Posted on

The Crazy Politics of Age Verification

The UK government required age verification for pornographic website to protect children. Australia was the first country in the world to ban children from social media. Children, of course, circumvented all such restrictions immediately. And now the UK government and others around the world are thinking “This plays well with the public” and is trying to follow suit, in spite of the fact the teenagers are laughing at the restrictions.

Rather than getting an informed opinion on the practicality of such measures from technology experts, the politicians, as usual, get their technical understanding from some random teenagers on social media.

This lack of tech savvy would be hilarious if it wasn’t such a serious matter. It’s nothing new. And these proposed technological solutions to problems in society are doing nothing to fix the very real issues they’re trying to address. You cannot fix social problems using technology. Leave a comment if you can think of any example where this has been the case.

Next Monday there’s a vote in the commons on just this, and I fear grandstanding arts-graduate politicians will let it through, regardless of the technical impossibility of complying. And there’s no end to this nonsense.

There’s crazy, then there’s California

And just when you think it can’t get any worse, the Californians have taken it to the next level with a new bill called Age Verification signals: software applications and online services.

Here’s an extract:

1798.501. (a) An operating system provider shall do all of the following:

(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.

(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:

(A) Under 13 years of age.
(B) At least 13 years of age and under 16 years of age.
(C) At least 16 years of age and under 18 years of age.
(D) At least 18 years of age.

Having an handy OS function to determine the age of the user seems like a good idea, doesn’t it? Naughty software can refuse to run if the user is under-age. But it’s technical nonsense; not thought through at all. For example, it’s referring to a “real-time application programming interface” – so this only applies to a RTOS? Obviously they saw the phrase, thought it sounded good and included it.

But the concept has some merit – rather than everything doing age verification, why not dump the problem on Microsoft, Apple and Google? They’ve got the resources, and with their penchant for knowing everything about their customers, their OS could easily provide age verification information along with their shoe size and taste in pot plants.

Except… you need to consider the chilling effect this will have on anything called an Operating System. The lawmakers probably wouldn’t recognise an OS if it jumped out at them waving a flag, but this is important here. For starters, every embedded system has software that fits the definition of Operating System. Do they have to provide age verification?

And what about, say, servers? They don’t have a user as such, but they have people using them (administrators). How can you tell the age of the administrator at any given time? The account may well be shared by a number of people.

But the most damage from this nonsense will be to FOSS operating systems like Linux. They don’t have a KYC culture like Microsoft/Apple/Google to make it easy and don’t have the time, money or resources to solve the problem. An open source operating system is community owned, and the community has no incentive to track the personal details of who might be using it.

Although Linux is free, it’s still licensed using the GPL and has a vendor – even if no money changes hands. If this bill ever passes, the State of California may well go after the vendor for non-compliance and try to force them into it by fines and suchlike.

The logical solution to the problem for Linux distributions (and FreeBSD and whatever) is to change the terms of their license saying “You may not download or use this software in the State of California”. Microsoft, Apple and Google will love that.

Posted on

Apple is too cool for the CIA to touch

Tim Cook 2009 cropped
Tim Cook – time he was sent to jail?
You can’t have missed the furore over Apple’s refusal to help the CIA get the data from a terrorist murderers iPhone. On the one side the CIA says that we need the data to protect the public, a line with the judiciary of the USA agrees with, and Apple should do everything possible to get it for them. On the other side there’s Apple’s PR engine trying (successfully) to spin the story and avoid complying with the court order.

In the mean time the Brazilians haven’t shown such deference to a cultural icon when it comes to Facebook owned WhatsApp refusing to hand over data concerning a major drugs trafficker, even after several court orders. The Brazilian authorities have arrested Diego Dzodan, Facebook’s hancho in Latin America, and thrown him in jail until such time as the company obeys the law.

Perhaps he Americans could try that with Tim Cook – you break the law, you go to jail.

Meanwhile, Apple might seem to be setting itself up as the criminals friend over this. In the land of the free where profit is king, I guess their money is as good as anyone else’s so perhaps we should be too judgemental. But in an outrageous spin, Apple has told the world that if they comply with the court order then all Apple handsets will have a backdoor and no longer be secure. This is disingenuous. The situation is this:

Apple encrypts the data stored on the phone. You have to enter a password to unlock it. If you enter ten wrong passwords it will wipe the data from the phone. The CIA has asked Apple to modify this handset to disable the data wiping feature, so the CIA can then just keep throwing passwords at it until it unlocks. Clearly, this is going to have no physical effect on any other handset anywhere else in the world. So what’s Apple’s problem?

If Apple helped the CIA break in to the handset, Apple can no longer claim that its handsets are invulnerable. Terrorists, fraudsters and anyone up to something will know that the authorities can get at Apple data even more easily than if it was stored on iCloud. Note well: the fact that Apple hasn’t produced the mod needed to do this (publicly), doesn’t mean that its not possible right now; and it may even be happening. But Apple wants to maintain the illusion that it can’t.

