OpTech is Now Using HTTPS!

It is long overdue, but given the nature of the website (not asking for any of your personal information) I hadn't found the time to set it up. That said, OpTech now defaults to HTTPS ensuring you have a secure connection.

Please contact me, via Twitter or the Contact page, if you're seeing any issues or getting any HTTPS warnings from Chrome or another browser. Warnings like the one shown below are NOT expected.

SSL Certificate Warning

Why Can't Americans Vote Online?

Many ask the valid question of why we cannot vote like we live in 2016 – online. We bank, shop, work, talk, and do just about everything else online, so why not voting? Some smaller countries do it – Chile and Estonia, for example, but in general there is a substantial risk to hacking.

The unfortunate truth is that our online banking and email are only as secure as they are, which depending whether you have two factor authentication and complex passwords might not be too secure, because most of us aren't important enough to be the focus of targeted hacking. It is often called 'security through obscurity' – we blend into the crowd.

A United States election online would not be secure by blending in, there are too many parties (both internal and external) with vested interest in the outcome of the election. The election would be a major target to hackers from every corner of the planet, and it would bring out the best of the best as private bounties are offered for anyone who can generate a return on that investment. Consider how incentivized a single hacker would be for $10M (I made that number up) and how trivial that sum would be to the person/group offering if they could place investments such that they'd benefit orders of magnitude more than that with a controlled outcome.

The biggest hurdle is in verifying the identity of who is trying to vote. You can either make it really challenging and risk violating privacy as well as prevent a large number of (generally lower income) people from voting, or you can make it less challenging and almost guarantee it is compromised. 

So let's dive into what those might look like. If you made it more secure, you could verify fingerprints which would require the entire nation to be fingerprinted (expensive, time consuming, and a major imposition on privacy). You can do ID scanning which would require having an ID (many don't), a good enough camera to scan it clearly (which many don't have), and this still doesn't address the issue that, as many 19 year olds will attest, IDs are relatively easy to fake. The website would have to be encrypted, of course, but on places like college campuses a bad actor on the network could spoof the SSL certificate and intercept, decrypt, and change, all voting traffic that takes place on that network.

If you made it less secure, then there is nothing to stop people from voting en masse for the millions of American's whose personal information is readily available for sale on the darker corners of the internet. It is unsettling, but nearly everyone has some amount of their personal information for sale somewhere, and if you use common passwords or predictable security questions, it would be trivial to submit a vote on your behalf before you even figure out who you're voting for.

I'm sure this is just the tip of the iceberg. Suffice it to say that even with strict identification practices, it would be a challenge. All of this ignores the nontrivial portion of this country without a reliable internet connection, computer access, or technical wherewithal to actually vote online even if it is an option.

It will be interesting to see what they come up with, but unfortunately the most secure scenarios I can think of will really upset the libertarian-minded citizens, as they'd basically require submitting biometric data to the government (never mind how expensive that effort would be).

Vote To Support Science, Technology, Truth, and Facts - #ImWithHer

There are a lot of things to consider in an election, and this isn't a political blog, so I'll spare you an extended piece on this... unique.... 2016 United States Presidential Election. That said, technology relies on science and facts bound in reality to exist, so therefore I have to defend the spread of science and facts.

Only one major party candidate believes that climate change is a real thing. Science and technology tell us with certainty that climate change is real.

Only one major party candidate believes that telling the truth (as much as any politician does) is important. 

Only one major party candidate believes in treating people of all walks of life fairly and humanely.

Only one major party candidate proposed or supports major constitutional violations, more than any presidential candidate in recent history.

Only one major party candidate is facing charges for committing sexual assault (with multiple witnesses) and is accused, again with substantiated claims, to have raped a 12 and a 13 year old. [Update: While the claim was "voluntarily" dropped on November 4, 2016, the history of the case explains why. Repeated death threats, being terrified of exposure, up against a billionaire (and soon POTUS) is an insurmountable set of circumstances.]

Hillary Clinton is not perfect. She has committed sins, the worst of which (in my humble opinion) were done while defending a man she loves and with questionable drone policies, but to convince yourself of a false equivalence between these two candidates is to abandon truth and facts.

