Internet Safety – a moving target

When you visit a webpage, you might think of its address, like www.cnn.com. That address isn’t really an Internet address though. It’s a domain name — a friendly and memorable shortcut for an Internet Protocol (IP) address. That kind of address is made up of four groups of numbers, called octets. CNN’s actual address (today) is 151.101.1.67. That’s what your browser really goes to.

The mechanism the browser uses to look up the number from the shortcut is called DNS, or Domain Name System. One of the most resilient and important parts of the Internet, DNS is often provided by your Internet service, whose own servers sync with other DNS servers around the world, providing a distributed system of record — a phone book, if you’d like, for instant address look-ups.

Importantly, DNS is first provided by your computer (or mobile device) that forwards DNS requests from the browser, to your router or modem, which forwards the request to your Internet provider, etc… If you don’t like your Internet provider’s answers (or the speed with which they answer), you can choose a different DNS provider by making a configuration change downstream (eg: on your router, or on your computer.)

This “chain of trust” allows organizations to filter the Internet within the network they provide internally. If an organization doesn’t want its members to visit a website (like pornography) they can insert DNS records locally that prevent the request from actually finding that website.

This is also the basis of many parental controls systems. They keep a list of addresses kids probably shouldn’t go to, and all you have to do is configure your local environment to use the parental controls DNS server, rather than a public unfiltered one. This chain, and the ability for administrators to control the chain, is a part of how the Internet was designed: the browser asks the computer, the computer asks the router, the router asks the network provider, the network provider asks the rest of the Internet.

Last year, Mozilla (makers of the FireFox browser) decided to experiment with breaking that chain of trust. Instead of the browser asking the PC (and so on), they decided maybe the browser could go around the chain, and just ask someone that Mozilla decided to trust. They claim this makes people safer, since they can encrypt that request, using a non-standard approach called DNS over HTTPS (DoH). The effect is that intentionally crafted trust chains will be broken. Fine as an experiment, but this month they decided this behavior would be the default for all FireFox users. If you don’t know how to work around it, your parental controls are effectively disabled.

And working around it is possible — but not easy. Because this is not a standard, or even an accepted RFC (the process by which the Internet is evolved through review and consensus), Mozilla gets to impose arbitrary hoops you have to jump through to disable it. The easier they are for you to implement, the easier they are for someone to defeat.

And Mozilla isn’t the only browser maker messing with trust on the Internet. I’ve written before about Google’s attempts to re-make the ‘Net in their own image.

So, how can you filter the Internet at home while bigger groups than you and me are hard at work funneling all traffic through bastardized versions of the Internet where they can monetize your queries? As of late 2019, here’s what still works — and my best guess about how long it will continue to work…

Circle with Disney – another 1-2 years
Circle is a device that you put on your WiFi network that filters actual traffic. Below DNS is the actual routing of data from a website to a device. This path is managed via ARP (Address Resolution Protocol) tables, which tell your router how to get traffic to a given device. Circle needs to know which devices on your network belong to a child (which is a bit of a pain to setup), then it can stop traffic that’s not appropriate.

Unfortunately, Circle is abandoning the one-time purchase device, in favor of a device+service model that will cost you more. If you can still find them, the original Circle is less than $100, and really works well. It also lets you set time limits and curfews from a reasonably friendly app on your phone.

PiHole + OpenDNS – 3-5 years
PiHole is a tiny service that runs on a Raspberry Pi. In total it’ll cost you about $50 to set this up on your network. Once the Pi is built and running, you can install PiHole in a couple seconds, and tell it to use OpenDNS as your upstream DNS provider (instead of your Internet provider.) Then tell your router to use the Pi as a DNS server — your own chain of trust. You can then use the OpenDNS website to determine what kinds of web pages should be allowed within your home network.

It sounds complicated, but its really not too hard, and because its actively being developed, they’ve been able to stay on top of changes, like Mozilla just made. As of today, they’ve implemented one of the work-arounds for DoH, that tells the browser not to trust any other DNS provider. Eventually Google is going to realise there’s an untapped data source here, and move to eliminate competition from parents who want to protect their kids. But for the near future, this works well.

Mobile Device Parental Controls – constantly changing
The best phones for parental controls are iPhones… personal preference aside. The Screen Time feature lets you set a PIN and access control for many things on the device. Unfortunately, you need regular physical access to configure and change these settings, which appear and disappear through different OS versions. This obviously requires parents to keep a certain amount of hands-on with their kids devices.

