Athens Area School District, Propaganda, and Going Too Far

UPDATE - The school...over the course of the last 2 hours...pulled the front page!
**********

I'd like to think that when organizations grow larger a certain amount of dysfunction emerges. Hopefully when mistakes are made the organization tries to fix them and take steps to minimize repeating them in the future.

But some mistakes make you sit back and wonder if they even see them as mistakes in the first place.

The Athens Area School District, like many other districts, are in the middle of contract negotiations with teachers and staff (although for the rest of this post I'll refer to them collectively as staff.) teachers have been working for a few years now without a new contract, and the board has, in several cases, refused to talk with them. It's a pretty typical game that gets played out (although I find it horribly irresponsible of a board to even allow staff to have a contract term lapse, then have a pretense of an interest in professional behavior. But that is simply my opinion.)

As the non-contract-negotiation-period continues to drag on there tends to be an escalation in pressure tactics. Meetings are held in auditoriums for "informing the public". Editorials are published in the local paper. Today the public gets to share their half-formed opinions on newspaper websites to parrot displeasure in the existence of unions or the unfairness of benefits a union-backed group negotiated for staff in the past.

Same song, different band, played out every few years. Usually conflicts get worked out (eventually) and teachers go on teachering and support staff continue supporting and the community continues to disapprove of their favorite sports team generating babysitting service.

Did I word that in a way that you can infer how I have felt about public schools or the attitude other people have towards them?

Maybe. If you have reading comprehension skills.

Sometimes this is done on purpose. It's a way of using bias to spread a particular viewpoint. Some call it spin. Some call it framing the argument. Others use the blanket term "propaganda," and it's a skill that can be highly lucrative for people in public relations. When this skill is poorly executed, the spin is not only obvious, but insulting to the target audience.

That is what makes this latest escalation so horrifically terrible on so many levels.

(DISCLOSURE - yes, I have family working there. No, I don't get information on what's going on beyond things that affect work schedules. I've had family and friends of family working for various school districts in the area in positions ranging from custodial staff to teachers to principals, and I pay way too much in taxes to a school district as it is. I've seen the contract negotiation rodeo dance many times in my life. I've become familiar with many of the tactics used when groups drag out negotiations. I've stayed out of this back and forth mud slinging...it was routine, as far as I knew, and I got information everyone else got through local paper headlines. But this...well...this was more than a basic attention grabber, and quite frankly, it moved me to do a little more digging. These are my words. These are my opinions. If you accuse me of parroting or speaking for someone else, you're insulting and implying I'm incapable of...or don't have a right to...having my own opinions.)

On October 10th the students logged into the school computers and were greeted to a press release "in response to" an article in a local newspaper. I hadn't seen the article, or if I did I don't remember it...I've long grown numb to the whining of salaries and benefits and assurances that the board is just trying to keep taxes down and there's no money blahblah. But the content of this press release tells me it had something to do with salaries of administrators with a dose of healthcare costs tossed in for good measure.

Blanked out phone number. I want to illustrate what they saw, not be petty or childish...

Think about this for a moment. The students were greeted with a message about salaries, how expensive the teachers are, and it was in the form of a rebuttal to an article that the school didn't link to for information.

That in itself is a subtle message. It says the administration, and/or the school board, has no respect for their staff. They couldn't keep mommy and daddy's fighting behind the closed doors of newspaper articles or their own websites, or even documents available from links on the school website...they made it a top page, in your face article for students to see when they first log in to the computer and open a web browser.

Keep in mind that teachers are ROUTINELY hammered in evaluations for a thing called classroom management. Do you think having other adults...teachers bosses...sending a message that they don't respect the teachers helps teachers maintain respect and order in the classroom? Even if the effect is subtle, it'll contribute to a further inability to properly maintain order in the classroom.

I'd be horrified as an employee to see this. A tacit reminder that my employers hate me. Front page. Not bothering to hide it anymore. And most teachers keep their thoughts on such matters to themselves because who would they talk to? The people in a position to help are the people who appear to be actively setting them up to fail. Since this appeared on the school website, that would mean at least it was endorsed by the administrators and was an extension of the ongoing arguing between the union and school board.

Worse, the bias and bullying is simply obvious.

