One ring to rule them all?

 Despite the Lord of the Rings title, this post is actually about the dilemma that Apple (at least) is in when it comes to phone upgrades. Bear with me, it'll tie together I promise.

On one side, we have phone manufacturers who want to make it as easy as possible to migrate to a new phone. Having customers wait hours, or (gasp) carry out complicated steps isn't going to cut it. So, focusing on Apple a second, we have the ability to transfer to a new phone from an old, either directly or via an iCloud backup. Sounds like smooth sailing, right? At the end of the transfer, Apple even guides you to fully reseting your old phone ready for it's next life - perhaps being recycled back to Apple so the circle of life can continue. Not so fast though.

Various other parties aren't keen on the idea of having Apple rule everything, so they put friction in place to make their part of the world safer. Let's go through it :

Some eSIMs require a text message two-factor authentication to be sent (bet you're glad you didn't accept Apples offer to erase that old phone immediately after transfer now!) to ensure the move is legitimate.

Bluetooth migration may be simple for Apple devices (even the Apple Watch which will get a super special mention later), but if you've a connected car/house/water bottle/smart ring or something else not directly under Apple's control, be prepared to go pairing like there's no tomorrow.

Some banking apps want to be super secure, and either require you to bless the new phone from the old, or some other verification dance to make sure your money is safe.

Password managers (like Bitwarden) or secure messaging apps (like Signal) also need explicit steps to migrate across, from signing in through to manual transfer of end to end encrypted messages.

Authenticators. like Authy or Microsoft Authenticator, similarly are too 'powerful' to trust Apple's migration, so you need to sign in again there.

So - the tension is clearly there, where Apple is doing quite a bit of work behind the scenes, and would like to have the one ring to rule them all (I told you we'd get there) the other characters in this drama are not willing to cede that much control, for (on the surface of it) pretty sound reasons. Certainly reasons that each companies risk management team understands. But that friction means setting up a new phone isn't easy - it takes time. And woe betide you if you have a non-standard setup. What does that mean? Well, Apple (currently, weirdly, fortunately) supports the ability to have apps installed from two different AppleIds at the same time. Think one AppleID from one country that geofences its apps, another from your main country. But the migration is tied to an AppleID so what happens? What happens is you fall between the cracks, with apps from the secondary AppleID in a 'unable to install, but kind of here' state.

The only way round this is to re-build the new phone from scratch, signing in with the foreign AppleID first, installing the necessary Apps (once installed, Apple will update them without further fuss), then signing out and signing in to the main AppleID.

And then installing and setting up everything from scratch.

Every eSIM.

Every Bluetooth device.

Every banking app, every email account, every messaging app, every authenticator app, every password manager etc etc.

Oh, and the sync process with iCloud has no progress indicator, so don't even think about setting up that Apple Watch for a day or two, otherwise the multi-gigabytes of Health data (seriously Apple, what the hell is in there?) won't be fully in place, and your Apple Watch won't have any data to restore.

It's so painful and time consuming that I'm not doing it again.

So, Apple could fix things to make life easier, but ultimately there's a limit what they can do whilst lawyers and risk management people at other companies say "it's not secure enough, we need to be different". And who knows, given the pace of innovation in the mobile phone space is slowing, maybe the added friction is a good thing. For us, not for Apple though.

What's in a name?

 The following provides some information on a security vulnerability in id.me, an identity solution that has broad adoption in the USA, including integration with the Social Security Administration and other local and national government agencies.

First, a brief primer on names and email addresses.  RFC 5321 defines the Simple Mail Transport Protocol (SMTP) upon which email is based. Many enhancements and additions have been made around SMTP, most notably around spam protection. However the core aspects of an email address definition and how email is sent and received are unchanged. An email address is of the form recipient@domain, where recipient is a defined series of characters, and the domain is a registered domain. A server processing email on the domain decides on eventual delivery, and provision of a 'display name'. Let's have a few examples:

• "Michael Smith <mikesmith@gmail.com>" would refer to a display name of "Michael Smith" and a recipient of "mikesmith" on the domain gmail.com.

However, even though we know Mike is short for Michael, there's no requirement for the display name to match the recipient.

• "Michael Smith <immaterialscience@gmail.com>" would refer to a display name of "Michael Smith" and a recipient of "immaterialscience" on the domain gmail.com

OK, so that's fairly clear that there's no relationship, but what about this?