To be clear, there is a defensible position for voting GOP because of taxes and financials, but doing so at the Presidential level this election would lead to a death of morality and science for this country that would almost surely* bring about a downward spiral worse than any 4 years worth of left-leaning policies. So instead of voting in a tyrant, focus on finding and promoting a more intelligent and truthful candidate that represents your values in 2020.

I'm not one for strong political stands, I see deep flaws with both parties, but this isn't a political stand. This is a human stand. As if Trump's policies, which (if they exist at all) are ill-informed, non-scientific, and closed-minded, weren't enough, he is a genuinely terrible person that has really helped to bring out the worst in a lot of people. That is not the type of person who should be running this country.

#ImWithHer and I hope you are too.

*I understand the irony of using such a subjective claim in a post promoting voting for science and truth. It is a challenge to completely ignore the immeasurable human element of this election, though. I admittedly have no sources to substantiate this particular sentence.

An Engineer's Hippocratic Oath

For all of modern history, engineers of many disciplines have needed a certification to practice their trade. This makes sense — you want bridges to withstand wind, you want a city's sewage system to work correctly, and you don't want airplanes falling out of the sky. In most cases, this is the Professional Engineer (PE) License. It requires industry experience and a rigorous test; the result is that your bridges, cars, and cities are safe.

Computer engineers and developers do not have a similar certification, or at least not one that is required to ship hardware or software that can drastically impact millions of people. This has pros and cons. The pros include no bottleneck in the system, a much lower barrier to entry resulting in a wider range of more exciting ideas, fewer opportunities for corruption or prejudice to preclude someone from participating, and more. 

There are cons, too, however. These include a hijacked botnet of Internet of Things (IoT) devices being used to effectively take down the internet.

People will follow incentives, this is unavoidable when looked at on a macro level. When people have the choice of spending nontrivial sums of money or getting what they perceive is the same value from a cheap (or free) alternative, the masses will opt for the cheaper version. To make matters worse, some of the decisions are largely out of consumers' hands. In the case of a set top box from your cable company (hacked DVRs were behind a sizable portion of the DDoS attack), you might not even have any real alternative choices (yes, there is TiVo, but most people use the cable company's setup process/services). Companies follow incentives just like individuals, so if they can save a few bucks per DVR unit their margins on your rental go up substantially.

As with cheaper options of nearly anything, the similarities to the more expensive choices are all skin deep (if that). The security is a joke, in many cases these hacked DVR units had hard coded usernames and passwords, or ports are left open, or there's a public pinging back to China to check for software updates without verifying the response is valid, or any number of other glaring instances of engineering negligence. Not only are products of half-assed engineering proliferating, no one knows what to do about it and most consumers don't even know, let alone care.

This attack didn't cost lives. Not yet. But as more of our lives moves toward having internet enabled components like cars, pacemakers, thermostats (imagine a thermostat being disabled overnight and a baby or very old person freezes to death in a bad storm), this lackluster security can and will cost lives.

It remains true that you get what you pay for. If you know how to telnet into your cheap IP camera and close the ports that were left open by the manufacturer, then by all means, save $20 on the device. Otherwise, anyone else should really consider spending a bit more money and putting your trust in a company with a solid reputation whenever possible. The responsibility lies with consumers, and while liberating for those that know what they're doing, this is damning for those that don't.

There isn't an easy solution on the engineering or product side, unfortunately. The best one I can come up with are optional certification tiers for connected devices, but history has shown that consumers will still choose the free uncertified version often enough that there will always be enough hackable devices to perform a similar attack. At least with certification tiers, we can try to proliferate knowledge of the risks of buying a lower tier of device, though this is far from a cure-all solution. A engineer's oath, synonymous to the hippocratic oath, is wonderful in theory, but in practice, mandating such a thing is at odds with the very free and open nature of the internet that makes it so incredible. 

Update: Paul Sadauskas points out that a set of requirements akin to the UL Certification requirements could be imposed on the software and firmware loaded on hardware products imported into the country in question (I am writing this from the perspective of an American in the continental United States.) This isn't foolproof, since hardware or firmware can be changed after the fact, but it would make a sizable dent by making the default "this will never get updated or configured" devices less susceptible to more commonplace vulnerabilities.

