Archive for the ‘Technology’ Category

Programmers are bad at managing state

“Have you tried turning it off and back on again?” is one of the most familiar tropes associated with tech support. But as someone who is often asked by family members for help with misbehaving devices, I find it to be one of my most effective tools.

The solution is primitive, but the logic behind it is surprisingly profound: programmers are bad at managing state.

As a programmer, I understand this fact intuitively. When a program I’ve written has first booted up, it is in its most pristine, perfect state. I have lovingly crafted every variable and array to be exactly how I intend it to be. If I have automated tests, then this is the state that is most heavily tested.

It’s only after this initial bootup phase that everything starts to go to hell. The user clicked on something! The user typed in a field! How could they? How could they besmirch my beautiful, perfect program with their grubby little hands?

Before you know it, the user has not only clicked and typed – they’ve pressed the browser’s back and forward buttons, and the refresh button, and they’ve booted up the program after a few weeks of inactivity, so that some of the data has become stale, or maybe they installed an update and now they’ve got some locally cached files that were designed for an older version of the app… It’s here that users run into the countless errors, crashes, and freezes associated with software that finds itself in a state that the original programmers didn’t intend.

This is why “turn it off and on again” works so well. You put the software back in a state that the programmers predicted, and poof, everything works again. Sometimes, though, you have to take this logic even further.

Recently my wife was having problems launching Steam. She hadn’t run it in a few years, so she reinstalled it and clicked the icon, but it refused to load. I googled around and couldn’t find a solution, so, on a hunch, I deleted the ~/Library/Application Support/Steam folder, where Steam was apparently storing data, and relaunched it. Poof! It worked.

Another time, she was having trouble with a web app that was stuck on a loading bar, no matter how many times she refreshed. So I opened up the handy Chrome DevTools “Application” tab, clicked “Clear storage”, and what do you know? After refreshing and logging in again, everything worked.

Another time, her MacBook refused to print anything on our HP printer after a macOS update. After about an hour of searching various web forums, it turned out that I needed to run a program called HP Uninstaller to remove old HP software. Poof! Everything worked.

Having a dedicated program to clean up your own program’s files may seem a bit ridiculous, like an admission of defeat, but I actually think it’s kind of brilliant. As a programmer, it’s impossible to predict all the states that your program can end up in. You can use something like XState to help visualize it, but when you start multiplying the possible states by the cached configuration files by the different versions of the software by the different teams of people who built each version… it just becomes unfeasible to plan for every outcome. (Let alone write tests for every possible state!) So rather than having software that doesn’t work, maybe it’s better to just admit your own human frailty, and offer a way for users to start from scratch.

Mozilla’s “Refresh Firefox” feature is another brilliant application of this principle. If you haven’t used Firefox in a while, then it will pop up a little alert offering to blow everything away and start from scratch. This is probably a great way to avoid attrition to other browsers: I’m sure plenty of people switch from Browser A to Browser B because on day 1, Browser B feels so much faster – not because B is actually superior to A, but because B isn’t bogged down with a bunch of extensions, settings, history, leftover update files, etc.

If you’ve ever reinstalled Windows or Android from scratch, and observed how remarkably fast and lightweight everything suddenly feels, then you’ve probably also seen this phenomenon in action.

I don’t have a solution to this problem. Software is complicated, and unless you have the luxury of writing code that can be tested with formal proofs, it’s impossible to predict every possible state that your code can be in. So maybe the best bet is to just provide some kind of escape hatch, so that at least it’s easy to “turn it off and back on again.”

Tech veganism

Hand draw picture of a computer with vegetables on the screen

A year ago I wrote a blog post about living with an open-source phone. A commenter on Reddit described this as “tech veganism,” and I thought it was a great metaphor.

For the past few years I’ve swum in a lot of “tech veganism” circles (mostly thanks to Mastodon), so I think I have a good definition now:

  • a preference for open-source software over proprietary software
  • a suspicion of big tech companies
  • a high bar for privacy and security

The parallel with veganism is a good one for several reasons. First off, a lot of people find vegans annoying. “What, you think you’re better than me?” It’s a lot easier to eat animal products if you don’t think about where they come from, and vegans are an uncomfortable reminder of food’s icky origins. Plus, it’s never pleasant to think that someone might be silently judging you for your personal lifestyle choices.

Now imagine someone telling you they don’t use Google, Facebook, etc. “What, you think you’re better than me?”

Second, people don’t typically choose tech veganism because it’s a better user experience. Even though some vegans may swear that their black bean burger tastes just as good as your Angus beef, the honest ones will acknowledge that it’s more about principle than palate.