Apple has an app called Apple Configurator that allows you to setup a number of Supervision controls over the device remotely — but they’ve intentionally limited that capability so only organizations (schools or businesses) can use it. They actually research you to determine if you should be allowed to Supervise users before you can use the feature with kid’s devices — presumably they’re monetizing this somehow, because there’s no reason this shouldn’t be free to everyone.

Amazon has a number of features for parental control and monitoring on their tablet devices (yours truly was responsible for some of them), but with each version of their OS, they make those harder to find and use.

Our kids don’t have their own phones…yet. We have one “kid phone” that they can check out if they’re going to an event where we’re not with them — but its locked down tight. Still, their friends all have phones, and the pressure is on. Soon enough, I guess I’ll be trying out some parental control apps, to see what works best outside the home. Any suggestions?

Machines Who Think

The practical birth of A.I. dates back to the 1950s, when Frank Rosenblatt developed the Perceptron algorithm. Interestingly, while it was initially conceived as software for the IBM 704 computer, the “productized” implementation was a hardware solution called the Mark 1 Perceptron. Even back then, the best experience was a complete one: hardware and software combined for a specific task; in this case, image classification. A version of that algorithm is still around today – in fact, Shelby uses a Multi-Layer Perceptron for its chat interface.

The point is, there are a countable number of steps, over relatively recent history, in the field of machine learning. Most of what is in-use today is derived from what we knew yesterday. If you narrow that field to manufacturing, the milestones are even more sparse. If you narrow it again to algorithmic learning that runs within the operation, Sherlock is virtually peerless. The release of this product is a markedly significant point in the history of artificially intelligence…

The above is an excerpt from the email I sent my team upon completion of our latest 1.0. I included it because I didn’t think I could write anything better to mark this spot in time. I’ve introduced you to Shelby in the past, and while Shelby observes an operation, its newest sibling, Sherlock, actually learns from it.

I didn’t invent Sherlock (nor was I the only inventor on Shelby!) – in this case, the product is deeply indebted to the research and development of folks much, much smarter than me. But I did lead the effort to productize it, and I’m proud that I got a part in bringing it to life. Launching a 1.0 product in manufacturing is act of sheer willpower; once again, I got lucky to have a small core team of people who believed in an idea enough to pour some of themselves into it with me.

This release was step two in a 3-step strategy I helped put together almost 4 years ago: Device -> System -> Enterprise — our plan to make sense of the data in a manufacturing environment in an automatic fashion. I signed up for step 1, committed to step 2 after-the-fact because of the great partnership, and watched someone else make a total mess of step 3.

Most of the people who worked on that strategy with me have given up, or moved on (although one of them recently came back!) and the leadership that originally endorsed it lost focus, or position, or faith… it’s been a long and bruising haul getting to this point — and often a lonely one.

As proud as I am of what we’ve built, I am also very, very tired…

Stop buying new smart phones!

Apple kicked off 2019 by announcing that iPhone sales are down — way down. Their letter to investors largely laid the blame on China (and indirectly, on the trade war with China) but more astute observers noticed some sub-text: people just aren’t buying the new iPhones they way Cupertino is used to.

Shocking, no? $1000 cell phones that are largely unchanged from last years model aren’t flying off the shelves?

When I was growing up, the effects of Moore’s Law were hard at work. I sold computers in college, and the joke customers would make as they walked out the door was “this thing will be obsolete by the time I get it home, won’t it?” At the time, they weren’t far from wrong. Just look at this chart that I stole from someone on the Internet — CPU speeds were literally doubling every year.

Thanks, random Internet person:
https://smoothspan.com/2007/09/06/a-picture-of-the-multicore-crisis/

Then something happened: the point of diminishing returns. Just off this chart is our current home computer, a 2011 iMac. Its had a RAM upgrade and a newer OS installed, but 8 years later, that machine still does everything the kids need it to. And its not just the kids — I’m a professional software developer, and I’m typing this on a rebuilt 2008 MacBook Pro. Why? Because there’s no reason to upgrade. None.

Smart phones had their own curve, that arguably really ramped up starting in 2007 (I couldn’t find a chart to steal.) Like PCs in the 80s, there was a rapid evolution of features, capabilities, form factors and speeds, but their point of diminishing returns hit around 2015: Apple’s peak was the iPhone 6s. After that, they literally began removing features, and focusing more on cosmetics than capabilities (the camera being an exception with a slightly offset maturity curve.)

Of course, the drooling public was a little slower to catch on. Apple got 4 more years of grinding semi-annual upgrades out of the masses, but now even that group is catching on. Its not just China, Americans are having trouble justifying paying a grand every year or two for something not materially different than what’s already in their pocket.