Put another way, it’s easy enough to bypass the locks on a front door. You just need a large enough sledge hammer. Doubt this? Look at the footage of a police raid taking place – a few burly coppers with a battering ram and it’s open in seconds. Apple is selling locks and trying to pretend there’s no such thing as a sledgehammer.

So why, might one ask, don’t the US authorities stop messing around and get the court order enforced? Are they really scared of Apple?

What’s really worrying about this situation is that “civil liberties campaigners” and some corporate America is rushing to put out statements in Apple’s defence. In other words, big business reckons it’s above the law made by the people using a democratically elected government.

Posted on

iZettle now works with Apple iOS 9(.1)

I’ve just had a note to say that Apple has released a new version of its smartphone/tablet system that fixes the bluetooth bug in version 9.0 that prevented iZettle readers to connect using Bluetooth. So fanbois can now upgrade their fondleslabs without cutting of their revenue stream.

For details see here: https://www.izettle.com/gb/help/articles/2122036

On the Android front, teething problems with iZettle 3.0 software  – the one that works with contactless – seem to have been fixed with version 3.0.1, although 3.0.2 also turned up a couple of days ago. Given some harsh testing with me, it was impossible to get version 3.0.1 confused by turning things on in the wrong order. However, some people have taken to the play store to say it’s still broken. It could be that its incompatible with their handsets (they don’t say which version of Android they’re using) – it could also be that it’s the cable connected version, which always seemed to be on the cusp of working reliably at the best of times.

While they were at it, they’ve fixed a few oddities in the user interface, so you can now just put through a payment without having to add it to the cart first (one of the points I made in the original review).

I’d be interested to hear details if anyone is still having trouble, and I may be able to help.

Posted on

Tomorrow, Apple will break iZettle ApplePay readers with iOS update

I just heard from iZettle about a rather unfortunate feature of the iOS 9.0 upgrade that Apple will be dumping on its fanbois tomorrow: it doesn’t work. No, I mean it really doesn’t work. There’s a bug that stops it pairing with some Bluetooth devices, including iZettle card readers.

If you’re the kind who has to have the latest iPhone or fondleslab then you’re going to have it set to auto-update. Bad luck. Will you take a cheque?

Posted on

Don’t write off the iPhone just yet

This may seem and odd premise, given that Apple flogged 4 million of the new iPhone 6 units as soon as it was launched. It doesn’t sound like a failure. But I’m hearing voices…

The theory is that the smartphone market is saturated. In the US, an often quoted statistic is that 75% of Americans already have one. In the UK, research from Deloitte puts the figure at 72% a year ago, rising at about 15% a year. Selling something everyone already has is not a good place to be.

Then there’s the inexorable rise of Android. Google launched the low cost, very capable and very affordable Android One phone in June. Never heard of it? Well it’s not available in the west – they’re going after the huge third world market, starting with India. There are a billion punters there, eager for the western tech. And the same with China, although they can make their own (as well as handsets for the rest of the world).

Generic Chinese Android handsets are good. I have one. It takes two SIMs at once and works under water, at a fraction of the prices of a western branded unit. Manufactures like Huawei, ZTE and Foxconn own this space and will be hard to shift. Google doesn’t make money from Android, and I doubt that the Android One will contribute much to their balance sheet. But Google is a data capture company, and have Google-controlled smartphones out there is strategically very good.

So, Apple must be doomed – a saturated market and cheaper smartphones that do it better. But that’s never been a problem Apple’s business model.

Apple’s products are aspirational – they say, “Look at me – I’m wealthy enough to spend £100s every year for the latest iPhone and therefore I’m a good prospect when it comes to making babies.” The more they cost, the more people want them. Fanbois may protest, saying that they iPhones work better (not so) and look nicer. Sony sells nice looking kit too, but is forecasting a $1.2B loss from its Android smartphones. The same with HT; it’s just breaking even on declining sales. Samsung is making a good profit ($6B), but there’s a suspicion this has been generated on a huge marketing spend.

Apple doesn’t need to spend too much on marketing. It just has to look cool and remain aspirational.

According to Juniper, shipments of smartphones will be close to 1.2B units this year (with 985M shipped in 2013). That’s a high volume, but if it’s the Android One and low cost units going to emerging markets (those not yet saturated), the bulk of that will be making meagre profit.

Apple, on the other hand, makes a very nice margin, thanks. Fanbois will happily hand over $100s simply to have one with a larger flash memory; several thousand percent more than the memory itself costs elsewhere. They’ll accept that the limited-life battery is ;sealed inside and will die, taking the iPhone with it in a couple of years. They’ll accept that there’s no memory card slot as an alternative to buying the ridiculously expensive internally upgraded models. They’ll even put up with the poor telephone performance; after all the screen looks very nice (don’t tell them that Samsung beat them too it).