• "Albert Einstein <vonneumann@gmail.com>" would refer to a display name of "Albert Einstein" and a recipient of vonneumann on the domain gmail.com

Whilst this would be frowned upon from an etiquette perspective, there's nothing to prevent it from happening, because, again, there's no relationship.

Let's throw one more spanner in the works, with a specific particularity of Gmail.  Dots (periods) do not matter in gmail addresses. That is, the following email addresses are the same (taken from the Google support article example) :

• "John Smith <john.smith@gmail.com>"
• "Jack Smith <jo.hn.sm.ith@gmail.com>"
• "Robert Jones <j.o.h.n.s.m.i.t.h@gmail.com>"

(Side note : this can be exceptionally problematic where punctuation changes meaning, such as for therapist@gmail.com).

With that set up, let's proceed to id.me.

The first issue is that id. me doesn't verify email address ownership. That is, an individual can use an email address not belonging to them to establish an id.me account, and id.me doesn't check. Contrast this to many well behaved services that will send an email to the address entered and require the user to click on a link or enter a code contained in the message, to confirm ownership. id.me doesn't do this.

Next we'll combine this issue with the Gmail 'dot' peculiarity, to get the following :

Individual A signs up for id.me using "Individual A <noperiod@gmail.com>" as the email address for registration.

Individual B who owns "Individual B <no.period@gmail.com>" receives emails for this user.

Individual B can successfully reset the account for A (via email) and fully access Individual A's account.

Two additional vulnerabilities in id.me's design come to light if Individual B is a good actor and contacts id.me to attempt to correct their errors. Id.me will not allow account deletion without upload of documents (such as a drivers license) to prove identity. So, individual B, who didn't create the account but has access to it, has no way to delete the account without uploading their PII. Finally, id.me relies on security through obscurity in that they won't disclose the 'authoritative sources' that they check the upload id against.

Introducing "Quanta" to create a more balanced and valuable media ecosystem

The underlying economics for much of the web is driven by advertising. People generate data through interactions, publishers chase engagement for revenue, advertising platforms generate 100’s of billions of dollars in profit each year. I have been collaborating with Loren Kohnfelder on a number of projects, and in this area we believe that the consequences of this model have profoundly transformed web content and the way it is consumed, sacrificing civility, quality and independence for outrage, quantity and centralization. Let's consider a few different perspectives :

1. For people, engagement is mostly centered around social networking platforms (Facebook, Instagram, Tiktok, Twitter (or now "X"), Reddit etc) with a typical pattern being to locate content off-site (often from news or entertainment sites), reference and then ‘discuss’ onsite. The push to video (through Tiktok, Instagram Reels, Google showing YouTube video results with high priority) are all a reflection of a consumption culture, with video not only showing a longer time of engagement, but also enabling valuable video ads. All the social networking platforms mentioned above are all ad-based, and so are motivated to generate engagement, measured by key metrics such as on-site time and content interaction (likes, shares, retweets, subscribes etc).
2. In order for publishers to generate revenue (some subscriptions, but mostly ad based), they are driven to controversy (which drives engagement) and SEO optimization (so that they can appear above other similar content in searches and get picked by the social Algorithm). This even devolves into content copying - a publisher with better SEO optimization can steal content from elsewhere and pass it off as its own, generating more ad revenue. This is particularly rife on Youtube, where the perpetrators will even file DMCA take-downs against the original content producer.
3. To not risk losing eyeballs, social media platforms generally have a ‘feed’ model of some sort - a news feed or other infinite scroll list of unrelated content. This context-switch heavy model allows for new, small bursts of dopamine to be released by people as they ‘consume’ the content, the net effect being to have a thoughtless consumption of time, and discouragement of deep thinking., but it's also tiring and discourages deep thinking. Studies show that such doomscrolling is detrimental to mental health and focus, though having no content consistency or theme is actually a feature, and following/connecting with people (who contain multitudes) further supports this context switching world.
4. Since controversy generates more revenue than civility, all advertising platforms have to solve for the user-generated-content problem, surfing the line between what is legal & acceptable in any given jurisdiction and what creates outrage. Good outrage corresponds to impressions, bad outrage leads to advertisers distancing themselves. Whilst there is some reputational risk, and some sites seek to advocate for their communities, the advertising that underwrites the platforms means that content moderation is ultimately for the advertisers's sensibilities.