This decline forces companies to look for new revenue models — because the “next big thing” hasn’t emerged yet (hint: its not going to be Virtual Reality). And that’s where you and me, and our personal data, comes into play. If you won’t give them money directly, you can be monetized indirectly — through harvesting of your data.

So, what are you going to do about it? I’ve written before about how the Internet could still be good — if we’d all stop behaving like sheep, and acted more like responsible human beings. You can similarly turn the spy you invite into your bedroom back into a reasonable useful tool:

Don’t buy a new one. If your battery sucks, replace it — even at Apple’s full price of $79, that’s a lot less than $1000 for a new phone. And if your phone breaks entirely, buy a refurb. You’ll love having a headphone jack again, and you won’t need all new charging cables!
Tame your phone: turn off notifications and location services unless you really need them. A Pebble or a Fitbit are a nice way to get critical notifications without needing to be tempted by the rest of your phone — keep it in your pocket.
Leave it behind: there’s a trend toward companion phones (my parents call them “beach phones” — but they live on a tropical island) that I really like. Its hard to be completely out of touch, but you can get a “dumb” phone and swap out your SIM when you don’t need constant access to email or Instagram.
Turn it off at night: “I use it as my alarm clock” is a dumb excuse for having a hot microphone and a radio next to your head all night: you can pick up an alarm clock at Walmart for $8 and you’ll sleep better.
Don’t use native apps if you don’t need them: when possible, use the website instead of the app — they get a lot less out of you that way.
Don’t buy one for your pre-teen. Today I learned that children at my kids school aren’t allowed to run on the playground at recess — but they are allowed to have a cell phone. If this isn’t a generational crisis unfolding before our eyes, I have no idea what is.

I’m going to end this with an anecdote, for those who think I’m being alarmist: I worked for a large online retailer with a consumer electronics division, back when Facebook was still a powerful and popular Internet service. We wanted a native Facebook app for our devices, and Facebook couldn’t be bothered supporting us (even though we could have re-used 99% of their existing Android app with only minor modifications.) When we went to the negotiation table to try to change their minds, do you know what they offered? Give us your customer’s buying data, and we’ll give you an app. Not content to know about all your relationships, conversations, photos and travels, what Facebook wanted most from us is to know everything you were buying too. (To its credit, the big retailer told Facebook to pound sand.)

Big tech companies don’t value you as a person, and they don’t make hot new gadgets out of altruism. They build these things to extract revenue from you. No one loves gadgets as much as I do, but be aware that each of these toys and services you add to your lifestyle has a dark side — if you don’t control them, they will control you.

Game and Watch

These are a few of my favorite things from 2018. Abandoned tech is a treasure trove of ideas, both good and bad, and always makes you wonder how the world would be different if a given technology battle had gone another away. Take, for example, this little phone: the Palm Pre3 (by HP.) Although HP had big plans for the platform when they bought the ailing Palm company, a change in leadership resulted in a sudden death for the technology dubbed webOS.

More than just a name, webOS provided a Linux-based environment where both front-end, and back-end (service) apps were written in web technology (namely, Javascript.) On the user-facing side, the first Javascript framework was called Mojo, and supported the phones, followed by Enyo, with support for the short-lived TouchPad tablets (and later phones.) On the service side, an early version of NodeJS provided Javascript for lower-level platform coding. This is interesting to me, because my own Shelby product has a similar architecture — although its backed by Windows instead of Linux.

Its arguable whether webOS had the right combination to make it in the Apple vs. Google smart phone war, but we’ll never know, because shortly after they launched the TouchPad, HP chickened out. In its short life, developers produced some brilliant apps for webOS, delivering them onto a friendly form factor that tucked away a real keyboard behind a smooth, svelt and totally pocketable phone. The whole thing is truly delightful, and a blast to write code for. Had HP stuck with it, would we have the surveillance state we have now? Or would someone have offered us an alternative to the penetrating and oppressive spying platforms we line up to buy now?

Another delightful also-ran is the Pebble smart watch. Launched as a Kickstarter, Pebble was arguably there first. Using a battery-sipping eInk display, the Pebble could run for a week on a charge, count laps while you swim, thanks to its water-proof design, and get apps and notifications from any smart watch.

Later versions improved the design and added color, but kept compatibility with the add-ons and watch faces that a vibrant developer community created for it. Long before the Apple Watch provided a luxury status symbol for your wrist, the premium Pebble Steel lent both tech cred and good looks to the wearer.

Pebble was bought by FitBit, the distant second-place winner in the smart watch race, who, like the other purchaser in this post, summarily killed it off in a quick strategy change. Although HP did the classy thing and open-sourced much of webOS (then sold the rest to LG, who uses it in Smart TVs), FitBit went even further, and pledged a period of active support to the Pebble developer community as they took-over the Pebble services.

