Rant – Mike Talon's Home on the Web

The Reality of the New Non-Neutral Net

So the FCC has repealed the regulations that mandated that all traffic on the Internet must be treated equally. The telecom/Internet Service Provider industry has touted this as a good thing, as there will now be a “fast lane” for most traffic and a “faster lane” for so-called priority traffic.

The regulations in question are long, wordy, complex, and unfortunately boring as hell. So what does this new non-neutral net mean in the real world? Let’s take a look:

If you are a tech company:
First, unless you’re well established and have rock-solid relationships with bandwidth providers, you’re in trouble. You *will* be paying more to get your traffic prioritized in a world where everything else online is going to drive up latency and bottlenecks. This means more budget for bandwidth for the life of your product line, and that means you need to start lining up additional funding right now. The impact of the regulatory change may take a few months or a few years, but it is indeed coming – start planning.

If you don’t want to pay for prioritization, then be ready to accept the fact that everyone who did pay will get lower latency and faster throughput – especially during peak operational times for your type of application or platform. So for consumer apps, your performance is going to absolutely suck from about 6PM through about 12AM local time for your customers. For business applications, the 9AM to 5PM local time frame is going to be a nightmare for you and your clients.

While non-latency-dependent or bandwidth-light applications won’t have too much of a problem, if you are streaming anything at all, this will impact your bottom line. If you’re starting up a cloud platform (especially IaaS), just give up now.

If you are a consumer:
Get ready for your Internet Service Provider (ISP) and Mobile companies to charge you more. If you are a heavy user of streaming services (Netflix, Amazon Prime, Apple Music, Spotify, and several dozen more), then you’re going to need prioritized service. After all, if everyone else in your neighborhood pays for it and you don’t, all you’re going to see is the “buffering” message or “please wait” audio prompts as their traffic gets to their devices ahead of yours.

ISP’s are already charging for high-bandwidth users, and in a world of streaming video and audio services we’re pretty much all high-bandwidth users now. If you work from home and are constantly on company applications and VPN connections, your bandwidth profile goes even higher. Have a VoIP phone or a micro-cell for your mobile phone? Higher still. Want to use that VPN for personal or business use – you’ll probably have to pay more for that privilege. There is no end to the nickel and diming that’s now available to ISP’s that they could have only dreamed of before.

A history lesson:
In our history, we have seen that giving corporations – even non-monopolistic corporations – the ability to pick and choose winners and losers exclusively by their ability to control supply doesn’t lead to good things. The punch-card era of IBM is a wonderful example. You see, while anyone could physically produce punch-cards to program and manage IBM accounting machines, only certain vendors were permitted to do so by IBM. Anyone who wanted to get into the market would have to be certified by IBM (an expensive proposition) – even though a punch-card is just a stiff piece of paper of certain physical dimensions. Eventually, other technologies got a toe-hold in the accounting machine market and overcame that restriction – but that took a generation, and caused many businesses who would have competed with official IBM punch-card vendors to go under. Since any vendor selling IBM punch-cards would not have a financial reason to produce them for other brands of accounting machines, this also meant that IBM gained the ability to become a virtual monopoly – no other machines could get anyone to make their punch-cards. Customers also got shafted, as they had to pay a premium for the officially-certified cards or risk their service contracts being voided. To put that in perspective, if your service contract was cancelled, your accounting machine pretty much stopped working.

What’s the correlation? Well, now any new business that wants high-bandwidth, low-latency throughput will have to pay to receive the blessing of an ISP above and beyond what they’re paying for that same service right now. Based on recent history, any user who wants to get the service as intended will also have to pony up some cash each month, making the actual cost of the new platform or service higher still. This will lead to situations where newer technologies may not even be developed, since it will be fiscally difficult to bring them to market successfully. The inventors won’t have the budget to pay for premium connectivity, and the end-users will be reluctant to get better cable/fibre packages to use them.

Recent innovations will wither and die when these new bandwidth fees and/or restrictions exceed their budgets; making it impossible for them to compete with players in the market who can more easily afford the fees by passing them on to their already sizable user bases, or just absorbing them as a cost of business. Google will be able to hold power over online video sharing where a newer company like Twitch may not be able to absorb the extra bandwidth costs. Amazon and Azure will ensure they have little to no competition because any cloud startup will be bankrupted by these premium fees, which would be required for things like Infrastructure as a Service to even function.

Yes, in time, newer bandwidth technologies will be created, and ISP’s will find themselves on the same losing end as the old Bell System did when it got shattered. But, ask yourself, how many innovations and new frontiers took decades longer to develop or were entirely lost when “Ma Bell” controlled almost every telephone line in the country? By allowing a very limited number of bandwidth providers to dictate fees at will – with no regulation to keep them in check – we’re quickly approaching the same situation we had with the Bell Network back in the 1980’s. Will we need to wait several decades for ISP’s to become irrelevant before we’re out of this nightmare, and how much progress will be sacrificed in the meantime?

