I like technology, but I like owning the things I own

As easy as it is to hate computers, every so often I like to look around and remind myself that we’re living in The Future. Technology that is fairly routine today seemed so impossible when I was a kid. It’s not slowing down, either. Consumer technology, in particular the “connected home”, is making great advancements. But with great functionality comes great headaches. There are any number of reasons to be concerned about the rise of the machines, but here’s one.

If you’re one of the (apparently few) people who bought a Revolv hub, you probably wanted to make your life easier. The ability to control your lights, thermostat, etc from a smartphone is incredibly appealing. But come June 19, you can’t. Alphabet’s Nest bought Revolv back in October 2014 and has decided to shut down the service. It’s not just that the hubs will be unsupported, they will essentially become hummus-container-shaped paperweights.

Despite my hatred for computers, I actually like technology in general and I really like having fun new toys to play with. Even so, I have a hard time talking myself into purchases where I don’t really own what I own. I understand if a company decides that keeping a central service running for an unused or outdated product is no longer viable, but I’d still like to be able to play with it in standalone mode.

I have friends who strongly distrust relying on locked-in external services. If they can’t host it themselves (or at least have it hosted by a third party where they can freely move should the need arise), they don’t use it. I sympathize with that position, but I tend to take a more practical approach. There are a lot of things I let other people do — either in exchange for payment or in exchange for serving me ads — that I could do myself. I’d just rather spend my time and energy elsewhere.

A smart home system that is self-contained appeals to me greatly. I’d love to be able to go away during the winter and leave my thermostat at “just don’t let the pipes freeze, okay?” but when I get an hour from home, have the furnace fire back up. If that system requires the vendor to decide to keep their servers on, I’m not really interested (without even considering privacy and security implications). The “*aaS-ification” of technology offers great benefits to those who cannot implement technology solutions for themselves, but it also creates great risk.

April Opensource.com articles

Well, Opensource.com didn’t set any monthly traffic records this time around, but it was still another great month. I stepped up my contribution game this month, too:

The amorality of technology

Technology enthusiasts often argue that technology is amoral. When a technology is used for unsavory purposes, that’s a failing of the user not the technology itself. That’s valid to some degree. This argument is sometimes extended to the development community around a technology. That’s never valid.

The delusion that technology, particularly open source projects, is a meritocracy because computers are incapable of moral judgements is ludicrous. Too often “merit” is used to mean “competence from people like me”. To ignore issues of social justice under the guise of “meritocracy” is to implicitly support discrimination.

As I wrote a few weeks ago, even the most well-intentioned of us have implicit biases that color our thoughts and actions. Pretending that they don’t exist or don’t matter does nothing to counteract them. I won’t go so far as to suggest that no one with unsavory views be allowed to participate in a community, but community leaders should expect pushback when their words or actions make contributors or potential contributors feel unwelcome. The contributions made to the community are just as important as those made to the code.

So what about the technology itself? Do developers owe a duty of care to the morality of a technology’s use? Yes, I believe they do. Microsoft’s recent embarrassment with a Twitter chat bot shows how quickly a supposedly amoral technology can be corrupted. I don’t expect a completely incorruptible chat bot, nor do I think adding some guardrails is an easy task. I do think that putting something like that out in public is asking for trouble (a lesson Microsoft has learned in the past and apparently forgotten). It’s a poor reflection on humanity that this is an issue at all, but here we are.

When we develop or promote technology, it is vital that we not use the amorality of ones and zeros as an excuse to ignore the human context. We owe it to our communities and to our users to understand and acknowledge the human element. In the end, what we create is a reflection of us.

April Foolishness

As should surprise no one, the Internet loves April Fools’ Day. The Internet also hates April Fools’ Day. Although it has apparently been celebrated for centuries, only in recent years have corporate marketing departments gotten into the act with such gusto. As a result, every web posting must be viewed with suspicion on April 1.

Some people are of the opinion that this corporate foolery is played out. Even Google, a perpetual home-run-hitter, had a big strikeout this year. A few hours into the “mic drop” feature, it was pulled from GMail after users complained of problems when they accidentally triggered it. Will this be the end of Google’s April Fools efforts? I’m sure it won’t be, but it may cause them to be more conservative next year. Will that mean it ends up not being funny? Quite possibly.

Not everyone had a bad day, though. The election insurance commercial from Esurance was brilliant. Virginia Commonwealth University had an amusing video about its “Tats, not SATs” policy. But the winner has to be the adult video website Pornhub, which became “Cornhub” for the day.

