Nearly a million people are lining up for Mailbox right now, and a lot of ink has been spilled debating the nature of this particular digital lineup.
Which shows, if nothing else, that standing in line gives you a lot of time to think about standing in line.
Watching the line slowly advance I started wondering about something else: how is Mailbox managing the whole thing? The line is little more than person-based progress bar, and I’ve been doing a bunch of work on progress bars recently – this piqued my interest.
I wondered how accurate my purported position in line was, and how Orchestra was running the show behind the scenes. So I took a closer look, and here’s what I found:
When the app first launches, it generates a universally unique identifier (UUID) for your device. This is a string that an app can use to uniquely identify a device, and it looks like Mailbox is using CFUUID for its device IDs. UUIDs aren’t persistent, so the app has to cache it. (Interestingly, the app also seems to use iCloud to sync your UUID with other devices associated with the same iCloud account. Launch Mailbox on your iPad and it’ll get the same status as your iPhone, for example.)
The app queries an Orchestra server with your UUID and a checksum in order to determine whether your UUID has been allowed entry. Internally, Mailbox appears to refer to full app access as the ‘velvet room.’
The server in charge of monitoring the line appears to be named Mister T, who, incidentally, worked as a bouncer before his movie career. Because of course he did.
If the generated UUID doesn’t get past Mister T, the app gives you the option to enter a reservation number and a private code (“But I’m on the list!”) to jump the line. Otherwise it’s out in the cold with the other nobodies.
Once you’ve taken a number and found your spot in the line, the slow march to the velvet room begins. Mailbox shows a satisfying countdown when you re-launch the app and your line position has advanced. Leaving the app running will show what appears to be a live countdown. Orchestra seems well aware of the best salve to ease the sting of a long line, so they give you a satisfying counter of all the suckers in line behind you.
Are these numbers real and live? It looks like they are.
Once you’re in line, the app queries the bouncer server (Bouncerver? Can we start saying that?) every few seconds about the status of the line. Mister T replies with a “now serving number…” (which allows Mailbox to calculate how many people are ahead of you), the line total (allowing it to figure out how many people are behind), and an explicit “allowed” value. Using these values, Mailbox ticks up your place in line in near realtime.
Jumping the line isn’t an easy feat, mind you. v1.0 of Mailbox was vulnerable to an edited .plist on jailbroken devices (or using a modified backup restore, I’d imagine) – velvet room allowed = YES, and you were in. The 1.0.1 update (which deserves a spot on the Tumblr of shame for “- bug fixes”) seems to close this hole. Mister T seems similarly immune to a straightforward MITM attack on his line-position responses.
Which isn’t entirely unexpected because, you know, he’s Mister T.