Category: Uncategorized

Crypto

By now, you’ve probably heard that the FBI’s current fight with Apple, in which they’re trying to get the company to build workarounds for the phone’s security protections in order to be able to brute-force guess the iPhone passcode used by Syed Rizwan Farook, one of the suspects in the December 2015 San Bernardino shooting. The passcode isn’t just some piece of information you have to provide to gain access to an iPhone; it’s actually part of the key used to encrypt and decrypt iPhone memory contents, as shown in the diagram below:

Apple key derivation, from Apple’s iOS Security Guide, September 2015.

iOS has a number of measures built in to make brute-force guessing difficult, including an optional setting that disables the phone after 10 wrong passcode entries and a mandatory delay between passcode entry attempts (which, for later phone models, grows in length with each failed attempt). The FBI believe that Farook turned the “ten strikes and you’re out” setting on the iPhone on, which is why they’re demanding that Apple provide a workaround.

Corbató’s Law

The FBI/Apple situation may have left you asking questions, but one question you might not have asked is “Who came up with the idea of using passwords to secure access to files?” With computer science being such a young field — the formal definition of computable didn’t appear until the 1930s, and the oldest programming languages are from the 1950s — many of its pioneers are still alive. This is the case with the lock-files-with-passwords creator, Fernando J. Corbató. In a 2014 interview with the Wall Street Journal, he said that the password system has become unmanageable these days.

Corbató has made many other contributions to our field that we benefit from even today, including:

• time-sharing, which he explained to a 1963 TV audience in this archival video,
• the Multics operating system, which introduced concepts such as hierarchical file system, ring-oriented security, access control lists, single level store, dynamic linking, and extensive on-line reconfiguration for reliable service, and inspired the development of Unix, and
• Corbató’s Law, which is illustrated below:

Simply put, what Corbató is saying is that every day, you only have so many lines of code in you. The corollary to Corbató’s Law is that for maximum productivity, you should use a programming language that lets you do things in as few lines as possible — a language that minimizes yak shaving.

Cartoons

The term “yak shaving” was first used in its programming sense at the MIT Media Lab around 2000, and likely comes from this episode of the ’90s cartoon series Ren and Stimpy:

As Jeremy Brown from MIT put it:

…yak shaving is what you are doing when you’re doing some stupid, fiddly little task that bears no obvious relationship to what you’re supposed to be working on, but yet a chain of twelve causal relations links what you’re doing to the original meta-task.

Many programming languages require you to do some amount of yak shaving, but one notorious culprit is also one of the most popular: Java.

Kotlin

(In case you missed it, I wrote a little bit about Kotlin yesterday.)

Here’s a simplified version of the dreaded class example you’re likely to find in a programming textbook: the Person class. It’s a data class — we’re really using a class as a structured record type, since Java doesn’t have any. This one has two fields that won’t change once instantiated: name, a string, and age, an integer value. Here’s the Java implementation:

public class Person {
    private final String name;
    private final int age;

    public Person(String name, int age) {
        this.name = name;
        this.age = age;
    }

    public String getName() {
        return name;
    }

    public int getAge() {
        return age;
    }
}

Here’s a Kotlin Person class that does everything that the Java Person class above does, but in one line as opposed to ten:

data class Person(val name: String, val age: Int)

Kotlin lets you specify a primary constructor on the very same line as the class keyword, and you can specify other constructors within the class with init. The val keyword defines name and age as write-once properties, which automtically provide getter methods. By annotating the class with the data keyword, you add all sorts of data class goodies like equals, hashCode, toString. Simply put, using Kotlin in place of Java means less yak shaving. I’m a little more interested in Android development now.

For “Get Your Game On”, my recent presentation at the Tampa iOS Meetup, which I run with mobile designer extraordinaire Angela Don, I put together a “Frogger”/“Crossy Road”-style game. I’ve continued tweaking it and have got the basic game mechanics up to the point where I’m pretty pleased with how they’re working. Now comes the hard part: all the polish, which may take a while. Here’s what it looks like on the iOS simulator — it runs a lot more smoothly on an actual device:

I’ve also taken the basic game code from the “Cookie Crunch” tutorial on Ray Wenderlich’s site, updated it to work with Swift 2 (it’s written for Swift 1.2, and won’t work in current Swift without some tweaking) and to make it more my own, and turned it into a game for Aspirations Winery, which I’m hoping to release soon. It won’t make me any money, but it’ll help fatten my App Store portfolio, and it’s already landed me lots of free wine:

And finally, on the Android front, I’ve been giving Kotlin a try. If Java drives you crazy and have wished for am open source, Swift-like language for Android development, the folks at JetBrains (the people behind the so-much-better-than-Eclipse Android Studio) have created the Kotlin programming language, and it’s so much more nicer to program in. There’s so much less “yak shaving”:

Kotlin 1.0 was just released, and you can get the plugin for your preferred Java/Android IDE at the Kotlin site. You can also take it out for a spin at the Try Kotlin page. Give it a try — I think you’ll like it!

Makes sense.

It’s happening today only — Wednesday, February 10, 2016 — but if you’ve got a Google Account, they’re offering 2 GB of free additional space on your Google Drive, just for double-checking the security on your account. Who these days can’t use an additional 2 GB of online accessible-anywhere storage space and the peace of mind from an account whose security credentials are up to date?