These examples show what a good corporate April Fools’ Day joke is like. Like Hippocrates, first do no harm. Funny videos or blog posts are good strategy because your users can’t do much more than not get the joke. Anything that involves actual functionality should only be used with extreme caution. Make it safe.

Next, the post should be clearly fake. This is tough to do because you want your joke to have the appearance of being serious while still having that air of self-awareness. Think of it like a Saturday Night Live sketch. Everyone knows it’s over the top and the actors play to that, but as soon as they crack a smile, it loses something. (As an aside, that’s why I’m not a Jimmy Fallon fan.) The point is your want people laughing at your joke, not at people who didn’t get it.

Last, and most importantly, it must be funny. If it’s not funny, stop. Find something else to do. Don’t try to be funny and then be unfunny because it’s painful for everyone. The Verge has a post ranking some of this year’s jokes.

What3Words as a password generator

One of my coworkers shared an interesting site last week. What3Words assigns a three-word “address” to every 3m-by-3m square on Earth. The idea behind the site is that many areas of the world don’t have street numbers and names, and a three-word combination is much easier to remember than latitude/longitude pairs. Similar combinations are deliberately placed far apart so as to make them unambiguous.

It’s an interesting idea, but I immediately began thinking of a different use for it. What if people used it to come up with long, memorable, and hard-to-guess passwords? After all, the longer a password is (generally speaking), the better it is. And while correcthorsebatterystaple might be amusing, it’s much easier to remember a place. So you pick a memorable spot on the map and now you have a long password that you can look up if you forget it.


XKCD "Password Strength" by Randall Munroe. Used under the Creative Commons Attribution-NonCommercial 2.5 license.

This method isn’t perfect. The main problem is that with a 3x3m grid, it’s very sensitive to differences in location. But especially for the technically unsavvy, it can be a good way to enable better password habits.

Sidebar: why Randall Munroe is wrong (-ish)
There’s another reason What3Words isn’t perfect, and the XKCD cartoon above is subject to the same weakness. If a password cracker knows people are mostly using concatenated words, they’ll start guessing combinations of words instead of combinations of characters. These sorts of passwords are stronger when they’re rare. Of course, there are trivial ways to mitigate the risks (insertion of special characters, selective capitalization, etc.).

Still, given the choice between a 20-character random string and a 20-character set of words, I’ll take the random string as my password (unless the site/app disables paste, in which case I’ll cry). I use a password manager precisely so I don’t have to worry about trying to balance security and memorability. The What3Words method could be helpful as a password for my password safe, though.

Further defense of 140 characters

Last fall, when rumors began swirling that Twitter was looking at increasing the 140 character limit on tweets, I wrote a defense of the 140 character constraint. Last week, Re/Code and others reported that the limit change may come in March and that it could be as large as 10,000 characters.

Everything I wrote back in October still holds true. 140 characters, now that SMS is no longer a primary method of interacting with Twitter, is probably to small. But 10,000 is too large. The first four paragraphs of this post are 1,244 characters. Can you imagine a timeline full of that (or more)?

It’s not just “oh noes! They are changing a thing!”, which is a common reaction whenever Facebook changes anything. Twitter has made a lot of changes that I think are great: retweets (yes, kids, retweets used to be a manual process that often required editing the tweet in order to be able to fit “MT @name” in front of it), quoted tweets, embedded images, polls (even though there’s a lot to be improved on there), and 10k character direct messages.

In this case, the short limit is what makes Twitter. As my friend Zachary Baiel said “The medium is the message. The character limit of Twitter defines itself. Otherwise, it’s a stream of blogs.”

Twitter emphasized four characteristics in its IPO filing (thanks to Karen Demerly for bringing this to my attention):

  • Public
  • Real Time
  • Conversational
  • Distributed

10,000 characters does not seem very real time (it takes a while to type that out and longer to read a lot of them) and certainly not conversational (perhaps more a series of short speeches). There’s been some talk of the UI presenting a “read more” kind of option, and as a co-maintainer of a Twitter client, I’m inclined to resist having to make changes to my application.

But more than just laziness, I think 10k is actively harmful. Whenever a new feature is announced, the biggest complaint I see is “why aren’t you addressing abuse instead?” I get it, abuse is a hard subject to deal with, particularly on an unmoderated medium such as Twitter. One way that abuse happens is that abusers get their followers to dogpile the mentions of the target. Imagine how many targets you could include in 10,000 characters.

