SAST 05

A few quickies for you today.

I’m betting that most of you have already seen the fuss over Juicero, but for those who missed it, the short version is that the company sells a variety of juices in bags–and a $400 machine (marked down from $700) to squeeze the juice out of the bags.

The controversy is not over “Why?” That’s quite clear: because there are enough people willing to shell out the money to buy the squeezer and the juice packets (at $5 to $8 a pop–though one hopes they don’t pop easily).

The controversy is over the fact that Juicero’s investors feel they’ve been defrauded because customers don’t need to use the squeezer to get the juice out of the bags. According to Bloomberg, hand-squeezing the bags produces almost as much juice as the squeezer, and does it faster.

Apparently, neither the investors nor Bloomberg have heard of a device called “the scissors,” which could be used to empty the bag even more quickly.

Let’s note, by the way, that the bagged juice is a perishable product, enough so that the bags can’t be shipped long distances.

My advice? Go to your local hardware store and buy a hammer. Stop at the local grocery store on the way home and pick up a box of zipper-seal baggies and a couple of pieces of your favorite fruit.

Place the fruit in a baggie and zip it closed. Pound the fruit with the hammer repeatedly. Unzip and pour.

When you finish your juice–which cost you considerably less than $400 unless you got the hammer on a military procurement contract–repeat the process, substituting Juicero’s executives and investors for the fruit.

Mmm, yummy!

Moving on.

There’s a letter to the editor in today’s SF Chronicle from one Lorraine Peters addressing the United Airlines fiasco. Ms. Peters suggests that United should have handled the matter differently. Instead of using force, she says, they should have made a loudspeaker announcement: “Attention all passengers, this flight cannot take off until the gentleman in seat (so and so) vacates it and disembarks with the other three passengers.”

I presume Ms. Peters is an investor in United Airlines.

Let’s not forget that the “gentleman in seat (so and so)” paid for that seat in the expectation that United would supply the service he paid for. Placing the blame on him when United failed to meet their obligation is disingenuous at best.

Allow me to propose an alternate loudspeaker announcement. “Attention all passengers. We fucked up and didn’t get a flight crew to the right place at the right time. The only way we can think of to fix our mistake is to kick four of you off this flight. So we’re going to sit right here at the terminal until four generous souls agree to disrupt their travel plans for the benefit of the rest of you. Complimentary drinks and meals will not be served while we wait.”

It wouldn’t have done any better by United’s reputation, but at least it has the virtue of being honest.

Moving on again.

The Bay Area Air Quality Management District (that’s the San Francisco Bay Area, for those of you in the outer provinces) has announced a regional plan to combat climate change.

Among the proposals included in the plan are such sure-to-be-popular items as “Explore vehicle tolls in high-congestion areas to discourage driving,” “Discourage installation of water-heating systems and appliances powered by fossil fuels,” “Encourage the removal of off-street parking in transit-oriented areas,” and (my personal favorite) “Start a public outreach campaign to promote climate-friendly diets.”

That first one’s interesting. I see some potential pitfalls in implementing it, of course. It’s taken months to get the local metering lights to work reliably; adding an automated payment system on top of that seems fraught with peril. Imagine the fuss the first time someone gets charged a four-figure fee to get on the freeway. More to the point, though, we had major congestion on the freeway yesterday outside of commute hours because of an accident. The metering lights at several on-ramps detected the slowdown and kicked in. If the payment plan had been in effect, would we have been charged to use the freeway while the police were examining the car that went off the road?

That last item, by the way, translates as “encourage people to eat less meat,” because meat production creates more pollution than growing and shipping plants. Maybe they should also tax “add-on” gadgets such as Juicero bag squeezers, since building and shipping them creates unnecessary pollutants. But I digress.

Needless to say, not everyone thinks the agency’s plan is a good one. According to the Chron story, the opposition–they quote a Chevron employee–is suggesting that local action is pointless because climate change is a global problem and needs a global solution.

Let’s not examine that logical fallacy too closely. Let’s just rejoice in the fact that a Chevron employee actually admitted that climate change is real and related to human activity.

Listen Up!

I love the Internet’s response to new forms of advertising.

Specifically, I’m talking about Burger King’s recent attempt to hijack TV viewers’ cell phones and Google Home devices.

In case you missed it, BK ran–and is still running–an ad that deliberately uses the “OK Google” activation phrase to trigger any gadget in earshot to start reading the Wikipedia page about their Whopper burger.

The response? The page in question was almost immediately edited to describe the burger as “cancer-causing” and to list cyanide in its ingredients.

Allegedly, a senior BK executive tried to change the page to something more complimentary, only to have his edits removed.