• It's placed on the front page of a website that is set by default to come up on computers in the classroom.
• In the release's own words, certain salaries were released "because the administrators have graciously agreed to share those figures and the district feels it is important information for the community at large to have." That implies this is special information pried from their cold dead hands. Hate to tell you but such state secrets are literally available from the state. Public employee salaries are publicly available. A quick visit to OpenPAGov.org will give you all the salary information. It is generous to say characterizing this otherwise is only disingenuous.
• Numbers, numbers everywhere. Numbers are funny things. Any decent statistician...or presenter dealing with numbers...can tell you that they can be bent to show just about anything, especially if your audience is not versed in critical analysis. Much of the presentation documents frame salaries as "number of professional staff earning greater" and salaries on a table for position wherein many are filled with N/A (you didn't have a superintendent that year? Or you are focusing on a particular person?) and there is a mention of staff being paid more than others in the area. You don't give those numbers, though. I can say that in NYC public school janitors make over $100,000 on average.  Wanna keep playing "we need to pay what others pay" game?
• In addition, the numbers are usually veiled to hid other details. Ask yourself...why are there so many percentages in one list? When they add up to 515%, you should probably stop and think about what it's really measuring and how they're used to possibly distort a point. (Hint...percentages are supposed to add up to 100. If they don't, something else is being measured instead of parts of a whole.)
• It says it's in response to a press release in the newspaper. Why isn't it linked to? Or reproduced, so I know what exactly you're talking about? It's a press release. I would think they wouldn't object to having the text reproduced or linked to. Unless you don't want people to see it.
• The article says information is available to the public on their own website. The website I'm reading it on. The website in the URL. Why didn't you just...I don't know...say it's available here. Not re-state the website URL. Worse, it's not restated as a link. It would still be weird, but it would show some effort for the medium on which you're writing.
• It's interesting to note that in this format there's not a place to respond. No comments enabled. No contact information or author taking credit for the information. Who wrote it? Who do I write to if I have questions? The change log is publicly accessible, but the person listed vehemently denied having anything to do with the content he posted.
• I like the use of terms like "Cadillac plan." Is that the technical term? Or is it used because it stirs up imagery of indulgence and negative connotations? I'd be interested in knowing if that is the proper term for it given that Cadillac, I thought, was a legally protected term.
• The cuts in numbers for healthcare. There seems to be an implication that you want to drastically cut what the employees get. I suppose some of those savings are going to be given to the employees as part of their salary? After all, several employees are already opting out of your healthcare plan and instead going on their spouse's healthcare plans. Do your numbers reflect that in what you're feeding to the public, the number of insurance buyouts you have and what is saved in that process?
• I also like the end implication of school staff not being community members. Do you have numbers on how many of your staff aren't living and paying taxes in your district? How many of your staff are shopping in your district, paying into the people who in turn pay taxes to your district? What is the definition of community member? Because it might be nice to not have people staying to host and chaperone your proms and sports events if they are somehow considered "not community members." Let them go home instead of contributing to events for your community members.
•  Ooh! I did find some numbers for other districts in a separate presentation graphic from your public presentations. You made it easy to find (given you didn't give a link or discussion in the text so I had to search around your other material.) The graph used a technique I was recently acquainted with by a graphics designer friend from work. That bar graph looks REALLY big, jumping from $42K to $50K for average starting salary with a bachelor's degree! Although the survey of schools...what schools? What is the cost of living in those areas? And the vertical axis...was there a reason the spacing was chosen in increments of $2K? And the size of the graph must have made the difference look HUGE on the projector. In the future you can use $1k increments to make it look even bigger, if you keep the same spacing between lines.
• Why was that chart in a link called a collective bargaining report? It was just a slideshow. Who made it? Did the union have a reply to this or input on the information?
• How come all the reports are slide shows? I was under the impression a report was usually in the form of words. Lots of words with information. Margins. Graphics interspersed occasionally to illustrate a point. These reports in the form of town hall graphics. With big fonts. And no text explaining what was said in the town hall, hopefully elaborating on points. Was there a prepared speech, or were the slides just read to the audience?
• Another reason numbers, numbers numbers are fun? I'm totally zoning out after the third chart. I don't know what it's trying to tell me other than "we have lots of numbers." How is it relevant except to overwhelm you with information that may or may not be relevant to the point? Does anyone actually explain what is happening in these negotiations in terms not meant to obfuscate?
• Is the union going to get a chance to reply to this press release? Or is the school only allowed to show one side of the argument, the one that makes the person in the front of the room look bad?
• According to the agenda, the meeting appears to be...the school board. So the school board gave the presentation to the public? Is there an equivalent set of information available from the union, or is it only the school board that determines what information the public should know about and be given a voice on the school district website?
• I also see that in your agenda you had a lawyer give the status of negotiation talks. There is a lot of talk about how much staff costs, and how much effort is going into saving money. How much is the lawyer costing the district? How much are stalled negotiations costing the district, on average, per day, and how much have they cost so far?
• Did the lawyer create your slideshow materials? They don't really have authorship information or contact information. But I saw through a quick search that the lawyer named seems to have extensive experience...and relationships...specializing in negotiations with many many public schools in the area.
• Is there a reason contracts were allowed to expire and drag on this long so that retroactive pay is even an issue? Isn't that someone's job, to actually have contracts negotiated and renewed before they are due? How many people "in your community," as contract workers, would keep working without a valid contract? Is someone not doing his or her job, seeing as the teachers and staff have continued providing services to your community without a valid contract?
• If a union is a group of individual workers working together to have a collective bargaining unit, someone to represent them and work for a group's benefit, while the board is often cast as the plucky community representatives trying to work in the best interest of the community, where does it fit in when your lawyer's name is attached to several districts with recent or ongoing contract negotiations? It didn't take much Googling to see that his name is attached to other school district work (just Google his name and a school district)...and that would make him privy to information among those bargaining units, I would think. And it's no secret that districts rarely want to be the first to do anything...they tend to make decisions based on what their neighbors do (Ah, fond memories of watching school winter closings...we knew that if a particular district closed, there was a 90% chance our district would soon be calling school as well...) So does that kind of sharing information kind of make the board working in a "psuedo-union" capacity?
• The self-imposed battle lines seem to be drawn between the community and the union. But upon digging, I have been seeing more services being outsourced to other companies. Is it a little strange to give jobs to companies that aren't community members, sending dollars outside your tax base?

These are just thoughts that occurred to me as I read the information being forced into my face and the links to what were labelled as reports but actually were presentation materials. I didn't get into other subtle means of manipulating the public, such as...you really had security show up for the public meeting? What subtle message did you want to send, that you hired thugs and criminals to educate your kids, and needed protection from your own staff? And how much did the taxpayer crusaders protecting community wallets pay for security on top of a lawyer, who is not a local lawyer nor member of your community, to travel up to the district for a presentation?

Does anyone bring up what contributed to the district being in a position where there are so little funds, or take responsibility for decisions leading to this point, or is the accepted attitude that these things just sort of magically happen in a vacuum? Because as a lesson to the students, that...is wrong.

Using the school website as a tool for forwarding a biased agenda...is wrong. 

If you had a separate section where you can both air your grievances and explanations and give an equal voice to both sides, that would be one thing...but putting a press release...with obvious biases against the people in the classroom, members of your community educating your kids, from one side of the dispute...is wrong. 

The lessons this teaches kids about how to handle disputes...are wrong.

The toxicity of what this says to your staff through implications of a total lack of respect and value in the classroom...is wrong.

Placing such material as a tacit agreement of negative attitudes towards your staff on the part of the school board and administration, knowing that your staff can't say anything about it or have a chance to reply without fear of retribution...is wrong. And you should recognize that from the messages barraging your students through the use of your ongoing character programs. It's bullying.

What should be done is removing that material from the front page of the website. If you want to make it an outlet for "informing the public", make it a link to its own page. And give equal access to hear from the unions. You don't have to let public comments in...your prerogative and probably a bad idea if students are reading what is published. This should be presented with a pretense of professionalism despite the disagreements.

This kind of bias and bullying is something I would sooner expect on a playground. Not from the people holding school staff to a higher standard.