Not Your Father's Bubble

For several years now, a sizable portion of the technology investor and news dialogue can boil down to "There's definitely a bubble!" and "There's definitely not a bubble!"

Far be it for me to weigh in here, I'm no investor, and feel far more comfortable giving my money to Betterment (not an ad, I just really love what they do) than investing (all of it) myself. With that being said, I do think I've got enough of a hold on the technology side to participate on the periphery of the conversation.

I am NOT declaring that there isn't a bubble, let me get that out of the way right now. Startups have been getting scooped up for 100s of millions or billions of dollars for several years now, and sometimes it feels more like people with money to burn desperately trying to get their ticket on the next gravy train. Is it sustainable? Who knows. Is it reasonable or justified? I think that's a mixed bag. Since I'm not sitting on a mountain of billions, I don't think my two cents means much here though.

It seems like a continual case of, and I almost hate myself for saying it, FOMO. With how fast technology can scale right now, a hot new startup can become a behemoth of industry a hell of a lot faster than ever before. A few thousand percent return is a good incentive to write a check; I'm sure it only takes missing out on one or two Facebooks or Ubers to realize that. 

Anybody with a a few weeks to throw together an app can go from a nobody to printing tens of thousands of dollars per day, consider Flappy Bird. So while he didn't go on to get millions of VC funding to stock a $10,000/month office with $4/bottle coconut water, he probably could have. It demonstrates how these ideas are, whether by design or as a result of current VC strategy, lottery tickets for the ultra-wealthy. (Side note: this is not a statement on income inequality - no one should feel entitled to anything and should expect to work hard for everything, anything extra is a bonus, but I realize I'm fortunate to be able to hold this privileged position.)

The last dotcom burst had some startups with good ideas – grocery delivery was introduced and everyone was sure that would be the next frontier; it failed spectacularly with so many losing sums of money the rest of the world only dreams to know. Digital entertainment, music and video, were attempted and we didn't have high resolution cameras with us every second of the day with high speed internet to connect people. Others attempted digital currencies, and again fell short of realizing their dreams. TNW put together a fun list to look through of 17 failed dotcom companies and their modern counterparts.

So why, when valuations appear to be based so heavily on someone adding some zeros to their just just so they don't miss out, would there be any argument that there is not a bubble?  

To oversimplify, it is the first time in human existence that we've had this kind of reach and instantaneous market. We have over a billion potential customers throughout the world on any given platform, double that (or more) when you go cross-platform. Furthermore, the access we have isn't to a shared home computer, it is to the most personal device that this world has ever known, with the extra upside that we carry it with us at all times. The experience of ordering groceries by logging into a website, finding a store, placing an order, typing in your credit card information, and waiting, is vastly different than having your phone on you, know your location, have an app custom designed for doing exactly this, algorithmically determined options based on purchasing patterns, a near-instant Apple Pay transaction, and city infrastructure that is designed to fulfill the order. 

To be fair, the website would also be designed for this task, credit card and location information can be saved, and the hundreds of millions of dollars were being invested to overcome the last mile problems, but that difference matters. The smartphone enables speed and convenience to go from an idea to an order which ultimately provides the escape velocity for these ideas this time around. Think of Uber without the phone, think of social without a good camera and location capability, it just doesn't add up to the user experience momentum that we're currently experiencing. 

Lastly, we now have the computing power and data collection capabilities to really take this to the next level. Location awareness and a rich browsing and purchase history give retailers a much more accurate view of what we want. Retailers can now view these patterns and anticipate things then tailor our experience to drive higher sales. A lot of this existed, or technically could have existed a decade ago, but it either didn't exist or didn't exist at the "hit the ground running" scale that was required. That difference matters. All of these differences matter. They add up to, as only hindsight will be able to confirm, what appears to be the perfect storm for this to be real, and not a bubble.

I don't know if this time will crash and burn like last time, but it is plain to see that this time is different. The phone changed everything, and so it stands to reason it will be sufficient to prevent the fallout we saw in the first bubble. 

