isn't quite ashamed enough to present

jr conlin's ink stained banana

:: Black Electrical Tape Based Security

So, both Apple and Google have decided to be quiet about letting you know a page is not as secure as it should be. Instead of showing you a warning, they’ve opted to just show the page as insecure and not raise any concerns. It’s a fair point. Most folks STILL don’t know to look for the “lock icon” showing that a site is running a secure connection. Heck, this block runs in the clear currently. Why bother the user’s pretty little head with scary symbols?

Well, probably for the same reason that if your Factory Authorized Vehicle Service told you “Oh that? Yeah, just put some black tape over that “Check Engine” light. It’ll be fine!” you’d probably consider going somewhere else to get your brakes checked.

The problem is that the page has said “i’m going to be secure. Everything we talk about is going to be encrypted. It’s safe here, so you can talk about anything.”

Only it’s not. It’s invited friends, some of which can’t keep their mouths shut.

So the browser has instead said “Yeah, no, this isn’t a safe spot, so no encryption. No lock for you, but it’s a normal page.”

But it’s not. The site is going to do things based on the idea that the page is safe, like ask your for passwords or personal info. Sure, you may realize that it’s a bad idea, but the folks far less familiar with security (that would be the VAST MAJORITY of people online) will look at the happy plain-gray icon and feel it’s A-OK to type in their credentials, because there’s nothing to scare them off from doing it.

Thing is, i get some of the complaints. Sure, it’s annoying that you’ve got some jpgs on a CDN, and sure, it’s hard to make a page that doesn’t specify scheme, but yeah, no. You might feel a tad differently if there’s a rogue bit of javascript reporting back keystrokes.

Yes, having that odd looking icon is troubling and confusing to users. That’s kind of the point. It’s the proverbial “Check Engine” light of the internet and yes, there’s going to be some users that happily ignore it and horrible things will happen to them. Those folk are doomed to their gleeful ignorance regardless.

i’d rather not doom the small percentage of folks that have Darwin-like evolved to look for those warning signs.

Oh, and by the way? Go secure your site. It’s free now.

And then this happens:

:: Questionable Career Advice

Every year or so, i have a friendly meeting with my latest manager who inevitably asks the question i hate the most: “What is your career path?”

There’s lots of ways to ask that question, and you’ve probably heard a bunch of them. “Where do you see yourself in 5 years?”, “How do you feel you can better yourself as an employee?”, etc. They’re all basically the same question. It’s a question asked by management to employees for any number of reasons. Usually, it’s because of some mandate to show “employee growth” as part of some retention initiative, or as a metric for managers to show their superiors that they’re doing a good job. Sometimes, it’s even asked as an honest query for personal or professional growth.

i’ll be frank. Over the past 30 years, i’ve never had a singular focus on an overreaching goal. i’ve never wanted to be “CTO of a Fortune 500 Company” or “Chief Architect of Foo” or whatever. Those positions, while bringing great acclaim and glory, tend to be bogged in politics and other crap that i would much rather avoid. The driving force of my personal career has always been: “Do what you can to make the world better” and on a lower level “Do your job better than you did six months ago”.

There’s a lot of reasons for this. Computers and the Computer industry are pretty new. Heck, most companies “pivot” half a dozen times in five years. We’re finally getting to the point where there are “mainstay” companies that are becoming entrenched, but the web is really only 20 years old and societies don’t really move that fast. i also prefer being in a support role. If others are the “Rock Stars” i’m perfectly fine being the bass player. The odds of being a “Rock Star” are pretty small. The odds or being good enough to play in great bands and make a more than comfortable living doing what you love are actually pretty high. Ok, that’s a crappy expansion of a crappy metaphor, but you get what i mean.

The problem is that sort of view flies in the face of decades of Tony Robbins style career guidance. If you’re not 40 and on the board of a fortune 500 company, you’re obviously a failure. Granted, the fact that there are about forty one million people in the US alone who are about your age, i’m pretty sure that the top 500 companies don’t have 82,000 people on each of their boards. In short, exceptional people are exceptional. Yeah, it’d be nice, but it takes a LOT more factors than just “hard work” and “focus” to get into a position like that.