So, yeah, I think that’s the perfect response. Google, who apparently were not warned about the ad in advance, modified their software’s response to ignore the ad. While I’m sure many people appreciate that, it does raise a few questions.

Let’s not forget that most of Google’s billions of dollars come from advertising. Suppose BK had come to Google and said, “Hey, we want to tie a TV ad to your devices. Here’s a stack of money.” Does anyone think Google’s response would have been “Buzz off”? I’m guessing it would have been more along the lines of “How big is the stack?”

And then there’s the privacy aspect. This contretemps should serve as a reminder that “OK Google” does not use any kind of voice recognition to limit requests to the device’s owner. Nor can the phrase be changed. I’ve complained about that before: not only does it lead to multiple devices trying to respond to a single request, but it also makes it simple for outright malicious actions.

Amazon, Apple, and Microsoft are equally guilty here–Alexa, Siri, and Cortana have fixed, unchangeable triggers too.

And now, perhaps, we’re seeing why none of the manufacturers want to let users personalize their devices’ voice interaction. If we could change the trigger phrase, or limit the device to taking instructions from specific people, then the manufacturers wouldn’t be able to sell broadcast advertising like this.

If the only way you can prevent random strangers from using your phone is to turn off the voice feature, then you don’t own your phone.

Microsoft is making it harder and harder to turn Cortana off. Microsoft is also putting more and more ads in Windows. Do you sense a connection?

How long will it be before you can’t turn Siri and Google off?

And editing Wikipedia pages will only get us so far in defending ourselves.

Google was able to turn off the response to BK’s ad-spam. But they could just as easily have changed the response to read from an internally-hosted page or one housed on BK’s own servers. Either way, Internet users wouldn’t be able to touch it, at least not without opening themselves up to legal liability for hacking.

The most annoying part of this whole debacle is that now I’m craving a hamburger. I won’t be getting one at Burger King, though.

SAST 3

More short notes, not because I have a short attention span*, but because I’ve collected a few items that just don’t warrant a whole post to themselves.

* Well, no shorter than usual, anyway. Yes, the flu is mostly gone. Despite the ongoing coughs, my lungs are still inside my chest, rather than splattered across the keyboard, and my temperature has been normal for more than a week.

Last June, NASA announced the discovery of a small asteroid, 2016 HO3, which orbits the sun on a path that keeps it near the Earth. Near in astrophysical terms, that is: it never gets closer than about thirty-eight times as far away as the moon.

The animation at that link is a little deceptive. It seems to show the asteroid orbiting Earth, but if I’m reading the story correctly, that’s not really true. It’s on a separate orbit around the sun, but because it’s sometimes closer to the sun than we are and sometimes further, it appears to be circling us.

What I find most interesting about 2016 HO3, though, is that I’m starting to see tweets suggesting that it’s existence means that Earth should no longer be considered a planet.

You remember the fuss a few years ago when the IAU redefined the word “planet” and demoted Pluto to a “dwarf planet”? If you don’t, pick up a copy of How I Killed Pluto and Why It Had It Coming by Mike Brown–actually, pick up a copy even if you do remember; it’s an entertaining read–to refresh your memory.

Part of the new definition is that to be a planet, a celestial body has to “clear the neighborhood” around its orbit, meaning that in the late stages of planet formation, it should either sweep up the smaller bodies near its orbit, incorporating them into itself; capture them as satellites; or shove them into orbits away from its own.

However, such neighborhood clearance is never perfect. The presence of 2016 HO3 is not going to get Earth demoted to “dwarf planet”. Sorry, Pluto-lovers.

Moving on.

A story out of Maine has been popular with those who feel strongly about grammar and punctuation. There’s a good writeup at Quartz; briefly, a court based its ruling on the lack of an Oxford comma.

Long-time readers know I love me some Oxford comma. But, happy as I am to see the question get some judicial notice, I’m well aware that one court decision isn’t going to make any difference. The AP isn’t going to change its stance on the use of commas. Neither is Maine’s style guide for legislation. But I can–and will–dream.

And finally.

One of the proposals being considered for speeding up baseball games is to start extra innings with men on base. I was dubious when I first heard about the notion. After seeing it in “action” last night, I’m completely revolted.

Yeah, it shortened the game. In an aesthetically impoverished way that sucked all of the joy out of what should have been a thrilling conclusion to the Netherlands/Puerto Rico World Baseball Classic game.

Consider how both halves of the eleventh inning started. Runners were plopped down on first and second. The first batter laid down a sacrifice bunt. The second batter was intentionally walked–yes, that same intentional walk that MLB is killing off this year because it’s boring. That brings it down to one less-than-thrilling question: will the next batter hit into a double play, or manage a sacrifice fly.

