February 2016

Crypto

iphone passcode

By now, you’ve probably heard that the FBI’s current fight with Apple, in which they’re trying to get the company to build workarounds for the phone’s security protections in order to be able to brute-force guess the iPhone passcode used by Syed Rizwan Farook, one of the suspects in the December 2015 San Bernardino shooting. The passcode isn’t just some piece of information you have to provide to gain access to an iPhone; it’s actually part of the key used to encrypt and decrypt iPhone memory contents, as shown in the diagram below:

overview of apple key derivation

Apple key derivation, from Apple’s iOS Security Guide, September 2015.

iOS has a number of measures built in to make brute-force guessing difficult, including an optional setting that disables the phone after 10 wrong passcode entries and a mandatory delay between passcode entry attempts (which, for later phone models, grows in length with each failed attempt). The FBI believe that Farook turned the “ten strikes and you’re out” setting on the iPhone on, which is why they’re demanding that Apple provide a workaround.

Corbató’s Law

password

The FBI/Apple situation may have left you asking questions, but one question you might not have asked is “Who came up with the idea of using passwords to secure access to files?” With computer science being such a young field — the formal definition of computable didn’t appear until the 1930s, and the oldest programming languages are from the 1950s — many of its pioneers are still alive. This is the case with the lock-files-with-passwords creator, Fernando J. Corbató. In a 2014 interview with the Wall Street Journal, he said that the password system has become unmanageable these days.

Corbató has made many other contributions to our field that we benefit from even today, including:

corbatos law

Simply put, what Corbató is saying is that every day, you only have so many lines of code in you. The corollary to Corbató’s Law is that for maximum productivity, you should use a programming language that lets you do things in as few lines as possible — a language that minimizes yak shaving.

Cartoons

The term “yak shaving” was first used in its programming sense at the MIT Media Lab around 2000, and likely comes from this episode of the ’90s cartoon series Ren and Stimpy:

As Jeremy Brown from MIT put it:

…yak shaving is what you are doing when you’re doing some stupid, fiddly little task that bears no obvious relationship to what you’re supposed to be working on, but yet a chain of twelve causal relations links what you’re doing to the original meta-task.

Many programming languages require you to do some amount of yak shaving, but one notorious culprit is also one of the most popular: Java.

Kotlin

kotlin(In case you missed it, I wrote a little bit about Kotlin yesterday.)

Here’s a simplified version of the dreaded class example you’re likely to find in a programming textbook: the Person class. It’s a data class — we’re really using a class as a structured record type, since Java doesn’t have any. This one has two fields that won’t change once instantiated: name, a string, and age, an integer value. Here’s the Java implementation:

Here’s a Kotlin Person class that does everything that the Java Person class above does, but in one line as opposed to ten:

Kotlin lets you specify a primary constructor on the very same line as the class keyword, and you can specify other constructors within the class with init. The val keyword defines name and age as write-once properties, which automtically provide getter methods. By annotating the class with the data keyword, you add all sorts of data class goodies like equals, hashCode, toString. Simply put, using Kotlin in place of Java means less yak shaving. I’m a little more interested in Android development now.

{ 0 comments }

current side projects february 2016

tampa ios meetup buttonFor “Get Your Game On”, my recent presentation at the Tampa iOS Meetup, which I run with mobile designer extraordinaire Angela Don, I put together a “Frogger”/“Crossy Road”-style game. I’ve continued tweaking it and have got the basic game mechanics up to the point where I’m pretty pleased with how they’re working. Now comes the hard part: all the polish, which may take a while. Here’s what it looks like on the iOS simulator — it runs a lot more smoothly on an actual device:

aspirations winery

I’ve also taken the basic game code from the “Cookie Crunch” tutorial on Ray Wenderlich’s site, updated it to work with Swift 2 (it’s written for Swift 1.2, and won’t work in current Swift without some tweaking) and to make it more my own, and turned it into a game for Aspirations Winery, which I’m hoping to release soon. It won’t make me any money, but it’ll help fatten my App Store portfolio, and it’s already landed me lots of free wine:

kotlinAnd finally, on the Android front, I’ve been giving Kotlin a try. If Java drives you crazy and have wished for am open source, Swift-like language for Android development, the folks at JetBrains (the people behind the so-much-better-than-Eclipse Android Studio) have created the Kotlin programming language, and it’s so much more nicer to program in. There’s so much less “yak shaving”:

java

Kotlin 1.0 was just released, and you can get the plugin for your preferred Java/Android IDE at the Kotlin site. You can also take it out for a spin at the Try Kotlin page. Give it a try — I think you’ll like it!

{ 1 comment }

The Facebook logo, explained

by Joey deVilla on February 10, 2016

facebook logo explained

Makes sense.

{ 0 comments }

2 additional gb
It’s happening today only — Wednesday, February 10, 2016 — but if you’ve got a Google Account, they’re offering 2 GB of free additional space on your Google Drive, just for double-checking the security on your account. Who these days can’t use an additional 2 GB of online accessible-anywhere storage space and the peace of mind from an account whose security credentials are up to date?

To take advantage of this offer, point your browser to Google’s Security Checkup site (if you’re not already logged into a Google account, you’ll be asked to do so). You’ll be taken to a page where you’ll be asked to confirm three different categories of security information:

  1. Your recovery information. This is used in those hopefully-rare cases where Google detects suspicious activity on your account and wants to reach you or when you’ve forgotten your login credentials.
  2. Your connected devices. You’ll be presented with a list of devices connected to your Google account, and if you see any you don’t recognize, you can take steps to fix the problem.
  3. Your account permissions. You’ll see a list of applications, sites, and devices that have permission to access your Google account. You can disconnect any that you don’t want to let into your Google account.

