It’s now official

July 17, 2009 under technical

Facebook breaches Canadian privacy law.

I’ve written about this before, back when it was just a complaint to the Commissioner.

You bet that Facebook’s information about privacy practices is “confusing and incomplete.” Moreover, it’s confusing and incomplete by design, and not merely by accident.

Take a look at this marvellous essay by Bruce Schneier. The golden quote:

“From a business perspective, social networking sites don’t want their members to exercise their privacy rights very much. They want members to be comfortable disclosing a lot of data about themselves.”

There’s a fundamental conflict of interest at work here. The value of a social networking site depends entirely on the degree to which people participate and on the degree to which people post.

If my friends refuse to post embarrassing  photographs of my other friends on Facebook, it is no longer the go-to place for me to look at embarrassing photos of my friends. I’ll have to go elsewhere. Any reluctance to post diminishes the experience. Don’t kill the buzz.

So what makes people nervous about privacy?

Reminding them about privacy. Says Bruce,

Reassuring people about privacy makes them more, not less, concerned.”

Even just mentioning the word makes people perk up and say, “Wow, I still have that? I’d forgotten about that.” So if you want people to throw discretion to the wind, you can’t even talk about privacy. Don’t kill the buzz. Settings become hidden away and convoluted. Education about how to use them takes a backseat.

If you don’t protect your own privacy, who will? Certainly not the business that’s trying to make a buck off of your lack of it.

But… go ahead and post that photo! All press is good press, right?

Right?

comments: 1 » tags: , ,

People, Authentication, and smart computers

July 17, 2009 under technical

At times I’ve been really impressed with the quality of spam messages I’ve seen appearing on blogs. Spam is a hard problem to solve; if it wasn’t, we’d be rid of it by now.

One of the popular defenses against spam is using a captcha. The basic problem that a captcha is trying to solve is, “Are you human?” The way it does it is by trying to present a commenter (could be human or machine) with a problem that a human can solve, but a computer cannot.

The only reason that squiggly lines and letters are used is that humans are relatively good at them and computers are not.

But captchas aren’t perfect, and they’re only going to get less perfect over time. Why? Because they fly in the face of the very problem that computer science is focused on solving:

“How can we get computers to do stuff for us?”

We want computers to be able to do the kinds of things we can do, so that they can do them for us.  (We also want computers to do things we can’t do, but that’s slightly different issue. Actually, anything a computer can do, a human can do, just really, really slowly ; – )

So… at the same time some of us are desperately trying to design great captchas, more of us are desperately trying to design great captcha breakers. Computer scientists around the world are dreaming of a machine as capable as a human, and bloggers around the world are screaming out, “Please, no!”

However, the real problem with a spam message is not that a computer posted it. The real problem is that you don’t want it on your blog, because it’s unhelpful and/or malicious.

The question of “Do I want this?” is a more interesting question to solve. It’s a social question, albeit one in a technical domain. It’s the question that modern e-mail spam filters try and answer, using statistical analysis of word usage to identify stuff you don’t want.

Now… can I think of a computer generated comment that I’d welcome on my blog? The first thing that jumps to mind are related links. If a computer posted a genuine, relevant link (especially if it was a link from a friend’s blog), that might make my post better, not worse, and I’d welcome that. A link to a spammer’s site? Not so much.

But, hypothetically speaking, if a computer could get ‘smart’ enough to post the exact same comment that a friend would have… what’s the difference? The bits are just bits… they don’t care who posted them.

comments: 0 » tags: ,

Sloppiness

June 15, 2009 under technical

The other day I was walking past a store in the mall. Exciting, I know! But wait… it gets better!

The store had a sign:

“No

  • backpacks
  • duffle bags
  • food/merchandise without receipt “

Just as I was reading it… Someone walked in with food. But it was in a Subway bag so I assume he had a receipt and it was all okay. Whew!

Then I saw that one of the people in the store was wearing a backpack! Not okay! Even worse was that no one seemed to be doing anything about it. People were just ignoring it as if it didn’t matter. But… how?

I was stunned. It was the proverbial rule that was made to be broken.

It’s a funny phrase, “Rules are made to be broken.” It’s funny because rules are most obviously made to be kept. But it means something, because people say it, and most things that people say mean something.

I think it means that there’s a degree of sloppiness to every human system.  I think it means that the store*says* they don’t want backpacks in their store, but that they’d rather the guy with the bag still come in and buy something, so long as he doesn’t steal anything.