Sure, there are other possible outcomes. Never assume the double play–the throw to first could go sailing into the seats. The batter could get a base hit, even a grand slam. He could strike out. But those are all low-probability events.

Where’s the fun in watching where the strategic choices are so constrained that neither manager could justify a different approach?

If Commissioner Manfred forces this rule change down our throats next year, as seems likely, I predict a major dropoff in attendance.

Another Failure Mode

Oh, goody! A whole ‘nother way the Internet of Things is getting security wrong.

Last month, security researcher Charles Henderson wrote about his experience trading in his car.

Briefly, both he and the dealer wiped all of his personal information out of the car–phone book, garage door opener, list of authorized devices. And yet, months later, the car still showed up in the app on his phone.

It’s not that the dealer and the manufacturer were unaware of security. Henderson makes it clear that they took the correct steps. But the focus of the team that designed and built the app and integrated it with the car’s systems was obviously on the “first owner” scenario, and not enough attention was paid to the possibility that someone might want to sell their car.

And it’s not just auto makers who have that problem. Henderson mentions another researcher who purchased a used home automation hub and found that doing a factory reset only wiped the configuration on the device itself; it didn’t touch the cloud-based configuration which included, among other things, the list of devices authorized to control the hub.

Right: even after wiping the device, the original owner would still have had access to every light bulb, every thermostat, and every door lock connected to the hub.

Still feeling cheerful about your Amazon Echo or Google Home giving you voice control over your house? After all, you’re not planning to sell that device, are you? No? Well, what if something goes wrong and you have to send it in for service? Are you certain you’re going to get the same device back? How confident are you that your original device won’t wind up being refurbished and resold?

Let’s face it: this isn’t a new problem, and we should have seen it coming. How many stories have you seen in the newspaper about someone buying a used computer and finding porn on the hard drive? Henderson notes that early smartphones lacked a way to wipe them for resale, and it was only after many well-publicized tales of people buying used phones for nefarious purposes that a wipe command was added.

Nor is there a good solution. Even if every new IoT device was designed with security as the first consideration, there are still millions of gadgets out there that have no security and no way to upgrade them to add it. In many cases, the company that made them isn’t even in business any more.

SAST 3

I seem to be fever-free, which is nice. My attention span has improved. I haven’t gotten lost in mid-sentence in almost two days!

The cough is still distracting, however. Writing is a race to get words on the page before I drape my lungs over the keyboard.

Sorry about that image. But it is the only way to accurately describe the sensation.

So, another day of short notes, as I write a bit, cough a bit, lather, rinse, repeat.

Daylight Savings Time, how I loathe thee.

It’s not the lost hour of sleep Saturday night. It’s not the next several days of disrupted sleep. It’s not even the need to reset the non-Internet-connected clocks*–or the confusion to the Backyard Bunch, who are suddenly getting their dinner an hour earlier according to their stomachs.

* The stove. The microwave. The thermostat. The answering machine. The car. Half-a-dozen wall and table clocks. Hey, I just gained two wall outlets by unplugging a clock radio instead of resetting it!

No, what really pisses me off is that I’m suddenly getting up before sunrise again. I like having daylight when I stagger upstairs to say good morning to Rufus and take my first look at e-mail. Why should I have to turn on a light for that?

Mr. Trump, if you want to boost your approval rating, do away with Daylight Savings Time. That’s something both parties and the independents can get behind.

I’ve been following “Jim’s Random Notes” for several years. It’s an interesting mix of computer, wood carving, and cycling geekery. A post last week, North Dakota Mexican Food, amused the heck out of me.

You’ve played the game where one person recreates a drawing based on somebody’s description of the original, right? An NDMF is the culinary equivalent: someone describes a dish, and someone else thinks “Hey, that sounds interesting. Let me see what I can do.”

Is there anyone out there who doesn’t have a NDMF experience? I can think of three right off the top of my head:

  • The Mexican restaurant that thought fajitas were a stew.
  • The diner whose barbeque sauce was red-eye gravy with a couple of chili flakes.
  • The Mexican restaurant that served Saltine crackers instead of chips.

Maybe the Internet will make the NDMF less common. But really, it’s never been particularly hard to find a cookbook…

Moving on.

Google and Apple have been in the news around here lately over their new campuses. Most of the press has been positive, but I’ve noticed they’re both taking a ding in the letter columns because neither company has included housing in their developments.

Excuse me? Yeah, OK, finding housing in the Bay Area can suck. You don’t have to tell me horror stories about extended commutes, thanks; I’ve got plenty of my own.

But do we really want to return to the days of the company town, where your boss owns the factory, the house you live in, the store you shop at, the air you breathe, the booze you drink, and everything else?

