Pages

Monday, September 29, 2014

"Why bad bugs hit good people", Nick Arnott

A reflection on the mortifying iOS 8.0.1 update that Apple had to withdraw after it broke critical functionality, including phone service, on the iPhone 6 and iPhone 6 Plus. Arnott is not writing as an Apple insider, but rather as a quality assurance (QA) lead at another company who knows how hard the job is.

If you've never written software, you might wonder why it's so hard to avoid bugs, or software errors. Bugs typically arise as unexpected side effects of otherwise reasonable-sounding changes to important functionality. The problem is that the engineer doesn't have a good enough mental model of the project. Sometimes that's because she simply has an incorrect understanding of it, but it's far more likely that the project is simply too big for anyone to keep all the details in her head at one time.

How do you find bugs? Well, you have to put the software (and/or hardware) through its paces, which is the job of QA. To do QA properly, you have to try out all the edge cases: you have to do the nutty or extraordinarily dumb things that some ordinary users do. In my experience, QA never has enough time to do edge-case testing well. Even if they got the time, users are amazingly creative and keep coming up with new (strange) ways of (mis)using the product.

Arnott's pretty sympathetic to the Apple engineering and QA staffs, and I'm inclined to agree with him. If you want to know why you should too, read his piece.

(I completely understand if you don't feel like giving Apple the benefit of the doubt. If my car stalled after I drove away from the mechanic, I wouldn't feel too sympathetic toward him. Having written code for a living, though, I know how problems can slip by, especially in a deadline crunch.)

Sunday, September 28, 2014

Perspective on smartphone security

Apple's iOS 8, the latest release of its iPhone/iPad operating system, will encrypt much of the device's contents if you use a passcode or password to access the device. This has sent law enforcement into a tizzy.
“Apple will become the phone of choice for the pedophile,” said John J. Escalante, chief of detectives for Chicago’s police department. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”
Even F.B.I. director James Comey got into the act. From the New York Times article:
At a news conference on Thursday devoted largely to combating terror threats from the Islamic State, Mr. Comey said, “What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.”

He cited kidnapping cases, in which exploiting the contents of a seized phone could lead to finding a victim, and predicted there would be moments when parents would come to him “with tears in their eyes, look at me and say, ‘What do you mean you can’t’ ” decode the contents of a phone.

“The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense.”

Director Comey should stop watching 24 reruns. His tone-deaf and frankly idiotic remarks merely fuel the substantial mistrust of government that exists among even law-abiding and generally patriotic citizens like myself. (Note, though, that there's a compelling argument that Comey's bluster is just that, bluster, a theatrical performance to hide the fact that the N.S.A. actually would have no difficulty breaking Apple's encryption. I think that's at least as plausible as the other leading hypothesis for Comey's remarks, i.e., that he's an incompetent moron.)

Comey's argument rests on the assumption that it's not merely normal, but proper, for law enforcement to be able to access the data in your personal computing device with no impediment other than gaining physical possession (and a warrant, at least in some jurisdictions).

That assumption is wrong.

I repeat: that assumption is wrong.

Moreover, the real reason for the encryption has nothing — nothing — to do with thwarting law enforcement. I'll get to that shortly. First, though, let's think through the principles here, rather than getting caught up in the technology.

Consider a different law enforcement need: access to your home. If law enforcement needs to get inside your home, officers or agents obtain a search warrant, present it to you and you reluctantly permit them entry. If you refuse, they can legally break the door down.

Your personal computing device must be subject to the same protections. It is no less personal a domain than your home, even if it is as easily taken from you as your wallet. (Incidentally, rifling through your wallet shouldn't automatically be legal for police, either. I don't know what the current law is on that.)

What ticks off law enforcement is that there's no widely available battering ram right now for the average personal computing device. (On the other hand, many people are dumb enough not to have some kind of passcode protecting their device. This is the equivalent of leaving the front door unlocked.) Law enforcement has relied for ease of access on the indifference of device and software manufacturers. They have not made widespread encryption the default behavior on their devices. It has been available for some time, but it has been used only in limited contexts — to protect passwords, for instance. To encrypt your own data, especially on iOS devices, has not been terribly easy. With iOS 8, it will happen with minimal effort.

Law enforcement is obviously disgruntled that its job has been made that much harder. But does that justify demanding, or at least petulantly whining, that the front door to your personal computing devices be incapable of being locked?