Managing Endpoints in a Connected Life

I first noticed a few years ago that as more items are getting connected, the management of that connection becomes a burden. You've got companies putting SIM cards in watches now which seems unnecessary today, but soon we'll look back at it and wonder how we ever lived without it. There are SIM cards in phones of course, but also tablets, cars, home security systems, and more.

Do you manage each of these individually with their own account? Maybe, but probably not. It's a bit scary to think that if the devices are all on one account, a hacker could obtain power over all of the accounts that connect and secure your entire life; but realistically this is only one entry on a long list of horrible things that could happen if you don't take security seriously.

Unfortunately, the billing methods haven't really caught up to our demands on the carriers. For example, I want a SIM card in my iPad for travel, but I don't travel often so I don't enable it most of the time. If I put the iPad on my Verizon account with my phone, I share my phone's data and I have to pay $10/month for something I rarely use. As a result, I have a separate account for my iPad. Then you've got family sharing issues where there's a single primary account holder, how would one of their children add a device to that plan without being a burden on the parent? They can get authorized on the account, but even then the power is limited.

The solution isn't crystal clear yet. Though eventually carriers will have to take a big step forward with much more clear online accounts with easy permission controls so that each user can add/remove devices at-will. The billing needs to support flexibility and non-permanent device additions – even though the carriers have a large vested interest in you adding your iPad to the account then never using the data plan on it.

Another option is for each endpoint to be it's own account with the carrier and carrier billing being invisible to the user. For example, imagine a next generation Nest thermostat with a SIM built in (to guarantee remote control capability in either a vacation home with no wifi or when wifi is down at home). Perhaps I can just pay Nest $25/year for that capability (it is a negligible volume of data, after all). They handle the carriers on their end and the user doesn't have to worry about it.

This is only going to get worse in the short term, and I don't think the carriers are properly motivated to really solve it. People are complacent by their nature, so if you can lure them in, the odds of them ever proactively seeking change is shockingly low.

Next of Kin in the Digital World

There are few things more challenging for a family than losing a loved one. Historically, that person's digital existence was of lower importance relative to everything else going on during the painful transition. However, as more vital processes move online, the problem of a next of kin in the digital world will need a cleaner solution.

Right now, your best bet is to use a password manager and make sure your partner or chosen family member/friend has the master password. This isn't the worst choice, but most people don't even do this much. Furthermore, it does nothing to address the wishes of the deceased. Do they want accounts deleted? Ignored? Made into memorials?

A more thorough thought experiment would be required to design a complete solution, but this is touchy territory. Aside from the dark nature of the topic, there is risk in any single company's solution here. If someone provides a "take care of your digital existence" solution, what happens when they don't get that last payment? What happens if they go out of business? That risk holds true any time, but when the originator of the request for services is no longer available, it passes the burden to someone who might not be equipped to handle it or fully understand the nature of the situation.

An open standard might be the solution here. On top of the standard private companies and services can and should be built, but this would allow you to not get totally locked into a single service for example. Companies could try their various sales models, "free", cheap but minimal, expensive and full featured, subscription, etc.

It's an interesting discussion to have and I suspect will eventually be a thriving industry. Only time will tell how this problem is solved and what services flourish to meet the needs.

Look to the Wealthy People, But Not For the Reasons You Think

Wealth is frequently mistaken for success because they often go hand-in-hand. So when I say "look to the wealthy people" I am not giving life advice on attaining success. I simply mean to look at the wealthy people in the world today and consider the fundamental advantages they have. If you're able to distill these advantages and learn how to streamline them and decrease cost with technology, you might want to start picking stitching for the leather on your yacht. Still not following? 

Since hindsight is 20/20 let's take a look backward in time and extrapolate. 

Not long ago only wealthy people had phones in their cars, they were available around the clock and could get business done while on the move. Now you and a few billion of your closest friends have a super computer while you're in the bathroom. Similarly, only a few years ago, having a luxury sedan at your beck and call 24/7 was only for those who wouldn't waste time to pick up a $100 bill if they dropped it. Now we've got Uber and Lyft in most metropolitan areas on the planet.

