s happening on Twitter, at least right now.

If you haven’t tried a Twitter alternative2 yet, I think you should give it a shot. A change of place can yield a pleasant chance of pace, and the web is at its best when people are trying things.

Not convinced? Try out a Twitter alternative just to spite3 Elon Musk. Musk is an tireless sycophant and petty tyrant who purchased one of the world’s most entrenched networks. It’s 100% worth trying to stick it to this man.

If you make it over to a platform that implements ActivityPub, the federation protocol that Mastodon uses, you can follow me at Please say hi; I’m always looking to make a new friend. :)

To finish this post, here are my answers to some of the questions that I see and hear people asking about Twitter and Mastodon right now.

Is decentralized social networking harder to use than One True Website/App?
For most people, absolutely 100% yes.

If the “Fediverse” is to grow, isn’t it a problem that it’s harder to get started on than centralized social networks?

Is Mastodon a Twitter replacement?
For most people who use Twitter, no, not today. It might not be for a long time, if not ever.

Will there be growing pains as more people try it out?
Of course.

Do I need to be there? Am I missing out?
No, you aren’t; relax.

Will decentralized social networking “win”?
I don’t know what it would mean to “win”. I’m not sure I find that framing helpful.

Are you hoping for decentralized social networking to “win”?
No—I’m just vibing. Something doesn’t need to succeed by traditional metrics or last forever for it to be good or enjoyable or worth doing.

  1. I have since moved to a different instance. Something that’s really cool about the protocol that Mastodon operates on is you can migrate your followers to a different Mastodon instance. I think that’s really cool! 
  2. Besides Mastodon, Cohost seems like a great solution for posting and interacting with people. 
  3. I’m being cheeky here. It’s not at all clear what, if anything, harms a billionaire incapable of shame. 

Dover High School Paints over Black Lives Matter Mural

I grew up in a small town in upstate New York, Dover. On July 12, 2008, on this blog, I documented a part of the lead-up to me graduating high school:

There’s a little tradition at Dover High School – graduating seniors can elect to paint a mural on the high school’s driveway. It’s a great way to leave a mark until it’s paved over sometime in the next year. With the help of a few friends, I painted what I consider to be an awesome driveway mural.

A few days ago, on her personal website, Ariana Lasher described something that happened recently in Dover:

On May 27th, Jody Grant, a Dover High School senior, painted a mural of the “resistance fist”, a symbol used in the Black Lives Matter movement, on her school’s driveway. Within 24 hours, before she could even finish her artwork, the school’s administration made the decision to paint over the memorial. With yet another black individual killed, and riots breaking out among the nation in the fight for justice, Grant wanted to raise awareness in her own way. Now, she is left outraged.

It’s worth reading the whole writeup, if you haven’t already.

Mike Tierney, superintendent of the Dover Union Free School District, initiated the removal. I recently emailed Tierney and some other Dover administrators the following note, asking them to reconsider what they’ve done here:

Hello Mike Tierney,

I recently learned of the decision to paint over Jody Grant’s driveway mural, a memorial to Black lives ended by systemic, ingrained racism and the unaccountable institution of police in America. I wanted to drop you a quick note to explain why I’m disappointed by this decision, but also why I think it’s possible to make things right here.

Painting over a memorial to Black lives lacks empathy, and is itself an act of violence when considered in the context of life for Black people in the United States of America. And claiming to personally support the mural’s message is an empty gesture that lacks principles. In your job as an administrator of a public school, with authority over the direction of young people’s lives, I think it’s really important that you understand why your decision has caused real harm.

In an email, you said:

I decided to take down the mural because (although I agree with her message and proud of her want for change) it was not the appropriate time/place of manner for her message.

When is it inappropriate to mourn? I can think of driveway paintings that would be considered inappropriate by most people, but Jody’s mural does not fit into any of those molds. It’s not obscene. It doesn’t directly cause harm or incite anyone to cause harm. Instead, it’s relevant to living a curious life in pursuit of kindness, and reflects on something that’s personally important to its creator.

I suspect you would permit, or maybe celebrate, a driveway memorial to a specific student who was killed in a drug overdose, or was a victim of drunk driving. The same for a memorial to the country-wide collection of young people lost to the widely-acknowledged drug overdose epidemic. I suspect you would permit a driveway memorial by a student about someone who isn’t a student if it was a memorial to someone who was killed by circumstances almost everyone could agree were regrettable — if it wasn’t challenging or uncomfortable. And here again, I think you would permit a memorial to a collection of people lost in similar circumstances.

Assuming my characterization to how you would react to these other, hypothetical memorials is correct, what’s the difference in appropriateness of those circumstances and that of life and death for Black Americans? I think it’s worth taking a moment to consider and sit with that.