That's what this really comes down to: law enforcement wants your digital front door to be not merely unlocked, but incapable of locking.

Put so baldly, that's quite a startling position, isn't it?

Would we accept police demands that our front doors not be capable of locking? Of course not. Do we accept that locked doors protect criminals and terrorists as well as you and me? Yes. We may not like it, but we accept it.

Why do we accept that tradeoff? Because we need locked doors. Even if you live in a low-crime area and you typically leave your door unlocked, you like to know that you can lock it if need be. Most of the time it's not the police trying to break into your home.

And that brings me to the real reason for the new encryption feature: our personal computing devices can be stolen. We need to be confident that the thief can't gain access to our personal data. This might include names, addresses, phone numbers, birthdays, voicemail and text messages, maybe even confidential information like your credit card numbers. If it's a phone, it might serve as a token for near-field communications payment systems or the new Apple Pay system. Phones can also serve as the second leg of a two-stage authentication system for login. The loss of a smartphone these days can be a disaster.

Every security measure is a tradeoff. For the device-encryption question, we could probably do extensive studies to determine whose interests are a higher priority to society. Or we could default to preferring the rights of law-abiding citizens over the limited number of high-stakes cases that depend on unfettered access to personal computing devices.

You may be tempted to believe that the consequences of a lost or stolen phone are purely financial, and therefore the possibility of saving innocent lives that Comey holds out should unconditionally take precedence. At first blush, that's a compelling argument (if you buy into the distinctly TV-show-ish premise, which I find difficult to do). But if we truly lived according to that principle, we'd give up our privacy altogether. After all, a crime like kidnapping requires that the kidnapper be able to operate invisibly. We could eliminate the possibility of kidnapping simply by making it impossible for any of us to live our lives without scrutiny.

That, of course, is not how most of us want to live. So we do our best to reduce the possibility of kidnapping without shredding our right to live our lives freely. Is it a good tradeoff to let the kidnapper keep his secrets on his phone, if at the same time hundreds or thousands of law-abiding citizens can breathe a little easier because their stolen phone won't result in their lives being open to the thief? Kidnapping is a rare event and it's hard to imagine that the key to cracking the case will lie solely in the putative kidnapper's phone. I therefore say that wholesale encryption on personal computing devices is, on balance, a good thing even if it makes law enforcement harder. After all, law enforcement would be easier with unlocked doors, too.

Matthew Green has a slightly different take on why Apple introduced the encryption feature. He points out that any back-door access maintained for law enforcement can't be guaranteed to remain accessible solely to law enforcement, so customer data could be opened up to criminals through that back door. Apple therefore understandably prefers not to be the arbiter of such access, and so has made it technically impossible to violate its customers' privacy. Green's is a good argument. I still think, though, that some of the impetus is customer demand. The San Francisco Bay Area is a hotbed of smartphone theft and Apple's employees themselves likely have been victims, or they know people who have been victims. The issue has also received extensive coverage from local media outlets. All this would have influenced both engineers and managers to make this feature a priority.

Whatever the impetus, the new encryption feature is a good thing.

We have been conditioned since 11 September 2001 to make national security a priority. This has resulted in our law enforcement authorities having a warped perspective on how our lives should be lived. It's long past time we pushed back. The new encryption feature in iOS 8 is one way to do so. Heaven knows that if we permit gun sales to be as lax as they are, there's no good argument in favor of restricting encryption on our personal computing devices. Don't let Comey or anyone else distract you from the real point. It's not about national security. It's about personal security.

Cars are not safes

I've lived in an urban area and tourist mecca my entire life and certain habits have become automatic. One of them is never to leave anything in my car. May I strongly recommend that you adopt that habit too, especially if you visit urban areas and/or tourist meccas?

I'm always surprised by how many people think of their cars as mobile safes. They blithely leave backpacks and purses in plain sight in the passenger compartment, or, if they're a bit more security-minded, in the trunk.

Newsflash: the only thing keeping somebody from breaking into your car is laziness. Thieves will break into a car for just about anything. Somebody once broke into mine to take a paperback book.

Aren't they scared of crowds? Not really. How many streets are that busy? And even on busy streets, how many people will interfere, even if they notice anything's amiss?

Good thieves are efficient. Among a bunch of parked cars, they'll first target those that aren't empty. An empty interior is the first and best deterrent to a break-in.

