The Security Frustrations of Apple’s “Personal” Personal Computer: Device Access, Two Factor ID, and 386BSD Role-Based Security

Recently, a FaceBook friend lamented that he could not access his icloud mail from a device bound to his wife’s icloud access. He also expressed frustration with the security mechanism Apple uses to control access to devices – in particular, two-factor authentication. His annoyance was honest and palpable, but the path to redemption unclear.

Tech people are often blind to the blockers that non-technical people face because we’re used to getting around the problem. Some of these blockers are poorly architected solutions. Others are poorly communicated solutions. All in all, the security frustrations of Apple’s “personal” personal computer are compelling, real and significant. And do merit discussion.

One way tech folks get around Apple restrictions on email, for example, is to use multiple accounts. On an IOS device one can use multiple services and setup accounts for these services. For example, most don’t know that “notes” is actually a hidden email client via an imap fetch. Apple does use the appropriate protocols behind the curtain.

In my case, I don’t even use icloud mail. I use dedicated email accounts. I have access mediated by a mail server in our datacenter cloud which we personally administrate.  So all this frustration doesn’t impact me. I don’t see it in my daily life. I’m blind to the impact on others.

But what if I, like most people using Apple devices, want to access icloud mail from any Apple device? Icloud isn’t an ordinary heterogenous service. It is actually bonded to a set of devices. This is the philosophy behind Apple’s “personal” personal computer. The assumption is the customer has many devices tightly held and only used by that single customer. If that’s so, it naturally follows that those device will not easily permit access to a different icloud mail, because there is no need. The security won’t allow it. They expect you to setup another imap account, like Gmail, directly. They expect you to be a “techie”.

As an experiment in trying to understand this issue, I went to a mac that is not bound to an iphone I had in hand. By using “find my iphone”, I logged in as the apple ID and password. It then showed the location of that iphone sitting next to me. I then changed to the mail app within the browser, and it showed me the icloud mail. All this on a mac bonded to a different user. So I did get around the problem.

But it was non-intuitive. It was somewhat absurd. And it did reveal a security issue. Security by obscurity is a bug, not a feature.

I was unable to test this on other devices, such as an ipad, as I was pressed for time. But I’m pretty sure there are ways to get around this even on small devices. But really, seriously, is this sensible?

This entire conversation then segued into a discussion of two-factor identification. In theory, two factor identification is quite straightforward: Since everybody has a phone and some other device, if someone tries to access your account because they cracked your password and it’s not on one of your bonded devices, they send an email or a text to another device known as yours to confirm it’s OK. Simple, right?

Well, theory and practice are called that because thinking and living are really two different things. People live messy lives. Their phone may have been lost or forgotten or not charged up. They don’t know what device is the “mother may I” device.

The fundamental problem is that the nature of the security constraints of the Apple iphone concept requires it to be hermetically sealed. (In contrast, Android is a leaky sieve, and it is quite vulnerable.) This is why the battles between Apple and the government on access to personal iphones is so fraught, because it really is all or nothing.

This is not the only use of two factor identification. Two factor identification is required for a lot of services, such as FaceBook, and is not bound to a particular device walled garden. But the issue of making sure you have access to the primary device and “mother may I” device is still there. You must have all your devices, old and new, standing ready for the occasional incursion. And you must check and update all two-factor identification access points when you update devices. And this, my friends, is absurd.

I actually did a little work on security way back in the 1990’s, where William and I came up with the concept of role-based security as an adjunct to the usual password mechanisms. We even wrote up an article in Dr. Dobbs Journal about it, plus implemented it in 386BSD Release 1.0.

What were the gotchas? Security people didn’t like it because they were obsessed with crypto as a savior – which of course it wasn’t. The IT guys weren’t enamored because they liked administrating passwords and didn’t think it was a problem to change the password all the time, even though people don’t do that because they forget it, or they put it on a post-it on their monitor or write it in their wallet, and use “password” and “12345” as their password.

Two factor authentication is just doing a “mother may I” to a separate device because we have lots more devices, but fails if the device being asked might not be available, hence blocking the user from work. It may not be great, but at this point, it’s really all we have.

Apple Store “Bait and Switch” IPhone Battery Gambit: Apple Giveth and Taketh Away

Beware the Apple Store “bait and switch” iPhone battery gambit. We faced this yesterday in Los Gatos, CA where they tried to claim a working iPhone 6s with a good screen / original owner was not eligible for their $29 battery replacement at the appointment because it had a slight bow in the frame.

