Monthly Archives: August 2014

Don’t blame them

On a Noose

On a Noose by Alex Proimos. Creative commons license, found on Flickr

The recent passing of Robin_Williams spurred all kinds of discussions regarding depression and suicide.  First of all, I am not an expert.  I’m no psychiatrist, or even someone who has a good “feel” on people.  I’m your run of the mill antisocial nerd.

I am not going to talk authoritatively on depression or suicide.  I can’t.  What I am going to talk about is what happens when you botch it up and fail at suicide.  Yes, people botch up suicides all the time.  There are basically three outcomes to suicide attempts:

  • Success!  That sounds harsh doesn’t it?  It leaves behind questions, and grieving relatives and friends.  The event is declared a tragedy, and a few discussion about depression and suicide pop up with those that are left behind.  For the person who commits suicide, the pain is over, at least if you take the rationalist approach.
  • Failed, but no lasting health damage.  This is your typical sleeping-pills overdose subject.  They get found in time, stomach is pumped empty, put under observation for days and then a few weeks or months psychiatry and meds.  While their problem has not been solved, and the psychological torment does go on, they can basically hide it.  Unless you know them well or you witnessed the event, nobody will ever know it happened.  The talking behind their backs is probably the worst part.
  • Failed, causing major bodily injury.  Choose the “major trauma” way out?  Hung yourself and broke your neck, and they could save you?  Stuck a knife in your heart to get over with it?  Jumped from a building after all that’s foolproof?
    Yeah, they’re alive.  They will, however, pay their whole remaining life with pain, surgery, and questions from anyone who notices the damage about “what happened”, which is basically “everyone” if the damage is big enough.  Sure, you can lie and tell it’s a car accident that caused it, or something like that.  Any deeper investigation will easily show that it’s a lie.  However, when people do find out what happened, the most common reaction to the pain and suffering is “it’s your own damned fault”.

It’s the last category I want to plead for.  People with such a botched suicide attempt get no understanding whatsoever from society.  It’s always “How could you be so stupid?” or “The pain is your own fault”.  Even people whom you trust, and eventually tell, can totally change their behaviour towards you.
I’m sure many people reading this will shake their head in disbelief and think “But, but, it is their own damned fault!”.  I’m sure, I would have thought the same when I was younger.  It isn’t.  People who do try to commit suicide had no choice: Their brain told them it was the only solution, that there was no other way.  It’s like when you’re so thirsty that, even if you know you shouldn’t drink salt water, you’re still going to do it.  Perhaps not the best comparison, but I can’t really describe it any better because I haven’t been there.

So, please, if you find out about someone who tried to kill themselves, don’t judge them.  You don’t have to pity them, but please, stop blaming them for what they tried.  Putting the blame on them is definitely not helping and they are not to blame in the first place.
How to act then?  Really, the “lie” of the “car accident” isn’t that bad.  Treat it as an accident, as something they could not influence.  That will make it easier for you and them.  At least, for me, that worked.

What is your Facebook “username” any way?

My previous rant is wrong.  Well, not in the sense that I’m going to admit that “email-as-username” is the greatest idea on earth.  I still think it’s dumb, and some people I respect a lot disagree.  I’m still not convinced.

No, a little bird tweeted me the following:

@jawtheshark changing the email for facebook won’t help … you can use your actuall username to login, no need for email adress

— Pit Wenkin (@PitWenkin) August 13, 2014

Wait?!?  What?  That vanity URL, I took back in the day also counts as my username?  Hands up, who knew that?  I most certainly didn’t.  I tested it from within a Private Browser session, all the following worked:

  • My “jawtheshark” gmail.
  • My “jorg.willekens” gmail.
  • My work cellphone
  • My private cellphone
  • My facebook vanity url nickname and by extension my facebook email.

Basically, pretty much anything that could identify me can now be used as a username to be logged into Facebook.  I am not really sure if that is a good idea.  So, I didn’t fix Flirty’s problem, since her “attacker” could use any of the above if he knows about the existence of them and they’re pretty much public.

The username/email conundrum

Email icon / Hand Drawn Web Icon Set by Pawel Kadysz

Hand Drawn Web Icon Set by Pawel Kadysz. Free for commercial use

Flirty, our Executive Assistant, looked rather down and tired today. Sure, she is a ranty German chick as we know and love them. She mostly on a friendly-flirt basis with me in the sense she calls me “honey” and I call her “sweetheart”. All in good natured humour, naturally. She looked stressed out.
While working with executive divas is straining, it was clearly something else. It came out rather quickly: Her Facebook had been hacked or at least someone was attempting to hack it.
Now of course, we all are familiar with the occasional “Your account has been accessed from Bumfuck, Elbonia, was that you?“.  Usually, it just means some silly hacker got hold of a username and tried a few attempts.  Nothing much to worry about.  This, however, was so much more worrying.  The login-attempts came from the city she lives in. First of all, kudos to Facebook detecting that.  It sure as hell isn’t only geolocation that’s used for detection.

