Why I Am Not An Early Adopter

I'm a gadget person. I used to run out and buy the latest gadgets. Here are a few reasons why I don't do that any more.

1. They're expensive. Makers of gadgets spend tens of millions of dollars (or yen, or deutsche marks, or euros) on designing, developing, implementing, and testing their latest toys. Investors want to see those toys turn a profit in a year or less. Easy math says that one million people buying a $600 iPhone on the first day should pretty much cover it. Not so fast. Most of that $600 goes to pay for marketing, advertising, distribution, and the cost of sales. Those big, bright Apple stores in shopping malls and other prime locations aren't cheap. My educated guess is that less that $50 of the iPhone's sale price is profit. That's not even as much profit margin as grocery stores make. Gadget makers that lose money on a new product release won't be around for very long.
2. Bugs. Every new gadget has bugs. No exceptions. In some cases, it's something the manufacturers just can't help. Makers like Apple and Sony test their products for months. They test every scenario they can possibly come up with. Then they release the product and it still has bugs. That's because they can't reproduce the millions and millions of different situations that we humans will experience when we use their gadgets. They also can't test for long term conditions because then they would never release their products. Other makers, like Microsoft and Samsung, do limited testing and then throw the product over the wall. They are relying on you to find their bugs and complain about them. Then they will spend a month figuring out how to fix it, do some more limited testing, and throw the fix over the wall again. That's why Microsoft bug fixes tend to create more bugs. They don't do extensive regression testing.
3. Limited new bells and whistles. Let's face it, we are becoming technically saturated. There just wasn't that big of a difference between the iPhone 4s and the iPhone 5s. People seem to have jumped right from the Samsung Galaxy S3 to the Samsung Galaxy S5, skipping the Galaxy S4. One reason for this is that gadget makers have to stay fresh in people's minds. Motorola was king of the 12-keys for a while with the Razor series. Along came Android and Motorola failed to respond with a smartphone. They still dominate the 12-key arena, but that is now a tiny part of the cell phone market. (Full disclosure, Motorola has a history of doing that) Microsoft and Sony own the game console arena because Nintendo and Sega failed to keep up. (No, Wii can't survive on the strength of Mario Cart alone.) In some cases, Windows for example, the new shiny thing is that it doesn't suck as much as its predecessor.

I like early adopters. They help bring down the prices of gadgets more quickly than would happen otherwise. I like the fact that there are more and more early adopters. Seeing lines wrapped around the block at Apple stores with people waiting for days sometimes makes me happy. In 6 months, I'll grab an iPhone 6 for a fraction of what they are paying now, and it will be relatively bug-free.

Keep on adopting!

You've Been Hacked!

In the great celebrity naked picture hack event of 2014, there were two sides to the reaction.

1. It's their own fault for having naked pictures of themselves on their phones.
2. It's not their fault. They should be able to put whatever they want on their phones.

They're both right. (Thanks for not equivocating, Steve!)

It is their fault for having naked pictures, or any other private data on their phones without adequately protecting them. That's like saying that it's not your fault that you left your front door open and thieves took off with your big screen TV. Technically, it's not your fault, but your stuff is still gone, and if you do it again, more of your stuff will get gone. Lament the downfall of modern civilization if you will, but lock up your shit.

The real problem is passwords. It is a model that was proven to be broken years and years ago. So here we are at, "it is and isn't the celebrities' fault." Unless you just got on the Internet yesterday (welcome!), you should know better than to use your aunt's birthday, the name of your pet, or "happy79" for your password. The mere fact that hackers got into their phones before they were old enough that no one wanted to see naked pictures of them means that they were using weak passwords. But, here's the thing, because you can use a weak password is a problem with passwords themselves. The password model is an impediment to using strong passwords. In the heat of the moment, when you absolutely have to show your latest naked selfie to your boyfriend, you aren't going to remember the 16 character string of random letters, numbers, and symbols you used to create your iCloud password. And if you are using the best practice of never using the same password twice, you will have to dredge up which password you used on which account. Definite mood-killer.

So, what is the answer, Steve? You're doing a lot of bitching about passwords, but you're woefully short on solutions.

Mea culpa on the bitching part, not so much on the solutions part.

The solution is a system that is a combination of known strong security measures combined in such a way that your average naked selfie taker (or online banker/shopper) is going to use because it is simple to use. It would have to be simpler to use than passwords, which sets the bar pretty low. The system is a combination of

1. Zero knowledge proof authentication.
2. Strong cryptographic signing.
3. Public key cryptography.

Well, Steve, that doesn't sound simple at all. It's not technically simple, but it is simple for users. It works like this:

Sally gets online and wants to check her bank balance. She has previously set up a couple of things with her bank. A public key, which is just a set of random numbers that identifies her. Instead of her username being "SallyMae1983," It will be something like

lQO+BFPOiY0BCADyCJ1GtQ3oVeLFVOEwlqvNmvDGHc5SlBPWgA

"But wait, Steve, you said this would be simple." It is, actually, because Sally will never have to remember it. It will get created and stored on her computer and the browser, or whatever else she's using, will know where to get it and hand it to the bank. And good luck Mr. Black Hat Hacker with trying to guess that one.

The second thing she set up with her bank was a passphrase. I'm not being disingenuous here. A passphrase, unlike a password, can be anything you want it to be. It could be Hamlet's soliloquy, or the words to your favorite song. The longer the better, but since you don't have to remember it, it can be anything at all, even "happy79." The secret to all of this is that you never, ever send your passphrase to the bank after you set it up in the first place.

So, Sally gets on her browser and her browser knows how to present her key, and the bank uses that to know that it is Sally. Now, the bank sends some data, called salt, which is different every time Sally logs on, back to her browser and the bank and the browser go to work performing some complex cryptographic math on Sally's passphrase and the salt. When they are both done, they will exchange their answers, and if they both got the right answer, the bank will let Sally in, and Sally will know that it's actually the Bank, and not some phishing site. Sally never actually sent her passphrase, she just proved to the bank that she knew it, and the bank proved to her that it knew it as well. That's called zero knowledge proof.

The idea works even better on smartphones. The key and the passphrase can be stored in a very secure location on the device's SIM card. If you lose your phone, the SIM card can be remotely wiped. Paris Hilton's contact list would have never ended up on Reddit.

"So, Steve, when is the world going to get this technological marvel?"

I'm working on it. Stay tuned.