I used to work with Cuppertino in the late 1970’s and early 1980’s – lots of people did because the Apple II was a major player; a de-facto standard. Then in 1981 the IBM PC was launched, became the new de-facto standard and Apple was marginalised with the Mac, losing market-share big time until it was less than 10%. 25 years ago I was discussing their demise with Guy Kewney, a good and wise pundit and friend. “You’re wrong”, he said. “The PC market is much bigger. Other PC makers would be very happy to have 9% of the current market, and they have much lower margins than Apple.”

Posted on

Leaky iCloud

As I picked up my copy of Private Eye at the station Newsagent just now I noticed the headlines on certain of the dailies going on about hackers stealing naked photos of celebrities from their Apple on-line storage areas. The fact that they were (apparently) celebrities and that the weren’t wearing clothes was the main point for the tabloids, but the big story is really the security of cloud storage.

Personally, I’d be very surprised if attackers had actually compromised Apple’s servers. More likely explanations would be an inside job, or the lusers endpoints. But my money would be a phishing attack.

It does highlight, however, the danger of outsourcing your sensitive data to anyone.

In the 1980’s the fad for outsourcing really took off. Professional engineers all said it was a bad idea then. If your company data is important, the last thing any business should do is trust it to someone else.

The term ‘cloud’ has become a trendy marketing concept in recent years. What it really means is “I have no idea and don’t care.”. It was used in context as follows:

“Where is that service your using actually running?”

“Don’t know, somewhere up in the clouds!”

It’s was ironic. In the real would, admitting you’ve lost control of your data is hardly something anyone would be proud of. But suits heard the new buzzword and wanted some of it. And the punters quickly accepted the benefits (free stuff) without a thought to the risks.

So has Apple’s on line storage been compromised? I doubt it’s been hacked. The technology is fairly robust. If you want to access iCloud data, Apple’s servers themselves are not the soft attack vector. The obvious method is to trick users into handing out their passwords. After all, any coy celebrity foolish enough to (a) take pictures of themselves in the buff; and (b) store them on someone else’s computer, are hardly going to be the brightest stars in the sky.

The fact that fanbois seem to have been the victims in this case is irrelevant. They may have been easier targets if, indeed, it was a phishing attack. However, the general principle remains the same whoever is providing the service – Amazon, Google, Dropbox, Microsoft or one of the many startups trying to get a bit of the action. And the same goes for Facebook and the like – anyone uploading anything remotely sensitive to their servers needs to consider the implications. If you wouldn’t publish something directly on your web page for all to see, don’t send it to “the cloud” either.

The American gun-selling industry has long used the argument that firearms in themselves aren’t dangerous. It’s the users that are the problem. They’re right, in so far as the argument goes. Unfortunately, adding the human factor to cloud services makes the encryption, data centre security and other precautions taken by the providers irrelevant in the same way. People will be hurt. And “celebrities” will caught with their pants down.

Posted on

iPhone 5 – I don’t want one

As I write this, Tim Cook is demonstrating the iPhone 5. So far it looks just as bad as the iPhone 4S, but 20% lighter and thinner. Oh yes, it has a new Apple A6 CPU this time around, which is apparently faster and less power-hungry, but it still eats batteries at an alarming rate. Apple claims the battery will last 8 hours in 3G or WiFi mode. The Apple A series processors are, of course, ARM cores to Apple’s specification manufactured by Samsung. I haven’t heard anything about that changing.

As smart phones go, the iPhone is a pretty poor offering. Here’s why:

Apple’s iOS is a right mess. It’s built on left-overs from the NeXT, it’s a pain to develop in (who needs another Object-based version of C when we’ve had C++ for ages, and the  system libraries are awkward, to say the least). I wouldn’t say Android is brilliant, but it’s got an excuse. This is supposed to be a premium product, yet the software engineering has lost the plot.

You can’t change the battery. This is shameful. Batteries have a limited life, and by fixing the battery in, Apple is limiting the life of the ‘phone, so you’ll need to buy another one each year. You can’t even carry a spare battery with you to help out when it goes flat.

You can’t upgrade the memory. The basic model is 16Gb, with 32Gb costing $100 more and the 64Gb $100 more than that. Flash memory is cheap and plentiful, and Apple is trying it on. Buy a Smartphone with a memory card slot.

The iPhone 4S was a terrible ‘phone. The sound quality was awful. You could always tell when someone was using one. It remains to be seen whether the iPhone 5 is any better, but given Apple could release such a terrible ‘phone last time, why should anyone give them a second chance?

This is definitely another item for the fanbois; those with an interest in conspicuous consumption. Anyone else needing a Smartphone should look elsewhere.