Aside from anything else, if the company owns your apartment, it’s a five minute walk from your office, and they own the phone you’re required to carry, are you ever going to get any down time? Or are you going to be unofficially (or officially!) on call twenty-four/seven/three-sixty-five?

I think it would have been wonderful if Apple and Google had included some subsidized affordable housing for non-employees in their construction. Didn’t happen, but would have been great. But captive housing for employees? Bad idea.

Moving on.

Let’s wrap this up with a positive note. I write a lot–a hell of a lot, actually–about useless gadgets full of security holes and loaded with disappointment.

So it’s a real pleasure to write about a gadget that looks like it does exactly what it’s designed to do without putting your money and privacy at risk.

Take a look at the Fidget Cube.

Pretty slick, huh? Everybody fidgets differently, and the Fidget Cube is designed to offer fidgeting options for anyone.

I’ve carried a fingering stone in my pocket for decades. I’ll turn it around in my hand or rub the smooth side with my thumb when I’m on a phone call. Much less distracting than fiddling with the phone cord and quieter than tapping my pen on the desk.

The Fidget Cube’s got me covered with a smooth curve for rubbing on one side. A trackball for spinning. A joystick for sliding.

And several other goodies that I might never use, but somebody else will find addictive. Click-wheels. Toggle switches. Push-buttons. Spinners.

And it looks to be solid enough to stand up to a pocket full of keys, nail clippers, and thumb drives.

Would it replace my rock? Maybe not; it’s hard to top the appeal of a natural object shaped by wind and water. But who says it needs to replace the rock? Why not try some two-handed fidgeting?

YARBI

That’s “Yet Another Really Bad Idea”. Arguably the worst one yet.

If you agreed with me that the electronic license plate was a bad idea, wait’ll you get a load of this one.

According to a story in The Atlantic last December, the Air Force is planning to make “a missile for the modern age”. In other words, a missile with a network connection.

The Air Force Scientific Advisory Board will be conducting a study this year on how to make it happen. Not if they should make it happen, but how.

If you don’t see why this is a bad idea, take a look at Eric Schlosser’s recent piece in The New Yorker.

My trepidations have nothing to do with who’s in charge of the military or who’s running the Department of Energy. They’re all about the path technology has taken in recent years. The first step has been to provide the network capability. Then comes the ability for “learning”. Security, if it comes at all, is a distant last.

Do we really want our missiles to talk to each other and the early warning systems and make their own decisions about whether the US is under attack? Look how well that sort of capability has worked out for “smart” thermostats that learn when you change the settings and begin to anticipate your needs. Or smoke detectors. Remember the Nest smoke detectors that all started screaming when one of the set had a false alarm–and none of the could be be shut off?

Even if the missiles remain “dumb” and the network connectivity is only used to transmit maintenance and self-test data, how long is it going to be before someone decides that security testing is unnecessary because the devices will only be connected to a private military network, or an even more restricted local-to-the-base network?

Even if we ignore the possibility of an unauthorized connection to the Internet being set up in the name of “convenience”, let’s not forget about all of the research that’s been done by the NSA and other “interested parties” on remotely accessing computers that aren’t networked at all. There’s not such thing as an unreachable computer these days if someone is willing to devote time and money to reaching it.

So someone reaches the missile through that network connection. What can they do? It’s only for maintenance, right? Are you confident that there’s no connection between the monitoring and maintenance hardware and the command and control system? I’m not. What’s the point of monitoring the missile remotely if you can’t test the functionality of the launch system?

I can’t argue against the need to update the technology behind the nuclear arsenal. There’s a limit to how much you can do to interface modern systems with 1970s technology. BART is having increasing difficulty expanding opening new stations and increasing capacity because they can’t hook up modern trains to the ancient computer systems, and I’m sure the Air Force has similar concerns about the Minuteman system.

But updating the off-missile systems does not require updating the missiles themselves. Keep them offline and make damn sure that humans stay in control of the decision loop.

Three Quickies

Another entry into our catalog of clues that decline of civilization is at hand.

No, wait, come back! I promise it’s got nothing to do with politics.

In addition to being one of the half-dozen people who still reads a printed newspaper, I’m also one of the three who still reads Usenet. (I know you all remember newspapers; please tell me you remember Usenet. Oh, all right: TFoAHK–or you can just think of it as a blog without posts, just comments.)

So, of course, in bringing my Windows tablet up to speed, I had to find a newsreader. Amazingly enough, there is is one in the Microsoft App Store. Yes, there are plenty of pre-Windows 8/10 programs out there, but about half of them are intended for downloading dirty pictures and pirated TV shows, and two-thirds of them have user interfaces that work fine with a mouse, but suck with a finger. So I wanted a UWP app if there was one.

