Wake me up when September ends

Albert Pujols

Today is August 27th, which means football season is nearly upon us. More importantly, though, we’re just over a month away from the baseball postseason. It’s been a pretty odd season (actually, it’s been a pretty odd month of that season), so I figured I could look back at my predictions from before spring training and see how they’re stacking up. In fact, I’ll be classy about this and get started…wait for it…after the jump! (I’ve always wanted to say that.)

Two choices

I don’t normally write about higher level software design for a couple of reasons. For one, I don’t consider myself to be an expert in the field. I’m not sure there is any one expert in the field, actually; it’s a little bit like saying there’s an expert in string theory, a field that’s less that fifty years old and every bit as complex as software design. However, I don’t really consider myself above average at it either, and if I’m not above average at it, there’s not usually anything I could say that you couldn’t read somewhere else, better explained and more original.

The second reason I don’t normally write about software design is that since most of my projects are small (projects at work are either designed in collaboration or already designed), I don’t waste much time on design. Today I modified a GreaseMonkey script Mike wrote to remove ads from GrabUp posts; he wrote it because he was sick of looking at ads, I modified it because I was tired of the refresh caused by redirecting to the direct image. I didn’t write out a vision and scope document, I didn’t create a design document, I didn’t diagram it – I just wrote it. Another example is my recent weekend project TooLongForTwitter.com. It’s a little larger in scope, but rather than figuring out how everything was going to work beforehand by diagramming it out, designing a database, etc., I just started writing it and it all just kind of came together. Even back when I was writing McJournal, I had an idea in my head of how the final product would look but I never wrote it down anywhere, I just started writing.

Point is, it’s pretty easy to skip that design process which can greatly influence the success of your product. As I thought about it this evening, I realized that all software products fall into two categories.

The first category are the applications that are designed not to suck. We all use software for many different purposes, but a lot of times, we’re using it for work or productivity. Hence, products like Microsoft Office, Quicken, GMail, TextMate, etc. are designed as software that stays out of your way. Either it lets you perform tasks the way you want, or it gently nudges you once and then leaves you alone. Nothing is more annoying in this case than the application that’s trying to do too much (Clippy: “It looks like you are writing a letter…” anyone?). Applications that are designed for productivity usually fall into this category, because normally you want to get your work done, then get off the computer and head out to the golf course. The key word with these types of applications is intuition: it should be intuitive for the user to use.

The other category is the applications that are designed to rock. As you might imagine, these are normally entertainment applications like video games or multimedia applications. These are applications that the user wants to use, applications that the user wants to learn, and applications where the user may want helpful tips. For example, take Halo 3. The game would have been a bestseller without adding a bunch of new weapons, a bunch of new gadgets and a bunch of new customization options in multiplayer mode, but because the game added those little features, it was smash hit and is still played today. Entertainment applications can’t be simply functional to be successful; they’ve got to be immersive.

Ever wonder why Twitter is emerging as a more popular social networking tool for professionals and celebrities compared to Facebook? It’s simple. Using it is as simple as sending an SMS message from your phone or typing 140 characters in one form field on the web. Want to share a link? No problem! Just copy and paste it in there and done. No captchas, no conversion to “shared items” like Facebook likes to do, just shows the URL and makes it a link.

On the other hand, Facebook is complex enough already, and it’s gotten more confusing for the average user over the years. Over the last couple of months I’ve had the pleasure of introducing my dad and my aunt to Facebook (seriously, Mark, I’m fighting for you here, how about throwing some of that money my way?) and I’ve seen the site through new eyes: even with the wizards, hints, etc., a cautious user may feel overwhelmed when visiting the site for the first time. Facebook realizes this, that’s why they’re rushing out Facebook Lite to their 250 million users. Interacting with friends, profiles, streams and comments is hard enough; adding Pages and Ads to the equation makes it even more confusing. Thus, professional users or less computer-savvy users are using Twitter for their business communication.

