1. We’re Failing the Users

    October 10, 2014

    I’ve expressed this opinion before, but some recent experiences and discussions have only served to reinforce my opinion: The technology industry, as a whole, has utterly failed the average user when it comes to security. It doesn’t matter how many improved security features Apple, Google, Microsoft, and company add to their products. It doesn’t matter how many earnest blog posts are written extolling the virtues of strong passphrases, password non-reuse, and two factor authentication. It doesn’t matter how many wonderful password manager applications are written. The bottom line is, for the average user, “security” is a complete mystery and an utter pain in the ass.

    Take, for example, a situation I encountered a few weeks ago. A teenage family member received her first iPhone and it fell to me, as the “tech guy” to set it up for her. The first hurdle we met was setting up the iPhone’s passcode1. I initially did the responsible thing and suggested turning off “Simple Passcode” and, at a minimum entering a numeric passcode greater than four numbers. Of course that was met with a blank expression slowly transforming to one of utter horror. I took a deep breath, surrendered to the inevitable, and told her to go ahead and use the four digit code she used on her last phone.

    Next we proceeded to setting up a new AppleID/iCloud account. As you can guess the password ended up being the bare minimum that met Apple’s (lax) standards and was—no surprise—almost identical to her existing Google password. By the time we reached the point of deciding between two factor authentication or secret questions I was so demoralized that the best I could do was to try to ensure the questions and answers weren’t trivially obtainable from her Facebook page.

    So, what’s to be done? That’s the billion dollar question, and it’s one for which I certainly don’t have an answer. As far as I can see, no one else does either. That’s why I say that we in the technology industry have collectively failed on this issue. The danger is real, it’s only getting worse, and I don’t think anyone is close to a solution yet.


    1. This was an iPhone 5, so no TouchID. 


  2. A New Low In Tech “Journalism”

    September 26, 2014

    I take my self-imposed semi-retirement from the world of technology blogging pretty seriously. So it takes a fairly egregious example of ass-hatery to drive me back to the keyboard. sadly just such an example was delivered yesterday afternoon when Bloomberg.com posted a masterpiece of faecal effluvia titled “Apple’s IPhone[sic] Software Snafu Has Links to Flawed Maps” authored by Adam Satariano and Tim Higgins (link omitted for obvious reasons).

    To recap, this week Apple released a software update for iOS 8 intended to resolve a few bugs. Most pressing of those bugs was one that caused Apple to pull all HealthKit enabled apps from that App Store after the initial launch of iOS 8. As anyone with an internet connection knows, this 8.0.1 update itself contained a serious bug that disabled cellular communications and TouchID on some iPhone 6 and iPhone 6 Plus handsets. Understand that I am in no way attempting to mitigate the effects of this mistake, or to act as an apologist for Apple. This was a serious fuck up and it shouldn’t have happened. Although it should be noted that Apple’s response was to immediately pull the offending update, post a recovery procedure online, and post a new iOS update that resolved both the original set of bugs as well as restored cellular and TouchID functionality within a day. As responses go, I don’t think you could ask for better.

    Which brings us to the Bloomberg story and the focus of my ire. To summarize the story briefly; the authors, on the word of the ever-popular “people familiar with the matter”, took it upon themselves to reveal the name of a “mid-level manager overseeing quality assurance for Apple’s iOS mobile-software group” and assign him the blame for the bug. Additionally the authors attempt to tie this individual to an earlier Apple software “fiasco”, the less-than-stellar roll out of Apple’s native iOS mapping solution. The rest of the article is irrelevant to my comments here.

    Of course this being the Internet, several supposedly “respectable” tech sites have parroted the report, with varying degrees of obfuscation of the individual’s identity. For the sake of shaming the guilty, a list of some of the more prominent offenders as of the time of publishing is listed here:

    • 9to5 Mac, written by Mike Beasley
    • AppleInsider, written by that paragon of journalistic integrity AppleInsider Staff
    • MacDailyNews, written by apparently a ghost since there’s no byline.
    • BGR, written by Chris Smith

    In addition to this sorry lot there are the usual collection of shitty “content aggregation” blogs looking to make a quick page-view buck.

    Let me state this as clearly as I possibly can. Outing a mid-level manager and exposing him or her to public scorn over this issue is one of the most vile, petty, and unethical acts that I have seen perpetrated by a member of the technology press—and remember that I spent almost 4 years specifically exposing myself to the shittiest the tech web has to offer for you fuckers’ amusement. Satariano, Higgins, their editor at Bloomberg and anyone else who repeats this story are the lowest of the low. Look at the list of offending sites and note who (currently) isn’t there. When you somehow manage to find yourself on the wrong side of an ethical issue that Gizmodo is (currently) getting right you have really fucked up.