It does mean, however, that most likely someone she knows is trying to hack her Facebook.  Why?  Who knows, it’s none of my business.  What it also means, is that changing her password was not enough.  These messages and attempts would continue, since the person trying this knows her username,

I told her to see whether her email provider allowed aliases for her current email (I was astounded: it did!  Yay, for that provider!), and told her to use the new alias as her Facebook login instead of her normal email address.  (Note: you do need to delete the original one, because you can use all your registered emails to log in!  Try it.  I wasn’t aware of that.)  I’m pretty sure this will fix the issues.  I’d have loved to set up two factor authentication, but it requires to install the Facebook Application for her phone, and she didn’t want that.  Fair enough.

I think that will fix her issue, but it does highlight a problem, that has annoyed me more than once: the insistence of using email addresses as login credentials.  I have no idea who came up with that, but he needs to  be stomped in the balls.  Along with those people who thought it was a great idea and adopted it.  That’s a lot of stomped balls.
You, see, most “normal” people have at most two email addresses: a private one and a work one.  Yes, yes, I have half a gazillion, and so do you, but my mom doesn’t, neither does my wife or in this case Flirty.

It means that, by definition, anyone knowing such a person will know the “username” you have to use on so many sites.  Now, I do realize usernames are not secret, and they never have been, but this “email-as-a-username” system servers the “username” to wannabe hackers on a silver platter.

Now, sure, they still have to guess your password.  They’re not going to come in, unless your password is very weak. The situation indicates that “someone she knows” tried this, which puts the odds of a correctly guessed password much higher.  To less technical users, those notifications of someone attempting a login, especially from the city where you live, are very scary.  I’m glad Facebook does this, but it makes non-techs freak out.

Never mind that in the bigger picture, spam lists can now be used to try to authenticate against a plethora of services, like iTunes, Facebook, etc…  Sure, the odds are low, I do realize that, but once someone starts using a list where you are on, you might be annoyed quickly.

There is another problem with this, by the way, which is unrelated to Flirty’s problem.  I had this particular misunderstanding with my mother in law.  Given so many services rely on the “email-as-a-username” system, she started to be totally unable to differentiate between accounts.  To the point she thought she had an account on a website she never registered with, but tried to login with her email address using her (real) email addresses password.  Imagine someone was logging that!
This is complicated even further by the fact that different services have different requirements for passwords making it impossible to give all accounts the same password.  Yes, I know this is a very bad security practice[1], but hey, I don’t want her to call me every time a password is required.  So it is good that her iTunes and email password aren’t identical, but it is very bad for her as she doesn’t have a clue what is going on.  Yes, yes, “education” and “informed users”… blah, blah… Can you tell I’m jaded?

Basically: “email-as-a-username” is flawed.  The only positive things I can see about is that it’s easy to remember and a password reset is easy…. provided the email is still active and it didn’t get compromised itself.

Perhaps I’m missing something? If so, feel free to inform me.

Footnote [1]
I realise that someone is going to say “use a password manager”, which is a wonderful technical solution.  Except of course, for normal users this complicates the whole thing even more.  I’m not even a fan of password managers, because I don’t want the data stored on a server that is not under my control and I want the information still globally available.  Best I’ve found is to use pass, on a machine to which you have ssh access.  Covers my requirements, but definitely isn’t for Joe Sixpack.

 

 

iMess with your messages

iMessage chatI want to start off with the Hanlon’s razor:

Never attribute to malice that which is adequately explained by stupidity.

I’m going to talk about iMessage and about what I perceive as technologists making myopic decisions about how something should work. If you’re reading this you are most likely in IT, and perhaps even a programmer: we are trained to look for edge cases, trying to imagine the worst case and still having the damned thing work. Also, if you are in IT, you are aware about the hub-hub going around that Android switchers are penalised for the switch as text messages sent from iPhone users never arrive. I am, by now, convinced it is totally caused by the developers of iMessage living in a tech ivory tower. However, this is not what I’m going to talk about: I’m going to talk about iPhone users being unable to communicate in certain edge cases.

Some background:
An iPhone can send SMS, the “speech bubbles” in such a conversation are green. The way they are sent are through your cellular network: it works even if you have no data connection at all, not even GPRS. SMS is part of the GSM specification and is considered “best effort”. Despite that, it is incredibly reliable.
Contrast to iMessage, the blue “speech bubbles”, where a data connection is needed to send and receive messages. It doesn’t matter how you connect to the Internet, GRPS, 3G, Wifi Avian Carriers, as long as there is Internet. At first, you do think this is a rather reasonable condition, after all iPhone users are tech-savvy always-connected people who can’t live without their precious Internet. Right? Right?
How do I compose that sarcasm sign again?

The trouble is that iMessage, presents itself as a SMS (“Text Message”) replacement, without a way to revert back. Now first, I’ll tell you why it works so well in most settings. We, even the non-tech users, are pretty much connected 24/7 to the Internet in our daily lives. At home you have your wireless setup, at your workplace probably too, the Wireless of your preferred junk-food and junk-beverage places are configured and working. Even if that’s not the case, at least where I live, iPhones are sold with a reasonable data plan. You simply don’t care, anywhere in the country you are connected, which makes the difference between iMessage and SMS totally oblivious to the end-user and this is the typical “It just works” mentality that Apple is famous for. For iPhone users iMessage and SMS are the same thing.