Similarly, there are plenty of tech vegans who will claim that OpenStreetMap is a great replacement for Google Maps, or that DuckDuckGo provides better search results than Google. But if they’re being honest with themselves, they’ll admit that they’re more motivated by principle than quality or convenience.

Third, tech veganism is a good way to alienate people. Talk about it enough, and you may get accused of being overly dour, negative, cynical, etc. Can’t you just eat a burger and enjoy it like a normal person? Why do you have to bring up factory farms all the time, and ruin my meal? Similarly: why can’t you just use Google like a normal person? Why do you have to drone on and on about LibreOffice and OpenBSD?

Tech veganism can even cost you friends. In the same way that having one vegan in the group severely limits your restaurant choices, being the one tech vegan among your friends can really narrow down the options for communication apps. Sure, you can ask them to use Signal. Or email. But most likely, the group chat will just happen without you, and you won’t be getting any Facebook invites.

Fourth, in some cases tech veganism is difficult if not downright impossible. If you’ve ever actually tried to go vegan (note: I have), you’ll find it’s a constant battle of reading ingredient lists to find the hidden references to milk, eggs, fish, etc. (Some surprising things that aren’t vegan: Worcestershire sauce, kimchi, even sugar.) And once you travel to a foreign country, you might find yourself surviving on bread and water, or else giving up entirely and grabbing a croque-monsieur.

Similarly, it’s almost impossible to avoid proprietary software or the tech giants. Consider this FOSDEM talk, where the executive director of the Software Freedom Conservancy admits to having proprietary software embedded inside her body, because that was the only option for a defibrillator. She advocates open-source software, and yet despite her best efforts, she’s a closed-source cyborg!

Try to avoid Google or Amazon and you may find yourself in a similar boat. There’s a great series of posts from Kashmir Hill where she shows that it’s nearly impossible to quit the tech giants because of how enmeshed they are in every app, website, and network request. It’s easier to find something vegan at a Brazilian barbecue than it is to eliminate big tech from your internet diet.

Another similarity: just as there are more vegetarians in India, tech veganism can be surprisingly region-specific. In particular, Europeans have more reason than Americans to embrace tech veganism, because the non-Chinese tech giants – Google, Apple, Facebook, Amazon, Microsoft, the dreaded GAFAM – are all American.

The dominance of American tech platforms in Europe, and especially all the data from European citizens being siphoned back to Silicon Valley, can feel like an issue of national sovereignty. Hence we have France opting for the open-source Matrix project for government communications, or organizations like Framasoft depicting themselves as a tiny Astérix-like village holding off foreign invaders. And the invaders really are foreign!

One place where the veganism metaphor breaks down is that, although nearly anyone can be a vegan, tech veganism is mostly practiced by those who are expert enough or privileged enough to learn the elaborate workarounds to avoid the GAFAMs of the world. Setting up an Ubuntu laptop, a LineageOS phone, a Fastmail account, and wiring it all together so that you actually get calendar notifications is no easy feat. You will probably have to get your hands dirty on the command line.

I find that there’s a bit of a “let them eat cake” attitude among tech vegan boosters, because they often discount the sheer difficulty of all this stuff. (“Let them use Linux” could be a fitting refrain.) After all, they figured it out, so why can’t you? What, doesn’t everyone have a computer science degree and six years experience as a sysadmin?

To be a vegan, all you have to do is stop eating animal products. To be a tech vegan, you have to join an elite guild of tech wizards and master their secret arts. And even then, you’re probably sneaking a forbidden bite of Google or Apple every now and then.

So where does that leave tech veganism? Well, for the near term, it’s probably going to remain the province of geeks and specialists due to the difficulties described above. Ironically, that means that it’ll mostly involve tech workers building products that other tech workers refuse to use. (Imagine if veganism were only practiced by employees of meat companies.)

I also suspect that tech veganism will begin to shift, if it hasn’t already. I think the focus will become less about open source vs closed source (the battle of the last decade) and more about digital well-being, especially in regards to privacy, addiction, and safety. So in this way, it may be less about switching from Windows to Linux and more about switching from Android to iOS, or from Facebook to more private channels like Discord and WhatsApp.

Generation Z has grown up with smartphones and app stores as an inescapable fact of their lives. Does anyone under 21 actually care whether the code on their phone is open-source and whether, Stallman-style, they can dive into an Objective-C file and change something? Probably not many. Does anyone in that demographic care about their phone’s impact on their anxiety, their quality time with friends and family, and their safety from harassment and abuse? Probably a lot more.

In my opinion, this change is a good thing. You shouldn’t have to enter an elite tech priesthood just to preserve your privacy, security, and safety online. Tech veganism should be as easy as regular veganism – it should just be an option on the menu. That doesn’t mean that it won’t suffer from many of the same problems as regular veganism, but at least it will be democratized.