Our government – in the form of the FCC – has sold us out. We are all going to be poorer in both actual money and in lost innovation and discovery for it.

My Take on the Amazon vs. Google Shenanigans

TL;DR – they’re both being insane and need to stop this crap.

In case you haven’t heard the news, Google (who owns YouTube) is pulling the ability for Amazon Echo devices and Fire devices (tablets, set-top and stick streamers, etc.) as of January 1. Some of this has already happened, as most Fire tablets and the Echo Show already have no ability to show YouTube videos, but after the 1st of the year, the entire rest of the product lines will lose the ability to serve up YouTube content – even though they are Android based, and there are Android apps for YouTube available.

Some backstory:

Amazon is a world-wide powerhouse in online retail and Cloud Services. Google owns most of the information on the Internet and is a major player in Cloud Services. Both are massive – and massively powerful – companies who can set and change the market at will. Both have services which compete with each other directly. Google has their own mobile OS (Android) and a vested interest in online retail – though indirectly as they sell advertising that leads to retail sites instead of offering a retail shop. Amazon is an online retail superstore, and has a mobile OS (FireOS) – though indirectly since FireOS is a fork of Android. Over the last couple of years, a feud has developed between them over eyeballs and ownership, and now we’re all paying the price.

The first salvo was Amazon not permitting the Google Play Store (the Android app store) on Fire devices like tablets and set-top streaming boxes. Apps had to be purchased via Amazon’s own app store functionality. Google made it well known that FireOS wasn’t considered Android anymore, but rather a fork that had branched into its own OS entirely. Some time later, Google devices (like Google Home, ChromeCast streaming sticks for TV’s, etc.) began to systematically disappear from Amazon shopping venues – while at the same time Amazon was promoting their own devices which served the same purpose. So Echo devices were available for sale but Google Home was not. FireTV set-top and stick streaming devices were still available, but ChromeCast sticks disappeared. Fooling absolutely no one with this strategy, Amazon soon caught the ire of Google, who became less and less willing to put up with Amazon’s tricks.

At around this time, FireOS tablets and other devices were using an Amazon-built YouTube application. Google claimed that this app violated their terms of service by manipulating the way in which YouTube advertising displayed, and blocked the app from functioning with YouTube. Amazon retaliated by creating an app that was just a shell to load the YouTube website – seeming taking care of the problem. Google, in a move that is controversial at best, objected to the fact that the touch-screen controls used by the new app didn’t fit their standards, and blocked the new app as well. When the Echo Show (an Echo device with a touch screen) debuted, it was quickly blocked from getting access to YouTube videos by Google, continuing the trend.

So which came first? Did Amazon piss off Google by pulling items from their storefront and manipulating how their devices accessed YouTube? Did Google piss off Amazon by developing competing product lines and limiting 3rd-Party access to their services? It’s a hard call to make, as a lot of these things happened in a very short period of time; but the end result is clear to see. YouTube – as of January 1 – will not be accessible on any Amazon device. ChromeCast and other Google-made hardware devices won’t be sold on Amazon.com – even by 3rd-Party sellers. Together, they’re tearing off their collective noses to spite their collective faces, and that doesn’t help anyone.

Amazon – you’re losing money. People will be hesitant to buy FireTV, or tablets, or the Echo Show when they cannot display the most popular video streaming site in the world. This is especially true when other devices like the Roku, AppleTV, and the majority of smart TV’s can show both Amazon content and YouTube content. You are hurting your sales and tarnishing your reputation.

Google – you are losing money. There is a large population of people who already own FireTV or Echo Show devices, and aren’t going to buy another device just to watch YouTube. That means less eyeballs, and less advertising revenue. It also means fewer people signing up for YouTube Red (the subscription service). The feud is keeping your devices off the most popular online shopping portal in most of the world, and you too are tarnishing your reputation.

Both of you are hurting your own bottom lines, and neither of you can win this in the current market. 3rd-Party devices that neither of you make money from will gain ground, and Apple is going to eventually eat your lunches when they inevitably launch their own voice assistant home device that supports both streaming platforms and doesn’t require directly dealing with either of your independent petty streams of bullshit.

Start working together. Amazon, use the YouTube native interface for touch and web. Show the ads inside of YouTube the way Google wants. Google, face the fact that Amazon sells competing hardware and isn’t going to promote your hardware. Take solace in the fact that you can buy a ChromeCast from a lot of places, and just sit back and rake in the ad revenue from ALL platforms that run YouTube. You don’t have to get along with each other, and can continue sniping at each other until the end of time – just don’t force your end users to make the difficult but inevitable choice to abandon both your platforms for the next hot hardware that comes into the market. Worse yet, don’t put a bad taste in consumers’ mouths when alternatives (like iTunes Video and Xbox Video) exist and could gain market share at your expense if you force users into new behaviors.

No, I will not disable my ad blocker.