I started reading the reviews, as I do, and then I found this gem:
26-1

Oh, FFS‽ A lousy two bucks for something that you literally can’t get any other way, and you think so strongly that the developer should just give it to you that you give it a one star rating?

The level of entitlement this showed had me so flabbergasted that I bought the app without even taking the time to see if it suits my needs. And I’m going to abuse my lofty position as the Guardian of Civilization to encourage every one of you who has a Windows 8 or newer computer to click that link above and buy NewsgroupsRT. I don’t care if you have no idea what Usenet is all about, just give $1.99 to Mr. Schaffernak. Think of it as a contribution to staving off the Decline of Civilization.

And another item for the collection.

Last weekend, I went to Sizzler for dinner. (Yeah, I have some low tastes. Wanna make something of it?) It is possible to eat healthily at Sizzler, but that’s not really the point. And I wasn’t planning to be particularly healthy on this visit. I had been thinking about a hunk of cow, but then I saw this on the menu:
26-2

It took a couple of seconds to sink in. (A hint for my readers in the UK: what you call “chips,” we call “fries”.)

My first reaction was that this was an item for the WQTS file. Obviously, the copy had been written by someone unfamiliar with fish and chips, and somehow bypassed the copy editor.

But no. This is by design. I know this because when I placed my order, the young woman at the register asked–completely straight-faced–“Would you like fries with that?”

I confess that my brain crashed. She took in the vacant look on my face as I struggled to reboot, and in a slightly defensive tone said “Some people want to substitute a baked potato or rice.”

I rigidly suppressed the fifteen minute rant about how, without fries, it’s not “fish and chips” and managed to mutter “Fries, please.”

But the more I think about this mess, the more it bothers both my QA and writer sides. Declaring “fish without chips” to be “fish and chips” is an orwellian devaluation of the language. Can we assume that their 8oz sirloin is actually eight ounces? How sure are we that it’s actually sirloin?

Bottom line: If Sizzler is going to put rice and baked potato on the same level as fries/chips, then they shouldn’t call the dish “fish & chips”. “Beer Battered Fish with choice of sides” is perfectly serviceable and accurately descriptive, and it doesn’t actively increase the public’s levels of doubt and uncertainty.

Civilization as we know it: doomed.

Maybe.

This might be a bit a bit of bread and circuses, but I’d prefer to think of it as a sign that there might be a little hope for civilization.

Remember when you could get toys and other prizes in your cereal box? That hasn’t been the case for quite a while*, but the mail-in prize hung around rather longer.

* I blame AOL. After finding a shrink-wrapped AOL disc in your shredded wheat, would you really want to risk eating that cereal again?

For those of you who are too young to remember, the idea was that you would collect a certain number of box tops, proving that you had bought (I won’t say “eaten”) enough of a particular cereal to justify a reward. You then mailed the box tops along with a couple of bucks for “shipping and handling” to the cereal manufacturer, and six-to-eight weeks later, a Postal Packin’ Person would bring your prize.

Of course, the prizes cost the manufacturers a tiny fraction of the profit they made on your cereal purchase, and the offer always included those dreaded words “While Supplies Last”.

But you know what?

Modern technology has made it so darn simple and inexpensive to produce cheap gimcracks that it’s completely revolutionized the concept of the mail-in cereal prize.

Consider: In August, I saw that Kellogg’s was offering a “Free Lantern” in a promotional tie-in with Disney’s release of Finding Dory. Actually, the offer started running in March, but I didn’t notice it until August.

Since I’m a sucker for “free” if it doesn’t inconvenience me too much, and since the necessary purchase involved cereals that I eat anyway, I decided to get me one.

So, four boxes of cereal later, on September 23, I went to Kellogg’s website and typed in four sixteen character codes. Nothing to clip, nothing to mail, and no “shipping and handling”.

The site informed me that “The promotion has been extremely popular and we’re currently awaiting stock of additional lanterns”. Right. It’s gotten so cheap to make toys, that they made more instead of invoking “while supplies last”. Imagine!

Apparently they were seriously backlogged. The site said to allow 12 weeks for delivery. This past Tuesday, guess what showed up on my doorstep? Yup. It took more than 17 weeks–really backlogged–but I got my cheap prize.

And you know what? It’s not nearly as cheap as I expected. It’s plastic, yes, but it feels solid. And it came with batteries installed. All I had to do was–well, let Kellogg’s show you:

So, yeah. A large company promised me something, and they actually exceeded my expectations in fulfilling that promise.

If that’s not a sign of civilization, I don’t know what is.

MS’ Tablet Experience

Last week, I introduced “Tim,” a tablet running Windows 10. I’d like to talk about him more.

Specifically, I wanted to talk about a couple of areas where Microsoft’s concept of what we might call the “tablet experience” falls short.