What about the trunk? Well, if you can open the trunk from a lever next to the driver's seat or by folding down the rear seat backs, your valuables are no safer than if you left them on your seat. However, if you must leave stuff in the car, it's the best option you've got.

Put stuff in the trunk just before you leave your current parking spot. Thieves hang around parking lots and sidewalks to see who's putting goodies away. Leave right after you load your trunk and you literally remove their chance to steal from you. On the same principle, don't draw attention by opening your trunk when you park.

Are these precautions obvious? I thought so. But on the news I heard about a couple from Hawaii who left their backpacks in their rental car while they stared out at a beautiful view. The packs were stolen, of course. Hawaii being one giant tourist attraction, you'd think Hawaiians would know better. And they probably do — but vacations make fools of us all.

Friday, September 26, 2014

Easy targets

I like The Daily Show. Search this blog for "Jon Stewart" and you'll see I've made that clear.

Thursday night's show was unusually pointed, which is usually a good thing. The targets, though, were almost beside the point: Fox News and the Washington Redskins.

For Elmer Fudd to be an entertaining foil for Bugs Bunny, the writer has to do more than make fun of Elmer's denseness. By the same token, for Fox News to be a good target for Stewart's satire, the show has to do more than point up the network's hypocrisy. Hypocrisy is as fundamental to Fox News' DNA as stupidity is to Fudd's. (There's a large component of willful stupidity to Fox News too, but that's beside the point here.)

And to hold up Redskins diehards as utter morons incapable of empathy or understanding, well, the entire media beat you to it, guys. There was absolutely no twist to Jason Jones' piece. Even incorporating the Redskins fans' mortified reactions as quoted in the Washington Post didn't tell us anything new, unless you count finding out that there are still people who don't realize that appearing in a Daily Show segment is not likely to enhance your reputation.

Yeah, I still get a bit of a charge out of Stewart telling Fox News to shut the fuck up. It's still a bit gratifying to be reminded I'm on the right side of history regarding the name "Redskins". But I expect more than just a bit of entertainment and gratification. You guys have set the bar high for exploding my assumptions and making me think. You didn't exactly leap over it Thursday night, though.

Sunday, September 14, 2014

Kanye can go to hell

I'm not sure Kanye West is intrinsically a more self-centered piece of shit than other major pop stars, but he did pull a classic self-centered-piece-of-shit pop star tantrum in Australia a couple of days ago, halting his show because — gasp! — not everyone in the audience would oblige his demand to stand up and dance during one of his numbers.

Turns out the two — yes, two — non-compliant audience members couldn't stand: one was in a wheelchair and the other had a prosthetic leg. Once Kanye verified their bona fides, he carried on.

To Kanye's fans: stop enabling him. Stop buying tickets until he stops being a self-centered piece of shit.

To Kanye: go fuck yourself. You are there to entertain them, asshole. They decide whether to oblige you by standing up — or even showing up. Why don't you show some gratitude to your audience for being there, you entitled piece of shit?

Thursday, September 11, 2014

R.I.P. iPod

Tuesday, 9 September 2014, was the day Apple pulled the plug on the non-computer product that redefined the company.

The iPod wasn't the first portable music player with a hard drive. It was, however, the first one that the public embraced in a big way. That's hard to remember today, when the company is far better known for phones and a still-unreleased watch, not to mention those by-now almost-afterthoughts, computers. But a music player is built into every one of those still-shipping (or soon-to-be-shipping) products because of the success of the iPod.

You probably don't lament the demise of the iPod, or rather, of the iPod Classic, the iPod with the hard drive. There are other iPods still being made, for one thing. More importantly, you probably have your music on a smartphone these days and the idea of a standalone music player is kind of weird, or at best quaint.

However, a few of us mourn the loss. Hard drives may seem quaint, but the storage costs are quite reasonable compared to flash memory. The iPhone 5s maxes out at 32 GB of storage, the iPhone 6 at 128 GB; the last iPod Classic held 160 GB. Plus, that iPod Classic was (forgive me for relying on memory: it has been a while since I looked at the price) somewhere in the range of $250-300, whereas the 64 GB iPhone 6 is $299 and the 128 GB iPhone 6 is $399. You can argue that you're buying more than a mere music player for that money, but sometimes all I want is a music player!