Anyone who uses an ad blocker has no doubt seen the “placeholder” images or text that replace where the advertisement would be on popular websites. These placeholders implore us to turn off our ad blockers to give the site vital revenue, to not starve the website owners of cash. Lately, there have been even more aggressive methods to ask us to turn blocking off – pop-up or interstitial notifications to shut the blocker off, or even full-page-blocking notifications that keep you from seeing anything if an ad blocker is on.

I do not, in principle, have an issue with these notifications. I think companies and individuals who support their sites with advertising have the right to ask us to turn off the tech that keeps them from getting paid and paying their bills. However, I must regretfully inform these sites that I will not be turning off my ad blocking software, and here is why:

Ad networks (the 3rd-party companies that serve up the ads found on most websites these days) have become nothing more than the latest vector for delivering malware of many forms. In the past, an attacker had to compromise the site itself through security holes or brute force in order to turn that site into an attack vector for infecting visitors with various nasty software. Ad networks have allowed attackers to do many multiple times the damage with a fraction of the effort.

Here’s how it works: The attacker buys ad space with a network that allows Javascript or other active-code ad serving. The technology generally allows advertisers to show rich-media ads (which are annoying and should be removed from the internet anyway, but I digress). Rich-media ads have video, audio, and other eye-catching stuff built-in, but require that the website displaying them allow for the scripts to be run. They also require that the browser allow the scripts to run, which ad blockers disable. For a legitimate advertiser and the website owner, this means better conversion rates (the rate at which viewers click on the ad to see the product/service being sold) and rich-media ads have become insanely popular for advertisers themselves; and a requirement for most ad networks to support.

An attacker can create an “advertisement” that has scripting which delivers the payload of their choice. This could be malware or spyware that the user must accept and run, other malware and spyware that requires no user interaction (limiting what it can attack, but making it much more likely to execute), or more recently crypto-currency mining scripts that chew up CPU cycles and can theoretically damage a computer though overheating it. Since the ad network has no way to tell that the malicious ad is any different from any other rich-media ad (because networks don’t bother to police their customers), the ad network serves up the bad ad to hundreds of websites and infects thousands of end-users.

In short, network advertising on websites has become the new way for attackers to deliver their malware.

This “malvertising” has become so prevalent that even giant sites like Showtime have been attacked via malware in ads posted on their sites. The ad networks do nearly nothing to stop the problem, and the site owners cannot stop it short of removing the ad networks’ code from their sites.

So, until such time as ad networks begin to properly police the ads they put up on network sites, or until such time as you – the site owner – remove that code and post ads you know to be non-malicious only; I’m not turning off the ad blocker. I’m sorry that this impacts you, truly I am. However, the situation has reached a point where no site that runs network ads is safe unless that code is blocked from ever running.

PS: I do indeed subscribe to websites that offer quality content without ads, either through Patreon or directly with the site itself. I know that this limits how many sites I can possibly support, but for those that offer great content and don’t attempt to infect my system with their lax code policies, I’m more than willing to put my money where my mouth is.

Outlook for iOS just plain sucks

Recently, I joined a new company that uses Office365 – Microsoft’s cloud-forward platform that they believe will eventually replace the traditional licensing models for the Microsoft Office Suite, Exchange Server, SharePoint and several other products. The idea is good, as it opened the door to Microsoft finally brining its signature office applications (Word, PowerPoint, Outlook, etc.) to more platforms, like iOS devices. Word, Excel, and several others made the jump to my iPhone rather nicely. I’m pleasantly surprised at how well they translated from the big screen on my desktop to the small screen on my mobile devices.

Outlook fell out of the WTF tree and smacked into every single dumb-ass branch on the way down.

First, let’s talk about the interface. On a computer, with a keyboard and mouse, the interface for Outlook for PC and Mac is manageable and useable. I’m not a huge fan of the “put all the menu buttons in one tiny corner” school of UX design, but with keyboard shortcuts it’s a very workable solution for maximizing screen real-estate. Even Outlook for Mac – long the whipping boy for how not to port an application from Windows – the interface is clean, effective, and works. On iOS, the interface is horrible. There are no keyboard shortcuts to jump from mail to calendar to contacts, and some features like the task list are just plain missing. To be fair, tasks sync to the Reminders app in iOS – but only if you also set up your Outlook/Exchange account as an internet account on the phone.

All right, I know what you’re all saying, “It’s a scaled down version for just the essential stuff like email!” Great, let’s look at email:

No font sizing. So basically you’re going to see a set amount of info on each screen, no exceptions. Got an iPhone SE and need a bigger scale to avoid going blind? Too bad. On an iPad Pro and want to shrink stuff down so you can get more on the screen? Sucks to be you. To clarify, I am not talking about the fonts IN the emails – Outlook has little to no control over that if the email has its own formatting. I’m talking about the interface itself and the message previews in your mailbox lists.