Re-launched as Rebble, most of the Pebble capabilities are up-and-running again, on community-run servers, and watch faces and apps can once-again be loaded onto your wrist. The Pebble Time remains an in-demand and highly capable smart watch, for a fraction the price of an Apple Watch.

This year, I wrote a trio of apps for this kit, with help from the communities that still back them. Stopwatch was my starter app for webOS, followed by Night Moves, which makes the phone fit your life (instead of the other way around), and finally I modernized an old app called mWatch, re-structuring and re-designing it as My Watch, to connect a Pebble watch to a webOS phone.

Early next year, Microsoft will block connections using TLS 1.1, in the name of security. This effectively cuts off a generation of still-useful devices from getting email from their servers. Much of the web is going the same way — ostensibly to protect us, but really to lock us in to a combined ecosystem of vendors that need to know what their users are doing at all times. This New Year’s Eve, I think I’ll raise a toast to all those hackers still keeping alive the idealized version of the Internet we once all dreamt about…

Plex on Raspberry PI with a FAT32 USB Drive

We’ve been storing our music in the Amazon Cloud for years, but recently they announced that they’d be dumping it (in favor of selling us music we already own through their subscription service). This is a bummer, because one of the best features of the Amazon Echo is saying “Alexa play Beach Boys” and having it just work.

Fortunately, a $30 Pi can fill this new gap. Installing Plex on my Pi was easy, and once I linked my Plex account with the Alexa skill, voice commands work great — although with a slight delay. The hardest part was getting Plex to see the contents of my media drive — a FAT32 USB disk for maximum compatibility. Here’s how I got it to work:

sudo addgroup pi plex
sudo addgroup plex pi
sudo chmod -R 777 /media
sudo chmod a=rwx /media/pi
sudo chown plex:plex /media/pi
sudo service plexmediaserver restart

Note that although the set-up instructions say to switch Plex to run under the pi account, I found it only worked if I left Plex running under its own account.

I Dream of Pi

Rapsberry Pi is a tiny computer on a board that uses fairly modern technology, and costs about $35 (or less!) It has nearly infinite use, many of which I’ve been interested to play with — but just haven’t had the time.
I found the time recently, though, when I came across a project to use the Pi as a bridge between an old game console and a modern network. Its not just limited to game consoles though. In the early days of these interwebs, we used to have to dial-in a service provider using a phone line, and this crude device that turned computer messages into screeching sounds — and then back again. We called this thing a “mo-dem” (modulator-demodulator), and it opened up the world to us… very, very slowly.
If I had a hobby (and really who has time for hobbies) it would be computer history. I’m fascinated by old computers, and the innovation, engineering and passion that they represent. On every printed circuit board, burnt ROM chip, and floppy disc full of bytes, is the mark of some team somewhere that helped change our culture, inspired new ideas, and created a platform for my generation to invent and create upon. Sometimes in a very literal way — inside every old Macintosh you can find the signature of the team members who flew a pirate flag and turned a computer into something that anyone could use.
Anyway, the Pi is 30 years of innovation, shrunk down into a board that fits in your hand, and runs any software you can dream up. A guy in England took an old hack for getting the Sega Dreamcast online, and jammed it onto the Pi. And thanks to this whole Internet thing, I got to work with him and help make it into something that anyone can use. Its not the first time I’ve gotten involved in a project that existed only in cyberspace — I did US testing and QA for the eSID, another clever hack from an ex-Saab engineer in Sweden. But on this occasion, I was able to help with debugging code a little, which I rarely get to do anymore.

Dubbed the DreamPi (Dreamcast + Raspberry Pi), you plug in a USB modem, and hack a 9v battery onto a phone line. The Dreamcast (or any old device) thinks its dialing a ISP from yesteryear, while the Pi pretends to answer a call, negotiate the connection, and accept imaginary account credentials. Then it serves your modern home network up to the Dreamcast as fast as the old modem will drink it up. After a little troubleshooting and a bit more Internet fakery to shield the Dreamcast from long-dead servers and web technology it can’t possibly understand, a sizable catalog of formerly deceased online games — from the first console to really take the Internet seriously — is now back online.
Ben and I have been getting pretty good at soldering, and we bundle up all the pieces and sell them on eBay. All the instructions and software are freely available online, but for people not comfortable with Python and a soldering iron, a ready-to-use kit can be had for a fairly reasonable price. We don’t really make any money on them — after I give Ben and eBay their cut, I basically break-even. But there’s satisfaction in extending the life of technology beyond what it was expected to do.