Another example is in web browsers. As many of you may know, Internet Explorer 6 is still alive and kicking on the web. As someone who has faced a ton of IE 6 errors and quirks, I am definitely in favor of getting this browser out of circulation. But generally, people are using IE 6 for one of two reasons: a) it’s an office requirement, or b) it works for checking e-mail, news, etc. and that’s all it’s needed for. For these users, a browser is a productivity application, not an entertainment application, and IE 6 (unbelievably) “doesn’t suck” too much for them and it requires zero installing, configuring or tweaking to get up and running.

On the other side of the spectrum, Firefox is more of an entertainment browser. Clearly, users use it for productive purposes too, but it’s clear that Firefox is used as an application that rocks rather than an application that doesn’t suck: tabbed browsing, add-ons, and a prettier interface are just a few of the reasons younger users tend to use Firefox.

I guess the point of all this is, next time you’re writing an application, no matter how big or small, ask yourself the following question: do I want my application to rock or not suck, or better yet, do my users want my application to rock or not suck? Hopefully it helps you iron out your feature list and make it one that your users will expect.

Everyone’s heart doesn’t beat the same

The political issue this summer has clearly been President Obama’s healthcare plan. I’ve written about it, along with many other dissenters, and really, that should be the end of it. Politicians will do what they’re going to do, everyone will talk about it for a while but then something else will happen and the issue will be forgotten by the American consciousness like most issues are.

What’s happening instead is quite different. As conservatives rush to get information out there, President Obama has already rushed out another web site that sets us all straight, and along with the liberal media, the Obama administration has begun reporting, lambasting and skewering all dissenters of the health care plan. Town halls are being held where some protesters are getting angry and perhaps over the top, but as this writer points out, maybe they have a right to be.

The issue is no longer health care – it’s free speech. My sister gets Brownie points from me this summer for not only making me brownies, but also introducing me to Studio 60 On the Sunset Strip. While the 2006 TV show is entertaining and lighthearted, it’s season-long story arc explores some very dark themes including the immediate aftermath of the September 11th attacks. The show is set in 2006, but there are many flashbacks to the post-9/11 days and weeks showing the main character (Matt Albie) remaining patriotic, but irreverent, as he tried to do his job as a comedy writer. It was after watching this that I wonder how many of us were on the other side of Matt Albie, criticizing all dissenters and claiming they were un-American. I like to think I keep a pretty open mind, but in the immediate days and weeks after those days I’m sure that while maybe I didn’t express that sentiment, I felt it.

The crisis with health care is similar. We’re in one of the largest recessions ever seen in modern times, and as people lose their jobs and companies cut back, people are losing their health care coverage or seeing it reduced before their very uninsured eyes, and they probably face similar emotions as the citizens of New York, Washington and really the entire U.S. faced in 2001. On the other side, people who still have jobs don’t want to give up more of their paychecks to taxes when it could go towards college, food or gasoline. It’s an emotional, personal issue for anyone who’s responsible for their own healthcare.

I’m going to bring up another issue that is periodically discussed which emotional for many people: flag burning. Let me get one thing out in the open: I am personally against flag burning. That is, if you were burning a flag (or attempting to do so) in front of me and I could do something about it, I’d either beat you up or go all Rick Monday up in here). However, it’s not up to the government to decide we can’t burn the flag. This isn’t a belief I’ve arrived at lightly, and I used to support a flag burning amendment. But since then I’ve realized it’s more important to allow some disrespectful dissenters than sacrifice freedoms that might be needed someday. There are certainly more respectful ways to protest, but it’s up to us as a society to keep it civil, not the government.

So in essence, maybe Republicans who don’t want universal health care are wrong. Maybe Democrats who do want it are wrong. But killing the debate is also wrong. It was wrong after September 11th (although, if I had to be honest, I’d say that there was much more universal support for the actions taken after September 11th), and it’s wrong now. It doesn’t matter if you agree or disagree with the issue – it’s less important than your freedom to defend it. That is, if you blindly support Obama on every issue, (or Bush, for that matter), remember Senator Amidala’s quote in Revenge of the Sith: “So this is how democracy dies…to thunderous applause.” Killing debate is tantamount to killing democracy.