You can pick any two points in history and be able to find this pattern emerge. Cars, trains, huge televisions, medical care, air conditioning... the list goes on. Yesterday's unattainable comforts are tomorrow's standard for living.

Smart homes are exciting, but I think there's a bigger one looming in our not-too-distant future. What does every wealthy person have instantly available to them around the clock to take care of anything they need, yet the average person couldn't hope to afford? An assistant. The biggest gain to be realized in a successful instance of this pattern emerging is when technology can scale for next to nothing and replace an otherwise costly human resource. 

Interestingly, the biggest problem with this breakthrough might not actually be the technology. I suspect it will be the public perception and acceptance of this technology. An assistant knows every detail of their boss's life. They know their most personal information, they know intimate things, they know where they are the vast majority of the time. Most crucially, a good assistant can piece all of this together and make logical inferences to anticipate the needs of their boss. Therein lies the power of the dedicated assistant.

When this assistant is a person, there is an opportunity to develop a trusting relationship. There is accountability. If something is leaked, you've got a human being to point the finger at and that human being will take responsibility. This doesn't transfer well to the digital realm. When a leak takes place some executive might get fired, but that doesn't repair the personal damage done. You can't easily develop a trusting relationship; instead to fully realize a digital assistant you will need to to relinquish your most intimate information while accepting the associated risk.

Taking this leap will not be easy, and there will be many people who refuse to do it. There are still people who disable location services on their iPhones so they can't realize the immense power in maps or any number of the thousands of location based services.

There will be several options when it comes to how this sensitive information is handed over. This discussion is too nuanced to cover here, but the over-simplified version is that you will have the Apple version where you pay for the service directly or through "costly" hardware, then you'll have the Google version where the services are "free" and the ways in which your data will be used for Google's profit will be detailed in legalese on page 182 of the Terms of Service that we each read so thoroughly. Neither one is right, neither one is wrong, but a choice will have to be made if you decide to opt in at all.

I know three things for certain: 

  1. I will be opting in.
  2. I will be willing to pay a modest price for a service I consider worthwhile.
  3. If the depiction of wealthy people in movies is a preview of where we're headed, then I am particularly excited having seen the Iron Man movies.

A Few Thoughts On Jony Ive's Promotion to CDO

I want to preface this that I hold Jony Ive in the highest regard and his work is what gave me an appreciation for beautiful things. These are just a few "what if's" and thoughts that went through my mind on the news of Jony Ive being promoted from Senior Vice President of Design to the extraordinarily rare (for Apple) C-level Chief Design Officer.

Work and Family

I don't know Jony or his family, but if there is any family pressure to return to the U.K. then he is in a really tough position. The number of people that count on him, the number of people that directly benefit from his work, and the overall impact he has is profound. How do you balance that with a family who (hypothetically) want's to move? Of course, this "move to the U.K." is all rumor at this point. If the world is lucky, it is nothing more. 

I believe it is right to pick your family over your work, but as a beneficiary of his work, I can say I will be deeply saddened when he leaves Apple.

On Replacing Jony

You can't replace Jony Ive. Just like you couldn't replace Steve Jobs. When Steve passed there were two strong rails for the Apple train to run on: the culture at the core of everything Apple does, and Jony Ive. That is how it looks from the outside, of course I don't actually know. So what happens when Jony leaves? Without Jony or Steve I think the culture will remain on autopilot for a while. It's tough to say if that will be a year or twenty years, but I think somewhere in the 3-5 year area with no un-Jony product changes is a very safe bet.

Over time culture adapts. The culture of Apple is even to adapt at its own short term expense (think iPhone cannibalizing the iPod). Inevitably the nuanced impact that both Steve and Jony have in the seemingly irrelevant details will fade. I suspect this will lead to changes in directions akin to going from skeuomorphic to flat design, and that is a good thing, this evolution is necessary.

Let's hope the rumors are wrong so that we can be selfish and bask in the benefits of a Jony Ive designed life for at least a little bit longer.