No red squiggles. In nearly every other iOS application, when you mis-spell a word that autocorrect doesn’t murder for you (AUTOCORRECT SICKS!); you get a helpful visual indicator that something just ain’t right – the infamous red squiggle underline. It happens in the native mail app, and Airmail for iOS, and honestly every other 3rd-Party email app I’ve tried since iOS 4 was a thing. Outlook can’t get it to happen – or on the few instances they do get it to work it almost immediately stops working again. I’ve changed my keyboard settings, fiddled with autocorrect settings, etc. Nothing gets it to work reliably. Now I do a quick proof-read of emails before I hit send whenever possible because… well… AUTOCORRECT SICKS! but sometimes it’s easy to miss a spelling errer, and the red squiggly lines (like the one that’s glaring at me from that purposeful mistake in the last sentence) are extremely vital to not letting them get sent out.

No S/MIME support. What were they thinking? Outlook on the desktop has supported S/MIME in one form or another since Office 98, and done it reasonably well. Even Outlook for Mac has supported the use of signing certificates since it changed over from Entourage years ago. The native mail app supports S/MIME just fine, so the phone itself is capable of it; and other 3rd-Party mail apps seem to offer at least basic support for it, so it’s not an “Apple locked this feature away for their own use only” issue. But, alas, Outlook for iOS cannot use certificates to sign or encrypt emails, or even recognize that one is in use in an incoming email.

Not all bad news

There are some good points to Outlook for iOS as well. It’s not all doom and gloom. While the sizing is an issue, the interface is at least intuitive enough that I didn’t have to go searching through a knowledge base to figure out where things were. Not having the keyboard shortcuts as on a Mac or PC is annoying, but not something that will completely hobble you. Having email and calendars in one app is a much simpler method than downloading the .ics attachment, opening it in the Calendar app, and finally accepting it (or more often then not, finding out there is a conflict and starting the process over with the updated invite). Direct interoperability with other Office for iOS apps right out of the box is also a strong feature in Outlook’s favor. And having the licensing included in my Office365 subscription – which is handled by the iTunes App Store natively – makes things a lot simpler to manage.

I hope that Microsoft hammers out the kinks in the system. I would personally love to use Outlook for iOS for all of my work-related email; as I always keep work email and personal mail in different apps to avoid confusion and mistakes between accounts. For now though, I have to stick with Airmail for iOS. It doesn’t support S/MIME either, but can talk to Exchange online and does everything else I need except Calendars. For those who are interested, I went with BusyCal for iOS on that front.

Outlook for iOS is a flawed, half-baked product. It shouldn’t be part of the Office for iOS suite, and only serves to drag down what is otherwise a great set of apps that we’ve all been waiting for since Microsoft started looking at mobile devices. Get it together, Microsoft, and give me what I’ve had on the desktop and in other 3rd-Party email apps for years now!

That’s it, I’m pissed.

You know, I was going to just offer some opinions on twitter and let the media rip our new President to shreds. However, today has changed the game.

Mr. Spicer – the President’s Press Secretary – has held a press conference to essentially declare open war on the press. He’s accused us of lying to the public (which admittedly has happened, but on both sides, no ones’ hands are clean here), of unfairly pillorying the man who is President, of over-stating the strength of a peaceful protest event instead of over-hyping the Inauguration. How we should all be ashamed of ourselves for not reporting only such information as officially given to us by his office at the request of the President. How we need to sit down and shut up for the next four years, or we will suffer the Wrath of Trump.

Well, now I’m pissed.

Mr. Spicer, I am a former (and shortly future) member of the Fourth Estate – the press you so vilify and want the people of this country to deny and destroy. Let me make a few statements right now to stand in loyal opposition:

First, sir, it is the job of the press to speak for all sides of a debate. To report on everything – good, bad, huge, tiny – it doesn’t matter. We (through the hundreds of differently opinionated outlets) speak for everyone. Yes, we choose sides. Yes, we shape opinions. That is OUR JOB. Your job is to relay information in a way that makes your boss look good. Our job is to relay information as we and our organizations see it. This doesn’t work if we don’t both do our jobs. It sure as hell doesn’t work when you openly declare that you despise us and everything we stand for.

Next, please realize you used your first press conference to completely alienate and distance the very people who you will be asking to trust you on a regular basis. No press? No Press Secretary. If you force us to deal with you only in an atmosphere of outright hostility, do you really think we’re going to give your words more credence than your numerous opponents’? I am NOT saying you need to be all buddy-buddy and happy with the press, far from it actually, but mutual respect is required here; and you’ve just torpedoed it on your first day.

Finally, Mr. Spicer, please stop embarrassing your administration. To call national attention to the fact that the President of the United States – perhaps the most powerful man in the world – has decided to proclaim that “his is bigger” is just… wrong. Come out swinging with details on how much better this Inauguration was. More important diplomats and delegates, more people in the parade, more gravitas and importance. Please don’t make futile attempts to disguise fears of impotence.