It's strange to constantly hear about "Athens Pride." It's a slogan on their shirts and banners. Apparently it's only a slogan, though. What do your staff have to be proud of? A community that hates them? A leadership that despises them? A job where their authority is undermined, then they are judged in part by this same professional sabotage? 

What effect do you think it has when your staff are teaching kids in an environment where pride is simply a hollow, meaningless word to be slapped on t-shirts? That there's no effect whatsoever on morale of students if you make your staff feel whipped, undeserving, and overprivileged despite the effort they put in, often above and beyond the terms of their contracts? (Although it's hard to make a case that the contracts are worth much when they can't be given the courtesy of having contracts negotiated in a timely manner.)

(Afterthought...normally at this point a third party is brought in to arbitrate with fact finding. Funny how I didn't see anything about that emphasized? Because there was a third party brought in. The report was rejected. Why? I don't know. But the report itself is public record, if you go digging for it yourself. Why wasn't that in an announcement with explanations for why it was rejected?

Posted with Blogsy

What I Learned About Functional Specs And Mockups

We've been having discussion in our department regarding workflow, communication, and automation. There came a point in these discussions where I described a system that I thought would make things simpler for us as a group with an interface that we and new hires alike would find useful.

I thought I was describing it eloquently. But then again, I knew what I was describing.

But there are other practical obstacles to communicating such ideas. For example, your team may feel they have better things to think about. Maybe they are biased towards their own ideas, or that this is a waste of time because dammit the current system works fine if only you weren't whining so much, or whatever their mind has wandered off to at that point of the meeting.

In the end the boss decided to steer the meeting by relenting to a "write something up and work with <coworker> on this, we'll discuss it after that" approach.

I should back up a little bit here...I'd grumbled about a lack of documentation on the state of the in-house project growing in our department for awhile, but because grumbling isn't seen as productive, I felt the concerns were dismissed. What I later understood was it wasn't a lack of documentation so much as a lack of a functional specification. Others on the team didn't understand the problem until we were in a meeting and three people had three totally different ideas on how the system did something. Because the application was in a functional state, there wasn't a problem seen. It was doing things, right? No alarm bells, nothing broken...move fast and break things then fix them later. Whiners were just falling behind.

Observation One: Functional specs aren't necessary to have a "working" system, but they can keep people on the same page.

Maybe that works until it dawns on everyone that what they know is wrong.

"But you're not describing a functional spec," you might say. "How a system does things is a technical spec!"

That's true, but sometimes the how something works affects the user interface and interaction...in this case there are ways of doing things that the system may mysteriously change behind your back without notice. That's an interface interaction that ideally is covered in both a technical and functional spec. The proper workflow should be baked into the functional spec.

The immediate reaction...thinking this is a documentation issue...was to have people document how the system worked. Which isn't bad to have for reference. But it's a band-aid; a reaction rather than pro action. Reading it didn't give me a sense of what the end product was going to do or how it would fully address the future integration of automation...it was a snapshot of what had already been done.

In a way, it was kind of a postmortem.

Observation Two: Documentation is a blanket term with many sub-categories. Sometimes you have to identify what kind of documentation is missing before identifying that as a problem.

I spent some time reading up on functional specs and pondering how I would approach the problem. Turned out I knew someone who had written some nice introductory material on functional specs freely available on the Internet.

At its heart a functional spec is a description of how an application is expected to work with the users. It describes, in detail, how the application works with the user.

I then started writing. You would think this is easy. You would be wrong. Maybe if you have a really clear idea of every bit of the proposed application in your head coupled with experience in writing specs, you'll find the task easy. Chances are you'll find that clear idea of how you want to interact with and configure the system is just a set of highlights you expect in a working system. You don't realize the number of things you just don't think about or take for granted in a system that a decent spec calls for you to spell out. ("Oh...yeah...logout button? Or a logout link? Is it in a menu?")

Observation Three: The Functional Spec was longer than I thought it would be.

This was a relatively simple web application, or so I thought. Then I started describing the pages I had in mind.

One thing led to another which led to another. It didn't take long for the first draft to hit 15 pages.

Observation Four: Mockups make specs come to life, and bring out glaring errors.

I thought the mockup was best for presentation purposes. The spec tutorials heavily rely on humor for keeping people engaged enough to slog through the details of what I think a website should look like. As you can guess, I'm not really entertaining enough to keep my team reading my proposal.

A mockup, however, is a picture worth thousands of words. After I completed my first draft of a spec, I pulled out a copy of a mockup application called Balsamiq. I had never used it before and dreaded the learning curve; fortunately, the fears were largely over nothing. It wasn't long before I had the initial pages staged.

I also discovered several places where my descriptions, so clear and useable in my head, were simply impractical or felt wrong once they were applied on the mockup. In other places I discovered redundancies in function that overcomplicated the workflow. Trying to map this in my head from words on the page didn't quite work; the pictures illustrated what turned out to be glaring errors, and when I went back to the page on the spec, the errors on the written page were such that I could not unsee them. Doh!

Other times I discovered ways of doing things better on the mockup that didn't occur to me on the written spec. More notes were scribbled down for future reference.

Observation Five: A good mockup program can make a good presentation tool.

Mockups are new territory for me. I never had a job where spending time on a mockup of an application would be potentially useful. It turns out that Balsamiq is more than Powerpoint for interfaces.

I discovered that this program allows for linking pages together, a natural display of features for mocking up a web application. I can also export the pages to PDF and it looks like those PDFs will be interlinked as I set up the mockup project. Balsamiq also allows for the use of comment notes that can be hidden, describing features and workflow within the mockup itself. If my functional spec weren't so wordy, and if there weren't some features and description that aren't really illustrated in the mockup, I'd be tempted to just dump the functional spec text into a series of comments in the mockup and forego the use of the separate functional spec altogether.

Observation Six: The mockup has given me more notes for the rewrite of the spec.

Aw, dammit...more writing.

The first draft of the spec was a page-by-page description of the web application. After seeing the pages illustrated, I now have many notes scribbled on post-its and in the margins of a printed copy of the spec. Now I have to go back and re-write parts of the spec.