Closing

Again, this promotion could very likely have nothing to do with him leaving any time soon, but when the notion was brought up I couldn't help but consider it. I am eternally grateful for the work Jony has done and wish him nothing but happiness, whatever that means for him. 

Android vs. iOS: Revenue Per User Won't Catch Up and That's Okay

The metric of choice for comparing iOS to Android is average revenue per user, or ARPU (spoken phonetically exactly as you'd guess). This is fine, it is certainly technically accurate, but it isn't exactly relevant for most of the discussions where it is used as ammo. It's like comparing the average revenue per user of all car buyers vs. only Ferrari* buyers – it tells you what you already know.

Notice how I didn't say Hyundai vs. Ferrari, that would be a hyperbolic falsity, I specifically said all cars because that's much more aligned with the reality of Android. You need to understand the Android spectrum to fully appreciate the volume, human impact, and glory of what they've pulled off.

This graphic shows the ARPU comparison between the platforms, it is interesting data, but remember to keep perspective on the topic (source article).

Android vs. iOS ARPU vs Deepak Abbot on Medium

Now some considerations and perspective:

  • Note the ARPU difference and relationship in app sales vs. ad revenue. 
  • Android has been installed on a lot more phones than iOS. I am basing this on data that is getting old, but I don't think enough has changed to change the blunt fact that Android dominates on pure install base – Android had (Q4 2013) 78% market share to iOS's 18% worldwide. The data above shows a 74/26 split purely between these two platforms. Before you get angry at the mention of install base metrics...
  • Install base doesn't mean much of anything for any discussion aside from install base discussions.
  • There are many millions of Android device owners that don't own a computer or have another source of Internet in the home, the phone is their first and only computer and their connection to the web.
  • There are Android users who don't have running water, plumbing, or electricity at home. Communities have communal charging stations on the side of the road. Benedict Evans does a great job of tracking and tweeting (or retweeting) data and anecdotes about this. Can you imagine walking a day or more just to charge your phone?
  • Android devices are connecting people from the third world to services and communities that allow them to catapult their communications capabilities forward by decades.

There isn't one smartphone market. You can make it look like a single market on paper, but the reality is there are several markets. I would love to see data on premium device ARPU broken out by region, this would be a more valid comparison to make. There are hundreds of millions of Android devices that are in the same premium segment as iPhones, and there are old hand-me-down iPhones that are in a similar segment to lower end Android (though I don't believe even the bottom of the iPhone spectrum reaches the price points/capability of the low end Android phones). These devices have changed the world overnight unlike anything most of us have ever seen.

Next time you pull out your device of choice and think that you can't live without it, remember that there are millions of people for whom their smartphone is fundamentally changing the entire trajectory of their family's livelihood. Apple and Google have enabled extraordinary things with their platforms and there is no question about our love for and dependence upon our phones. However to compare the two platforms outright as one market is a fool's errand without maintaining perspective on the extraordinary differences between what the platforms (or even subsets of each platform) enable.

*I picked Ferrari because I originally picked Audi and then started questioning whether the revenue from super cars would actually be enough to offset the lower end cars and render my analogy dead in the water. Rather than picking Audi and doing the math, I went with a car I knew would represent a huge ARPU that the car industry as a whole couldn't touch.

Two Factor Authentication Matters - iMore's Guide to 2FA

I am a firm believer in two factor authentication; I can't imagine a better way to keep yourself secure than enabling 2FA on any service that supports it. Contrary to popular belief, there is minimal inconvenience. For any site or service that you care about, the benefits outweigh the cost by several orders of magnitude.

It's worth taking a look at who all supports it and noticing the pattern that that so many "old dogs" (companies that are huge and have been around for a long time) don't support it, but newer companies do. This shouldn't come as a surprise, but might help you decide who gets your business.

The Safe Mac

If you use iOS or OS X and missed the Mac Power Users podcast this week with Joe Caiati, I highly recommend checking it out. One highlight for me (as the default tech support for a growing circle of people) was the mention of The Safe Mac. The website is "retro" (to put it nicely), but the adware removal tool is top notch – and free (donations recommended). 

It is worth checking out as an option for your loved ones who find themselves installing Flash from some bogus website (something that's shockingly easy to do).