The Refined Geek

We often forget that the idea of a personal computer is an extremely modern one, considering how ingrained in our lives they have become. Indeed the first personal computers appeared around 40 years ago and it took decades for them to become a fixture as common as the television in modern households. The last 2 decades have seen an explosion in the adoption rate of personal computers growing at double digit rates nearly every year. Still even though today’s personal computers are leaps and bounds above their predecessors in terms of functionality they still share the common keyboard, monitor and mouse configuration that’s been present for decades despite many attempts to reinvent them.

There does however seem to be a market for curated computing devices that, whilst lacking the power of their bigger brethren, are capable of performing a subset of their tasks. I first began to notice this trend way back when I was still working in retail as many customer’s requirements for a PC rarely amounted to more than “email, web surfing and writing a few documents”. Even back then (2000~2006) even the most rudimentary of the PC line I had to sell would cover this off quite aptly and more often than not I’d send them home with the cheapest PC available, leaving the computing beasts to gather dust in the corner. To me it seemed that unless you were doing photo/video editing or gaming you could buy a PC that would last the better part of 5 years before having to think about upgrading, and even then only because it would be so cheap to do so.

The trend towards such devices began about 4 years ago with the creation of the netbook class of personal computing devices. Whilst still retaining much of the functionality of their ancestors netbooks opted for a small form factor and low specifications in order to keep costs down. I, like many geeks of the time, saw them as nothing more than a distraction as they filled a need that didn’t exist failing to remember the lessons I had learned many years before. The netbook form factor proved to be a wild success with many people replacing their PCs in favor of the smaller platform. They were however still fully fledged PCs.

Then along came Apple with their vision of creating yet another niche and filling it with their product. I am of course talking about the iPad which has enjoyed wild success and created the very niche that Apple dreamed of creating. Like with netbooks I struggled with the idea that there could be a place in my home for yet another computing device since I could already do whatever I wanted. However just like the netbooks before them I finally came around to the idea of having a tablet in my house and that got me thinking, maybe the curated experience is all most people need.

Perhaps the PC is better off as an appliance, at least for most people.

For the everyman their requirements for a computing device outside the workplace don’t usually extend past the typical “email, web and document editing” holy trinity. Tablets, whilst being far from an ideal platform to do all those tasks aptly (well, in my opinion anyway) they’re good enough to replace a PC for most people outright. Indeed the other Steve behind Apple, Mr Wozniak, has said that tablets are PCs for everyone else:

“The tablet is not necessarily for the people in this room,” Wozniak told the audience of enterprise storage engineers. “It’s for the normal people in the world,” Wozniak said.

“I think Steve Jobs had that intention from the day we started Apple, but it was just hard to get there, because we had to go through a lot of steps where you connected to things, and (eventually) computers grew up to where they could do … normal consumer appliance things,” Wozniak said.

If you consider the PC as a household appliance then the tablet form factor starts to make a lot of sense. Sure it can’t do everything but it can do a good chunk of those tasks very well and the barrier to using them is a whole lot lower than that of a fully fledged PC. Plus unlike a desktop or laptop they don’t seem out of place when used in a social situation or simply lying around on the coffee table. Tablets really do seem to be a good device for the large majority of people who’s computing needs barely stress today’s incredibly powerful PCs.

Does that mean tablets should replace PCs outright? Hell no, there’s still many tasks that are far more aptly done on PC and the features that make a tablet convenient (small size, curated experience) are also its most limiting factors. Indeed the power of tablets is built on the foundations that the PC has laid before it with many tablets still relying on their PC brethren to provide certain capabilities. I think regular users will gravitate more towards the tablet platform but it will still be a long time before the good old keyboard, monitor and mouse are gone.

Now I don’t consider myself to be some uber-programmer, more like your garden variety enthusiast who knows how to work his way through a Google search to find what he’s after. Still I’m often amazed to find those who call themselves programmers (and even more worrying, convince others to pay them) falling for things that really should be obvious to anyone with half a brain about them. Sure I’m not immune to making some serious logic errors or just plain WTFery but something as fundamental as not sending your users’ passwords across the Internet in such a way that anyone with freely available packet capture software or even a Firefox plugin can read them is one of those things that really should go without saying. Traditionally this is done by encrypting the connection between you and the user using SSL so that anyone listening in just sees garbage and not your user’s password.

Securing a web connection between a user and your server, in the Microsoft world at least, doesn’t take too much configuration to get it working. For my pet project it was little more than adding a line of code at the top of the API implementation, installing a SSL certificate on my server and creating a client access policy file to enable cross domain communication. All in all I went from an API that sent everything in clear text to a fully secured API in a little under 2 hours with a good half of that being spent googling and sussing out which SSL provider I was going to go with. Still it seems that nearly every month I hear of at least one big start-up or long running service that fails to implement encryption for their login details, potentially endangering their users.

The first such company that I heard about was Foursquare, a popular geo-social networking application. Now I had been using that application for quite some time before I heard about them not encrypting anything so you can imagine how I felt when I found out they had let that little detail slip their minds for well over a year. Sure they were quick to fix it but who knows it would have gone unfixed had no one said anything about it. Their close rival Gowalla also neglected to implement any sort of secure communications for almost 3 years, making me wonder how something like that could go unnoticed for so long.

It doesn’t just stop there either. Last month saw not one but two companies being outed as passing login information around in clear text. The first was Napster (yeah even I’m surprised they’re still around) who not only has no encryption on their login forms but also sends users their login credentials when trying to get them to renew. Then just 2 weeks later it was revealed that the recent hit photo sharing app Instagram was also spreading information over the web that it shouldn’t be. To Instagram’s credit they were quick on getting a fix out, but it still seems like a fundamental error to make when you’re sending sensitive data over the Internet.

For all the vitriol that I’m launching at these companies I can understand the mindset that leads up to this kind of mistake happening. For the longest time I developed everything without SSL as it made debugging the whole application that much easier. Even with Fiddler’s SSL decrypting feature it still doesn’t seem to work quite right when cracking open encrypted communications so the solution of just turning SSL off works much better. Then when it comes time to deploy not only is your app not configured to use SSL all your API calls are made to the unsecured endpoint. If you follow good coding practices the latter shouldn’t be too hard to fix (your API URL should be a global variable) but getting the web server to serve out a SSL connection can take a bit of wrangling to get done, especially if you don’t control the web server yourself. So you deploy the code and hope that no one notices as at least 5 companies have gotten away with such things for years at a time.

Security is one of those things that’s always the lowest priority until something happens that forces your hand. It’s one of the most laborious aspects of developing a system as it’s usually not very interesting and only serves to increase the amount of work you have to do. Still it is so fundamental to get these things right from the get go that it still shocks me how many multi-developer companies manage to let things like that slip through the cracks. Perhaps it’s just my system administrator background that’s made security such a primary focus for me but really it should be one of the prime considerations for anyone looking to build a system with users on the Internet.