Now, by this point everyone likely has some flaw in their old iPhone, whether it is a slightly dinged frame from being dropped to a minute crack or scratch under the frame. It’s normal wear and tear. And they likely didn’t have a problem replacing the battery before the discount was announced and replacements were more costly and infrequent. But now, it’s an issue.

They did offer to sell an iPhone 6s for close to $300! This is a terrible price. Don’t go for it. This is what they mean by bait and switch.

There’s a good reason why Apple doesn’t want to replace old batteries after their bungled attempt to intentionally slow down older iPhones with an OS update was discovered, but they don’t mind selling old inventory at a premium. Money.

According to Barclays’ analyst Mark Moskowitz, extending the life of old iPhones will impact Apple’s bottom line and stock price severely: “In our base case scenario, 10% of those 519M users take the $29 offer, and around 30% of them decide not to buy a new iPhone this year. This means around 16M iPhone sales could be at risk, creating ~4% downside to our current revenue estimate for C2018.”

I suppose we’re back to the maxim, “If it seems to good to be true, it is too good too be true“.

Consider your options carefully when they refuse to honor their agreement.

It’s Raining Cupcakes – And Losses

Internet coupons have been stuck in the dark ages of print. Instead of using modern techniques like social networking and clever psychology (yes, a few companies have done coupon apps for mobile and SN sites like FaceBook, but they’re not very inspiring), most just create “print ’em yourself” coupons to be used at a store. And that’s a hassle. So to compensate for the annoyance factor, coupons delivered in this manner generally offer steep discounts.

Groupon has taken this a step further – offering really steep discounts on premium items *if* they get a set minimum participation (like 100 customers). But what if *too* many people agree – like three thousand? This happened to a tiny boutique cupcake vendor in SF recently, and it was three weeks of agony and spot buying of supplies to satisfy people. Was it worth it? Probably not, since the vendor had to pay more to satisfy customers paying less.

It’s ironic that a decade after the Internet bubble and burst, a simple thing like vending a coupon is an enigma to companies and customers. I’ve done work in this area, and believe me – the level of cleverness and innovation here is very very low. This is partially because of the demographics to which the old media group is wedded – older frugal housewives – and not the sexy 18-34 spendthrift guys dearly beloved by, well, most everybody selling high-priced junk and low-priced junkfood.

But for the poor cupcake vendor who got too much business for too little profit, I only have pity. No small business can scale to cope with flash sales nor offer the kind of personalized attention that creates recurring customer sales. And the customers don’t see the boutique aspect of an artisan – only a cheap discount on cupcakes they might have bought at Safeway instead.

The Internet is a very powerful sales mechanism. Too bad people don’t give it the serious consideration it deserves with respect to the simple coupon. I think there’s a lot of money on the table and nobody wants to pick it up.

Myths and the Need for Innovation

It all started when one person asked a very simple question: Why can’t we reduce packet drops throughout the network during congestion events (thus reducing the impact of RTT) with a more intelligent network that is able to refer back to caches of such information from a prior hop and resend, so that transparently the drop in the fabric is repaired? This all seems pretty simple, and yes, I’ve proposed such a mechanism myself. It is doable. Why not try it out? The usual “old” answer is that we don’t need to do anything. After all, everything we need to know about the Internet is already known, and this isn’t a problem. But is this true? Nobody knows for sure, but it’s a good way to stifle questions, isn’t it?

This is not a trivial issue. I see these technology debates springing up all over the research and development landscape, from operating systems to networking to applications. And I see the same answer tendered: shut up, we’ve already solved the problem, and if we stomp out the questioners, the problem won’t exist. This isn’t really a debate between the “old” versus “new” (some “old” designers are among the most innovative and creative people I’ve ever met), but more fundamentally, centers around the ability to question fundamental assumptions in an intellectually open and honest manner. In other words, the battle centers on the purveyors of myth versus the questioners of myth. And reputations are made or broken on the results.

In Matt Miller’s The Tyranny of Dead Ideas: Letting Go of the Old Ways of Thinking to Unleash a New Prosperity, Miller posits that Americans have become so unthinkingly accepting of their myths that they do not question things even when it defies their own experience. Miller views technology as one of the drivers out of this malaise. Unfortunately, the tendency to cleave to myth is not just the province of bankers, politicians and voters. And the consequences for abandoning reasonable discourse and proactive work can result in unanticipated disasters.