The first draft isn't horrible, if I do say so myself. But it if I am to present this to the team, it needs to have I's dotted and T's crossed, and it needs to be in line with the mockup.

There will no doubt be mistakes. That's no excuse to not try fixing errors.

Observation Seven: Order of dependencies matter, as does the ability to reference information in the spec.

This is something I learned about in a Ruby talk about communicating with developers. It's meant to be a good practice for giving presentations, but I think it also makes sense in certain types of writing.

In a technical description, you should not have a dependency on something later.

That is to say, if you're talking about something technical, you should avoid whenever possible a situation where you describe something but "if you don't understand X, it's okay, we'll get to that in a bit." I'm sure you've run into that before; I know I've heard it. In the talk, the presenter said that he's given his thesis statement, the most important bit of information, as a "header" to the discussion. If the attendee fell asleep at some point in the talk, he would already know the idea that the presenter thought was most important, and in the process of the talk there were little to no loose ends.

As I go back through the spec I'm going to try keeping an eye on my descriptions to see if they need to be rearranged a bit for clarity. I'll bake in descriptions when necessary and minimize references to other spots in the spec; that way if I eliminate sections or change how something on a page works it won't make another spot reference a non-existing bit of information.

I'm also going to try making the spec referenced with a table of contents, so pages and sections can be quickly searched even if printed. A spec is a living document. If you can't easily navigate it as it grows, it won't be useful.

Observation Eight: Specs and mockups can become a skeleton of a user manual.

The more I wrote and the more I illustrated, the more I saw the beginnings of a user manual for an application take shape. It makes sense...if a functional spec outlines how a user is supposed to interact with your application, and it describes the expected behavior of the application, well...that's the basics of user documentation.

This documentation...proto-user-manual...not only takes care of the initial design work that goes into the application, but also takes care of the initial steps for the dreaded technical writing involved in documenting how things work! Two birds, one stone! As long as it's kept up to date, that is.

I harbor no illusion that this work will not be for naught. This is a proposal for something that may never see the light of day. And while specs are not fun for most people, I'm finding that the work that goes into the initial stages of planning the application can be rewarding. It's quite a mental exercise to map out an application in your head, try to communicate that to the written word, translate the written word into a mockup, and then refine the written word again.

Even the tutorial for specs pointed out how often this step...the functional spec...is skipped. People like to jump right into coding in some kind of shoot-from-the-hip coding style and fix issues as they crop up. But after trying my hand at my first attempt at a spec, I wonder if spec writing and review is akin to the lack of respect for editors in print news; the industry knows they can cut editors and still have a product to churn out, and they justify it by citing the speed of their competitor, the "Internet," with which they're competing.

They completely ignore the number of glaring errors and botched headlines that slip through. And poor quality writing. The difference between a good editor's refinement of a news story and the shoveled crap that makes its way to print is the difference between a showman's presentation like Steve Jobs' Apple events and those painful talks where every third syllable on stage is an "um."

Another point; how much time is lost having to re-code for errors or changes that would have been caught had it been properly spec'd in the first place?

But those are speculation and opinion. I still have work to do...several more pages to be mocked up and then the second draft to work on. The hard part is squirreling away the blocks of time to work on them. The surprising part is that I'm actually enjoying the process!

Posted with Blogsy

iOS 8: I Can't Turn The Phone Off

My wife recently sent me a message on chat telling me she couldn't turn her phone off.

Of course I sent the usual "You're going to hate the obvious question," confirming that she tried holding the power button down for several seconds. She eventually confirmed it but not before telling me holding the home button did nothing first.

She said the only thing she had changed was enabling a feature where the hotspot turns on when the iPad is near. If you're curious, I think she is referring to "instant hotspot".

At first, she just couldn't get the phone to switch apps or accept input. Attempting to send a text message gave me an error on my phone, and at one point the button presses apparently put the display to sleep the wouldn't let it wake up.

I tried calling the phone (turns out that is still a feature) and she said it rang, but wouldn't let her answer the call; eventually it rolled to voicemail.

"You might have to run the battery out or try connecting it to iTunes," I said.

"I'm not home at the moment," she said. "I don't have access to iTunes."

"Try holding the home button and the power button at the same time for ten seconds," I said.

A few moments later she said, "It's showing an Apple logo."

That seemed to fix it; a forced system reboot. Or at least it's behaving for now. Was it an iOS 8 bug? Just a glitch? Whatever it was, remember there is the standard shutdown...hold the power button until you get the slider prompt to shut down...and a force reset where you hold the power button and home button until the Apple logo pops up.

Posted with Blogsy

I Was Wrong (2-Factor Edition)

You'd have had to be living under the metaphorical rock if you haven't heard about the latest celebrity nude photo scandal. There have not really been many reactions; a handful of responses were quickly standardized and echoed between the THIS IS A HORRIBLE ACT BY HORRIBLE PEOPLE group and the THEY GOT WHAT THEY DESERVED SHOW ME THE BOOBZ group.

Nuanced exploration of the issues is apparently not a strong point for for most online people.

The theft of the images is a case study of many issues. It's an invasion of privacy. Celebrity culture. What are people entitled to know or not know about public figures. Cognitive dissonance from people condemning the image sharing as theft before going back to playing a pirated game or watching stolen movies. Exploring the revelation that one of the images was taken of...and by...an underage celebrity, so are they in possessing of child pornography as well?

The list goes on but there is only one aspect I'd like to review here. When this happened there were initially several reports about the "hack." How did it happen? Was it a breach in iCloud security?
Slowly details came out. While few were reluctant to admit it, it sounded like the celebrities in question basically had crap passwords coupled with security questions that were answered with information that people could find online. The thieves guessed passwords and logged in as legitimate users to get the data.

"You dumbasses," I thought. "You're stalked by fans and paparazzi all the time. Plus having your embarrassing pictures was publicized when Scarlett Johanssen had her pictures stolen a few years back. Why the hell didn't you use 2-factor to protect your stuff?"

I've gone over 2-factor before, but in a common implementation, when an unrecognized device tries to log into your account and correctly enters a username and password a token is sent to a designated "known good" device. The service gives you a limited time to enter that token or else it rejects the attempt.