First, to iMessages defence, I don’t know how it gets activated. Perhaps I did that myself, perhaps I clicked away an annoying dialog and accepted it one day. I don’t remember. Fact is, my wife, my mother in law and myself all use iMessage and I sure as hell didn’t “install” or “configure” it in the traditional sense. It was there, one day, and it worked. It might be my fault it has been activated.

So, here is how I found that iMessage has an unfixable problem, at least one I can’t fix, or I haven’t found the appropriate fix. The story involves three iPhone users, two of which are non-tech and yours truly.

My wife has been in Switzerland for surgery the last four weeks, and I made sure she could go on the hospitals wireless (Those Swiss sure know how to do wireless: the whole campus is flawlessly covered!). I even made sure she has my Ultrabook so she could waste all her time, trying to ignore pain. Well, that was of no use, as it seems that she basically uses her phone exclusively and she seems to use text messages all the time. I’m not big brother, but I know that at least her mother and me are those whom she communicates most with using SMS, of course, in reality that’s iMessage.

This works as, I’m always online and my mother in law has the “fuck-yeah-all-the-data-you-want” plan. Messages always arrive, life is sweet, the Internet is a blessing. Last weekend (I visit her every weekend), my wife tells me that her Mom can send her “texts”, but the texts she makes to her Mom never arrive.
This makes me look into the issue, and I realise: Mother in law is not in Luxembourg. She’s on vacation somewhere in Austria. That means roaming, and the default setting on iPhones is to disallow data roaming, which is a good thing. This means that my mother in law, does not have Internet connectivity. Knowing her, she will be unable to connect to public wireless hotspots.

To mother in law, everything looks normal. She is doing the same as always: sending “SMS” to her daugher and they arrive. The phone probably has the “Send as SMS” option activated, which falls back to SMS when no Internet connectivity is present. That is good. On my wifes side, however, her iPhone decides: “This is an iPhone, it can receive iMessage, so let’s send iMessage”. This is, I stress, not configurable. Not per number, not any where. So, my wifes messages to her mother disappear somewhere in a message queue somewhere on an Apple server to be delivered to her mother when her mother gets on the Internet, which will be in a week or two. Brilliant, just brilliant!

I have tried everything, deleting all Mother/Daughter threads on my wifes iPhone, deleting her moms contact entry in order to make it forget that it’s an iPhone and tell it that it’s a “mobile”. Nothing helped. There was no way to convince her iPhone to send SMS instead of iMessage to my mother in law. None.
I gave up in frustration and explained it to my wife, who was very patient and understanding, that we would have to disable iMessage and revert to SMS pure. It would be more expensive, as she is roaming too, but it at least she would be able to communicate with her mother and the problem would be gone. I did so, and indeed it worked.

Now think about this twice: at that point I did a major thinking error. Let me explain. That night I go to the hotel and about around midnight I get a text message from my wife whether I’m still awake. I was and I replied. To my surprise, I didn’t get a reply to my text. My logic error manifested itself, but I didn’t realise it yet. I only understood the next day: We shifted the problem. My phone was now insisting on sending iMessages to my wifes iPhone, but I totally disabled iMessage on her phone. Yup, my messages were now the ones being held somewhere on an Apple server. Of course, I could disable iMessage on my phone, but I have people at work using iPhones who write me iMessages, which I then would then not be able to get. I can’t do that, it is my work phone after all.

So, in the end, I had to put my wife before a choice: Be able to communicate instantly with me or with her mother. She chose me, which is flattering of course. I reactivated iMessage on her phone, which then caused a re-authentication and an SMS to a UK phone number, which will cost us money. Okay, not much, but I know it will.

This all boils down to the developers of iMessage being totally confident that people will have Internet connectivity on their iPhones at all times and not providing a fall-back method. This is provably not the case, especially to people who go to foreign countries. Apple employees do seem to know about this, after all the default setting for roaming is reasonable.
What should happen is that after a timeout period, the iMessage should be sent per SMS. This can be done, by relaying the “not able to send” information back to the phone and perhaps even asking for permission (or just do the damned thing transparently, you’re Apple for crying out loud). This would also fix the issue that Android switchers have. Alternatively, they could use a SMS gateway of their own. This does shift the cost to Apple, so it is understandable that they don’t want this.
Sure, it would delay the message a bit, but that seems totally acceptable. Delayed transmission is preferable over undelivery.
Also, let the user choose per contact whether to send SMS or iMessage. The information is there in the “contact” entry. If the number is specified as “mobile”, send SMS, if it is specified as “iPhone” it is send as iMessage and then use the fall-back mechanism to avoid situations like the one I described. At least, with such a system, I could have fixed it.

Now, I may have overseen something, or have misunderstood an option or setting somewhere. I am confident enough to tell you: If I did something wrong, this rant is totally irrelevant. If it is, I sincerely apologise to the iMessage developers. If not: please, get your act together, you are developing for non-tech users. Keep that in mind.