To the Trump administration: please stop pissing on the press in a horribly failed attempt to disguise the fact that an event you didn’t want to happen heroically out-shined the event you set up. We’re going to talk about the Womens’ March no matter what, and your acting like petty fools does nothing to diminish their triumph. If anything, we’re now going to highlight how many more people attended the March, just because you threw such a massive hissy-fit about how “yours was bigger”. Got that? You screaming at us that something was under-reported will just force us to shed more light on that topic. Learn how to throw a story out with the trash, and how not to draw every media outlet’s attention to it.

You don’t need to be our friends, but we demand respect. Give that to us, and we can all get along for the next four years. Keep this up, and ONLY the views of those who oppose you will ever make it on the air, online, and onto the front page.

A message to the protestors

Look, I’m just as pissed off as you folks are that we will have to acknowledge “President Donald Trump” very, very soon. I didn’t want this. I didn’t want Hillary either, but frankly she’d have hurt a hell of a lot less. I don’t want him as my President, I don’t want him representing us to the rest of the world, and I sure as hell don’t want the world that he’ll help shape.

But…

There are violent protests going on all over the United States right now. That has to stop. It has to stop now, and never resume. You will fail, you will hurt those who are trying to keep the damage to a minimum. You will destroy the causes you want to support. And most importantly, you will help Trump prove his own misogynistic, homophobic, homicidal, dumb-ass, short-sighted, anti-humanity ideas.

That’s right, you are helping Donald Trump continue in his plans.

Look, there are a lot of ways that you can stand against him without destroying your own movement:

March and protest peacefully. Hell, we’ve overturned some very deep-rooted and immobile laws and feelings in this country with that policy. It works, and it works incredibly well.

VOTE! over 46% of those eligible to vote in this country failed to do so this year. Let’s say that half of those were unfairly not allowed to – a percentage that would be considered by even liberal sources to be high, but I’ll give you the benefit of the doubt. An additional 25% of the electorate participating would have absolutely changed the outcome. Maybe Trump would have still won, but at least there would have been one hell of a strong voice of opposition. Don’t stay home, don’t ignore the voting booth. Get out there and make your opinion count in the most powerful way the world has ever seen.

Finance organizations and volunteer. Planned Parenthood, Lambda Legal Defense Fund, The American Civil Liberties Union, there are a lot of them out there who are now under fire. Give them money. Give them time. They’re in desperate need of both, and that need is going to get more and more dire.

Stop those who would destroy your message. If you and your fellow marchers/protestors witness someone rioting or looting, surround them. Don’t put yourself in physical danger; just keep them from leaving the scene of a literal crime. Let the police in, and don’t let the criminals out. Force the news to report that those who stand in opposition to Trump will refuse to sanction violence and criminal behavior in their name, and force those who think this is appropriate behavior to recognize that it is not, and you will not either condone or assist them in it.

Finally, remember that Trump will be sworn in as president. We can’t stop that now. What we need to do is become what Britain calls “The Loyal Opposition.” Never let in or give up for a moment on your ideals or values. Never stop pushing (peacefully, effectively) against the policies you do not and can not endorse. But remember we are still all Americans. We are still all bound by the laws of our country and the leaders that are elected to make and uphold those laws. This isn’t a contradiction of terms or oxymoronic thinking, this is what our system of government was designed to do from the very beginning. Believe it or not, not everyone in Colonial America believed that secession and independence was the right idea. Some stood up in favor of remaining loyal to the crown. The did, however, still support the will of the people when the fledgling country decided on which direction it would move.

Teach people about the most powerful tools at our disposal to defeat bad laws: Peaceful Protest, Jury Nullification, Voting the morons out of office, the are a large number of them. Use them, teach others about them, but work within the system to change the system and the message will be broadcast to all the corners of the earth.

Riot and wreck up our cities, and not only is your own message lost, you support the very people you are trying to protest against.

We’re in this together. We will survive the next four years. Let’s not make the situation twenty times worse by fueling the very people and policies we stand against.

Zoey Tur and Ben Shapiro – Facing a Troubling Fact

WTF OK, for the first time… well… ever… I have to actually agree with something that came out of Ben Shapiro’s mouth. This is not a comfortable situation.

Before we begin, let me say that Ben Shapiro is a misogynistic, short-sighted, borderline bigoted mouthpiece for the right-wing media. I consider myself a centrist, but for the most part, the stuff he comes up with still doesn’t land on my radar. I will defend to my last breath his right to say what he believes, however – no matter how much I can’t agree with it.

A short while back, he was on the Doctor Drew show with a panel discussing Caitlyn Jenner’s ESPN Arthur Ashe Award for Courage. To absolutely no ones’ surprise, he was totally against it. While Mr. Shapiro did indeed spout off with borderline bigoted comments, what happened during the show deserves further attention, and is being largely ignored and/or used to highlight Mr. Shapiro’s bias in many matters. The problem with this is that the incident has nothing to do with his short-sighted opinions, and more to do with a threat made against him on national television.