Lots of parrots will reflexively reply that it's victim-blaming to say they should have had this enabled if they didn't want their stuff stolen. There is almost a need to not acknowledge that the tools to better secure information exist and there are risks to participating in certain activities; we must maintain a victim status, that these people had absolutely no control in stopping this with reasonable forethought placed on security.

Short of not taking the pictures in the first place, this was just inevitable!

As it turns out there is a grain of truth to this. Apple has two factor authentication, much like most other big online companies. But Apples implementation is seriously, seriously flawed. It doesn't cover the method believed to have been used to get access to the photo stream and dump images as a backup.

In other words these people could have done everything "right" and still have this happen.
An article on TechCrunch states that

• iCloud backups
• Find my phone data, and
• Documents stored in the cloud

...are not protected by 2-factor.

So I was very wrong in this case.

Oversimplified, things that can end up costing you money like purchases on iTunes would trigger notification. Apple apparently wanted to keep 2-factor as a credit card protection. Attempts to access your data? Not so protected.

I suppose I shouldn't be too surprised. Apple services have often felt disjointed at points where they should be unified, and security has the feeling of being an afterthought. I remember one instance where I was talking to someone trying to change an AppleID password, and said he couldn't remember the answers to the challenge questions.

Challenge questions? I had changed the password before...I didn't need the challenge questions. Turns out he was using the Manage My AppleID web page to change the password. When I log in to the account through iTunes, it let me change the password without the challenge questions. Inconsistency is not endearing and in my head it calls into question how they're tying all their services together.

In the end it seems Apple has really dropped the ball on security. It's one thing when the end user avoids implementing a security solution because <insert excuses that really is summed up with "It's more hassle than I want to deal with but I'll complain when something happens that these steps would have prevented">, but it's another when a company implements security in such a way that it's not only incomplete but leaves you with a false sense of security in the process.

That doesn't mean the celebrities in this incident actually had 2-factor enabled. They very well might not. It seems at least one of them bragged about their lack of tech-savvy skills. On the other hand, this incident made Apple take noticed of the incident and now may pay more than lip service to the deficiencies in their security implementation.

Posted with Blogsy

Time Machine Corruption...Such Fun

I make backups with an external terabyte hard drive. It is configured for backups through Time Machine, so it automatically makes incremental backups for me every hour.

For the most part, it's an automated function that I don't have to think about. But having worked in technology for a few years, I know better than to fully trust it. So I check my backup status periodically. So of course while reading through the logs I noticed that the backups had failed last Tuesday.

Well, that, and there was a popup saying there had been an error in my Time Machine volume.

It started off with a simple error about being unable to write a file. At least the drive wasn't clicking, and it was visible to the system...it just didn't work properly.

I opened Disk Utility and told it to repair the disk. After running for half an hour, a series of errors about orphaned linked and incorrect link counts scrolled by and a final error message popped up telling me that Disk Utility could not fix the drive. It actually told me that I needed to make a backup and reformat the drive.

The odd thing was that whenever I tried to use Disk Utility to format the drive, Disk Utility refused to allow a format. The partition couldn't be removed, and any attempt to erase the drive gave me an error.

I tried several variations of the diskutil, fdisk and gpt commands to wipe part of the drive; nope, didn't work (although fdisk did change part of the primary partition on the drive...apparently if you encrypt the time machine disk, the disk is not only very hard to repartition, but either the encryption process or the act of formatting the external drive created a "hidden" partition that I couldn't format or remove.)

I stopped short of trying to just cat /dev/random > /dev/(diskdevice), which might have worked, or...maybe not. Like I said, I stopped short of trying it, so I didn't try that.

I was trying to just get the disk to a state where I could get Disk Utility to reformat it. But the drive wasn't having it.

I even fired up the VirtualBox Windows VM and used the USB passthrough filter to try to convince Windows to format the drive. Each attempt just gave me another USB driver error on the VM. Eventually I decided that it was getting late. I was getting tired. And I was getting irritated that everything was failing on me.

The next day I connected the drive to a physical Windows system and opened the disk manager. It showed the drive; it had two partitions. It would let me format the large partition. But the small partition, marked as an EFI partition?

Nope.

Fortunately there is a way to just obliterate the disk contents.

Basically:

1. Open a command prompt.
2. type "diskpart".
3. type "list disk" and figure out which disk is the one you're trying to nuke.
4. type "select disk #" where # is the disk you're trying to nuke.
5. If you type "list disk" again you should see an asterisk next to the disk you're trying to nuke.
6. type "clean", hit enter, and hold your breath. It should be just a few moments. If you pass out, something is probably wrong, either with you or the disk nuke process.
7. type "exit"

At that point, the drive can be re-partitioned and formatted and, in my case, turned into an encrypted time machine drive again.

The takeaways from this:

1. Time Machine drives, when encrypted, are more susceptible to unrecoverable problems when there are filesystem corruption issues.
2. EFI partitions and/or the hoops that CoreStorage goes through to encrypt the drive will make it harder to reformat/repartition should you need to do so. It doesn't make it impossible, but it can make a "newbie" user think the drive is possibly completely broken when in fact it's just being a pain in the ass.
3. Windows does have some handy utilities hidden at the command line, as much as <favorite OS>-snobs will bitch about Windows for the sake of hating it.
4. Virtualization is handy has hell. However, when it comes to directly hitting hardware, you're probably going to be at the mercy of the intermediate drivers. If the hardware is oddball or having problems, virtualization will probably not help. Stick to virtualization for software purposes.
5. I decided to call it quits and go to bed before trying to nuke the drive with a simple "let's cat garbage to the raw device," which might have worked or might not have...but it can be handy to have another computer around running Linux or Windows to try low-level nuking drives too.
6. I already mentioned using cat to redirect bleh directly to the /dev/diskx device (or rdiskx device, since using the raw interface should be faster) might have worked, but on PC hardware using something like DBAN (Dan's Boot and Nuke) or Ultimate Boot CD's utilities could probably have wiped the disk as well, as long as you don't accidentally wipe other drives you meant to keep in working order. Disconnect those if you can. Otherwise you feel stupid.
7. Encryption is a good thing. It means the contents of a stolen or lost drive can't be easily read. It also means that if something gets corrupted...perhaps through an unplanned mid-read disconnect (didn't mean to lean on that cable...) the odds of catastrophic filesystem damage skyrockets.