More innocuously (even though I find it super annoying), is the phenomenon of “I took a picture of some weather, let me tag all of the meteorologists in my market so that they’ll see it any maybe retweet me or put it on the news broadcast.” Those people will certainly make use of the extra characters, but it will add nothing to the conversation, only make it worse.

I get it, Twitter stock is plummeting. (Full disclosure: I own a few shares and expect to get quite the tax write-off from them.) There’s a lot of pressure to improve revenue, user engagement, and (most importantly to the people applying the pressure) the stock price. But this change will just make the user experience worse, and that doesn’t seem to be a reasonable way for Twitter to turn itself around.

I’m hoping that 10,000 is just a trial balloon. Nobody seems committed to making that the final number, so hopefully when the feature lands, it’s more reasonable. Or not. Will I stop using Twitter if the character limit changes to 10,000? Not right away. Maybe I will at some point, though.

By the way, this entire post (including this line), checks in at 3,398 characters.

SysAdvent 2015

I contributed to the SysAdvent blog this year, again as an editor. I had the privilege of working with three great authors on outstanding posts:

Once again, the content overall is great. I liked the mix of technical and non-technical content. In the eight years of SysAvent, many wonderful articles have been written, but the best article may be this year’s Fear and Loathing in Systems Administration by H. “Waldo” Grunenwald. It should be required reading for every sysadmin.

I support Software Freedom Conservancy

If you’ve read this blog for any length of time, you know that free and open source software is important to me. It’s important to Software Freedom Conservancy as well. Conservancy is a 501(c)(3) organization dedicated to supporting software projects.

Conservancy provides a lot of services to member projects, including financial and administrivia. Conservancy also provides license enforcement services, including support of a high-profile suit against VMWare. Although Conservancy uses litigation as a last resort, it’s sometimes necessary. However, this has lead to some corporate sponsors pulling their funding.

In order to continue their efforts, Conservancy is moving to an individual-supporter model. I first became a Conservancy supporter last year, and when it’s shortly time to renew my support, I will contribute double. Free and open source software is important to my personal and professional lives, and the services Conservancy provide to projects is invaluable.

If you use computers at all, a Conservancy project is probably an important part of your daily life. Please join me in supporting the Software Freedom Conservancy with a tax-deductible* donation today.

*Consult your tax professional to see if donations are tax-deductible in your jurisdiction.

Wireless spectrum versus the Internet

Last month, The Register reported on a new OpenWRT release. OpenWRT is a Linux distribution designed to be installed on embedded devices like routers. It, along with other third-party firmware projects like Tomato and DD-WRT, offers users more flexibility than the original firmware. They often get updates long after the first-party firmware, and can provide a more stable system. For example, I had a Linksys WRT-54G that was starting to get flaky, to the point where I had to power cycle it every day or so. After installing OpenWRT, it became much more reliable.

I lay out the benefits of third-party firmware, because the El Reg article brought to my attention a document published by the Federal Communications Commission (FCC). The guidelines, last updated in March of this year, outline the security questions device manufacturers should answer in their Part 15 application. Part 15 refers to the section of U.S. regulations that deals with unlicensed radio frequency (RF) transmission (including WiFi). The document says, in part:

An applicant must describe the overall security measures and systems that ensure that:

1. only properly authenticated software is loaded and operating the device; and
2. the device is not easily modified to operate with RF parameters outside of the authorization.

These requirements are antithetical to the ideals of open source and the user freedom it is committed to promote. As an amateur radio operator, I am sensitive to the concerns regarding spectrum pollution. Part 15 devices can be a pain for licensed portions of the RF spectrum anyway, and allowing devices to be easily modified to transmit outside their intended band presents a real threat to licensed radio services, including public safety and aviation.

Essentially, it comes down to protecting wireless spectrum (by preventing unlicensed transmission) versus protecting Internet users (by allowing for more security updates and external auditing of the code running on routers). These are both legitimate concerns, and I’d advocate for either of them independently. When they’re pitted against each other, though, I have to side with free software.

Regardless of the technological restrictions put in place to prevent unlicensed transmission, they can be circumvented. The entire history of technology is a history of restrictions and circumventions. Additionally, the ability to (responsibly) modify and experiment with hardware is an important part of innovation. The updates and configuration flexibility of third-party firmware provide a real benefit (though I naively assume that a non-trivial portion of devices will get such firmware) against everyday threats. Given the choice, my choice is clear. I hope the FCC will come to agree with me.