Instead, i try to find somewhere to work that matches closely with my desired life goal. By the way, if your life goal is “Make shit-tons of cash and retire to a private island in the Pacific”, that’s fine too. It’s just not mine. If i’m going to be mostly doing support, i want to make sure that what i’m supporting does things i approve of. If it doesn’t i’ll go somewhere else. Yeah, i’m fully aware that my gender, race and career choice makes that exceptionally easy to do. That’s why i try not to have dirtbag motivations.

So, how do i answer the question i loathe? i still have no clear idea. Most companies have HR department provided “Career Tracts” or pay grade differentiates. Things like “these are the responsibilities outlined for a SE-III mark Alpha” or whatever grade is above what your current position is. They usually indicate what tic-boxes need be checked for you to move to a slightly better pigeon hole. Honestly, i’ll probably just select a few from that list and offer them as “Career Objectives”. Some of those might even be interesting to follow up on. In reality, though, i don’t really see myself radically changing my personal tact anytime soon.

i’m pretty fulfilled with how i’ve chosen to earn my keep.

As for the question, “How important is a bass player to a Rock Star”, i’ll offer this:

:: The Breakup

Dear Windows,

We’ve been through a lot, haven’t we? Heck, i still have the diskettes with Windows Version 3.0 on my desktop right now. i’ve done development on various flavors of me since long before the web existed. Often deep into the code, making drivers and other applications.

i’ve used pretty much every version (well, except Windows Me, because nobody in their right mind willingly did that), mostly because it was the only useful operating system that didn’t mandate what sort of hardware system it ran on. i’d build my happy Franken-puter and load up whatever version of Windows i happened to have on hand.

My how things have changed over the years, huh?

One thing i’ve noticed is how… well… unreliable you’ve become. That, and more than a little creepy.

Take the latest version, Windows 10. Sure, it’s free, but that’s just the initial monetary cost. i’d be paying for it with my information. You know, there’s something to be said for how valuable my information is considering how many companies are willing to give me things in exchange for it, but that’s beside the point.

No, the real problem wasn’t the creepy, privacy bits, it was the fact that you blew up spectacularly on my personal machine. It’s nothing all that fancy. It’s, maybe 3 years old, with a 2.8GHz 8 core with 12GB of memory. Sure, it’s got two network cards in it, but that’s not a big deal, since that’s pretty much the case with every laptop that has wifi and a network connector. i mean, i updated a slightly newer laptop from Win7 to Win10 just to figure out the bits that i need to turn off. So, after a bit of strong debate, i decided that the accelerated startup time and (theoretically) reduced footprint of Windows 10 would be nice. i let you update my home workstation.

And that’s when everything went to hell.

Suddenly, the network cards that you had just used to update yourself were no longer recognized. Drives i’ve had working just fine for years with zero SMART alerts, were acting sporadic. And then, after a quick reboot, nothing. No boot for me. The system i’ve used for years was dead in the water.

i did what i had learned to do whenever this crap happened in the past. i downloaded a linux distribution so i could boot my system and try to figure out how to fix things. No surprise, my system booted up from the Live CD. Ok, bit of a surprise, it booted a lot faster than i remember it doing so. i then grabbed a few tools and started work. i didn’t finish it, however. i actually kinda enjoyed using my Linux desktop as it was. There were a few ugly bits, but i fixed them reasonably quickly. Things, however, “just worked”. Heck, even the xbox 360 wireless joystick “just worked” (even if the green ring keeps flashing).

Yeah, there are things i can’t do. i can’t run Silverlight, nor can i run VisualStudio. It’s ok, though. i can run you in a nice, protected virtual machine. You just don’t get to be the guys in charge anymore.