Here’s the relevant snippet of the show:

YouTube Clip

While I applaud Ms. Tur for standing up for her rights and opinions, the way she did it is unacceptable, inexcusable, and not helping anyone.

The discussion was heated, with Mr. Shapiro flat out refusing to use feminine pronouns to refer to Ms. Jenner; even going so far as to repeatedly refer to transgender identity as delusional. He was crude, impolite, and politically incorrect – but absolutely none of this is either out of character for Mr. Shapiro, or reason to threaten the man with physical harm. Ms. Tur specifically, and with no room for mis-interpretation, threatened the man with bodily harm on a nationally televised program. It’s there, on film, with all of the previous events leading up to it and none of them justifying it.

Mr. Shapiro has indeed requested that law enforcement investigate the matter, and I’ve got to say that’s about the most responsible thing one can do under the circumstances. He didn’t retort with his own threats, he didn’t storm off the stage as so many others have done in similar circumstances, he didn’t even take a cheap verbal shot at her. He just continued on with his – granted, ill-received – argument as if the threat didn’t occur, then followed the appropriate course of actions and brought the matter to the attention of the police.

Say what you want about Mr. Shapiro’s opinions – and I will do so continually – but no one should be threatened with harm because of an opinion. That’s what lead to the Danish Newspaper Cartoon killings, the attack on Charlie Hebdo, and so many other incidents it is sickening. The saddest part of this whole thing is that people proclaiming “Jes Suis Charlie” after the shooting are amongst the same people saying that Ms. Tur was reacting appropriately.

I agree with, and applaud, Mr. Shapiro on this one topic. We don’t see eye-to-eye on nearly anything, and actually don’t even see eye-to-eye on the topic he was speaking about when the incident happened. That doesn’t change the fact, however, that he was threatened with bodily harm. No one – not even those we vehemently disagree with – should ever have that hanging over them.

Encouraging and exploring free speech is a double-edge sword. It only becomes one sided when actual swords start rattling over it.

10 hours in the air

Photo Credit: PicJumbo

You folks all know I travel quite a bit. Planes, trains, and automobiles – though regretably without John Candy as a sidekick. Recently, I was trapped on a 10 hour flight overseas, and frankly I am not impressed.

Years ago, when I did such a trans-continental flight, the coach seats were slightly more roomy than coach on domestic flights, and the whole business of charging for “extra” legroom (a total joke) was not a consideration. Flying United to Tel Aviv has shown me just how far long-haul flight experience has tanked in the intervening years.

Let’s start with boarding the plane. If course the first class, disabled, uniformed, and other people get on first. That’s actually fair, and I have no objections.

Then it all goes to hell.

Between the priority boarding for credit card holders, frequent flyers, and pretty much anyone who has absolutely any claim at all to it; 3/4 of the plane boarded before us shlubs who had just normal tickets even had a chance to see the gangway. By the time I got on, 90% of the overhead bins were full, everyone was already seated around me, and it was pure hell. Now, I was in the middle of the plane, so theoretically first class, and everyone behind me should be on, but not everyone around me and in front of me too.

So, I get on the plane, sit down, and realize that the extra legroom seat I did shell out for (it being a really long flight) was pretty much the same as any other domestic plane pitch from as little as 3 years ago. God help everyone who didn’t get extra leg-room, I can only image the hell of 10 hours with their knees jammed up against their chests.

In flight service was actually pretty good. When cabin service happened, real meals were served, you could ask for a can of soda or bottle of water instead of a cup of the stuff that’s 90% ice, and the staff were pretty friendly. But the constant movement of beverage carts up and down aisles that were barely big enough to manage that made it impossible to get up and stretch your legs. This became even more critical considering the abysmal seat pitch we all had to put up with. Deep Vein Thrombosis is a very real and very deadly medical condition undeniably tied to being jammed in airline seats for hours on end. The inability to move – pretty much at all – is just the airlines begging for massive lawsuits.

Added to this, it was literally hours between visits by any cabin crew. Granted, I can’t expect them to be continually roaming the aisles; but seeing one of them check in on things every few hours might be nice.

Listen up, American air carriers, it’s time to get in-step with your overseas counterparts and stop treating your passengers like veal – penned in and miserable. Widen the isles, increase sit pitch so the guy in front of me doesn’t lean his seat back into my lap, and start understanding that we’re human beings who deserve at least the most basic levels of respect and dignity.

The Real Story Behind the Apple Privacy Statement

Photo Credit: PicJumbo
[Editor’s note: Neither the author nor anyone associated with this blog is a lawyer of any kind. This blog is not to be taken for legal advice under any circumstances. If you have a personal privacy question of law, consult a trained and licensed attorney.]

There’s been a LOT of talk about how Apple is standing up to the Federal Government (and specifically the FBI) in the news, and it’s important to realize why the stance Apple is taking matters. This is not a blanket statement against the government cracking encryption (which is a good stance to take, but not what is at stake here).

