Link

The Cure For Pessimism? Action

GQ has a good interview with Yvon Chouinard, the founder of Patagonia. It’s far-ranging, covering the company’s attitude to making clothing, to climate change, to politics. But what really struck me was this:

Gradually, the conversation went even darker. About Trump, Chouinard added, “It’s like a kid who’s so frustrated he wants to break everything. That’s what we’ve got.” I asked sarcastically if any part of him was an optimist. Marcario, sitting next to him, laughed loudly. “Did you just ask Yvon if he’s an optimist?” Chouinard smiled and cocked his head. “I’m totally a pessimist. But you know, I’m a happy person. Because the cure for depression is action.”

I would note that I think action is the cure for pessimism, as opposed to depression; one is a state of mindset whereas the other is often a serious mental condition that can require professional assistance. But that nitpick aside, I think he’s correct that you press through pessimism by acting to make the world a little bit better every day than how you started it.

Link

Apple Pay Has Problems

John Gruber is ripping into the Wall Street Journal for their reporting on Apple Pay. Specifically, he complains that the Journal didn’t explain how to remove an alert that is meant to encourage people to set up Apple Pay, agrees that Apple has done a bad job explaining how Apple Pay is more secure than using an actual credit card, and mocks an analyst’s comparison to Apple Pay to Microsoft’s antitrust cases in the 1990s and early 2000s.

I agree with a lot of what John wrote but, at the same time, think that it’s all too easy to dismiss complaints about Apple Pay. I work amongst an incredibly technical group of colleagues. Many of us have iPhones. But I’m the only person who uses Apple Pay with any regularity…and I’ve run into issues time after time. Let me list some of the problems I’ve experienced:

  1. I tried to return an item I bought using Apple Pay (linked to my credit card). But when I returned it the credit card number displayed on the receipt was different from that on my credit card…so the retailer refused to take the return.1 It was only after I undertook some independent research that I figured out how to pull up the temporarily assigned number in Apple Pay and, then, additional time to educate the frontline staff, the manager, and then wait for the manager to call central office to confirm they could process the return. Time to return a product to a store that was down the street from me? About 3-4 hours split over 2 days. I wouldn’t have the same issue if I’d just bought the item with my physical credit card.2
  2. Apple Pay doesn’t work as reliably with tap-enabled Point of Sale machines. I’d say that I have about an 85-90% ’hit’ rate with Apple Pay versus using the tap feature of my credit card. That makes Apple Pay less convenient than a tap-enabled credit card or debit card.
  3. Various Point of Sale machines have disabled tap and force me to use one of my chip/PIN cards. This is typically done in restaurants or retail locations where either they can’t afford to fix their Point of Sale machine or refuse to pay to enable the feature (or simply haven’t upgraded their machines to accept tap payments). So I have to carry my regular credit card and debit card with me, wherever I go, on the basis that I can’t trust that I can use Apple Pay at any given location.
  4. Sometimes Apple Pay just doesn’t work. I have no idea what the problem is but there are times where I just have to remove the cards and re-add them to Apple Pay. I don’t know why this takes place but it happens at least once a year. And I find out about it when I’m trying to pay for something. I don’t have this problem with my credit card.3

Do I like Apple Pay? I do, actually, and I use it a lot. But I’m willing to deal with the above teething issues as an early adopter. Security is fine and good, but for the majority of people usability is the most important component of using a product. And Apple Pay remains, in my eyes, only mostly-usable. It needs to be a lot more reliable before it is adopted by the mainstream.

  1. I know: this is a security feature (one I love!) but it’s a feature that’s been introduced without an equally clear explanation of how to find the temporarily used number. This education needs to happen at both the end-user and retailer level.
  2. And I have no clue what you’d do if you lost your phone or it was stolen between the time of purchasing an item with Apple Pay and wanting to return it.
  3. To be fair, I have to replace my debit card (rarely used either as the card or in Apple Pay) approximately every six months because it just stops working. But this hasn’t ever happened with my credit card, which is my primary way of paying for everything.
Link

Cellebrite can unlock any iPhone (for some values of “any”)

An update by Ars Technica on Cellebrite’s ability to access the content on otherwise secured iOS devices:

Cellebrite is not revealing the nature of the Advanced Unlocking Services’ approach. However, it is likely software based, according to Dan Guido, CEO of the security firm Trail of Bits. Guido told Ars that he had heard Cellebrite’s attack method may be blocked by an upcoming iOS update, 11.3.