P.S. There’s another great movie to watch that shows what could start by just surrendering the slightest bit of freedom: V for Vendetta.

When this train ends I’ll try again

One of the more controversial topics in the software industry in the last year is the Apple App Store. Originally released in 2008, the App Store is already up to 65,000 apps and has been a commercial and critical success. The App Store alone has probably sold half of all iPhones that have been sold since its debut, and seemingly, no matter what you want to accomplish, “there’s an App for that.” But while the App Store is doing great now, I believe it needs to make serious changes before too long; otherwise, it will risk losing its momentum. It’s been well-documented that the App Store’s rejection policy is inconsistent, at best. But in today’s software development landscape, the idea of a members-only program in general doesn’t make much sense.

First, let’s look at the actual idea of writing an app. iPhone apps are written in Objective-C, a newer language than C and C++, but still low-level enough that the developer manages his own memory. For any non-programmer reading this, memory management errors cause probably 75% or more of all crashes for iPhone apps. “That’s bad,” you might say, “but don’t other programmers of other platforms deal with this too?” It’s true that memory management is important for all software development, but these days, most modern languages do that for you. Through managed frameworks such as .NET and high-level programming languages like Ruby, Python, C# and PHP, developers no longer need to worry about managing their memory; it’s done automatically. This saves developers time, energy and sanity. It’s true that managed frameworks and languages take a performance hit, but for most applications, it’s a reasonable sacrifice, and if performance becomes an issue at some point, there’s always the option to write at a lower level.

The problem with the iPhone SDK is that not only does it use an unmanaged language, but it also prohibits the use of frameworks that would make the process of developing an app faster. One iPhone rejection story highlights this pretty well, but the gist of this is that his app was rejected because he made use of an external framework to save time. It’s pretty outrageous. We live in a Ruby On Rails world – there’s a framework, an external library, a helper file for anything you might want to do, whether it’s rapidly building a website or building a game in XNA. The latter example is something that would be excellent for the iPhone – a pre-baked physics engine – but is expressly forbidden by the iPhone SDK agreement. That means that no matter how complex or how simple your app is, you’re ALWAYS writing it from the ground up. This is terrible for the iPhone developer culture (each developer is encouraged to stay in his own little sandbox and never really work with anyone else to make something bigger) and completely against the general trend towards frameworks and libraries.

So you write your app and submit it. Then you wait. Some apps get approved within 72 hours, some take weeks. There’s really no way to know how long yours will take to get approved. And then, when it comes back, it’s entirely possible your app gets rejected and you have no idea or aren’t told why. Run that search linked above and you’ll be regaled with strange stories about iPhone developers and their interactions with the Mothership. The App store criteria isn’t consistent, it’s certainly not timely, and in the case of the Baby Shaker app, you have to wonder what the heck the review process is.

This wouldn’t be a problem for me if there were alternative ways to get your App out there. You can manually e-mail fresh builds to up to 100 people, or if you’re in an enterprise, distribute them through a customized portal, but unfortunately, that’s it. You might have the best App in the world and a site that gets hundreds of thousands of pageviews a month where it’d be downloaded hundreds of times per day…but if it gets rejected (no matter how grievous the cause), it’s not going anywhere.

This is something Apple’s always done: developing for their products is a members-only opportunity. Microsoft, on the other hand, opens their products to virtually anyone with an Internet connection (and clearly, developing for Linux is, well, about as open as it gets). You can make the argument that reviewing each app ensures that the App Store has apps that are well-written and useful, but let’s be honest, a lot of those apps are absolute garbage. Better apps have been rejected. I think for the App Store to continue to skyrocket, developing should work a little bit more like Facebook’s platform:

  1. Apply for an SDK license, pay the $99 or whatever it has to be.
  2. For each app, generate an API key and secret so that the app can be properly signed.
  3. Allow distribution wherever the heck the developer wants to put it.
  4. If the developer wants to put it on the App Store, he can submit his App for inclusion. If it’s good, it’ll go up, and if it’s awesome, it’ll be featured.
  5. If the App is found to be malicious, figure out who developed it and talk to them about it. In general, if people install Apps to their phone from somewhere that’s not the App store, it’ll be a trusted location so I don’t anticipate this happening often.