In summary then, we live an a world of centralized discussion, with constantly shifting focus, all with opportunity for enraged engagement to drive controversy, as it is a proven model for all parties to maximize ad revenue (along with conflict and divisiveness). Ultimately this is a focus on quantity of engagement and impressions, not on the quality of discussion and betterment of people. One further characteristic of this centralized model is that the publishers, who spend time and money to produce the content referred to in the first place, are removed from the discussion beyond the reference to the original article, because news site comments can't compete with social. Sadly, studies show that nearly 60% of people will interact with content without even clicking through.

To solve these inequities and unhealthy dynamics, we asked ourselves the question "What happens if a post isn't just a post? What happens if a post could be both a post, and an in-situ comment to the original article? This is a system we call "Quanta" and here's what it is and how it works.

Rather than continue the pattern of having social networks steal the conversation from publishers, we allow publishers to pull from a social network to host the relevant conversation in-situ, as a side-bar to the main article. Publishers have tried to create comment sections, mostly unsuccessfully, since the audience is poorly qualified/filtered and required per site registration. In Quanta, the audience is brought from the social network, and comments from the relevant audience (filtered by my network as well as using criteria that the publisher can introduce) are shown along side the article - even along side relevant parts of the article.

To explain how Quanta works, let's consider the following example:

Imagine a new article on The New York Times. Today, after a short period of time, the URL will be posted on social media with comments from readers. The conversation (retweets, replies etc) will all occur on the respective social media platforms.

In Quanta, a user would ‘post’ to Mastodon, or any ActvityPub based Fediverse app, quoting the URL, and Quanta would then index and organize such referring posts. In one implementation, the publisher would include comment blocks, and specify constraints/thresholds for the comments to be shown (reflecting popularity and editorial guidelines). The comment blocks would be rendered HTML (similar to how an ad slot is populated), and would be ‘passive’ in the sense of links (to favorite, repost etc) wouldn’t activate in-situ, but would (due to Same Origin Policy) send the user to the right point on the social instance. In another, more interesting, implementation, the browser could form a more opinionated view of content rendering and, with an appropriate social handle logged into the browser, render the comments in a pane next to the article.

In short, viewing the original page produces the current set of useful comments relating to the URL. All comments displayed are contextually relevant, and additionally provide a useful tool for user discovery.

A few interesting consequences of Quanta :

1. The publisher is now getting many more page views, because that's where the conversation about the page can be readily viewed. This increase in page views will increase the ad revenue the publishers can generate. Note - we don't consider a broader question about advertising being good or bad. We just want to shift revenue, discourse and attention to those that generate the content, away from the social networks that steal that attention.
2. The 'conversation' is now all in context. It's not about a newsfeed and context switching, but instead the conversation is focused on the topic the publisher has written about.
3. The duration of the conversation is longer. Doomscrolling a social media feed means that many users are just surfing that last few hours of content that's new to them. On Quanta, the published document and comments (and replies to comments) are all at the same URL, waiting for the next view. Referring to the same document days, months or years later will still have the conversation in place. We believe this will drive greater accountability of the poster and also create further re-engagement for the publisher(*).
4. Finally, we believe Quanta will provide a great follower discovery feature. All too often on social networks an interesting comment will be amplified, and in the moment the user has to make the decision "should I follow this person?" with little information (or a detour to research). In Quanta, the context is immediate, and publishers can choose to promote comments from known experts, making their work more broadly available. 

Quanta can be implemented as a Quanta server plus a browser extension. As a server, Quanta is an extension of Mastodon, as we believe the index of posts by URL should be distributed so that Quanta itself doesn't because another large centralized system that needs advertising or subscription to succeed. We also note that this seems directionally to be aligned with how Mastodon sees news integration as being important to the platform, as shown by the recently launched Mastodon byline feature.

Quanta has been shared as a concept with key browser vendors, and we firmly believe browser integration will provide the best experience.

 

Full Self Driving Fallacy (aka, ultimately it's a user problem)

 Tesla made the earliest stunning promises of Fully Self Driving cars back in 2016 and you can read a good history of full self driving and Tesla Autopilot on the Wikipedia page.

Technology predictions are notoriously hard, but I'm going to make the case here that whilst fully autonomous (often called level 5) may be possible, the Tesla execution of incrementally adding greater autonomy whilst requiring driver presence and overall responsibility (essentially vehicle autonomy levels 1 through 4) is going to fail. It will fail not for a technical reason, but for a human and social one.

