• About ▾

I’m : a programmer, writer, podcaster, geek, and coffee enthusiast.

I may have spoken too soon about TextMate 2

Another theory on the “FBI” UDID leak

Bojan Gajic of Flux Ads sent me an interesting email, and gave me permission to share this here.

His UDID was among those in the “FBI leak” the other day, and he observed Glitter Draw Free, an app he had installed, sending the associated push notification (APNS) token to a third-party service that could have been a source of the leaked data.

Bojan explained:

The publisher apparently uses their own back end for APNS as opposed to using Urban Airship or Xtify. The app posts UDID, push token and few other basic details to on launch. Glitter Draw alone cannot have 12 million users, but its publisher has another 76 novelty apps (some were ranked high in the App Store in the past, like Finger Drums and Love Finger Scan), and there could easily be 12 million users between all those apps.

I’m guessing the database at was compromised and the dump came from there.

With this, the FBI denial,1 Apple’s denial, AllClearID’s denial, my previous theory, and this hacker tweet, it’s looking more and more like the FBI wasn’t involved at all.

It’s more likely that this was just a file on somebody’s laptop, and not an FBI file on an FBI-issued laptop. (The file-acquisition story might not be entirely true, either.)

Bojan’s theory about a compromised push-notification database is far more plausible, and is a much better fit to the actual data.2

Update: As many have pointed out (thank you), APNS tokens are, or were until recently, all the same on a device regardless of which app generated them. So we can’t know whether the Spankapps service specifically was the source of the leaked data, but I think this is the most likely sort of explanation rather than the FBI-laptop story.

  1. Granted, you can’t trust any statements from any police organization in the U.S., but it’s something. 

  2. For instance, I can’t figure out how and why the FBI would have collected APNS tokens. What are they going to do, steal the SpankApps SSL certificates somehow and send a fake push notification from Glitter Draw Free to a terrorist’s phone? 

Quote approval

David Carr is against “quote approval”, interviewees who require approval of their quotes before publication as a condition of speaking to a reporter.

Scott Adams responded as a victim of misquoting:

Your jaw would drop if you saw how often quotes are literally manufactured by writers to make a point. Some of it is accidental because reporters try to listen and take notes at the same time. But much of it is obviously intentional. So much so that when I see quotes in any news report I discount them entirely. In the best case, quotes are out of context. In the worst case, the quotes are totally manufactured.

I’ve been a victim of this, too.

David Carr’s argument — roughly, that quote approval is bad for journalism, and therefore bad for society — is based on the assumption that most quotes are accurate and being presented fairly. But as Carr even says, journalists aren’t perfect.

Not every publication is The New York Times, and not every reporter is as responsible and principled as David Carr.

The incentives and pressures pushed on journalists often implicitly encourage them to make their subjects look bad for their own gain. From Carr’s article:

Of course, quotations often serve as furniture in a house that a reporter is free to build as she or he (or their editor) wishes, so it’s not as if sources can control the narrative by controlling what appears between quotation marks. But a great quotation, the kind that P.R. folks love to rub out, in my experience, can make an article sing or the truth resonate.

“I hate that we find ourselves at this pass,” said David Von Drehle, a writer for Time who has covered politics for a long time. “But we are not blameless. Sound-bite journalism that is more interested in reporting isolated ‘gaffes’ than conveying the actual substance of a person’s ideas will naturally cause story subjects to behave defensively.”

Reporters and their bosses aren’t always interested solely in telling the truth, per se. Just as corporations’ core responsibility is to deliver value to their shareholders, most media outlets’ core responsibility is to attract attention to make their ads deliver value to their shareholders. For most, the value of journalism to society is merely a side effect of this goal.

And times eventually get tough. Ad rates go down, the audience shrinks, competition steals pageviews. It’s easy to fall back to what gets attention easily — sensational headlines and tabloid journalism — often combined with reducing expenses by hiring inexperienced, unprofessional writers.

As these pressures filter down in many media outlets, I’ve found it to be the case, more often than not, that the writer (or the writer’s boss) has already decided the angle of the story before consulting any sources. Quotes are then mined from known-talkative sources and shoved into the predetermined narrative, even if they don’t quite fit. And since a sensational narrative is more likely to get attention, this might not be in the sources’ best interest.

By giving quotes here and there, I’ve gotten on a lot of those talkative-sources lists. I try to only respond to high-quality publications, and it usually goes well.

But I’ve certainly been misquoted. It’s usually my own fault for inadvertently giving the writer something that can be used against me if taken out of context, or more often, something I said that the writer plays up into a bigger weapon against someone else. (Apple’s a popular target in recent years.) I make a lot of nuanced arguments, but that doesn’t come across well without a lot of surrounding context. (Sometimes not even then.)