Scientists too are prone to this all-to-human tendency to discount uncomfortable data in favor of desired results, even if those results are based on faulty or incomplete data. And woe to those scientists who cater to the desperation of others in an attempt to aggrandize themselves. Witness the recent Office of Special Masters of the U.S. Court of Federal Claims (aka “the virus court”) ruling that MMR and thimerosal do not induce autism – the initial data presented by Wakefield stating autism and MMR shots were linked has been definitively demonstrated to have been fabricated for financial gain, yet there were some other published studies by other scientists that claimed the same results. Only after very large serious studies did this claim get disproved, but in the meantime children who did not receive the vaccines because of scientific validation early on have suffered or died from these very preventable diseases because of a bogeyman of autism (which to say the least doesn’t kill the patient). People were desperate for a cause, and instead of saying “We don’t know”, some scientists told them exactly what they wished.

Homeostasis in ideas cripples independent action. People hold off and put down ideas which could be carefully tested and developed in a considered manner because they are threatened by their potential “success” and fear the dimming of reputations and connections. Only when things completely break do people reach for other ideas, and by then (as witness the current financial crisis) it is really very very difficult to repair matters with a reasonable assurance of success. The events are driven by fear and need. During these times of crisis, people are prone to extreme or under-justified ideas – so long as they are simplistic and appear to “solve the problem”. Got a problem with autism. Don’t get vaccinated. Who needs vaccines anyway? Got a problem with banks? Bail them out. Nationalize them. Eliminate them. Go right. Go left. Shoot the messenger. The nuances of medical studies or derivatives and financial instruments are not interesting to people who are fearful and angry. If you think you’ve been living in dangerous times, Miller points out you haven’t even begun to experience how crazy it can get when people lose their mythic lifelines.

So what’s this have to do with the Internet. The Internet is increasingly the *only* source of information for millions of people. Where people once read print magazines and newspapers, went to the library for books, joined clubs and organizations and kept up with letters over the course of years, now many read / view / communicate only via a browser abstraction. A collapse in the Internet due to years of denial and neglect about the nuances of its structure would be a catastrophe to hundreds of millions of people.

As such, it is important to ask how we can improve the Internet *now* without resorting to old myths and relationships that make us feel comfortable. Because the day will soon come when our old assumptions blind us to new issues, and we will allow this grand experiment to fail. And if that day comes, it will not be the reputable or reasoned scientists who’s voices will be heard. It will be the ones who tell people what they want to hear. Is defending a myth worth this price?

Cyberbullying on the Internet

The Lori Drew case has hit the media this week, and the reaction is fairly universal – how could a mother behave in such a shameless narcissistic evil manner to drive a young girl to suicide? The anonymous use of the Internet and MySpace to bully this child provides the techno-grist for over-the-top analysis by doyennes of housewife journalism like Judith Warner (admittedly, I do like her style) who draws rather shaky lines between this nasty criminal weirdo and “helicopter parents” who dote on their offspring. Unfortunately, this trivializes and distracts from the centerpiece of this drama. Powerful technology like the Internet can be used by amoral predators to hunt down victims as efficiently and rapidly as normal folks use it to hunt for the best HDTV bargain.

The “good old days” mantra (oh sure, bullying didn’t happen before the Internet? I’ve got a bridge to sell you too) that pops up during this public debate is relevant only in the sense that the way we interact in society is vastly changed and enhanced by technology. Social networks like MySpace and FaceBook and business networks like LinkedIn are poor substitutes for real friendship, collegiality and love. But what if you don’t have any real friendship, collegiality and love? For whatever reason one would prefer to choose (consumerism, individualism, globalism, …), these businesses would not exist and flourish economically if there weren’t so many isolated people out there looking for validation of self. While technology like the Internet facilitates new forms of social interaction, it is not the sole catalyst for such interaction. That responsibility lies within ourselves and the way we treat others in the real world.

The major lament about the Internet is that it has no “controls” to prevent criminal behavior. Consider that the Internet (Arpanet for those oldsters who remember) was designed at a time when networks were few and conduct was scrupulously monitored. In the 1970’s, I knew quite a few people who were very careful with their postings for fear of losing their prized university or corporate accounts. However, balancing this was the belief that academic freedom was equally important, and that disputed statements should be heard and debated – not suppressed – in other words “Cui peccare licet peccat minus” (Ovid).