Consider the following incremental 'improvements' to driving automation (I've used bullets rather than numbers so it's not confused with the defined autonomous driving levels)

• Traffic-Aware Cruise-Control (allows you to set a desired speed but will match with slower vehicles if they’re obstructing)
• Autosteer (which adds the ability for the car to track within lanes)
• Navigate on Autopilot (which was introduced in the context of highway driving, getting you from on-ramp to off-ramp, crucially being able to change lanes when the driver indicates).
• Auto Lane Change (adding the ability to automatically change lanes on highways rather than requiring driver assistance).
• Full Self-Driving (start to end destination auto driving by the car, with success measured in the fewest number of driver interactions).

There's also some 'point' features like Summon and AutoPark which I'm not going to discuss here. Tesla have some nuances in how these capabilities have changed over time, in particular in relation to the degree to which driver attention is measured. From requiring sensors in the steering wheel to ensure hands are present (easily circumvented) to cameras tracking eyes, Tesla has recognized that in any level of autonomy under level 5, having the driver intervene is important, and therefore they want to be sure the driver is attentive.

Let's just go down the list above and consider what degree of driver attention is needed.

• For Traffic-Aware Cruise-Control, the driver is actively steering and having to maintain an awareness of the surrounding road, nearby vehicle proximity etc. The driver is also able to pay less attention to their right foot and the pressure it's applying, with speed being kept constant and long freeway driving as well as some stop-go traffic becoming much less tiring.
• With Autosteer added, the driver is still actively engaged in the driving process, but freed from the immediacy of lane-drift and car following range. The driver has to plan - e.g. should I overtake when my exit is coming up in 2 miles, should I pull out now to overtake, or will the faster moving vehicle behind me have overtaken by the time I reach that point. My assessment would be that driving like this is a nice balance of the car doing the drudge work of ongoing micro-adjustments of lane placement left/right and speed placement in relation to vehicles in the same lange, whilst the driver thinks more strategically.
• Adding Auto Lane Change in theory means slightly more strategic thinking on behalf of the driver (“Do I feel like a rest stop is a good idea in a few miles, or should I wait another 20?”), but the relative speeds of vehicles, tracking of different kinds of vehicles and speed differentials for overtaking means that the car will invariably not behave as a driver would, e.g.
• I better speed up a little to get past this truck as it’s doing 63 and I’m set for 65, but there’s a bunch of faster moving cars a mile back that will be stacked behind my long overtake.
• I better track a little over to the left here as that truck is wide and cutting closer to me than I would like on this curve.
• I'm going to track a little more to the right to avoid that pothole. 
• I’m just going to hold back here for a few minutes to let that red mustang I can see way back there get by me, as I don’t want to be involved in any craziness.

What this leads to is a mismatch between the work that the car is doing vs what the driver is doing. That is - the driver is now having to plan for what they expect their car to do in addition to those around them.

• Full Self-Driving now takes over the lion's share of the driving work, but, crucially, requires the driver to be monitoring everything and able to take over at a moments notice if the car deems an unsafe situation has occurred, or (conversely) if the driver feels that the car is about to perform an unsafe maneuver. The driver’s role has transitioned from being fully engaged, but supported, in the driving process, to one where they are a spectator until they need to fully take over in a challenging situation that the car can’t handle.
  

My point of stepping through this is essentially to make the argument that once you reach a certain point of driver replacement through automation, only 100% accurate self driving is good enough at that point, since requiring driver re-engagement to troubleshoot in milliseconds is a recipe for disaster.  This seems to be borne out by some of the accident data that is coming out of NHTSA. To save you a click to the article, here's the summary :

"This analysis, conducted before Recall 23V838, indicated that drivers involved in the crashes were not sufficiently engaged in the driving task and that the warnings provided by Autopilot when Autosteer was engaged did not adequately ensure that drivers maintained their attention on the driving task. The drivers were involved in crashes while using Autopilot despite fulfilling Tesla’s pre-recall driver engagement monitoring criteria. Crashes with no or late evasive action attempted by the driver were found across all Tesla hardware versions and crash circumstances."

Unfortunately, if the metrics you measure are safe passenger miles driven by Full Self Driving, the data will lead you astray, as you will have an awful lot of miles well driven by auto-pilot, and a large number of accidents ‘caused’ by drivers after they take over.

So, my contention is that anything under full autonomous level 5 driving is going to skew to this unfortunate requirement of requiring full user attention at precisely a time when the autonomous driving is failing, all the time whilst the semi-autonomy has removed full user attention. Full autonomous level 5 driving may be feasible, since designing for the system to do everything without enabling intervention and will necessarily mean availability in known tested scenarios. There are an awful lot of 'edge' cases with level 5 that will need to be ironed out.