Rules applied without discretion are a bad thing. It’s extremely difficult to write a useful set of rules that can be applied automatically and without thought – the best example of this is the legal profession. In trying to do so, those poor people wound up inventing their own language and their own culture, and are still regarded by most philistines as having failed.

And they don’t get invited to parties. Not the good parties, anyway.

Why do I bring this up? Because there’s one area where rules cannot be broken, and that’s computing. It’s the area in which I work.

Computers basically operate according to a series of rules – “If there’s this number here, and this number here, and the number 43 over here, then I will add the first two numbers because of the 43.”

You can’t break these rules. Not even a little bit. You can try, but the result is that your computer will have a serious hissy fit, and you won’t get any work done that morning. Your computer is pretty much a stupid rock that’s not going to yield to what you want.

In return, you get the promise that your computer will do the same thing every time, which is a very good thing in some cases. If you’re a banker, every time you add two pennies together, you want to get two pennies. Every time. You’re not interested in ever changing things up, and if your computer can promise not to, that’s only a good thing.

But human systems are sloppy.

Have you ever tried to build a sloppy system on a precise machine? It takes compromise. It takes design. Most of all, it takes fakery, deception and dirty tricks. If you work at a high enough level, sometimes you can make a precise system that looks something like a sloppy one, in the right places.

Most of the time, however, why you write a system, you write a precise system with no flexibility and no compassion. Then you try and use it, and you say, “Where’s the love? Why does this system hate me?”

And that’s when you add,  bang in the middle of the application, a big red button that says, “Override.”

You’d like it to say, “Don’t do that you stupid hunk of junk, because I hate you and I want you out of my life forever.”

But the button isn’t big enough.

This is why I hate computers.

comments: 0 » tags:

In Which the Happy Moron Explores Complexity

May 15, 2009 under technical, tongueincheek

I know! I’ll:

  • Combine all the colours in the world to make one fantastic supercolour which is brighter than all others before!
  • Combine all the flavours in the world to make one fantastic superflavour which is tastier than all others before!
  • Combine all the authors in the world to make one fantastic superauthor who writes better than all others before!
  • Combine all the committees in the world to make one fantastic supercommittee which is wiser than all others before!
  • Combine all the religions in the world to make one fantastic superreligion which is more truthful than all others before!
  • Combine all the programming language techniques in the world to make one fantastic superlanguage which is more powerful than all others before! (I will call it perl)
  • Combine all the programming frameworks in the world to make one fantastic superframework which is more extensible than all others before! (I will call it EJB 2.o)

What’s the common theme?

comments: 0 » tags: , ,

Playing hookey – Part II

May 1, 2009 under technical, thehumancondition

Talk is Cheap

Hackers have a saying, “Information wants to be free.”

This is really just a way of saying what people have known for generations – that you can never take back a word once spoken. It’s not a new or a controversial statement – it’s a well known and accepted proverb.  (Being a proverb, it should be taken as a useful generalization, a statement that has sacrificed being explicit for the sake of being short and pithy. ;-) )

If it’s impossible to retract a spoken word, which vanishes into the air, which has no lasting record except the memory of the listeners… How much harder is it to retract a word which has a record in addition to human memory?

This is the internet world, where speaking is free and retraction impossible.  We have the power to publish to the entire world, but absolutely no ability to prevent any other person from doing the same.

This is why audit is so powerful.  This is why our social rules are going to have to evolve. Eventually, your boss will never dream of creating a fake Facebook account to trap you and fire you. Not because Facebook no longer exists, but because if they do, you will let the world know exactly what kind of company they are. We used to say that as an empty threat, but now we can actually carry through.

“You’ll never work for anyone in this town again.” used to be a threat reserved for use by the influential.

Guess what? Everyone’s influential, these days. We’re playing with bigger guns and soon we’re going to have to learn that we can’t use them with the reckless abandon that we’re used to.

I guess that should scare me. But… It doesn’t really scare me. Something else scares me.

The Real Scary Thing

I’m afraid of living in a world without grace.

Everything I’ve mentioned so far can be traced back to a people problem. What does that mean?

Currently the Ruby on Rails community is suffering because a member gave a presentation that was grossly unprofessional, and many people reacted. Some people are calling it a storm in a teacup. This is a people problem, pure and simple.