Perhaps i’m just not your target demographic anymore. i mean, i like using a computer, not just having a box to check facebook or twitter while watching youtube videos. Frankly, i’d be kinda concerned, since none of those really need Windows either. i don’t really need a digital personal assistant to send my data somewhere so that i don’t have to type in “Dentist appointment” on a calendar. Pretty sure i’m perfectly fine doing that myself. i don’t really need an “App Store” since i tend to compile most of the apps i run. Same with a Music store, or Games store, or Video Store. It’s like you guys want to be Walmart or Amazon. i’m not super comfortable with that fact, because i can choose not to go there. The computer i use every day is a bit more “personal” to me.

So, yeah, it’s been 30 years. Can’t say it’s always been fun, but it’s been a learning experience for both of us. i’m sure you’ll continue to do well, but feel free to watch out for that screen door on the way out.

:: Trust Issues

There’s been quite a bit of discussion (me included) regarding Microsoft’s latest choices regarding Windows 10. Feel free to take the following as the Rando-rant that it may well be.

i have trust issues. It’s not that i don’t trust people. i actually believe that most folks tend to be reasonably benevolent. i’m pretty sure that most folks don’t mug homeless people for parking meter change or rifle through coworkers belongings. There are bad people, sure, but they’re the minority.

Still, i’m cynical and paranoid enough to realize that outside of general, formal interaction, trust needs to be earned. i’ll try using a service or person using a small action, then slowly build interaction based of of the history i have. i’ve done that with shops, restaurants, banks, auto repair, airlines, pretty much everything. i’m not going to magically change my behavior because i’m doing things using “virtual” stuff online. Well, maybe if it’s truly virtual, like a game with a reset button, but otherwise there’s not as much distinction as you’re hoping i don’t notice.

So, when a company asks for an inordinate amount of information in exchange for some form of goods, i want to know not only the value of the goods, but what the costs of losing that information is. Like when a store offers a “points” program. What are the values of those “points”? What benefit do i get? What information are you gathering? How is it stored? Who is it sold too? If you’re making $100 off of selling my complete purchasing history to social media, saving $1.25 on a shirt doesn’t really seem like such a great deal.

This is even more of a concern if a company has had a history of doing some fairly heavy handed and hostile things in the past. What do i consider hostile? Well, anything that doesn’t treat me like you’d want to be treated. If you don’t believe that i can be trusted, you’re not trustworthy either. i tend to use a lot of Open Source software mostly because they establish a level of trust that’s higher than many companies. i can look at the code, see what it does and determine whether or not i want to run it. i can’t do that with things like twitter or facebook, so i treat those as untrustworthy. i will not share more than minimal information with those parties.

This includes operating systems and even computers. i tend to “lobotomize” systems as much as possible. Yeah, this means i don’t use whizzy stuff like voice enabled actions or predictive enjoyment widgets or what-ever. Sadder life for me, i guess. i also don’t get vaguely creeped out by ads for possible medical concerns or have ads follow me around pestering me to buy a BMW constantly. For what it’s worth, i also always pick “Customize Install” and actually pay attention to what’s being installed. i also tend to disable or uninstall any app that doesn’t provide me clear value.

With Windows, there’s a lot of barriers to trust. The code is a black box, so i can’t audit it. There’s a good amount of history showing that they are interested in merchandising personal data and extracting maximum value from their customers. Plus, the idea of keeping a copy of my login credentials on hand with a third party is pretty much the same as me asking to have an all access badge to Microsoft. i can say that i won’t do anything bad, but that’s probably not going to make the prospect any more likely. Plus, if either they or i lost control of that controlled item for any reason, the other party would be deeply, deeply unhappy.

By the way, i lump Apple into that bucket as well. They’re far less likely to sell off my personal information, but the value their own secrecy and control over mine, which can lead to problems. Google, well, Google is a company that makes billions off of ads. Kinda puts a pretty decisive nail holding how i classify them.

Frankly, it’s annoying as hell to constantly lobotomize and switch things “off” whenever i get something new. It’s also a massive pain to constantly audit things to see if anything “helpfully” reset my work. The only incentive i have to even consider continuing on this path is the fact that i expose myself to increased risk if i don’t.