The major issue is that what many people (even some IT Professionals) think is happening is not what is actually happening.

Basically any iPhone or iPad running iOS 8 and up produces a situation where the government cannot easily get to the data stored on a phone which has been locked with a 6 or more character passcode and disconnected from iCloud. The reasons for this are complex and highly technical, but the basic idea is that not even Apple can reverse the process of a phone locked in such a way. Mostly, this is because the phone’s own internal identification data is combined with the passcode to create a hash – a mathematical representation of the two values that makes up the key to unlock the encryption. Put in your passcode correctly, the mathematical equation output matches what the phone is expecting, and the phone unlocks. Put in the wrong passcode, and there’s no match, and the phone stays locked tight. Put in the wrong passcode enough times, and the phone forgets the key entirely, essentially permanently encrypting all the data – with the same impact as erasing all of it as far as the government is concerned.

In this case, a phone that was in the possession of one of the San Bernardino shooters has been locked with at least a 6 character passcode, and was disconnected from iCloud about a month before the shooting. That means that the government has 10 tries to get the code, or the phone irreversibly loses the encryption key, rendering all data sitting on the phone pretty much unreadable forever.

Here’s where things get tricky.

Apple is not saying they are refusing to unlock the phone for the FBI, or that they refuse to give the government anything Apple has access to directly. This is a common misconception widely reported by the media, and is flat out wrong. Apple *cannot* unlock the phone. It’s not physically or digitally possible for them to do it without changing the codebase that iOS 9 (which is on the phone) uses. Apple *can* give – and has already given – the government anything stored in iCloud. Apple has done this before when there is a valid warrant for that data, and it’s stored by Apple’s encryption, so they can reverse it and provide the info.

The issue here is that the shooter either broke iCloud backup, or manually turned it off, about a month before the shooting. That means that the majority of the information the government wants is located – and is *only* located – on the phone. Since Apple cannot reverse the locking mechanism of the phone, they do not have access to that information and can’t hand it over to the government even if they wanted to.

What Apple can do – and is refusing to do – is give the government a way to perform what is known as a “brute force” attack against the phone. A brute force attack is literally a person or computer trying combination after combination until they hit the right passcode. Normally, each try at the password takes a tiny amount of time to process, and iOS adds a tiny amount of time to that as a measure against exactly this kind of attack. To a user, this isn’t an issue, as a human entering a code won’t even notice it; but a brute force attack requires thousands of attempts to be processed automatically by a computer, and those tiny amounts of times add up to a LOT of extra time when you’re doing it at that level. The second – and more pressing – issue is that after 10 tries, the phone will never be un-encryptable. Ten tries is nowhere near enough to accomplish a brute force attack, and based on what the government is saying, they’re around try 8 right now with no success.

So what can Apple do? They can provide a signed version of the iOS software which can overwrite the restrictions in iOS which protect against such a brute force attack. Basically it would allow someone to make an infinite amount of tries, and remove the pause between attempts. This would allow a government computer the ability to try thousands of attempts, until they happen upon the right passcode and the phone unlocks itself.

This leads to the question, “If Apple could do this, why don’t they?” The answer is the heart of the matter, and a major issue in the field of personal privacy.

Apple could provide a software update to the government, which could be applied via the lightning port (just like you can do with the official software updates if you don’t want them to download right to the phone). They can create an update that allows the government to do what they’re trying to do. The problem is that doing so unleashes a genie that no one wants to see let loose. Putting that kind of software into even the US government’s hands means it is out there. In the same way as the government could use it to brute force crack a phone open when they have a valid warrant, anyone else who got their hands on the code could do the exact same thing with nothing standing in their way. Hackers the world over would quickly be able to break the phone’s security simply by physically getting the phone in their hands for a long enough period of time.

Basically, this is like the government asking Medico or Scalage or another lock maker to provide them with the means to create a key that will open every single lock that manufacturer ever made, given enough time and tries at it. While theoretically possible, it won’t be easy to do, and the harm it could do to millions of people would far outweigh the good it could possibly due for this one – albeit truly significant – criminal case. (Hat/Tip to Henry Martinez for that analogy)

Apple believes that this is a step beyond what they are reasonably expected to do, and the government’s requested methodology would leave millions of other iPhone users open to the potential to be hacked and have their phone data stolen. Once the code exists, someone will figure out how it is done and start using it to hack peoples’ devices in short order. The trade-off is simply not balanced enough to warrant first building and then giving the FBI the altered iOS software update.