To take advantage of this offer, point your browser to Google’s Security Checkup site (if you’re not already logged into a Google account, you’ll be asked to do so). You’ll be taken to a page where you’ll be asked to confirm three different categories of security information:

1. Your recovery information. This is used in those hopefully-rare cases where Google detects suspicious activity on your account and wants to reach you or when you’ve forgotten your login credentials.
2. Your connected devices. You’ll be presented with a list of devices connected to your Google account, and if you see any you don’t recognize, you can take steps to fix the problem.
3. Your account permissions. You’ll see a list of applications, sites, and devices that have permission to access your Google account. You can disconnect any that you don’t want to let into your Google account.

I went through the process just now, and for less than half a minute’s worth of effort, I walked away with an extra 2 GB of cloud storage. Kudos to Google for incentivizing good security on online accounts. Now go, secure your Google account, and get some extra free storage!

It’s that time of year again: Tampa Bay Startup Week! The tech/entrepreneurial event, which this year runs from today, Monday February 8th, through Friday, February 12th, is focused on bringing techies, creatives, and entrepreneurs together to bring them together, provide ideas and inspiration, and help grow the city’s self-starter business scene.

You may not think of Tampa as an entrepreneurial hotspot, but according to the 2015 report of the Kauffman Index of Startup Activity for Metropolitan Areas, the Tampa/St. Petersburg/Clearwater area’s in top 25 (ranked #20), and ranked ahead of places you’re more likely to associate with entrepreneurship, including:

• the Chicago area (#21)
• the Boston/Cambridge area (#22)
• “Portlandia” (#26)
• and even our neighbor, Orlando (#33), which people say has a more active startup scene

Chase doesn’t sponsor just any city’s Startup Week. To qualify, it’s got to meet the criteria of density, government regulations, culture, talent, and access to said talent. In Money’s 2015 roundup of the 5 best big cities, they named Tampa the best city in the southeast. It’s got great weather, an airport that punches above its weight class, low cost of living (moving here was like getting a big raise, there’s no state income tax, the median house price is $122K), and as I’ve posited before, the “Florida Man” factor is actually a blessing in disguise:

There will be all sorts of activities this week worth checking out, from presentations on technologies such as the Internet of Things, cryptocurrency, and mobile design, to business mentoring, networking, and even an opportunity to get a new headshot for your LinkedIn profile, to fun “intro to programming” events for kids, to mingling, networking, and enjoying the city’s excellent craft beer. Be sure to check out the Tampa Bay Startup Week page, follow the Tampa Bay Startup Week and organizer @thatgirlallie’s Twitter feeds, and come on down and take part!

This article also appears in The Adventures of Accordion Guy in the 21st Century.

The Canadian newspaper The Globe and Mail recently published an article on AbdelRahman Abdou, a postdoctorate student at the Carleton University’s Computer Security Lab, whose work in network measurement is focused around getting a more precise fix on a user’s precise geographic location based on physical properties of the internet rather than indirect methods like using IP addresses.

The practical use of such research, as this article’s headline suggests, is that it’s a way to counter workarounds like VPNs, that people use to access streaming video services that aren’t available in their regions or countries. What the article fails to mention is that this technology will also find willing customers in repressive regimes that like to monitor, control, and limit their citizens’ access to the internet and information.

As my friend Sean Galbraith put it, “He’s going to be very popular in some awful places.”

I’m surprised that Abdou consented to a non-anonymous interview, but it’s quite possible that he thinks he is, in the words of Silicon Valley, making the world a better place, and he may not have been in a social situation where he’s had to answer the question “So what is it that you do?”.

I’ve shown the article to my friends, and the response has been the same: it’s the line that works as a replacement caption for just about every New Yorker cartoon ever made:

In a series of unintentionally hilarious tweets that sound more like something from an Onion article than real life, Brandon Carpenter, an iOS developer at Twitter, is getting an object lesson in what Twitter is like for the people who actually use it on a regular basis.

A quick look at his Twitter stream shows that he’s neither dumb nor short on empathy, but that he doesn’t post anywhere near as often as the sort of users who aren’t all that keen on the announced changes to the way the timeline is going to work. He certainly doesn’t post as often as I do, and in my circles, I’m sure I’m merely a moderate user. Working on one of the most heavily-used mobile apps on the market is a big cognitive load to carry, and I suspect that along with being a husband, dad, and someone who has to pay rent in San Francisco, his Twitter experience is different from those of the people who make their day, their name, or their living using it. I call this difference in experience between the people who developer applications and its heavier users “the developer-user gap”, something captured quite well in the line from William Gibson’s Neuromancer: “The street finds its own uses for things.”

The fact that the developer-user gap exists highlights an oft-forgotten role that a technical evangelist can play. Companies try to make sure that their evangelists, community managers, social media people, and the like are sending out the right message to their customers and partners, but forget that communication can work in the opposite direction. A good evangelist will make sure that users get the message, but a great one will make sure that the users’ messages get back to the company as well.

Kudos to Brandon for taking this tweet sent to him…

Don’t fuck with the one thing that people still like about Twitter then. https://t.co/PpFzfQKQib

— Nathaniel Higgins (@nathggns) February 6, 2016

…and responding with grace:

In all seriousness it’s an honor to work on a product that people feel this strongly about. https://t.co/kEOBVEwV95

— Brandon Carpenter (@bhcarpenter) February 6, 2016

It’s often a thankless job, but as a regular user of Twitter’s iOS client, thanks for all your work, Brandon. I salute you with a filet mignon on a flaming sword!

But fire up your Twitter client and use it a little more, willya? It’ll help you make a better app.