But in the real world, we also view actions separately from words. When words are used to torment and destroy another person, it becomes a difficult matter of law. It forces us to look at our values and behavior. How many times have you, dear reader, met with a poison-pen email or posting notable only for its vacuous viciousness and then actually met the writer and found him or her indifferent or unaware of the venom dripping from the words? I actually have on occasion, and it is very disconcerting.

Anonymity on the Internet has always been a bit of a misnomer. The Internet provides for much better tracking and record-keeping than sending an old-fashioned letter and is far less regulated than phone conversations. Cookies and behavioral search give businesses like MySpace a “snapshot” on buying habits and trends worth billions of dollars. People who use these “free” services may believe they are “untraceable” but the entire focus of the business is one of tracing a caricature of the consumer. Identifying users in criminal or civil actions is simply incidental to their business, but as the RIAA actions demonstrate, the information is available.

DNA analysis has revolutionized identification of criminals, but that hasn’t stopped all crime. The same goes for Internet tracking. Technology changes, but the desire for justice is timeless.

Guilty Pleasures and Guilty Publishers

OK, I admit it. The New York Times has gotten rid of their notorious “Times Select” racket, and I’ve been busily catching up on all the columns that didn’t make the grade (the moderator likes politics) on Behind the Times. And so I’ve been glancing through Dick Cavett’s blog, and found his difficulties at getting his best selling book shipped to eager bookstores very interesting. Apparently, he had to resort to threats of canceling the book tour that was generating tons of sales for the publisher unless they shipped books to Chicago!

The comments were also very interesting. Many authors wrote in with stories of how impossible it was to get the publisher to ship any books to any bookstores, but they lacked the star-power of a Cavett to get the ball rolling. Several cited disasters with liberal arts incompetents masquerading as businessmen and women mishandling their projects and yes, I’ve experienced this myself, particularly the idiot from Wiley who couldn’t keep straight the project, the book, the times scheduled to discuss matters, and the communications. While I could cope with basic incompetence (I work in Silicon Valley, after all), I had to threaten legal action when she decided unilaterally wreck the project when it was essentially completed by contacting one of my business associates (who ran a lovely datacenter and was going to buy lots and lots of books) that she didn’t want to do the project and he shouldn’t deal with me. She then went on to sign a nobody to try and rip off the same manuscript (I hadn’t given her the good stuff yet, so there wasn’t enough to rip-off, because I had been clued in by my agent to be careful after my prior editor was off’d), and it went on to be a complete failure. Suffice to say she didn’t last long, but I never did business with that publisher again.

But the primary reasons for this lack of execution are economic and global in nature. Yes, execution is CEO-speak for doing, or not doing, the job, and it’s the executives that are ultimately responsible. Cavett found it almost impossible to get his publishing execs on the ball for executing on his agreement, even though executives are supposed to be the ones who make sure things go — that was my job in the last four companies I co-founded. In fact, I remember when execution was always on the top-three lists for CEOs, but last time I saw John Doerr he apparently didn’t think it was that important anymore — hmm, do you start to see a pattern? Sometimes when people hear words like global, they feel they don’t have to do anything because the problem is too large. This may explain the complete disinterest Cavett experienced — they just don’t feel they have to deal with any problem because it’s too big.

So I guess we have to reduce the problem down to a level where they have to take responsibility. So I’ll take a shot at it (anyone is free to comment on a better approach). The reason publishers blow it has much to do with how they have adapted, or not adapted, to Internet publicity and distribution. Book cycles are much shorter than 20 years ago, and demands for books are likely to be stochastic (a foreign word to most liberal arts publishers, but very understandable to technologists). If a publishing house is still doing publishing “the old fashioned way” (e.g. sign an author, wait for a complete manuscript and then do editing, get in-house art to handle the cover, in-house marketing to do the blurbs and publicity, recon the entire work into their own proprietary system, re-edit, rewrite, and finally, after much discussion, order inventory for storage from a book binder), then they’re putting themselves at a great deal of risk because they can’t respond to fluctuating demand easily. And the author loses out because the progression from signing to book takes a great deal of time — perhaps missing a good window of opportunity to establish it before trends shifted. No wonder book publishers only want to sign “pet autobiographies” and “self-help memoirs”, and fixate on block-busters. Perhaps instead of checks, publishers should just buy everybody in the biz lottery tickets, so that maybe somebody will make it big.