YubiKeys are neat

I recently picked up a YubiKey, because we use them at work and I was impressed with how simple and easy-to-use they are. I’ve been really happy with it so far – enough to write a blog post about it.

Photo of my YubiKeys on a keychain on a table

Basically, YubiKey works like this: whenever you need to do two-factor authentication (2FA), you just plug this little wafer into a USB port and tap a button, and it types out your one-time pass code. Interestingly, it does this by pretending to be a keyboard, which means it doesn’t require any special drivers. (Although it’s funny how Mac pops up a window saying, “Set up your keyboard…”)

The YubiKey Neo, which is the one I got, also supports NFC, so you can use it on a phone or tablet as well. I’ve only tested it on Android, but apparently iOS has some support too.

YubiKey is especially nice for sites like Google, GitHub, and Dropbox, because it runs directly in the browser using the FIDO U2F standard. Currently this is only supported in Chrome, but in Firefox you can also set security.webauth.u2f to true in about:config and it works just fine. (I use Firefox as my main browser, so I can confirm that this works across a variety of websites.)

One thing that pleasantly surprised me about YubiKey is that you can even use it for websites that don’t support U2F devices. Just download the Yubico Authenticator app, plug in your YubiKey, and now your YubiKey is an OTP app, i.e. a replacement for Google Authenticator, Authy, FreeOTP, etc. (Note that Yubico Authenticator doesn’t seem to support iOS, but it runs on desktops and Android, and is even open source on F-Droid.)

What I like the most about Yubico Authenticator is that it works the same across multiple devices, as long as you’re using the same YubiKey. This is great for me, because I have a weird Android setup, and so I’m frequently factory-resetting my phone, meaning I’d normally have to go through the hassle of setting up all my 2FA accounts again. But with YubiKey, I just have to remember to hold onto this little device that’s smaller than a stick of gum and fits on a keyring.

One thing I did find a bit annoying, though, is that the NFC communication between my YubiKey and OnePlus 5T is pretty spotty. To get it to work, I have to remove my phone from its case and the YubiKey from my keyring and clumsily mash them together a few times until it finally registers. But it does work.

Overall though, YubiKey is really cool. Definitely a worthy addition to one’s keyring, and as a bonus it makes me feel like a 21st-century James Bond. (I mean, when I plug it in and it “just works,” not when I’m mashing it into my phone like a monkey.)

If you’d like to read more about YubiKey and security, you might enjoy this article by Maciej Ceglowski on “basic security precautions for non-profits and journalists in the United States.”

Update: In addition to U2F, there is also an emerging standard called WebAuthn which is supported in Chrome, Firefox, and Edge without flags and is supported by YubiKey. So far though, website support seems limited, with Dropbox being a major exception.

Should computers serve humans, or should humans serve computers?

The best science fiction doesn’t necessarily tell us something about the future, but it might tell us something about the present.

At its best, sci-fi finds something true about human nature or human society and then places it in a new context, where we can look at it with fresh eyes. Sci-fi helps us see ourselves more clearly.

This is a video made by Microsoft in 2011 that shows one sci-fi vision of the future:

This is a utopian vision of technology. Computers exist to make people more productive, to extend the natural capabilities of our bodies, to serve as a true “bicycle of the mind”. Computers are omnipresent, but they are at our beck and call, and they exist to serve us.

This is a video showing a different vision of the future:

 

This is a dystopian vision of technology. Computers are omnipresent, but instead of enabling us to be more productive or to grant us more leisure time, they exist to distract us, harass us, and cajole us. In this world, the goal of technology is to convince us to buy more things, or to earn points in a useless game, or to send us on odd jobs the computer chose for us.

A similar vision of the future comes from Audrey Schulman’s Theory of Bastards. The protagonist rides a self-driving car, but she can’t turn off the video advertisements because her implant is six months out of date, and so the commands she barks at the car fail with an “unknown” error.

She blames herself for failing to upgrade her implant, in the way you might chide yourself for forgetting to see the dentist.

As the car arrives, she pays for the trip. Then she notes:

“At least in terms of payment, the manufacturers made sure there was never any difficulty with version differences. It was only the actual applications that gradually became impossible to control.”

Between the utopian and dystopian, which vision of the future seems more likely to you? Which vision seems more true to how we currently live with technology, in the form of our smartphones and social media apps?

I know which one seems more likely to me, and it gives me the willies.

The core question we technologists should be asking ourselves is: do we want to live in a world where computers serve humans, or where humans serve computers?

Or to put it another way: do we want to live in a world where the users of technology are in control of their devices? Or do we want to live in a world where the owners of technology use it as yet another means of control over those without the resources, the knowledge, or the privilege to fight back?

Are we building technology for a world of masters, or a world of slaves?