Jody Grant is grieving, like so many people in our country are, and you told her that her grief isn’t appropriate. Whether you meant to or not, you asserted that a tradition revolving around personal expression should not, and given your authority, cannot, touch on institutional racism. You said that this place of learning is not a place where it’s safe to discuss the epidemic of police violence in the United States that disproportionally affects Black people. In painting over this mural, Dover High School and Dover itself became less tolerant — less safe — and I hope you can appreciate why I call this a form of violence.

In an email to an alumnae, you wrote:

The general guidance has been as you know is [sic] to celebrate student accomplishments, celebrate next steps in their life, show gratitude to family and friends, and school spirit.

I fear that your framing here is retroactive, but I’ll dabble in accomplishments, celebrations, and gratitude briefly. It is an accomplishment that Jody’s eyes are open to pain. It is worth celebrating that there are young people who feel that their next steps in life are to combat extrajudicial killings of Black people. (This is more than worthy of celebration; we should join and support them.) Mourning the loss of life is a form showing gratitude; the act of mourning says that these lives were and are worth something. And transcending school spirit, Jody’s mural, conviction, and clarity are a form of the human spirt shining bright.

Mike, you have an incredible opportunity to do one of the most important things a leader can do: admit you made a mistake. You could bring some good, and some healing, into this world by telling folks that you’ve listened to their perspectives, really learned from them, and changed your mind. I know that this could make some people in Dover uncomfortable, but given our nation’s history and the moment we’re in right now, some discomfort is warranted.

Please rethink your decision here and let Jody paint her mural.

Ricky Mondello
Class of 2008

I encourage anyone who feels they have standing to reach out and share their feelings with Mike Tierney and the rest of the Dover Schools administration.

WWDC 2019 Talk: What’s New in Authentication

I presented a session at WWDC this year. You can find the video on, or in the WWDC app. If you’re interested in how apps and websites authenticate users, or you’d like to know how I’ve been spending some of my time at Apple, it’s worth checking out.

An aside: This was the fourth talk I’ve prepared and delivered at WWDC. (That’s four in seven years!) I’ve learned a lot every time I’ve done public speaking, but this time I picked up a specific, tactical lesson: empty your back pockets before getting on stage.

About fifteen minutes before showtime, I took a hairbrush to the bathroom to fix up my hair, stashed the brush in my back pocket, and then immediately forgot about it. I might have been too nervous to remember it.

As I was walking up the staircase to get onto the stage, a loud ~ THWACK ~ surprised me from behind. Oh no! My audio gear fell off the back of my jeans. It’s all over; I’m about to fail. The time I spent preparing and practicing doesn’t matter — the demo gods have enacted their revenge for my talk not actually including a demo.

Or not. When I turned around, I could see that the forgotten hairbrush was to blame, and that it hit the metal stairs on its descent, making the loud sound.

I got lucky. If the brush had held on for just a moment or two, it could have leapt out of my back pocket mid-sentence, as I was being filmed. I’m not sure how I would have recovered from that. Would I bend or kneel down to pick it up? Casually kick it to the side or off the front of the stage? Pretend nothing happened? While ignoring it, trip on it?

My brief terror turned into an overwhelming sense of relief and thankfulness. I haven’t failed. This could have been so much worse. Let’s go do the thing!

This whole episode, playing out over just a few seconds, neutralized a lot of the nervous energy I normally have at the start of a talk, and I think for the better. For me, a lot of what goes into public speaking is managing my emotions; I’m trying to be calm enough to be clear, but enthusiastic enough to keep the audience’s attention. The next time I’m in front of a crowd, I’d like to summon this feeling of gratitude — I’m so lucky; let’s do this! — and incorporate it into that emotional balance. I’ll just have to find a way to do that without first having a moment of all-consuming panic! 🙃

Talk at PasswordsCon 2018: How iOS Encourages Healthy Password Practices

The video of the talk I gave at PasswordsCon 2018 in Stockholm is now available.

My claim: a password manager needs to be more convenient and reliable than reusing memorable passwords to be widely adopted.

The talk covers:

  1. The fact that I have amazing colleagues
  2. Some background on Apple’s role in password management
  3. Why iOS 11.3 removed filling user names and passwords into web pages without user consent
  4. What iOS 12 does to make it easier to log into websites
  5. How iOS uses Face ID and Touch ID to secure logging into websites and apps
  6. What iOS does to guide users toward strong, unique passwords
  7. Why we changed the format of passwords that iOS generates for users
  8. Why iOS allows users to bring their own password manager
  9. Password Rules, a computer-readable description of a service’s password requirements
  10. The Well-Known Change Password URL, why it exists, and how to adopt it

I had a lot of fun preparing this talk, and I hope that folks find it useful.


Introducing Password AutoFill for Apps

I presented a session at WWDC this year. The video can be found on