This makes the App Store much less of a jungle, much cleaner and more useful to the average user. Also, it makes writing App Store apps much less risky (doesn’t make it to the App Store? No problem, throw it on the website).

Much like all fresh developer communities, the iPhone community hasn’t really matured yet and there isn’t a lot of great documentation on the web. Apple isn’t helping matters with the NDAs it occasionally puts on developers who get to beta test new features, and doesn’t seem to respond well to criticism either. Look, if you want people to be excited about your platform, you should let them know what’s coming, let them give you feedback, and listen to them. That’s how Firefox became the juggernaut browser that it is, that’s how Google became what it is today, that’s why Windows 7 is getting raves. Apple seems to understand this with their hardware, and Phil Schiller did send an e-mail recently that suggest they’re starting to get it here, too. (Phil Schiller sending e-mails to tech blogs? What is this world coming to?)

The iPhone has been a commercial and critical sucess since its release in 2007, and has only gotten stronger since the debut of the App Store in 2008. Hopefully, Apple will learn from some early mistakes and cease the draconian review process and/or provide alternative channels for developers to get their apps out. If they don’t, I’m sure Palm will gladly give up some control of the apps on their phones for a sliver of the iPhone’s tremendous market share and momentum.

Facebook privacy rights: a primer

Things have been pretty crazy in the blogosphere lately. With the Indians selling off All-star after All-star, I haven’t had a chance to discuss this story yet. And it’s not because it’s not important; it is. For those who didn’t read the original story, a high school in Mississippi is being sued for coercing a teenager into surrendering her Facebook credentials to have a shot at making the cheerleading team. As Ars Technica notes, the girl never used Facebook during school hours, but the cheerleading coach threatened punishment if the order to surrender her Facebook credentials was not obeyed.

This isn’t the first time it’s happened; indeed, a much more well-known case happened in Bozeman, Montana, when all government employee candidates were required to surrender all of their login information for every social network. After a public outcry and Web protest, the restriction was lifted. This case, however, already occurred and involves a teenager who may have not known what her own rights were.

It’s well-known that companies use Facebook, MySpace, LinkedIn and even Google to do “background checks” on employees. This is not only understandable, but it’s an excellent use of today’s technology to weed out candidates before they even walk in the door without spending more than 15 minutes online. The good news is that Facebook lets you limit parts of your profile to different audiences, LinkedIn isn’t really social networking as much as it is business networking, and…seriously, who uses MySpace anymore? (I think if you have a MySpace profile that an employer confirms is you, that’s a point against you. Just my advice.) Google’s a little bit trickier, but most of us have common enough names that anything too embarassing is lost in the search results, and ultimately, Google’s search engine keeps us all honest and makes sure we don’t publish anything we might regret later online. The point is, what companies do for the most part is simply do some fact-finding about who they might hire; it’s no more an invasion of privacy than calling your references on your resume.

The difference in this school case, however, is that with the girl’s password, there are no privacy restrictions. Not only could the school administrators view what was public for her friends and private for everyone else, they could view things that were previously private to everyone except her. This means Facebook messages, applications used, every friend the girl has ever had and every photo the girl has ever been tagged in. According to Ars, the account was used to read a private discussion regarding the cheerleading squad and information found there was used to “publicly [reprimand], [punish], and [humiliate]” the girl.

Throwing aside the ridiculous response of airing out laundry publicly instead of behind closed doors, this was a completely illegal search. If you remember from your days in high school, school administrators had the right to search your property at any time, provided it was on school grounds. That means they could search your locker, they could search your backpack and they could search your laptop if you brought it with you to school. Because the student never opened Facebook on school computers, this was completely outside the scope of the school and thus, the cheerleading coach was overstepping his bounds.