Apple, Google, and Amazon have promoted the tablet as an “always on, always ready for you” device. Pick it up, unlock it, and you’re right back where you were when you last set it down. Even more, until recently all three didn’t require you to set a password in the initial setup. Even now, you’re not required to set any kind of lock, although you may have to dig a little to figure out how to go passwordless.

But Microsoft has gone in a different direction. Because the initial setup is identical to setting up a desktop system, you must set a password. Not a PIN, not a gesture. A password. Using an on-screen keyboard.

Once you complete the initial setup, you can add a PIN or a gesture*, but it’s an addition, not a replacement, and Windows will occasionally require the password instead of your preferred alternative.

* Microsoft has given us the “Picture password,” in which you draw on top of a picture you select. There’s an interesting, and very readable, article about the security of the technology at Sophos, but the gist is that they’re arguably more secure than a four digit PIN, but less secure than a six digit PIN or an Android-style gesture unlock. From a strictly practical perspective, I have to wonder how well a picture password set up in portrait mode will work in landscape mode or visa versa.

If you’re willing to accept the security risk, you can also set your device to log you in without a password and to not require a password to unlock. But a tablet is certainly more accessible to potential evildoers than a desktop system, and possibly more so than a laptop. That might tip the decision against auto-login. But even if you choose to take the risk, Windows will still occasionally request your PIN or password when you turn on the tablet.

I think that’s a bug. It’s too random for me to think Microsoft has designed Windows that way–it’ll sometimes go for days without requiring the PIN, then demand it on three successive unlocks–and frequently one of those three will ask for the password instead of the PIN. But whether it’s a bug or a feature, it still betrays a desktop-oriented focus: entering a password isn’t particularly onerous on a physical keyboard, so falling back to the more secure option regardless of the user’s preference isn’t a big deal.

And that, right there, is where Microsoft’s version of the tablet experience runs head-on into user expectations: in Windows 10, Microsoft has given us a much more “father knows best” design than ever before. Consider how upgrades are installed.

As I said earlier, users are conditioned to expect their tablets to give them an “always on” experience. When Google and Apple release updates, the user is in charge of installing them. Don’t want to go from iOS 15.6.1 to 15.6.2? Don’t install it. Don’t want the August Android patches? Don’t install ’em. But if you don’t want next Tuesday’s Windows updates, you’re out of luck. You may be able to delay installing them for a couple of days, but Windows will give them to you eventually. It’ll try to do the installation at a time when you’re not using the machine, but that’s not guaranteed*. Amazon also forces updates, but there’s a critical difference between Android and Windows.

* You can set a range of times during which Windows won’t install updates, but the range can’t be any longer than twelve hours. OK for desktops, where, even with the expansion of work hours you’re probably not sitting there for much more than twelve or thirteen hours at a stretch. Less good for laptops, where you’re likely to bring work home. Not good at all for tablets where you might pick it up for a couple of minutes almost any time.

Android was designed with the preservation of state in mind. Reboot your phone or tablet, and you’ll not only find the same apps running, but in most cases they’ll be in the same place: a web browser will be displaying the same page, for example. (iOS behaves similarly, though to my mind, not as thoroughly.) And Amazon’s Fire OS inherits that state preservation from Android.

Windows doesn’t worry about state; the onus is on individual developers to save state in their own software. Reboot and none of your programs are running. Launch them manually, and, unless the programmer has implemented state preservation on their own, you’re at a default screen.

So consider the experience: you pick up your Windows tablet to, say, check what time a movie is showing. In the worst case, you’re greeted with “Windows is preparing to install updates.” You wait while the updates are installed–a process that can take fifteen or twenty minutes, or more if it’s a Windows version upgrade–and then get your login screen. Enter your password and wait for the programs that run at login to load. Launch your browser and check the movie time–you did bookmark the theater’s page, so you don’t have to type the URL again, right? By the time you get through all of that, it’s probably too late to make the show.

To be clear, this isn’t a wrong design. But it prioritizes security over user expectations, and subordinates the user’s desires to Microsoft’s vision of how people will use their computer.

That may be acceptable in a desktop or laptop–as is so often the case, Your Mileage May Vary–but it’s not going to fly in the tablet space. Unless Microsoft loosens up a little and gives tablet users the always on experience the form factor demands, they’re never going to be more than a tiny niche player in that space.

New Toy

Will anyone out there be surprised to hear that I have a new gadget? I didn’t think so.

What you might not have expected is that it’s not an Android or iOS device; it’s a Windows tablet. Not a Surface. Microsoft is positioning those as more of a laptop with a detached keyboard, or at most, a two-in-one.