Of course, there are ways to adapt to the ever-changing marketplace. One approach is to embrace the long-tail, and not run away from it, perhaps by using some of the technologies available such as “instant book publishing” and software license arrangements (see Fun Friday – College Textbook Sticker Shock). But this would demand a fundamental sea change in how publishers relate to their authors and their business — one that would require just-in-time inventory, Internet updates, Internet publicity (online video, for instance of authors chats), investment in new technologies like kiosks, and so on. Their revenues would be based on licenses to read, and not on tangible inventories, and their financials would look completely different. And that is the real bugbear in the bookselling business.

This will happen, whether publishers want to adapt or not. And the end result will be bankruptcies, mergers, failures, and ultimately a few successes. The real sufferers are the book-buying public who wants to see the long-tail of new book ideas and the authors, who just want to write and sell books to those who want to read them.

When Bad Things Happen – Cellular and Internet Provide News, Experience Overloads

Today a gunman at Virginia Tech went on a rampage, killing and wounding scores of people at two locations on campus. Details are still emerging, but there are some examples of how the use of Internet and telecommunications technologies has impacted both the school and the country.

There were four technology issues that have arisen over the course of this event: 1) problems with notification of the crisis via email to students affected, 2) overloading of the local cellular network, rendering student cellphones essentially useless, 3) the overloading of the university servers during the crisis, preventing students from learning in real-time what what going on from their school, and 4) individuals cohering conflicting information on news sites via Wikipedia and social networking sites like Facebook and MySpace.

Fun Friday: Social Media in Silicon Valley

The Social Media Club held one of their renowned discussions on trends in social media in Silicon Valley this week (at NBC11’s new facilities). Discussions were held in a “round-table” fashion on topics such as ethics in Internet media, tracking accountability in reports, localization of reporting, the diminishing value of professional journalism, GenY’s and community media, and many others.

I spent most of my time in ethics and youth media, but one of the topics fascinated me – the problem of enticing and overcoming resistance to viewing in-depth media (like news stories and thought-pieces) in a sound-bite Internet-minute world. It’s no mystery that there’s a lot of stuff competing for your attention, from screaming banner ads to link farms loaded with trash. On most portals (especially video portals such as YouTube) the flea market prevails – maybe you’ll find something good, but mostly it’s junk. And as junk rises to the top of the charts, more junk is tendered, crowding out works that actually might be good for you. The Internet, instead of appearing as a rich knowledge base of the world degrades to a monoculture of junk food media. So if you do have something of value, how do you convince a viewer that it is worthwhile to spend the time? And this is where Jane Austen and the telcoms come into play…

DSL Debacles and Competitor Cheats

OK, so I need DSL at a few locations, so I check out pricing, find a good reputable provider, and book the orders. We do this all the time, right? It’s a no brainer.

But what happens if one of those locations just happens to be in an area your phone company just doesn’t want to service? And worse yet, what if they don’t want anyone else to service it either? Do they let their competitor take the business anyway, leaving them with the line maintenance? Or do they say the line is no good? Well, if you think you can get away with it, why not lie? And so we begin a saga of how keeping competitors from serving an area can be as easy as the magic words “load coils”… because how do you prove they don’t exist, and that this is a ruse to keep out service (violating tariffs galore)? Well, I do know one way…

Real Women and Men Like Technology

Well, I was planning to discuss why we don’t need MAC addresses anymore, but then I ran across this little google search on “women don’t like technology” and I was intrigued enough to check it out. Not surprisingly, even a small datacenter like TeleMuse Networks checks out some of the more interesting keyword searches once in a while.

While I certainly wasn’t surprised that the Lynne’s Blog entry entitled Why Women Don’t Like IT? Ed Frauenheim of CNET and Anthro 101 is right up there on page one, I was bemused to find the rest of the entries didn’t seem to have much to do with women and technology and what they think of it. In fact, except for the gizmodo reference to nagging robots, fluff about sex, health and humor (well, maybe humor fits) abounds. The whole page is singularly notable for its absence of relevence.

But wait – what if we change “women” to “men” and do another google search on “men don’t like technology”? Will there be a marked difference in the results, with in-depth technology discussions instead of the frivolous stuff we see in the women’s popularity domain? Are men taken more seriously than women in the world of Internet inquiry?