It stems from differences in opinion over what is professional and what is exclusionary and what is acceptable for a technical presentation. It stems from people being offended and not being apologized to nicely… and from people offending and not apologizing nicely. There’s a lack of grace permeating the atmosphere.

But if there’s a storm in this teacup, it’s because someone had a spoon powerful enough to whip up a real storm. In a good old-fashioned shouting match, you only disturb the neighbors. In a modern one, you still only disturb the neighbors, but there are a lot more of them. (Everyone lives right next to everyone else on the internet, but not everyone is a neighbor in the “we stop by to visit once in a while” sense).

Power makes grace harder. As our social guns get bigger and bigger, it gets more and more tempting to abandon grace and trust our bullets.

Grace means not firing back.

If our social tools are geared to reaction and preemption, with no plausible means of genuine defense, not firing back will be a tricky prospect.

comments: 0 » tags: , ,

Schneier on audit

April 27, 2009 under technical

I like to read Bruce Schneier’s stuff; he writes in English. He has a gift for making technical material non-technical.

This little piece gives me hope.

We’re familiar with social audit; we call it “manners”. Break a taboo, and prepare to reap the ensuing outrage. People can do all sorts of things that are gauche and inconsiderate. If people did do these things on a regular basis, society would fall apart. People don’t do these things because if they did, they would be ostracized.

We’re familiar with moral audit; we call it “conscience”. Do something wrong, and be convicted. Suffer the guilt.

Audit is the bit of security *after* prevention, the “If you do it, you will be caught and punished” bit.

Social audit is becoming more important, because as people gain new social tools, they become more powerful. It becomes impossible to prevent them from doing certain things, and it becomes necessary to deter them.

I can see the informal rules of social audit eventually evolving to meet the challenges of socializing over the internet. Friends won’t let friends post pictures of certain things, or they’ll hear about it later. There will be a line beyond which employers will not tread in snooping on employees, for fear of jeopardizing a working relationship.

The problem that audit does not solve is the problem of those unscrupulous characters who are undeterred by it. They now have the ability to be unscrupulous on a much broader scale. Your crooks and con-men who feel that they’re skillful enough to avoid getting caught are going to have a field day with more powerful tools available to them.

comments: 0 » tags: , ,

A tale of two Football Coaches

April 17, 2009 under technical

George Burley (Scotland) – “I had to set an example”

Fabio Cappello (England) – Hailed by his goaltender

One bans two players from the squad for life, the other forces his squad to stay at the dinner table until everyone has finished. Which of the two do you think is a world-class manager?

If George Burley has to make an example of squad members to keep respect, he’s already lost it. Congratulations, George, you’ve successfully managed to make the situation all about yourself and your own needs. In doing so, you’ve lost your ability to handle the situation.

If I need to set an example so that I can manage correctly… how can I ever be content to manage the situation as it merits? Hand out measured, proportional discipline? My needs are trampling on the toes of duty. It’s not about you, George, it’s about the squad. Punish the lads because they’ve stepped out of line, certainly. Ban them from the sqad for life if what they’ve done is that terrible. But don’t make them suffer because of your own personal battle.

It would have been better if you’d made them finish their peas and avoided the whole kerfuffle in the first place. Not because you needed to show the squad that you were the manager and could make them eat their peas, but because eating peas together bonds a squad like nothing else. Oh, and it nourishes them.

Trust me, a squad of players is smart enough to tell the difference between a manager who is going on a pea-power trip and one who is putting reasonable rules in place to build respect among teammates. If you do something for the wrong reasons, they’ll pick up on it.

I’m a continent away… and I did.

comments: 0 » tags: , ,

Just another day at the office

April 1, 2009 under technical, thehumancondition

There’s nothing magic about the internet.

It’s nothing more than a reflection of the people on it. Where there is a demand for something, someone will supply it. Minority focused search engines? Pornography? The Bible?The Manga Bible?Mexican Hitmen?

Look at my tag cloud – it’s a reflection of my concerns and interests. Look at my blogroll – it’s a reflection of whose words I read. To some extent, its a reflection of which people I know. If it was well organized, this would be even more true ;-)

Look at corporate websites – they’re a reflection of the corporations which exist, and, by proxy, the people running those companies. At some point, some CEO asked for more green on the front page of site and the result is the hideousness you see. Why so garish? It’s a reflection of someone, somewhere.

Look at special interest forums – reflections of communities and people with common interests.

Look at Facebook (too simple! ;-) ).

What does it say that, when we want to measure the real-world popularity of something, we go to Google to count the search hits?