This is an honest-to-gosh tablet running Windows 10. To be precise, it’s a “NuVision TM800W610L*”.

* Quite a mouthful, that, and a real loser when it comes to advertising. Who’s going to walk into a store and say “Lemme see one a them TM800W610L tablet thingies”? It’s not much fun to type, either. For the sake of my fingers, I’ll call it “Tim”.

When they’re available–and it’s currently not in stock at the Microsoft Store–they normally sell for $149, but shortly before Christmas, Microsoft dropped that to $59. At that price, I couldn’t resist the chance to see what the Windows tablet experience is like.

To be blunt, the reviews of the first generation of Windows tablets were lousy. The hardware was generally underpowered and they were further crippled by being saddled with Windows 8. But Tim’s specs are more or less in line with low-end computers, and Windows 10 is much more usable than Windows 8.

Tim did not have the Windows 10 Anniversary edition installed when he arrived. So the first order of business after connecting him to the Wi-Fi was to wait through several Windows updates. That was the first stumbling point: Tim’s hard drive is only 32GB. By the time all of the updates were installed, he was down to a mere 1.5GB of free space. If you didn’t know, when major Windows updates are installed, the old version is kept around in case there are problems and you need to revert. Windows noticed the lack of space and helpfully suggested deleting the backup. I gave it the go-ahead, and wound up with a much more usable 10GB of free space.

Of course, after installing some software–Microsoft Office, LibreOffice, Firefox, a couple of games, an ebook reader,…–I’m back down to about 7GB. It’s tight. I picked up an SD card for my data files, and that smoothed out the experience significantly.

By default, Tim will run in Windows 10’s “Tablet Mode”. That means you get the Start Screen instead of the traditional desktop/start menu interface, and all programs will be forced to run maximized. It’s a sensible approach, mirroring the iOS and Android “one app at a time” UI, but there’s a bit of a catch.

I’m going to have to digress a little here.

It’s a truism bordering on cliché (and I won’t address which side of the border it’s on) that the current generation of phones and tablets have as much computing power as a desktop computer from [insert date here, chosen to make your rhetorical point]. But part of the reason so many people feel compelled to make that point over and over is that because the portable gadgets use different UIs than desktops, we don’t really feel how powerful they are.

Holding Tim–0.6 pounds of computer–and seeing that familiar Windows interface on an eight inch screen, without a keyboard or mouse around, the truth hits you like a crowbar to the kneecaps. “This is a computer. Not a toy, not a single-purpose gadget, but a full-fledged computer.”

Which brings us back to that catch: it’s a computer. Running Windows. On an Intel CPU. That means you can install any of the zillions of Windows programs that have been written since, oh, 1995 or so. To some extent, that’s a good thing. The Windows App Store has a very limited selection of software compared to the Apple and Google stores. But the downside is that not all programs written before “programs” became “apps” play nicely with Tablet Mode.

Some don’t like running full-screen, and you wind up with a tiny window floating in the middle of a vast expanse of blank pixels. Some don’t recognize when they’re in the background and constantly demand attention with pop-ups.

The problem is compounded by NuVision’s decision to design the tablet with portrait mode in mind. Note the pictures in the link at the top of the post–they’re all vertically-oriented. The cameras are on one of the short edges. And the controls are on one of the long edges, where they’re most convenient when holding Tim with the cameras at the top.

Programs written with desktop–or laptop–computers in mind are designed on the assumption that the screen will be wider than it is tall. Maximizing them in portrait mode can make for an unusably skinny interface, with menus half-hidden behind “More” buttons and dialog boxes too wide to fit on the screen.

There’s also the matter of scaling.

NuVision has equipped Tim with an excellent 1200×1920 pixel screen. Squeezed into eight inches, that makes for very tiny pixels, which in turn makes for nigh-microscopic text and controls.

Microsoft’s solution–and, to be fair, it’s the same solution everyone else uses–is to combine multiple pixels into one, thus zooming in on the display. That makes text readable and buttons tappable, but it comes at the price of lowering the effective resolution.

By default, Tim comes set to display UI elements at 200%. That’s great for visibility, but in portrait mode it means the screen is effectively only 600 pixels wide. When was the last time you visited a website that was usable on a 600 pixel screen? No, mobile-optimized sites don’t count. Servers see Tim as a desktop computer and serve up the desktop site, not the mobile version. Nor is the problem limited to the web. Even the oldest of Windows programs assume a screen width of at least 640 pixels. Remember the days when a VGA 640×480 screen was awesome? I do–but it ain’t so spectacular nowadays.

Dial back the magnification to 150%. That makes the functional width 900 pixels, which is much more usable, but still large enough to read. (Your mileage may vary, of course.)

That’s a lot of negatives.