I went through the process just now, and for less than half a minute’s worth of effort, I walked away with an extra 2 GB of cloud storage. Kudos to Google for incentivizing good security on online accounts. Now go, secure your Google account, and get some extra free storage!

this article also appears in the GSG blog

{ 0 comments }

rey and bb-8
iron yard logo

Tonight, as part of Tampa Bay Startup Week, Anitra and I will be helping the people from the coding school The Iron Yard Tampa Bay with their Hour of Code event! It’s an hour-long training session where kids ages 8 – 12 and teens ages 13 – 17 can get a quick, fun introduction to coding with the help of Rey and BB-8 from The Force Awakens and Princess Leia and R2-D2 from the original trilogy.

Here’s a quick video intro to what the Star Wars Hour of Code’s all about, courtesy of Star Wars: The Force Awakens’ producer Kathleen Kennedy and Rachel Rose, lead engineer for Star Wars’ animation and creature development team…

The programming interface that Hour of Code participants use is delightfully simple and fun. They drag and drop “blocks”, which represent calls to functions, to move the droid characters like BB-8 and R2-D2 around, arrange them into sequences which function as programs, and then click the “Run” button to see if their code worked.

It starts off with the simple task of moving BB-8 towards a single piece of scrap metal:

star wars code 01

Click the screenshot to see it at full size.

…but about a dozen lessons later, you’re writing considerably more complex stuff that includes concepts like variables, branches, and loops, and changing droid characters:

star wars code 02

Click the screenshot to see it at full size.

tampa bay wave

If you can make it to tonight’s Hour of Code…

The event takes place tonight at Tampa Bay WaVE, 500 East Kennedy Boulevard, Suite 300 at 6:30 p.m.

If you’d like to have your kid or teen participate in tonight’s event, go to Tampa Bay Startup Week’s event schedule and sign up for the appropriate event. You’ll need to bring a fully-charged laptop (and it’ll be a good idea to bring its power cord) or tablet with working wifi and browser in order to work on the code. It can run Windows, Mac OS, Linux, iOS, or Android — as long as it’s got a relatively recent browser and can connect wireless to the internet, it’ll work for this class.

If you can’t make it to tonight’s Hour of Code…

…you can still code your way through the galaxy by visiting Code.org’s Star Wars site!

code.org star wars

Have fun, and may The Source be with you!

{ 0 comments }

It’s Tampa Bay Startup Week 2016!

by Joey deVilla on February 8, 2016

tampa bay startup week

It’s that time of year again: Tampa Bay Startup Week! The tech/entrepreneurial event, which this year runs from today, Monday February 8th, through Friday, February 12th, is focused on bringing techies, creatives, and entrepreneurs together to bring them together, provide ideas and inspiration, and help grow the city’s self-starter business scene.

You may not think of Tampa as an entrepreneurial hotspot, but according to the 2015 report of the Kauffman Index of Startup Activity for Metropolitan Areas, the Tampa/St. Petersburg/Clearwater area’s in top 25 (ranked #20), and ranked ahead of places you’re more likely to associate with entrepreneurship, including:

  • the Chicago area (#21)
  • the Boston/Cambridge area (#22)
  • “Portlandia” (#26)
  • and even our neighbor, Orlando (#33), which people say has a more active startup scene

Chase doesn’t sponsor just any city’s Startup Week. To qualify, it’s got to meet the criteria of density, government regulations, culture, talent, and access to said talent. In Money’s 2015 roundup of the 5 best big cities, they named Tampa the best city in the southeast. It’s got great weather, an airport that punches above its weight class, low cost of living (moving here was like getting a big raise, there’s no state income tax, the median house price is $122K), and as I’ve posited before, the “Florida Man” factor is actually a blessing in disguise:

There will be all sorts of activities this week worth checking out, from presentations on technologies such as the Internet of Things, cryptocurrency, and mobile design, to business mentoring, networking, and even an opportunity to get a new headshot for your LinkedIn profile, to fun “intro to programming” events for kids, to mingling, networking, and enjoying the city’s excellent craft beer. Be sure to check out the Tampa Bay Startup Week page, follow the Tampa Bay Startup Week and organizer @thatgirlallie’s Twitter feeds, and come on down and take part!

This article also appears in The Adventures of Accordion Guy in the 21st Century.

{ 1 comment }

netflix ahole from carleton

The Canadian newspaper The Globe and Mail recently published an article on AbdelRahman Abdou, a postdoctorate student at the Carleton University’s Computer Security Lab, whose work in network measurement is focused around getting a more precise fix on a user’s precise geographic location based on physical properties of the internet rather than indirect methods like using IP addresses.

The practical use of such research, as this article’s headline suggests, is that it’s a way to counter workarounds like VPNs, that people use to access streaming video services that aren’t available in their regions or countries. What the article fails to mention is that this technology will also find willing customers in repressive regimes that like to monitor, control, and limit their citizens’ access to the internet and information.

As my friend Sean Galbraith put it, “He’s going to be very popular in some awful places.”

some people just want to watch the world burn

I’m surprised that Abdou consented to a non-anonymous interview, but it’s quite possible that he thinks he is, in the words of Silicon Valley, making the world a better place, and he may not have been in a social situation where he’s had to answer the question “So what is it that you do?”.

I’ve shown the article to my friends, and the response has been the same: it’s the line that works as a replacement caption for just about every New Yorker cartoon ever made:

christ what an asshole

{ 4 comments }