“That leads me to believe [Cellebrite] have a power/timing attack that lets them bypass arbitrary delays and avoid device lockouts,” Guido wrote in a message to Ars. “That method would rely on specific characteristics of the software, which explains how Apple could patch what appears to be a hardware issue.”

Regardless of the approach, Cellebrite’s method almost certainly is dependent on a brute-force attack to discover the PIN. And the easiest way to protect against that is to use a longer, alphanumeric password—something Apple has been attempting to encourage with TouchID and FaceID, since the biometric security methods reduce the number of times an iPhone owner has to enter a password.

This once again confirms the importance of establishing strong, long, passwords for iOS devices. Sure they’re less convenient but they provide measurably better security.

Link

Serious Vulnerabilities (Probably) Found in All iOS Devices

From Forbes:

The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company’s literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.” Separately, a source in the police forensics community told Forbes he’d been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple’s newest devices worked in much the same way.

If Cellebrite has, indeed, found a way of compromising all iOS devices then they’ve accomplished a pretty impressive task. I have to wonder whether the vulnerabilities emerged from studying the iBoot leak or their own software or hardware research. Assuming Cellebrite’s claims are legitimate they serve to underscore the position that government’s shouldn’t introduce backdoors or vulnerabilities into devices given that doing so will only exacerbate the existing problems associated with securing devices. Security is designed to add friction, not totally prevent an unauthorized party’s actions, and deliberately reducing such friction will put all users at greater jeopardy.

Link

The Forgotten History of New York’s Bagel Famines

Natasha Frost haswritten a really great piece on the history of bagels in New York:

The men of Bagel Bakers Local 338 were not to be trifled with. Founded in the 1930s, all 300-odd initial members were Yiddish speakers who descended from these hardy early bakers. Joining required a family connection—though this wasn’t sufficient on its own. Only after three to six months of apprenticeship, once a “bench man” had attained a minimum rolling speed of 832 bagels an hour, could members’ sons and nephews be grudgingly brought into the fold and given labor cards.

But Local 338 was different. Bagels were acquiring a special cachet among Jewish Americans, and bakers grew wise to the value of their special skills. Within eight years of formation, the union had contracts with 36 of the largest bakeries in the city and New Jersey. They had a ferocious reputation—non-union bagel makers were few and far between, and the holdouts experienced threats and day-and-night picketing until they toed the line.

I had no idea just how political bagel making was, nor how significantly the union was brought to its knees following the creation of Thompson’s ‘bagel machine’ in the 1950s. If you love your morning bagels — and spend the time to hunt down places that still make them by hand — you’ll love the article that Frost has put together.

Link

The True Cost Of “Free” Professional Services

Leah Miller has a good take on Unsplash, a website where photographers donate photos which can subsequently be used without royalty or attribution:

They bill themselves as “Beautiful FREE photos for Everyone”. That means anyone, including businesses can go to their website and download unlimited amounts of photography (and some of it is very good) work without attribution or payment to the individual(s) who created them. Furthermore there is no requirement for Model or Property Releases which guarantees that the photographer and end user are likely to get sued. Don’t believe me? Do a search on that website of any popular brand you can think of…sportswear, etc. You will not see a single RELEASE for those images in sight. Large companies like Apple will sue the pants off you should they get wind of their products/logos etc. being used commercially. That “EXPOSURE” you got in return for the image of a Nike sneaker you posted (and was subsequently downloaded and used commercially) won’t be worth an ounce of mercy when that first lawyer letter hits your mailbox.

When you purchase a “creative” person’s professional’s services, be they from a photographer, programmer, editor, writer, or marketer, you’re paying for more than the finished thing that the professional is providing. You’re paying for the suite of skills and talents and knowledge that surround the finished product, and some of those skills and talents and knowledge are largely invisible to the client. And that’s fine: it’s what’s being paid for. But if you get something for free or at a deeply discounted price it’s important to know that all those hidden extras that you don’t see when you hire a professional can quickly become your problem. Sometime those problems are just a massive pain in the ass when they arise. But at their worst they can be a terrible drag on whatever you have going on in your life and career, and can be poison to either your hobby, your side gig, or your professional career.