Makes me wonder if i shouldn’t just go find a vintage TRS80.

:: Windows10 First Impressions

Imagine if Target built condos. For those unfamiliar with the #2 “big box” retailer, Target is a sprawling department store that doesn’t look like someone set up shop in an abandoned warehouse. Things are generally clean and well presented with a nod to being more trendy. In some respects, Target is like the love child of WalMart and Apple’s Marketing department.

(Yeah, that paragraph will age well.)

The problem is that Target, being a very large business with reasonably narrow margins, is deeply interested in keeping you a customer, so they do lots and lots of analysis on you and your buying trends in order to keep you a Target customer. If you’re a regular customer, Target probably knows more about you than you do. They’re a bit famous for sending women coupons for maternity supplies before the women know they’re pregnant, just by observing their buying behaviors.

It’d be handy at first, then a tad creepy if you even noticed, and eventually you might discover that “Customized for you” means “We’re recording and examining everything you do, all the time”. The larger population would probably be ok with this because they’re saving 10% and getting coupons for Twinkies. Well, until they started seeing more ads for type 2 diabetes treatment and cancer recovery services, i’d suppose.

Windows10 seems to be a lot like that. There’s a lot of “Helpful” in there. Things like Cortana, which is your digital personal assistant. It can schedule things for you, keep you in contact with your friends and family, help you find things, etc. Mind you, doing voice analysis requires a fair bit of computer horse power and data in order to not only understand you said words, but to determine what those words mean at this time. So all that info gets sent to Microsoft (or Apple or Google) which teases out what you mean by looking at what you said, the history of things you’ve said, as much information as it has about you and anyone else it figures is associated with you. What else those companies do with that info is not your concern. You have no say. It says so in the terms.

settingsThe latest version of Windows really, really wants to be “Helpful” in that way. Honestly, i’d go so far as to say the bulk of Windows10 doesn’t actually get installed onto your computer. It resides with Microsoft. You’re encouraged to use OneDrive as your remote storage for all your Windows devices. OneDrive are servers run and controlled by Microsoft. You’re encouraged to use Microsoft’s Mail program for all your email. Same with TV & Movies, music, and a host of other things. i’ll note that one semi-comforting thing is that many of these are “freemium”, in that you get a small allowance for free, but then pay a subscription for things you use more often. That can mean that they’re not selling what data or meta-data they harvest, but there’s no guarantee. i spent a fair portion of time after my install removing non-local apps like these.

This doesn’t mean that Windows10 is unusable. If you’re willing to literally go through every setting and configuration option to turn off the bits that can “phone home”, you do get a system that lets you run programs. It’s a bit like going through your Target Condo with a roll of duct-tape for the cameras. You wind up with an apartment that’s a bit less “helpful”, but one that won’t start reminding you that your stool production is less than the national average and that you should eat more bran. It also means that you have to take your key out of your pocket and put it into the door lock rather than have the door magically be open when you or anyone who is authorized by the remote lock controller walks up.

Every new version of Windows is a debate for me. i keep saying “this is going to be the last”. Windows7 had a bunch of fairly scary bits around DRM control that could have prevented me running apps i wanted (that’s one of the big reasons i don’t use iPads or iPhones). Fortunately, few of those came to be, and i was able to opt-out or ignore the bits that were. Right now, i tend to use Windows for three things: Running a browser, playing a few games, hosting a virtual machine for my main environment. The last one is kind of key since Linux tends to have bad driver support for some devices, and the VM masks that. Windows8 offered me no compelling reason to use it (although i’m running it on two machines because they’re newer, and yes, i also lobotomized them). Windows10 offers me less compelling reasons and slightly more reasons not to.

Perhaps i finally will switch to running main Linux and keep a windows VM for the other crap.

To prove that i work for the right company, Mozilla wrote this open letter talking about some of the same things.
Blogs of note
personal Christopher Conlin USMC memoirs of hydrogen guy Henriette's Herbal Blog
geek ultramookie

Powered by WordPress
Hosted on Dreamhost.