So I’ve learned the hard way, over and over again, that it’s most wise to talk to journalists the way you’d talk to the police: ideally, don’t. You have everything to lose and almost nothing to gain.

And if I’m going to comment publicly about an issue, I’m much better off doing it here, on my site, where I can control what I say. People can (and do) misquote what I write here, but at least responsible readers can look back here for what I actually wrote in those cases.1

Yet I never learn this lesson completely, because I want to be friendly and helpful. As Scott Adams says:

It’s a dangerous situation because humans are wired to want to please, and once you pick up on what a writer wants you to say, it’s hard to resist delivering it.

But a lot of people have more willpower than Scott and me, and they refuse to talk to journalists because they know better than to give arbitrary weapons to be used against them without any say in the matter. It’s certainly not good for journalists if good sources won’t talk to them.

If quote approval results in higher accuracy of what’s published and gets more sources to willingly talk to journalists, that’s probably a net improvement. Journalists can and should mention in their articles that the quotes have been approved, and readers can use that information to evaluate the subjects’ credibility themselves.

  1. Unless it’s a publication that doesn’t link prominently to sources. Sure, your CMS is too old or your editorial flow doesn’t support blah blah blah or you bury the link in the footer where nobody will see it. There are simply no excuses for anyone publishing online in 2012 not to link prominently, inline at the first mention, to all web sources. 

“iCloud Backup”

Last year, I bought my 87-year-old grandfather an iPad 2 to replace the who-knows-what PC that was frustrating him constantly. He only used the PC for email and playing music, so it was a no-brainer.

Since my grandparents live in Arizona and I usually only see them a few times each year, I can hardly ever provide in-person help. And telephone support is difficult: they’re not tech experts, they have trouble recognizing and describing interface elements, and they feel bad asking me for help because they know it’ll take a while. So usually, they just tolerate whatever problems are plaguing their technology and they don’t even tell me when something’s broken until months later.1

Here’s what my grandfather can do on the iPad:

And here’s what my grandmother can do on it:

My grandparents using FaceTime to see their great-grandson
I’ve never been able to convince them that “long distance” is now free and unlimited, so like phone calls, they both use FaceTime simultaneously to save time.

Here are some things they can’t do on the iPad:

They’re not stupid — far from it. My grandmother beats us all in card games, figures people out spookily accurately within seconds, and can tell you everything that has happened to every character in every soap opera since the beginning of time. My grandfather is still a licensed and practicing civil engineer in two states, a high-school math and physics tutor and substitute teacher, and a recently retired competitive swimmer with quite a few gold medals.

They just didn’t have computers for the first 80 years of their lives, and they’d rather not spend their current years dicking around with Windows malware or Apple IDs.

The other day, my grandfather asked me if he could get rid of the who-knows-what PC for good, but he wanted to make sure that he could transfer his stuff to a new iPad in the future if this one ever broke. (Good question.) I told him to bring it to the nearby Apple Store and have them set up “ICLOUD BACKUP” for him. (He wrote that down.)

I figured that a “Genius” would quickly figure out whether it still had iOS 4, and if so, would just update it to iOS 5 or 6 and then set up iCloud backup.

But instead of doing what I assumed would be a non-destructive update, the Genius did a restore. And, apparently, didn’t explain what that was going to mean. My grandfather left me this voicemail:

“Hey Marco, I had the iCloud put on my iPad. Now I can’t even do anything with it. I figure before I give up the computer, I’m gonna have to download all of my music and all that. They didn’t tell me that was going to happen — I did it at the Apple Store here…”

It’s easy for most of us around these parts to forget how badly technology still works for so many people. This is supposed to be the best we have today: an iPad, a routine OS update, an Apple Store, an automatic backup feature.

But even the iPad, while easy to use for routine tasks, still shows its computer heritage in clunky, ugly, techie ways like software updates and restores. And while Apple Stores have a reputation for great service, there are enough counterexamples happening every day that I’m not sure how much longer that reputation will last.

This seemingly simple procedure failed the customer miserably, yet I doubt the Genius thinks it was anything but a success. Here you go, all restored and set to back up your data! (After you put some data back on here!)

The Genius probably thought, Of course he syncs it with his computer regularly.

Or There doesn’t appear to be much here. It shouldn’t take him long to set it back up again.