Ars Technica’s recommendation (in the last paragraph) warns readers not to store information they wish to remain private on social networking sites. While there’s something to be said for this (software security glitches or bugs might turn private information into public information unexpectedly), there’s nothing wrong with holding conversations on social networking sites about sensitive topics – that’s not only a reasonable use, that’s what private messaging is for. Facebook has said that messages will remain private and will only be able to be seen by their recipients.

Ultimately, if you find yourself in a situation where you’re supposed to surrender your social networking account credentials, fight it. Ask for a warrant. There is no reason anyone except you should ever have access to your account (including friends, partners, dogs, whatever). If they need a certain bit of information, its up to your discretion whether or not you share that with them, and if you choose not to, they’ll have to live with it. (Keep in mind, information you send to a private recipient can easily be forwarded to someone you don’t want to read. Know who to trust.) Also, know that if Facebook is ordered by the court, they can surrender your information without you needing to give up your password. If the search is legal, whoever wants the information can get a court order.

Now I’m not a legal expert by any means, so while I hope you heed my advice, if you find yourself in a legal matter, seek professional counsel. Just don’t let yourself be bullied by people who try to take advantage of social networking’s accessibility.

Identity crisis

Ever since its introduction in 1936, your Social Security number has served as your United States Employee ID number. It’s used to verify your credit when you sign up for a credit card or buy a car, it’s used to verify your identity when filling out government forms, and it’s used to keep your medical record where it’s supposed to be.

Unfortunately, there are a ton of problems with this system. It was never meant to be an ID number for any program except the Social Security program, but in lieu of an official alternative, it’s been misused and overexposed. Worse yet, since your Social Security number never changes, many private institutions use it as your ID number. Ever have to write the last four digits of your Social Security number on a college exam? Ever need to enter it to recover a lost password? The more it’s used, the easier it is to steal. Even if you only surrender the last four digits, an astute snooper can determine what the rest of it is based on where you were born. We need a better alternative. We need a way for US citizens to confirm their identity that is just as secure for private companies as it is the government. The solution, I believe, is public-key cryptography.

For those not well-versed in cryptography, I’ll use the common example. Suppose Alice wants to send a message to Bob without a third party, Eve, being able to intercept it. Bob, being the secure guy he is, has published a public key (a key is a long string of characters that represents a number which is used to encrypt the data mathematically). In other words, Bob can tell Alice his public key any way he wants – even if Eve knows the public key, the message is safe. This is the beauty of public-key cryptography: anyone can encrypt a message and send it to Bob, and then all Bob has to do is use his private key, a seperate key which he tells no one, to decrypt and read the message. The two keys are mathematically related, but if the key is a large enough number, it’s nearly impossible to determine the private key from the public key. Only the private key will decrypt the message.

How does this relate to replacing Social Security numbers? Instead of everyone being issued a Social Security number upon birth, we issue a public and private key to each person when they’re born. The public key goes on their birth certificate, driver’s license, and really anywhere it needs to go. The private key goes in one place and is stored safely.

Skip ahead to when the person applies for a credit card and identification is needed to make sure the person is who they say they are.

  1. The person fills out an online application including name, address, etc. The application also includes a field for the public key.
  2. Upon submission, the web site generates a random code and encrypts it using the the person’s private public key, and stores it in a text file. The server redirects the person to a form where he can download the text file and enter the code.
  3. The user downloads the encrypted text file and using software built-in to a secure thumb drive, decrypts the file using his private key. He copies and pastes the resulting code on the web site.
  4. The web site confirms that the code entered matches the code stored in the file. If it does, the user is who they say they are. If not, they’re not.