It's not about Ted Lasso

 Dear Jason, Brendan and Joe,

I forgive you.

With the debate and (sometimes harsh) discourse about how Season 3 of "Ted Lasso" ended, I think much of the message behind Ted's outlook has been lost. From Season 1's forgiveness of Rebecca, through Season 2's struggles with his own past, Ted and the show in general has always lifted us up with the aim of humans being able to be better to each other and to ourselves.

I know many of those fans disappointed at the ending in the season finale have dwelled on Ted and Rebecca not being romantically linked. For a show with the premise of "What if Nora Ephron wrote a sports film?" and many allusions to the soulmates and baggage that fit together that Ted and Rebecca show, it would be a reasonable expectation to see that outcome. "Ted Lasso" has often defied our expectations though, so I'm not here to be part of the Tedbecca clan. A different memory of Nora Ephron's legacy may be less in the romantic comedy of "Sleepless in Seattle" and it's ilk, and more in how words can separate or draw people together. "Psychic" and "Bully" can bring two people out of their inner worlds, just as "Thank you" can just be enough to let each other go. Beyond a romantic ending, I did just have higher hopes of happiness for our leads, but hey, sometimes it is the hope that kills you, right?

I forgive you, Jason, for leaving us at the end of Season 3 with Ted back in Kansas, with Henry (for sure), but away from the family he built - from his (at least platonic) soulmate Rebecca, his best friend Willis, and the 'sons' who look up to him.  I know on a personal level your own life has some mirrors to Ted's in working abroad with your children thousands of miles away. Ted's story hit somewhat harder for me, in that in my own life, much of my children's lives growing up was spent in another country, whilst I did what work I could that would enable me to see them as often as I could. So I forgive you, Jason, for having Ted finally in Kansas with his son, even though everyone else important to him is thousands of miles away. I hope you can forgive those of us who wanted Ted and Rebecca to have to all, in return.

The problem with splitting your life between two places is that, just as with a Kintsugi bowl, the presence of the golden fissures are always visible, no matter the beauty that is present. I know the strain of carrying a critical success whilst spending time away from those you love must have been hard, but then it's also not easy having your other life move on, whilst you focus and spend time with your children.

I believe that the many unanswered questions, from Ted's own romantic happiness, to Richmond's future, are 'good' unknowns with which to tie up this part of the story. Whether you're paving the way for a Season 4 or not, I believe in you. I just hope you remember to be kind to yourselves, and if this writing serves in someway to remind others that it was never about Ted, then I believe I will have served some use.

Moving to Mastodon

 Just to say that I’ve moved off Twitter and on to Mastodon. You can find me there as tall@mastodon.social

An Arc

The current debacle about Google introducing itss Google slanted Search Plus Your World (SPYW, presumably pronounced "Spew") is just one more step Google takes along it's arc.

What's 'the arc', you ask?

It comes from a discussion I had with Charles Fitzgerald a while back, observing that certain successful tech companies follow an arc. It's a little richer than a timeline of newness & excitement through to jaded boredom. It goes something like this.

• Found company based on a great idea and great execution.
• As important, be lucky enough to be in the right place, at the right time, with the right backing & connections, to take off quickly.
• Exploit an economic trend (some dramatically reducing price curve) and get products to a receptive audience.
• Grow (as a company - # people) rapidly - introducing interesting management expansion problems (how do we scale? who do we hire? how do we retain our 'culture'
• Make a ton of money and become successful
• Keep on doing 'the right thing' for customers.
• Make a few enemies
• Make more money and get a lot of customers.
• Become dominant in a market - expand into other markets, and make more enemies. Still mostly doing the right thing for customers.
• Be threatened by a new trend that may be disruptive
• Re-engineering your entire business to focus on the disruption, and in doing so not recognize that you just screwed your customers.
• Leverage an existing dominant product position to gain traction against the disruption.
• Government involvement and scrutiny
• Competitors cry foul
• Lawyers

In the above scenario you can insert Microsoft (Windows/Office + "Internet Tidal Wave" + Internet Explorer) or Google (Search + "Everything is Social" + SPYW).

Interestingly Google's arc is half the time period of Microsofts. I'm assuming Facebook's will be half the time period of Google's.

Perhaps we should just rename this "Fitzgerald's law" and see if it sticks?