    I want to be clear. This isn’t an issue of, “we don’t know all the facts”. I don’t give a singular fuck if the cause of the iOS 8.0.1 cock-up was a single individual deciding that he or she was done with this world and just slamming his or her head against their keyboard until a random iOS build was crapped out into the world. There is simply no justification for publicly shaming a non-public Apple employee for this. Exactly two people at Apple bear public responsibility for this issue: Senior Vice President of Software Engineering Craig Federighi and CEO Tim Cook. As far as I’m concerned, they have done exactly what they needed to do publicly: fix it, apologize, and move on. Of course Apple should, and no doubt will, investigate this issue to determine the breakdown in process that allowed such a major bug to make it into a public release. However, that is Apple’s business and exactly none of ours. As someone who is an actual Quality Assurance Engineer (albeit not in software exactly), I’ve watched this exact scenario happen on more than one occasion. Software is produced by people and people are, at best, imperfect. What matters is correcting the process.

    Unfortunately the sort of thinking that leads to vile character-assassination attempts such as Satariano and Higgins’ piece is become all to common online. It’s a destructive confluence of call-out culture, Internet Outrage™, entitlement, and page-view whoring. Sadly I expect to see this sort of thing repeated in the future. The sick need to feed the page-view monster with the faeces generated by the Internet Outrage Machine™ combined with our new-found sense of entitlement to know the intimate details of anything that we set our sights on (cf. the whole celebrity nude thing) all but guarantees that this will happen again. My only consolation is that relatively few tech sites have run with this non-story.

    Lastly, I’ll leave you with a properly compassionate take on this issue from iMore and Nick Arnott. This, ladies and gentlemen, is how you write about this issue.


  3. Old Timey Radio Podcasts

    February 11, 2014

    Some time ago I decided to stop listening to tech podcasts for reasons which are both irrelevant and well-known to most people. Instead I’ve spent my commutes with old radio dramas from a variety of sources. They have the advantage of generally being under thirty minutes in length and being utterly devoid of technology product rumors. Additionally, they often have some damn fine stories to boot. It occurred to me that some of my readers might be interested in this so I’ve decided to share some of my sources.

    One of the most comprehensive sources for radio dramas is Relic Radio. They have mysteries, science fiction, comedies, horror stories, westerns, and war stories. You can find all their podcasts on iTunes.

    A show that is a particular favorite of mine is Suspense!. There are a few different podcasts collecting this show, but here is the iTunes link for the one I subscribe to.

    Last but not least. Welcome to Nightvale is a newer—and highly popular—podcast drama that takes the form of a community radio show set in a community unlike any other. You can find them here on iTunes.

    There you go. Just a few things to listen to that don’t involve self-absorbed bloggers talking about what products Apple should make. You can thank me later.


  4. Thoughts on Google’s Acquisition of Nest

    January 14, 2014

    I don’t currently own a Nest product and now that Nest has been purchased by Google I almost certainly will never own a Nest product. Here are my reasons for coming to that conclusion.1

    1. Google has a bad track record of maintaining products: There really isn’t a lot to say here. The record of Google’s long-term maintenance of acquired products is a charnel house of badly maintained and abandoned software and services. While this isn’t a huge problem with software and services, it is a huge issue to me when we’re talking about an expensive piece of hardware that sits at the core of my home’s climate control system.

    2. This purchase is almost certainly not about the product itself: My buddy John Welch made an interesting point on App.net. There is a very good chance that this purchase is more about Nest’s portfolio of patents relating to learning hardware than it is about cornering the thermostat market. Additionally, bringing Tony Fadell into the fold gives Google something that it desperately needs: someone who actually has a clue about consumer hardware design.

    3. Google’s consumer support is atrocious: Well, Google’s enterprise support ain’t no great shakes either but let’s focus on what’s important. Everyone reading this blog has heard stories of Google’s horrific “look it up on the web / here’s a Google Group if your lucky” method of “support”. While that model is (barely) acceptable in the world of software and services it is absolutely untenable in the world of consumer hardware. This is even worse when you consider that the Nest thermostat is a device meant to connect to a system that most consumers have absolutely no experience with and, if installed improperly can theoretically destroy a system that costs thousands of dollars to replace.

      From what I’ve seen Nest has done an admirable job of making the process of tying a Nest thermostat into an existing HVAC system as consumer friendly as possible, but I’ve also read numerous tales of woe from tech luminaries unable to get a Nest thermostat to work with their system. This shit ain’t simple2

    4. I just don’t trust Google: I’ve listed this last, because the previous three points are actually sufficient for me remove Nest devices from consideration but honestly if the previous issues didn’t exist, this would be enough. I simply don’t trust Google to not put it’s all-consuming desire for data above my privacy. In some instances this isn’t an issue to me but when applied to a device that sits in my house tracking my coming and going it crosses the creepy line.


    1. Note that tribal loyalty to Apple is not among these reasons. 

    2. I have a fairly extensive, if not precisely licensed, level of experience with home electrical systems. This stuff is more complicated than the average tech pundit knows.