So that was part of my fun day, and so marks the end of my blog hiatus!

People and Their Environment

People are influenced by their environment more than most people probably think.

Or at least, they're affected by their environment more than I thought they were.

I'm talking about the little, but significant, ways the environment affects people's behavior. I noticed this after my recent move to the middle of Queens. I started to notice some patterns in how people transport goods.

I grew up in a rural area. Most of my life, including time spent in college, was spent in a rural PA town. When we wanted supplies, we drove to a supermarket or to a Sam's Club; we loaded the car, drove home, and I'd make five or six trips between the house and trunk unloading supplies. Most of our transportation was car based; we were limited by the storage capacity of the car.

Then I moved to Manhattan for my job. In Manhattan it wasn't uncommon to see people pulling little carts behind them. The carts had two wheels and a stand-foot; the basket was basically a canvas-like bag, roughly three feet high with a clasp flap to keep items from flying out. IKEA calls them knallas.

These things are about as common in Manhattan as rolling suitcases. I never saw them while shopping back home; but they are very suited to life in Manhattan. Unless you have a lot of income, the average apartment is quite small and cramped, and the more affordable apartments are often walkups. The knalla rolling cart was big enough to carry a few bags-worth of groceries while being small enough to maneuver up steps and around sidewalks. They were common enough that you need not feel strange walking around pulling one of these rolly-carts.

Then I moved to Queens. I grew up in a rural town, where your neighbors were fields or trees. Manhattan was skyscrapers and pavement; everywhere you looked was a monument to mankind's craftwork. It was the polar opposite of my home.

Queens is another facet of NYC, one that you don't see in movies and television shows. It doesn't have the skyscrapers, but it is anything but rural. It's more along the lines of suburban sprawl; chain restaurants and malls interspersed among residential apartments and homes. While Manhattan was filled with skyscrapers, most of the area I moved to seems to have leveled out around five or six stories.

I noticed that the people here also pushed carts around; these carts are larger, though. Instead of canvas or plastic strapped to an inexpensive hand-cart frame, these are four-wheeled metal-mesh carts with probably twice the capacity of my little IKEA cart. I see these mesh carts around all the time filled with groceries and supplies; in some cases young children are sitting in them being pushed along by a tired parent; I never see the knalla-type carts.

It's a subtle change, but pervasive. It's like rolling into town and noticing that everyone is driving the same over-sized customized truck, or that every kid managed to afford a spoiler for their car in the high school parking lot. A group hivemind, if you will.

The strange thing is that this area of Queens is so diverse yet shares this little quirk.

But when you think about it, there could be a reason it makes sense. Back home your supply runs...groceries, or trips to bulk suppliers like Sam's Club...were limited by the car or truck you drove. In Manhattan, people tended to get more things delivered and actual shopping excursions were to places that were cramped to begin with; many grocery stores resembled what back home were convenience stores in size, or small bodegas. This area of Queens, however, you get access to full size Barnes and Noble bookstores, Kohls department stores, Staples, even a Costco. Back home is still very much a car culture and the shopping conveniences are geared for it. Queens and Manhattan have enough public transit that not owning a car is not so much a hindrance, but the larger stores (and sidewalk space) seems to be open enough...and the stores geared for...the larger capacity mesh 4-wheeled carts.

It's another little observation I've made about people and their environment since moving to the city. It's fascinating to me to experience things that I may have been told about before coming here but written off as rubbish speculation. Speculation until you come here and actually see what effects the city has on people. In the past I've summed the phenomena up as, "We used to laugh when people moved the country from a city and not know how to swim. What do you mean you can't swim? Then I came to the city, where the only pools you have access to are in places like Central Park or a school or a Y, and in many cases cost money to get access to. Kids can easily get the necessities within a few blocks of their apartment, and never actually move outside the city or even need to learn how to drive yet still function in society. And may the universe have mercy on you if your family isn't wealthy and you live in the city. That alone will cut your exposure to opportunities. Now it's not so surprising to have someone from the city move to the country and see them look around like it's a different planet. In many ways, it is."

Now I'm seeing the effects of pockets of culture within different areas. Shared community behavior, in novel things like common tools for helping you get groceries to your apartment. It's interesting to see how various areas share a common behavior and it's probably not even a conscious choice.

But what does that mean for other possibly linked behaviors by residents in certain areas? Are blighted communities breeding a particular mindset by residents? Do we have areas where stupid is not just common, but pervasive, where schooling is prevented not because the school system is inherently bad but the community mistrusts academic behavior? Do we have areas where there are so many people effected by a poor economy that poverty or lower-middle-class economic status is somehow encouraged among residents?

Maybe it's something to consider despite the idea that we are in charge of our own future and economic standing. Maybe we have our community influencing us more than we think sometimes. Take a look at your neighborhood and see how much you fit in. You may find that it's more of a mirror than you originally thought.

Critical of Approaches

It shouldn't be a surprise to anyone that I was working on my GoLang project when I found something that, although relatively simple, I still Googled for the exact syntax to use. I wanted to trim out leading spaces from a string.

Seeing as this was a programming related question I was in no way surprised when the link I was given led back to StackOverflow. The question was asked almost precisely as I had worded it, too. Nice!

However, the question had downvotes, and the first comment was somewhat snarky; "Seriously... you didn't google that, did you ?"

I'm assuming this is a reference to a question of whether the user had checked the GoLang documentation, since the Go language has quite a bit of (rather terse but straightforward) documentation on the standard and common library functions in the language. The poster said that he did, but didn't understand what the cutset was as referenced in the trim function.

The problem as laid out in the question was that the asker had a question while working on something and laid it out as he had searched for it (which apparently was really good for Google indexing, since I found it near the top of search results.) They had found the reference documentation and didn't understand something as it was worded there. Rather than ask about that step in the troubleshooting process, they backed up a step to the original question, and asked it. And was mocked for it.

It reminded me of a damned if you do, damned if you don't situation I've occasionally run into. Recently I've been paying conscious attention to asking questions framed as an end goal, and not framed as a step I'm on in troubleshooting or finding a solution.