Link

Apple’s Data Stewardship Questioned, Again

Matt Green has a good writeup of the confusion associated with Apple’s decision to relocate Chinese users’ data to data centres in China. He notes:

Unfortunately, the problem with Apple’s disclosure of its China’s news is, well, really just a version of the same problem that’s existed with Apple’s entire approach to iCloud.

Where Apple provides overwhelming detail about their best security systems (file encryption, iOS, iMessage), they provide distressingly little technical detail about the weaker links like iCloud encryption. We know that Apple can access and even hand over iCloud backups to law enforcement. But what about Apple’s partners? What about keychain data? How is this information protected? Who knows.

This vague approach to security might make it easier for Apple to brush off the security impact of changes like the recent China news (“look, no backdoors!”) But it also confuses the picture, and calls into doubt any future technical security improvements that Apple might be planning to make in the future. For example, this article from 2016 claims that Apple is planning stronger overall encryption for iCloud. Are those plans scrapped? And if not, will those plans fly in the new Chinese version of iCloud? Will there be two technically different versions of iCloud? Who even knows?

And at the end of the day, if Apple can’t trust us enough to explain how their systems work, then maybe we shouldn’t trust them either.

Apple is regarded as providing incredibly secure devices to the public. But as more and more of the data on Apple devices is offloaded to Apple-controlled Cloud services it’s imperative that the company both explain how it is securing data and, moreover, the specific situations under which it can disclose data it is stewarding for its users.

Link

Transparency Follows After Trust Is Lost

Via Wired:

Speaking at Davos, Uber CEO Dara Khosrowshahi pointed out that consumers face a challenge in trying to understand tech’s influence in the age of big data. He called this an “information asymmetry.” In his previous job, as CEO of Expedia, Khosrowshahi said, customers were shown a tropical island while they waited for their purchase page to show up. As a test, engineers replaced the placid image with a stressful one that showed a person missing a train. Purchases shot up. The company subbed in an even more stressful image of a person looking at a non-working credit card, and purchases rose again. One enterprising engineer decided to use image of a cobra snake. Purchases went higher.

What’s good for a business isn’t always good for that businesses’ users. Yet Khosrowshahi stopped testing because he decided the experiment wasn’t in line with the Expedia’s values. “A company starts having so much data and information about the user that if you describe it as a fight, it’s just not a fair fight,” said Khosrowshahi.

The tech industry often responds to these concerns with a promise to be more transparent—to better show how its products and services are created and how they impact us. But transparency, explained Rachel Botsman in the same Davos conversation, is not synonymous with trust. A visiting professor at the University of Oxford’s Said School, Botsman authored a book on technology and trust entitled “Who Can You Trust?” “You’ve actually given up on trust if you need for things to be transparent,” she said. “We need to trust the intention of these companies.”

I think that it’s how little design flourishes are used to imperceptibly influence consumers that should be used to justify more intensive ethics and legal education to designers and engineers. Engineers of physical structures belong to formal associations that can evaluate the appropriateness of their members’ creations and conduct. Maybe it’s time for equivalent professional networks to be build for the engineers and developers who are building the current era’s equivalents to bridges, roads, and motor vehicles.

Link

The Roundup for January 20-26, 2018 Edition

Terminus, 2018, Toronto by Christopher Parsons

I’ve been thinking about how high technology is continuing to develop at a pace that outruns the least well off in our Western societies. I think that this was best crystallized in Amazon’s opening of its first Amazon Go store, which does away with cashiers and replaces them with cameras and sensors that automatically identify what you acquire for purchase and charge you as you leave the space. There are at least three (immediate) concerns that strike me with regard to these kinds of technologies:

  1. As noted by Hanna Brooks Olsen, these are inherently cashless technologies. Consumers will enter the store with their smartphones, cameras and sensors will track them, and be billed automatically to their debit or credit card(s) associated with the Amazon account. For persons who have a hard time acquiring a smartphone, or having it repaired when damaged, or opening a bank account or obtaining a credit card, or possessing a language barrier, or without access to a convenient and reliable place to charge their devices, or those who rely on the cash economy, these kinds of ‘convenient’ stores are nearly impenetrable fortresses. Those who cannot enter and purchase goods in the stores will be those who are often the least privileged and, rather than being confronted by the diversity of the human population, shoppers in Amazon Go-type stores will have some portion of society’s diversity simply deleted from their shopping experience. As stated by Olsen, “cashless life … is necessarily one of privilege.”
  2. These are anti-labour technologies. In promoting ‘convenience’ Amazon Go and equivalent technologies remove a certain portion of low skill jobs that many people depend on for their livelihoods. While the popular conception is that it’s just students who have these kinds of jobs, simply looking at service jobs belies this point: the age groups which have sales or sales service jobs are rising, and this is exacerbated by an older population who has to work longer into their retirement years simply to survive, let alone thrive. By removing, or at least significantly reducing, the number of low-skill jobs the numbers of persons who are struggling and unable to find work will increase and their social hardships be exacerbated.1
  3. Cashless systems and those which remove labourers are inherently political technologies. They are technologies designed for a particular set of people, to solve what one group in society regards as ‘problems’, and which could significantly reshape how elements of society operate. Should these technologies cease to be ‘technology’ per se and be normalized as ‘infrastructure’ then it will be challenging to ‘reformat and replace’ the technology and ameliorate its long-term social impacts.2 Transforming cashless into infrastructure threatens to deepen the the aforementioned difficulties.

Aren’t there solutions to the aforementioned problems? Of course there are. But any solutions will likely impose costs on those who are developing, advocating for, and using convenience technologies that detrimentally affect the least well off or privileged. Solutions might entail:

  • establishing a guaranteed way for all persons to obtain banking accounts with diminished identification or language requirements;3
  • providing either a basic living wage or reducing the barriers to accessing social welfare benefits, to offset the reduction of low-skill employment opportunities; or
  • reducing educational costs or fully subsidizing such costs so that we as a society can improve the educational status of many of those affected by shrinking low-skill labour. However, education is often seen as the silver bullet when it should be regarded as a tarnished and dented brass shield instead: educational requirements for mid-skilled labour may be too onerous for some persons who have mental, psychological, or physical challenges. Similarly, if there is a major gap between initial education and when it is (re)required, such as when a middle income person loses their job after 25+ years of performing the same tasks, then a short 6- or 12-month course may be insufficient. Education may help to address some job loss linked to convenient technologies but education, alone, is insufficient to ‘solve’ the social challenges linked with such technologies and infrastructures.

It’s pretty rare that major news reports about novel and emerging technologies are accompanied with real-work implications of the technologies, should they transform to infrastructure. It’s even rarer for minor news reports to consider the social, ethical, or political implications of new technologies. Instead, the focuses tend to be on whether a new user interface is ‘fun’ or ‘convenient enough’ or ‘fast enough’. Those are the concerns of the majority. We need to far more seriously consider how our developing technologies will affect those least well off, or else risk further stratifying social and economic divides and widening the rift between the most and least privileged members of society.


Quotation of the Week

“We cannot retreat to the convenience of being overwhelmed.”

– Ruth Messinger

Great Photography Shots

I really appreciated the humour in these urban camouflage shots!

Music I’m Digging

Neat Podcast Episodes

Good Reads for the Week

Cool Things

Footnotes

  1. The current Amazon Go location does have employees working there, just not as cashiers, and the company hasn’t taken the population of would-be-cashiers and moved them to other locations. The very point is to remove cashiers as an occupation and number of employees from the experience.
  2. If you’re interested in this line of analysis — that technology is inherently political — I’d suggest reading Langdon Winner’s book, The Whale and the Reactor: A Search for Limits in the Age of High Technology.
  3. One of the challenges to obtaining a bank account is that customers may require a fixed address, telephone number, or other identifiers. While such identifiers are often stable and available to the majority of the population they are fluid for those who lack secure housing, employment, and other ‘normal’ components of daily living.