I have a large music library and sometimes I want as much of it with me as I can. I don't want to access my music over the network, as music subscription services require. On foot, on transit or even in a car, the network simply isn't accessible; even if it's available, it's often undesirable to take advantage of it (access is costly or untrustworthy).

In short, the iPod Classic still very much has a place in my life.

The Los Angeles Times' Michael Hiltzik wrote a nice valedictory to the iPod Classic. He linked to three other elegies, only one of which, from Forbes' Hugh McIntyre, is worth reading.

I'm disappointed and unhappy that Apple has washed its hands of the iPod Classic, and in some respects, of me.

Sunday, September 7, 2014

The Star Trek movies

I've been a Star Trek fan for as long as I can remember. I grew up watching reruns of The Original Series and I've watched all of the movies, even the Next Generation ones. As much as I liked TOS, and as good as some Next Generation episodes were, the movies are a decidedly mixed bag.

First, the Next Generation movies. They're uniformly mediocre. The stories fail to involve the audience: it's impossible to care about what happens.

Next, the J. J. Abrams reboots. 2009's Star Trek is a hoot in spite of the story's criminal violations of physics. 2013's Star Trek Into Darkness is a different story (ahem). It's loud and visually impressive, but the storytelling is a mess: too much happens for any of it to have an emotional impact on the audience. I also think the characterization of Spock is way, way off, especially in his confrontation with the villain.

That leaves the six movies starring the cast of The Original Series.

Star Trek: The Motion Picture is a stately bore. The best that can be said is that the crew is good at their jobs. (That's a greater compliment than you might think: keep reading.)

Star Trek II: The Wrath of Khan is most people's pick for the best of the bunch, and looking at it dispassionately I have to agree. My only criticisms are the inconsistencies between the movie and its precursor TV episode, "Space Seed", and Kirk's unaccountable failure to follow (sensible) procedure before the Enterprise's first encounter with Khan and company. This is the first obvious instance of what I call "competence rot", but it won't be the last.

Star Trek III: The Search for Spock is necessary from a continuity standpoint, but as a standalone movie it just lies there, not terrible, but not particularly great, either. On the plus side, the competence rot afflicts not Our Heroic Crew, but their would-be pursuer, the captain of U.S.S. Excelsior. Indeed, Sulu and Uhura will never fare better than this movie: they are badasses.

Star Trek IV: The Voyage Home is my favorite of the bunch, but I have to admit it's pretty silly. Its saving grace is acknowledging the silliness and maintaining an appropriately light tone throughout. Unfortunately, in keeping with that light tone, competence rot is widespread: Chekov is implausibly idiotic throughout, reaching a nadir of idiocy during his interrogation by government agents; Scotty heedlessly passes along future technology; Spock repeatedly sticks out like a sore thumb even though he is a careful and cautious observer by nature and should easily have been able to keep a lower profile.

On its release, Star Trek V: The Final Frontier displaced The Motion Picture as the worst of the original cast's movies, hands down. Competence rot is at parodic levels: Scotty bangs his head on a bulkhead immediately after boasting of his categorical knowledge of the ship's layout; Sulu and Chekov get lost on Earth; Uhura loses her head (not to mention her good taste) and falls for Scotty, of all people. The topper? The entire crew misses the approach of a hostile ship. This is a flaming wreck of a movie that, in spite of stiff competition from a couple of the Next Generation films, remains the leading contender for the worst Star Trek movie ever.

I suspect Star Trek VI: The Undiscovered Country was made because nobody wanted Star Trek V to be the original cast's final appearance: it would have been just too embarrassing for all concerned. Except for being their last hurrah, however, The Undiscovered Country isn't a particularly distinguished entry in the series: it's workmanlike but clunky. Competence rot is as embarrassing and widespread as in Star Trek V, maybe even more so. Chekov is a moron who doesn't know what happens if you fire a phaser onboard the Enterprise and can't carry out an investigation; Uhura doesn't have the vaguest grasp of the Klingon language, in spite of the Klingons being the Federation's main enemy for decades; McCoy doesn't know Sulu has his own command even though Sulu has been a captain for at least three years at the time the movie opens. Spock even (deservedly) suspects himself of losing his grip when brooding in his quarters. You know competence rot is bad when the characters comment on it.

Man ... I didn't realize the Trek movies were such a sorry lot until I wrote all this down. It's a testament to the blind loyalty of people like me that even the low quality of most of these films hasn't stopped them from making a lot of money.