Who will win? That’s up to the courts to decide. At this point both sides have valid legal standing and a lot of ground to stand on; but that means both sides could win or lose this one. Don’t be surprised if this goes all the way up to the US Supreme Court, as both sides are apparently going to fight this to the bitter end. Personal privacy and protection for everyone not involved in the crime versus the government’s lawful ability to gain evidence in a criminal case is not something that will be decided quickly or easily – but it is of vital importance to every one of us. Can the government demand something that could so easily be used for both their good and everyone else’s evil? Can Apple refuse to provide a software solution that is within their ability just because of the potential for it to be used maliciously? Unfortunately, current law has not quite kept up with the world of technology as it speeds ahead of lawmakers.

Either way, Apple is bent on fighting this as much and as long as they can, and either way, I think that shows a remarkable level of responsibility and care from them. I expect the government will also fight to the last breath, because the matter is critical to their ability to fight terrorism and other criminal activity. Bot sides are right, both sides are wrong, and I feel horrible for the judges that are going to have to figure this one out.

The Prescription Costs HOW MUCH?!

HNCK1569 Please take a moment and study the picture of the cute kitten. When you’re done reading, you’ll probably have steam coming out of your ears as you swear at the monitor/mobile screen, so take some time. His name is Monty, and he is very cute.

I’m blessed in my life that I have great health insurance that covers pretty much everything I could need from a medical perspective. I realize how insanely lucky I am that this is true. My doctor is incredible, my pharmacy knows me and looks out for me, I have very little to complain about.

I do, however, have a deductible, and at the beginning of each year I have to pay out of pocket until that number is reached. It’s not a massive burden, and I’m again blessed that I can afford to do it. But each January I get dragged back into the reality of the millions of un-insured or under-insured people in this country when I see the raw, unfiltered numbers that represent the insane costs of medical care.

I won’t give out a lot of information on specifics, as blogging about personally identifiable medical issues is generally a bad idea. Suffice it to say that I take certain prescription medications each month that dramatically improve the quality of my life. I might very well be able to live without them, but not anywhere near as well as I can live with them, so I and my doctor consider them necessary. One of those medications – just ONE – was over US$300. I cannot imagine how I’d be able to deal with that kind of monthly expense without health insurance that covered the majority of the cost for the majority of the year.

The medication is question has no generic – not because it’s new (it’s well over 15 years old) or because it’s some massively proprietary formula (it’s a combination of other medications), but because the formula in question is patented by a pharmaceutical giant who has managed to maintain the patent for an inordinately long time. Since the combination works significantly better than the two components alone, this is the best – and considered by many doctors to be the only – possible medication. This company has created a monopoly, and is charging what I can only describe as a certifiably insane amount of money for a one-month supply. If I wasn’t as lucky, as blessed, as I am. If I had to choose between this medication and food, I don’t know what I would do. For those of us who use it, the decision is that important. I don’t even want to think about what would happen if I had to choose between that and food not just for me, but my family, or children, or anyone under my care.

Suddenly, I faced the frightening reality of millions of Americans. I understood the literal life-or-death decisions that un- or under-insured people must make on a daily basis. I realized why some hedge-fund millionaire douche hiking the prices of a drug by 700% is a horrifying thing. This is real, this is happening, and now I understand why it is simply unacceptable in a civilized society.

Pharmaceutical companies should be able to make a profit. The old adage of “the second pill costs pennies, the first one costs billions” is true. I do not begrudge them and their shareholders from making a very good living from the insane amount of brain-power that was required to make these drugs in the first place. But there has to be a breaking point, where the out-of-control greed of the pharma companies combined with legal loopholes that let them set whatever prices they want results in a literal life-or-death situation for their customers. There must be a point where compassion and finance can meet at which allows people to have the medicine they need *and* the company can make a profit, and it is a LOT less then US$300+ (and I’ve seen some that were much higher) for a one-month supply! Come on, millions of people will use the stuff, companies can make an ungodly amount of cash charging a lot less.

Then there’s supply and demand. Artificial scarcity caused by patent laws that have spun totally out of control has created this situation. They can charge whatever they want because there is no competition, and there will be no competition as long as they hold the exclusive legal right to produce the medications in question.

Finally there’s the scourge of fake internet pharmacies shipping who knows what and labeling it as life-sustaining medicine. I’m not talking about narcotics or ED medications, I’m talking about heart and blood pressure treatments, medications for chronic conditions, or critical antibiotics – things that people literally cannot live without. Of course, in desperation, people without sufficient insurance will use these online scam artists to save the thousands of dollars every year that the legitimate pharmacies are forced to charge for the legitimate medications and many have died as a result.

There must be a better way to do this.

I know there’s little one person like me can do about it. I know I have no political capital to spend or clout to throw around. But I promise, I will not forget the shock I felt seeing that total ring up, and realizing that had I not been as lucky as I am in my life, I may have had to make a devastating choice that day – and that millions actually do.

Now, go look at Monty again. Hug your friends and family, get back to your lives, but never forget that many may be making the decsion right this moment to risk their lives because they cannot afford the medication they need. Not because it doesn’t exist, not because it’s in such short supply they cannot get hold of it, but because they simply cannot afford it – and for no good reason that I can figure out.