Yahoo Screen on FireTV

Its pretty rough, but if you’re craving some Community, it is possible to install Yahoo! Screen on your FireTV. This quick run through is for reference, and assumes you’ve got standard Android Developer SDK on your PC or Mac, and have enabled the Developer capabilities on your FireTV.
You’ll also need the Google Play Services (but not the store) which you’ll sideload, to get rid of some (but not all) annoying dialogs while using Screen. This YouTube video, which shows a similar process for Fire Phone (but over-complicates it significantly!) has a link to the necessary Google APKs.
Finally, you’ll need to get the Yahoo! Screen APK off the Google Play store on another device, then extract it for sideloading. There are lots of tutorials for this, so I won’t repeat them.
Once you’ve got all the necessary bits, here are the adb commands (the order is important):
adb connect <IPAddressOfFireTV> adb install <GoogleAccountManager>.apk adb install <GooglePlayServices>.apk adb install <GoogleServicesFramework>.apk adb install <YahooScreen>.apk
On your FireTV, go to Settings > Applications > Manage Installed Applications.
Scroll until you find Screen, and launch it (it won’t show up in the normal FireTV App launcher — use Llama to fix that.)
Now that its launched, you have an input method problem. Yahoo Screen (as of this writing) was not made for TVs (or, apparently for Accessibility) so you have to connect a USB mouse to your FireTV (yes, it works just fine!) Alternatively, you can use adb to fake screen taps from the command line on your computer.
The mouse is easiest, but if you prefer the command line approach, this website has some good input instructions, but a quick example:
adb shell input touchscreen tap "200" "200"
This will tap the top left tile in the Yahoo Screen grid and start the video. Change the second number to “400” to get the next tile down, change the first number to “800” to get the next tile over, etc…
When you start a video, tou’ll get a warning about Google Play services not being supported, but you can use your FireTV remote to hit OK and the video will start. The back button on your FireTV remote will work, as will Home, but the video control buttons will not.
Hopefully Yahoo will update their app for other form factors and control mechanisms soon — when they do update the app, of course, you’ll have to re-install it.

All the best, Steve

When I was 15, I wrote my first really useful program. I’d written lots of cute little distractions, and followed tutorials to write code that made computers do neat things — my first when I was 11, I think. But during a 10th grade Computer Science class, when the assignment was to write a program that drew 4 different shapes on the screen, I decided to instead write a MacPaint clone. Using Turing. And not even Turing OOP, just crude old procedural code.
Of course I was no Bill Atkinson (nowhere close!) and my teacher, permanently frustrated with my lack of focus, actually failed me on the assignment. But it was pretty functional, and I was proud of it. So I e-mailed it to a guy I knew of, working at this computer company called NeXT, and told him I was going to come work for him some day: stevejobs@next.com
This was years after he’d been ousted from Apple, and while NeXT’s technology was amazing, and hugely impactful behind-the-scenes in the technology world — NeXT workstations running in labs and at universities — they were never the press darling that Apple was. Still, I was very pleased when he replied:
“I’ll be keeping my eye out for you.
Steve”
These days, Steve’s one-liner replies to apparently randomly selected e-mails he receives, of which I’m sure there are thousands daily, are still exciting enough to make most of the gadget sites and geek blogs. For a 15-year old kid, failing computer science because I couldn’t “follow instruction” it was the encouragement I needed to keep going.
When Steve Jobs came back to Apple as the “interim CEO“, bringing NeXT’s revolutionary operating system with him, and charging the brilliant designer Jonathan Ive to differentiate Apple’s sea of samey products in a marketplace full of beige and boring, he re-sparked the imagination of an industry. What he’s done since: from the iMac, to the iPod to the iPhone, delighted all of us, but surprised none who’d used the original Mac. We reasonably expect Steve to shake things up. It is his demanding, sometimes tactless, but visionary genius that shaped his company — and helped shape the industry.
I won’t pretend to be emotional about a man I don’t really know resigning from a company I don’t work for — unlike some of the press. But I will acknowledge that this is the end of an era. When Bill Gates resigned from Microsoft, the industry lost a brilliant thinker, engineer and businessman. As Steve winds down his presence at Apple, the industry is losing a brilliant creator, leader and artist.
I’m a little disappointed that I was too young to end up working for either of them — having missed Bill by a few years at Microsoft, and having followed a path not likely to end in Cupertino (save for that one night I crashed the bar where Apple employees hang out, Windows Mobile phone in tow!) But I’m proud to have the opportunity to occasionally stand in the shadows these titans still cast.