But honestly, now that I’ve used Tim for a month and gotten used to his quirks, I like him much more than I expected I would. I’ve been using him as my fulltime ebook reader, and it’s a pleasure to be able to open a book in an ebook editor and fix a broken tag that turns three paragraphs into italics.

I love being able to carry my current project along in my pocket, open it in the same program I’m using at home–not a web app, not a stripped down “mobile version,” but the very same software–and make changes while I wait. Sure, I could almost do that with a laptop, but none of my jackets have a pocket large enough for my laptop.

I wouldn’t want to write a novel on Tim, or even a short story. But the onscreen keyboard is good enough for adding a paragraph when I’ve got ten minutes, and with an external keyboard, I probably could manage a whole chapter in an emergency.

I’m not going to recommend everyone get a Windows tablet instead of an iPad or Samsung/Nexus/Whoever Android tablet. The current state of the art makes it a niche choice. But it’s a damn sight better than it used to be, and that niche is getting larger.

Another Really Bad Idea

Monday’s Chron had a story documenting one of the worst ideas I’ve ever seen.

It’s a profile of a company called Reviver and their “rPlate” product, which, they say “modernizes and reinvents the license plate for the 21st century.”

What’s wrong with the license plate that it needs modernization and reinvention? There seem to be three major problems: renewing your auto registration is expensive and time-consuming, license plates are boring, and they can’t be monetized.

Let’s take those in order, shall we?

The rPlate could potentially store a credit card number and use it to renew the registration “at the push of a button”. Is registration really that much of a problem? How long does it take you? When I get the bill once a year, I pay it online, and when the new sticker shows up, I put them on the plate. I doubt it takes more than fifteen minutes of my time. Yeah, there’s also the time spent on getting the smog check, but automating the renewal process won’t change that.

But let’s say Reviver is correct, and those fifteen minutes are an insupportable burden. Letting the plate pay the bill and update it’s image of the sticker would, of course, require the plate to have some kind of a network connection via Wi-Fi or cellular. I presume Reviver is sufficiently security-conscious to put that button inside the car, not on the plate where anybody walking through a parking lot could push it. But really, does anyone think their security is good enough to keep your credit card information safe? We’ve already seen cameras, TVs, and light bulbs hijacked and used in DDOS attacks. How optimistic are you that your license plate wouldn’t be misused the same way?

And don’t forget that there would need to be a software update at the DMV to accept those automated registrations and send back the instruction to update the tag. Just what we all need: another avenue for attackers to break into the DMV’s database. Think for a moment about how much information the DMV has on you. It’s not just your vehicles, after all. Organ donor status. Voting registration. Medical information.

Plates are boring. Yeah, they are, but so what? If you don’t like the standard plate, support a worthy cause by getting a special design, or pay a little extra for a personalized plate. But that, in Reviver’s opinion, is so 20th century.

When your car isn’t moving, the rPlate can show “Amber alerts and weather warnings, as well as custom messages from the driver…along with images”. Why not? It’s got that Internet connection, so why not make use of it? I don’t know about you, but when I’m sitting at a red light, I really don’t want the drivers behind me and in the next lane over looking at my license plate; I want them watching the road.

And how much control can, or will, Reviver exercise over those custom messages? “Go [sports team]” is relatively harmless, but what about “Kill [political figure]”? Presumably they’d include a filter for offensive words, but who gets to decide what words are on that list? How many Internet filters block access to gay rights organizations and breast cancer survivors’ groups? And it’s much harder to filter images. I suspect the first hardcore porn pictures will show up within twelve hours of the plates going on sale.

There’s also the chance (somewhere between 99% and 100%) that someone will figure out how to hack the plates via that Internet connection to put their own pictures and messages on tens of thousands of plates. Think those ads people leave on your windshield are annoying? Wait until they start hijacking your license plate to hype their hair and nail salons, DJ performances, and political candidates.

But that Internet connection is really the heart of the whole plan. No matter how bad an idea the automated renewal and message display options may be, they’re not going away, because they’re the excuse to include that designed-in vulnerability. Why? Reviver is quite upfront that they plan to sell advertising.

I’m sure they have the loftiest of intentions to control the content of the ads to avoid offensive content, but even companies with long experience in advertising don’t always get that right.

I’m also sure that the states will appreciate their cut of the ad revenue–and the ability to use that Internet connection to track where your car has been. Who needs license plate cameras and red light cameras when your car will cheerfully offer a time-stamped report of every mile you drive?

And I’m quite sure that we’re not going to get a kickback of any of the ad money–we may even pay an annual subscription fee for the use of the plates (on top of the cost of registration; what was that about saving money?)–for the privilege of being a mobile billboard and being tracked far more precisely than ever before.