For example, asking about changing a particular block of code in a phone server would yield a response of, "What are you trying to do?," and sometimes that would lead to a, "What you might actually want to do is XYZ." The person had  better way of achieving the results I'm looking for, or know of gotchas in what I was trying to change.

Framing the question in terms of a step along the path to what I think is the way to achieve a goal means I might be going down a rabbit hole. Working with someone more knowledgable means I might find a solution that benefits from their experience.

The problem is that learning the how of something takes more time. In many job situations, this isn't appreciated; you need to solve a problem and move on. You're kind of penalized if there's a perception that you're using company time to do something like "learning." I've had conversations on this vein with someone in the Geeking After Dark podcast, where I described a mentoring or learning program sponsored by an employer would be beneficial for an employees professional growth, but he argued that if it's not a benefit to the employer and took up work time it's not something worth doing. Learning has to take place on your own time, and it's commonly expected that employees improve themselves, even in a professional capacity, on their own.

So when do you seek learning how to fish versus the expectation of asking for fish? You're asking a question because you need to solve a problem, and you're penalized for trying to learn the how while the giver of the fish...in this case StackOverflow...has community members that penalize you for not asking how to fish.

Maybe there's not a straightforward solution to this, unless there are more people willing to give an answer while expounding on the solution so the asker has an opportunity to learn. All the poster really needed in this example was a restatement of the documentation in a more learning-friendly manner. Perhaps the asker isn't asking a how-friendly question. But that doesn't mean someone can't answer it as such.

New Programmer Insecurity: Multiple Ways to Implement

I've been working on my GoLang side project for awhile now, and since I didn't sit down and write a specific set of specifications I ended up making a few changes in implementation along the way.

When I get a chance to work on the program, I'll make a few changes, add a small function, test it, and set it aside until my next chance to work on it. Recently I realized I wanted to make a few changes in how the functions...function. But when the application is run, there's no appearance that anything has changed.

That got me thinking about another aspect of beginners programming; another reason I feel fear creep in at the prospect of an experienced programmer looking at what I've done only to scoff at the work I've done. I have been working with the idea that, "As long as it works, I must be doing something kind of right."

Let's take a simple example. The simple, cliche test for a programmer new to a programming language is to have it spit out "Hello, world!" For most languages this isn't all that hard.

I create a hello_world.go file and populate it with the following:

package main

import "fmt"

func main() {

fmt.Println("Hello, world!")

}

Using "go run hello_world.go" yields simple results.

Let's make a simple change. Here's the new code:
package main

import "fmt"

func main() {

var hello string = "Hello, world!"

fmt.Printf("%s\n", hello)

}

A quick retest does this:

Look familiar?

Let's make another minor change.

package main

import "fmt"

func main() {

var hello string = "Hello, world!"

fmt.Println(hello)


}

Run again:

Hmm...still look familiar?

Here's something only slightly more advanced in technique...

package main

import "fmt"

func sayHello() {

var hello string = "Hello, world!"

fmt.Println(hello)

}

func main() {

sayHello()


}

What does it do?

Let's bump it up one more step.

package main

import "fmt"

func sayHello() (string) {

var hello string = "Hello, world!"

return hello

}

func main() {

greeting := sayHello()

fmt.Println(greeting)


}

I bet you can guess what the output looks like.

See a pattern?

The point is that this same output came from several similar, but different, implementations of code. Which of these implementations is "better"? Is there a better way, if the output is the same each time? What if there's another method that "should" be used but I don't know about?

Those are the thoughts that makes sharing source code, for beginning programmers, more of an exercise in anxiety. 

"Look! This is pretty awesome, yeah?"

"Sure. But...why did you do this? You should probably have done this instead."

Is there a sound pride makes as it deflates?

Worse, I'm not sure there is a way to definitely find answers to what the "best" way to do something is. Some languages, like Ruby, encourage a "Ruby Way" of thinking about program design. Other time, as you gain experience while trying to make an application, you gradually learn about ways to implement a function in a way that makes more sense doing it in a particular way than another. Only experience will demonstrate this, and thinking about the design of your application will lead to epiphanies of implementation.

Regardless, there is no simple "This is how you do it" solution, only fumbling through, trying to understand what you're doing and spending time reflecting on how it works so maybe you'll realize a better way to do it. Or you'll paint yourself into a corner, stuck until you find you must refactor how you did something so you can fix the point you're stuck in and move ahead again.

As for my project, I continue to move ahead on it, despite fears of how crappy the code is once it reaches a release-level in my head. There are several more functions to get working before I reach that point. Once there, I'll be proud of it, regardless of how well it works compared to a company application or how crappy the code is, as long as it mostly works as I envisioned. 

Because really...what else can I do?

Golang: Formatting Your Code with Gofmt

Contrary to what some may think, I do try to keep several balls in the air; work obligations, the podcast (Geeking After Dark), and (when I have a good block of time along with a solid idea of what small step I want to accomplish) my organically mutating GoLang experiment, all being kept in the air as I try to fit in a functional amount of sleep. Recently I have been losing more sleep than usual to the stress of finding a new apartment, and now am in the middle of a rats nest involving the arrangements that come with trying to actually move locations.

Good times!

But through all this I still managed to get an occasional commit on my personal Go project.

Learning to program with a personal project in a language you haven't used before can be an almost zen-like experience. I'm hitting all sorts of moments when I sort of feel like I'm starting to understand why certain memes and practices are in place, and using a language that itself is the product of insights gleaned from perceived design issues with other languages allows me to take advantage of certain aspects encouraged in the programming language. Rarely will you find a language where the users keep asking each other for help in the form of, "What is the idiomatic way to do this?"

The last time I found a language that had such a strong "This is the proper way to do this in this language even though you can get it to work doing it a different way but we'll judge you for doing it wrong" vibe it came from books introducing new programmers to Ruby on Rails. Not that this was a bad thing; I feel that in a proper context with a proper design, it's possible that the "proper" way of doing something in that language ends up just feeling better and being more readable.

Readability...often subjective, and something that can (and does) spawn huge threads of argument. It's probably where much of the push for newer programming communities to have a canonical proper way to do things originated.