It wouldn’t be the first time a technology expert lacked empathy for a customer, or made bad assumptions about what would be fast and easy for the customer to do on his own — especially when deciding to perform an easy, predictable, cure-all “restore”.2

And the iPad wasn’t the first personal computer, nor will it be the last, that we all proclaimed to be finally easy enough for everyone to use. Sure, it’s easy to use when everything’s working and time stands still, but that’s about as useful as when a developer says, “It worked on my machine.”

We, all of us in technology, can do better than this. And we have a long way to go.

  1. To avoid the hassle of home connectivity, even though they already had DSL for the aforementioned PC, I got them the Verizon iPad and quietly set it up to auto-bill my credit card. It just worked, anywhere… for a month, then it stopped for some unknown reason and they didn’t mention it to me until two months later.

    I had them get the cable company to come to their house and set up Wi-Fi (there was no way I’d put them through a router self-installation), and the problem was solved… for a while, until that stopped working for some reason, and they didn’t tell me for six months that their iPad had no connectivity and the only thing they could do on it was play music and Solitaire. 

  2. In the first version of this, I said the restore was unnecessary. I’ve now been told that it’s impossible to go from iOS 4 to 5 without all synced data being deleted as part of the upgrade. My apologies to the responsible Genius for questioning their technical abilities, but I stand by my callout of their communication. 

The iPad 1

iOS 6 dropped support for the first-generation iPad (“iPad 1”), which was sold from spring 2010 through spring 2011. In other words, everyone who bought an iPad at least 19 months ago has an iPad 1, and their unsubsidized, non-contract, $500+ tablet is going to grow much less useful over the next year as apps start to require iOS 6. This has naturally angered a lot of iPad 1 owners.

It’s frustrating to have such a large purchase become obsolete so quickly. And this is even fast by iOS standards — after all, iOS 6 runs (with many features disabled) on the iPhone 3GS, which was released 9 months before the iPad 1. Many of us have speculated that Apple crammed iOS 6 into the iPhone 3GS because they were still selling it until two weeks ago, while they haven’t sold the iPad 1 for 19 months. It’s a reasonable theory that’s probably partially responsible for iOS 6’s device support, but I think there’s more to the story.

The iPad 1, despite its many great qualities, had a noticeable shortcoming: it only had 256 MB of RAM. This was most apparent in Safari, which could rarely keep background pages in memory and needed to reload them frequently. Reviewers and owners noticed this from day one, and we wondered why Apple didn’t include more RAM.

But when the iPad 1 was released with iOS 3.2 in early 2010, iOS was very different and needed far less RAM. There was no iCloud. No Notification Center or Game Center. No Personal Hotspot, iTunes Match, AirPlay, iMessage, or over-the-air updates. No Newsstand background downloads. And, critically, no multitasking, so no need to keep Skype or Pandora running in the background while playing Fieldrunners or reading Instapaper in the foreground. With the exception of Safari page-reloading, the limited RAM was rarely noticeable.

The hardware market was very different, too. The iPad 1 was the first modern “tablet”, and as we saw (eventually) from its competitors, its $499 price point and excellent battery life were difficult to achieve in 2010 (and even in 2011). More RAM would have added to the component costs and decreased the battery life, potentially making it less appealing and jeopardizing its success, so Apple chose to keep it at only 256 MB.

Whether that was a good decision or not, it significantly shortened the iPad 1’s useful software life. There was enough headroom for iOS 4 (although not until 4.2), but it was noticeably slower. And iOS 5 does run on the iPad 1, but poorly — many iPad 1 owners have downgraded or stayed on iOS 4 because of iOS 5’s performance on their devices.

Apple was able to stuff iOS 6 into the same 256 MB RAM limit on the iPhone 3GS, but the 3GS’ screen is much smaller than the iPad’s. Apps on the 3GS therefore need much less RAM for screen images, textures, and buffers, so if iOS 6 barely fit into the 3GS, it’s extremely plausible that Apple just couldn’t make enough feature cuts to run it on the iPad 1 and leave enough free RAM for apps to run without crashing.

Knowing Apple, that sounds like a far more plausible explanation than the most popular theory I’ve heard: that Apple just wants to force iPad 1 owners to buy new iPads. That’s not Apple’s style — they typically convince people to upgrade by releasing compelling new product improvements — and the technical explanation for the lack of iOS 6 on the iPad 1 is far more plausible.

Regardless of the reason, this doesn’t leave a lot of good options for iPad 1 owners. It sucks, but it sucks because of a tradeoff Apple made in 2010, not because of greed today.

Assuming Apple releases a relatively inexpensive iPad with at least iPad 2-class components in the near future, the best solution for iPad 1 owners is probably to sell it soon and upgrade.

Ads via The Deck