There are a couple issues with this system. For one, computer access is required. This isn’t a dealbreaker; basically, it would add another step to paper forms, where you’d fill out most of the form and write in your public key, then go to a computer and grab a confirmation code and write that down too. The server would need to store the confirmation code and the public key associated with it for a long enough period of time to ensure the application gets handled and verified. Second, and more importantly, computer literacy is required. I mentioned that the software should be on a thumb drive to make it easier, but that would still require some education on how to use the software built-in to encrypt and decrypt the keys, and what the difference is between your public and private key. Third, and most importantly, security would be of the utmost importance. The private key must only exist in two places, tops: a secure thumb drive (protected by a thumbprint or something similar) and a government registration system (used in case the thumb drive needs to be replaced). The thumb drive would need to be impenetrable; both the hardware and the software on the thumb drive would need to be reviewed by as many security experts as possible before deployment and reviewed often.

But the benefit from this system is worth it. Everyone’s identity is not only protected, it is mathematically secure. Where current Social Security numbers have (at most) at 1 in 1 billion (1 × 109) chance of being guessed (and as I said earlier, the odds are probably much lower), a 1024-bit key system would a 1 in 21024 ≈ 1.79 × 10309. Not only is the odds of guessing your identity lower, but providers are able to verify your identity without knowing anything that should remain as private as possible; the only things that would know your private key are your thumb drive and that database – you would never even have to see it.

Do I think this will happen anytime soon? Absolutely not. A change of this magnitude would cost billions of dollars, and over 25% of the current US population does not use the Internet. But it should, at some point. Our personal security and privacy is our most important asset, and we need to change how we protect it.

Firesale

Victor Martinez

Another day, another franchise-altering deal. With the Cliff Lee trade, I was a little disappointed. But I’ll be honest: the trade of Victor Martinez makes me mad.

Don’t get me wrong, I understand why the trade was made. Victor Martinez has the most HR and RBIs of any catcher in the last six years, he was due to be a free agent after the 2010 season, and he’s in his prime. Thus, the trade value for Martinez right now may be as high as it will ever be.

But there’s a problem: Boston needed him.

  • Jason Varitek (the current Red Sox catcher) is past his prime.
  • David “The Cheat” Ortiz doesn’t hit with the same power anymore (The Man cut off his stash).
  • Manny Ramirez is gone.
  • The Yankees not only play in a stadium where they can score runs almost at will, their lineup is stacked with the highest 1-2 home run total players since May 8 (A-Rod and Texeira).
  • The Rays, after starting slowly, are back in the thick of things and only a few games back in the wild card.

This wasn’t a trade Boston was making to get incrementally better, it was a trade Boston had to make to survive into October. Therefore, they should have paid dearly.

And they didn’t.

3 prospects, one of which was Major League ready. Rumor was, the Indians wanted Clay Buchholz too (he threw a no-hitter for Boston in 2007) among others. If Martinez wasn’t going anywhere this offseason anyway, and Boston needed him, why didn’t Shapiro set his terms and say, “that’s the deal, take it or leave it”?

Anyone else feel like Shapiro just panicked? That he felt like he had to get something for him and took an offer? Here’s a guy who would have cost the Indians $7.1 million next year. Sure, he’s only a .297 career hitter. Sure, he only has the most home runs and RBIs of any catcher in the last six years. Sure, he was the team leader and only All-Star this year. Sure, he said he wanted to retire in Cleveland (at the All-Star break, mind you, when the Indians hadn’t yet went on this recent 7-3 tear) and maybe could have been convinced into staying past 2010.

When Cliff Lee was traded, he was a little bit disappointed or apprehensive, but other than that largely indifferent. He was a professional while he was here and I’m confident he’ll be a professional in Philadelphia too; a perfect team player. As I watched video of Martinez by his locker for the last time yesterday, I realized he wasn’t just a team player; he was a Cleveland Indian.

Clearly, Martinez was someone who just had to be gotten rid of while the iron was hot.

Maybe someday Shapiro will prove me wrong, and the three guys we got will turn into cornerstone, franchise players. But today, I’m mad about it., because it feels like the Indians treated one of the classiest guys in the game and most important guy on the team like garbage. And that’s not how it should work.