There’s no magic technology here at the Happy Moron. There’s just a person. Me. I wrote some stuff. I used a computer to post the files to a server somewhere. Oh, and there’s another person. You. (Hi! :D ) You read some stuff I wrote. You used a computer to read the files off the server.

The magic lives in the people. It always has, always will.

When people wonder how great the internet will become (alternatively, how awesome teh intarwebs will be), they often focus on the technology, which is wrong. It’s not a technical issue, it’s a people issue.

How great can people make the internet? Let’s take a look at some of the other great things people made. The Pyramids. Rome. The USA. The Stock Market. Sliced bread. Dill pickles. Cocktail wieners. Mmm… green and black olives, spiced ham, fresh green lettuce with some parsley and sliced cucumbers in the salad…

Part of the problem is that when people set up to make something great, they get distracted and start thinking about food. Or they fight. Or they betray one another. Or go pray. Or… Or… Or…

The internet will never be any greater than the people behind it.

Now here’s an interesting question – how great could God make the internet? Thoughts?

comments: 1 » tags: ,

Code tells a story

March 30, 2009 under technical

I could perhaps tell you a story of two star-crossed lovers. Their romance. Their joy. Their tragedy. Their pain. Their anguish. Their untimely deaths.

I could tell you this story, but it might be called incomplete, because these unhappy two are merely players on a greater stage. Perhaps the greater story is about two houses. Their bitterness. Their history. Their sons and daughters lost. Their murders. Their vengeances. Their honor. Their shame.

There is a greater story still, in which the houses merely play. It is a story of cities and nations, kingdoms and empires. Their rises and falls. Their mighty wars. Their explorations. It is a story that spans the entire globe.

Every story told is held within a larger. The layered stories grow until they extend beyond the teller and their telling stops.

Cutting through the layers are single threads which join the tales, single paths which rise from sphere to sphere until they reach the final edges of their universe.

The tragedy of two young lovers whose deaths bring down their houses.
The splintering of houses which sows chaos through their cities and turmoil through their nations.
The collapse of nations into civil strife and a war that spans the globe for a hundred years, a hatred that last a thousand.

Or, I could tell you a story about two small bytes.

Two small bytes out of billions, joining together to form a single word, one instruction out of millions. They are the smallest part of a tiny function in a short file. Their file belongs to a component which works in a system.

Eventually their story grows beyond their universe, past the reaches of their machine. Their system is written by a team; held by a project. The project has a sponsor. It has stakeholders – users, related projects, executives.

The company is owned by a larger company. It plays in a larger market in a still greater economy.

The team have spouses and families who share their joy, grief and stress. It is a human story.

It is the fragile nature of software that when the two bytes fail, the instruction fails.
The function throws an exception, the module returns with an error.
The system crashes and the users swear.
The sponsor explodes and the executives execute punitive action.
The company shudders, the market takes notice and the economy recedes.
The team members go drinking before returning home to harangue their spouses and children.

C’mon folks, test your bugfixes already ;-)

comments: Closed tags:

An unfortunate accident.

March 13, 2009 under technical

 … suffered by a BBC blogger. (A web application showed someone else’s photo on his post, not the one he posted. )

But yet again I’m putting my trust in a social web application, which is obviously a risky thing to do. I’ve long realised that social networking is a public activity and you can’t put anything online – thoughts, images, jokes – without assuming that you are giving that data to the entire world. What I hadn’t realised is that you could be at risk of showing someone else’s data, however offensive, on the web in your name. And that is really very frightening.

The story here is not that some random web 2.0 application by some random independent developer had a bug. (If that constitutes news, then boy, do I have some stories to share)

Applications have always had unfortunate bugs, I dare say they always will. The game hasn’t changed, but the stakes certainly have.

This is a story about growing up. Imagine a small boy deciding to trade in his cap gun for something a little bigger, and lifting a magnum off the shelf. The parent later comes to the gunsmith, “Your magnum backfired and killed my son!” The anguish caused by faulty manufacturing is lamentable, but it’s by no means all that there is to the story.

We’re currently in the process of  adopting communication and publishing media which are vastly more powerful than anything we’re familiar with.  We’ve felt the heft of a real gun… and we’re never going back.

Playing with magnums is perfectly fine (and a lot of fun) if your body armour is thick enough and broad enough. The real question is, “Can we build armour that foolproof?”

comments: 2 » tags:
« Previous Next »