I was looking up information for implementing a feature fermenting in my head when I discovered that Go, despite being a relative newborn in the field of programming languages, has a utility in the standard suite of tools meant to help you format your source code in the proper way.

I used it, and I really like it.

all you have to do is:

gofmt -w yoursourcecode.go

...and it'll replace your .go file with a reformatted file. While I didn't have (from what I could tell) huge changes, it did spruce my stuff up a bit. And it looks, so far, like it didn't break anything. If you just run gofmt without the -w, it'll write the output to standard output, which you could direct to a new file through redirection if you were so inclined.

Gofmt actually has a few options you can use to try streamlining things by eliminating extra parens and such. I haven't experimented with it; being relatively new,  I sometimes prefer being overly explicit in what I place into my sources so I have less trouble figuring out what I'm trying to accomplish later on; besides, the compiler removes and optimizes much of my inefficiencies for me. For now I'm at a level where running gofmt before a commit will be a workflow insertion to help keep my source a little more clean, and it also helps in learning the proper way to format source code.

If you're new to programming and trying to learn Go, try using gofmt in your workflow. Use the resulting files to absorb what is considered good practices in writing clean-looking and maintainable source. I won't say that it's perfect, but it should at least point you in the right direction of creating source code files that are easier for others to read and maintain down the road, including for your future self.

Especially your future self. Trust me on that.

Creating Mini Applications to Learn More in the Process

The topic of how to approach developing programming skills is one I've discussed before, both on this blog and on the Geeking After Dark podcast. On the podcast, we (Pete and I) generally agreed that it was best to have a project in mind when trying to program; it gave you a goal to work towards, and you were solving a practical problem. Too often the exercises in programming classes seem boring; what't the point of creating an application that counts to 10, unless it's a prime number?

I missed one another approach to improving programming skills; solving mini-problems. Unexpected things that crop up present opportunities; scripting tasks can be done with actual scripts, or you can try creating small, compiled utilities for future use...scripts on steroids.

 I've been working on a project for awhile that involves creating kiosk-like functionality on a few select laptops. A utility was installed whose purpose was to restore the systems to a specific configuration when restarted; that way users could save files or reconfigure the system and it would go back to its pre-login state. 

I had a few issues with them that led me to believe things weren't working the way they were supposed to, but one of the big ones that I definitely could tell wasn't happening was the setting that told the laptops to automatically reboot every X minutes. 

In the course discussing the problem with their tech support, they said they spoke to the developers and it used the same mechanism (GetLastInputInfo) as the Windows screen saver for determining when to trigger the reboot. They suggested I set the screen saver to run 5 minutes before the reboot was supposed to happen to see if something wasn't resetting the idle counter. 

I thought there had to be a way to get a more direct way to get the counter setting; as I had been playing with Go, maybe that had a method of printing that value. 

Why Go? It's fast. It compiles to work on multiple platforms. It seems pretty flexible. And it compiles a single executable, so there's no need to install a framework or support libraries. Or even run an installer. Plus it's the language I've been recently trying to learn. 

The initial problem wasn't simple to solve; turns out there isn't a direct way to access an API call on Windows using Go. I asked for help on Stack Overflow and fortunately found someone who gave a thorough response; Go has a mechanism for indirectly getting information from API functions. 

The code snippets he gave worked rather well, but reading the code made me think that there was no way I would have figured it out on my own; this was rather disheartening. Once again the "programming makes me feel dumb" bug was biting; it was a profession for people with some kind of innate ability that I lacked. 

I approached a developer working at our company (and who was also playing with Go in his spare time) to ask him for some advice. In part I said,

I’m not entirely sure I understand it, and am hoping that the process of implementing it will shed some light on how it works, but…this is where it seems like there’s a cliff between compiling “Hello, world!” and “WTF is this?” 

So as an experienced developer that looks at that question and probably sees it as, “Of course that’s how you do it!,” where and how do you think that cliff is scaled? Just experience? Is there a thought process or some comprehension that I’m simply missing?

I was still anxious to ask this since I felt that it made me look as stupid as I felt, plus this was a coworker I looked up to. I had to set aside the hero worship part of my brain and instead cash in the reality check that he was an actual person who might be willing to spend a few minutes to offer some encouragement. And he came through. His reply read in part,

Programming experience does have the quality of amassing an amount of trivia (like this) over time. And devs have a habit of making one feel like you should have known that. But no, you shouldn't have known that. You might have known it, or not. 

There are problems that are a test of smarts, but this one has more to do with whether you happen to have been down a very specific road before. Hope this helps! 

That's the kind of encouragement that helps validate that it's okay to be confused or feel a little lost. So I kept with it and within a couple of days of after-hours tinkering, I had a very bare-bones utility that ran a loop dumping the current last input count; the API returns the Windows tick count when input was last recorded from the keyboard or mouse.

So what was I missing?

The laptop was set to run as a kiosk; it booted up and logged in as a non-privileged account, with access from the desktop to a few basic communication tools. When the computer logs in automatically, the tick count reads 0. Let the computer sit until it was supposed to reboot, nothing happened. Let it sit for a bit then hit a key on the keyboard so the last input tick count was non-zero, wait the length of time for the automatic reboot, and it rebooted.

I sent this information to the company, and they realized that I was actually auto-logging in and it sounded like that wasn't a test case they'd tried, although it also sounded like this was purposely designed this way because otherwise it would reboot constantly without ever having been touched. The Windows screen saver didn't care if the counter was zero.

I won't get into the reasons why, yes, I'd like to reboot the computer anyway, because the point is that instead of having to indirectly test the state of the idle timer (which in this case it wouldn't help, since the screen saver counts an idle tick count of 0 and the utility didn't) I had a small utility that can give the accurate insight to what's happening.

It was a small project with a niche purpose, but it was useful and solved a problem while giving me some experience with the language, and it gave some information on how Windows treats login sessions and the scope of the idle timer (I tested at one point whether the mouse/keyboard being used on the laptop would be affected while I was logged into an RDP session, for example.)

You don't need a large project to assist in learning. Small, niche projects can be very useful as well. Mixed with the occasional bit of encouragement from those with more experience, and you have a pretty good recipe for building some programming experience.