As all systems administrators know all too well, SSL is an exasperatingly picky system. SSL certificates are issued on a per-domain-name basis, they expire and self-signed certificates aren’t considered “valid”. All of these, however, are generally benign problems: such certificates do still provide encrypted communication. And now we see that there are unintended consequences for all of this officiousness:

Internet users have grown immune to security certificate warnings and are more than happy to click past them, according to a new report out of Carnegie Mellon University. Researchers found that users won’t hesitate to engage in this risky browsing behavior, especially since most warnings are for benign things like expired certificates. This behavior leaves them vulnerable to man-in-the-middle attacks, and the report calls for a reform in how warnings are handled in both safe and dangerous situations.

The researchers studied the behaviors of 409 Internet users in order to monitor their reactions to and understanding of various SSL warnings, and found that “far too many participants exhibited dangerous behavior in all warning conditions.” This was despite the fact that many users understood the meaning of the warnings—for example, 50 percent of Firefox 2 users understood what an expired certificate meant, and 71 percent of those users said they actively ignored such a warning (47 percent and 64 percent for Firefox 3 users, respectively).

David Pogue, of The New York Times, points out that the misdeed of handset exclusivity that the United States Senate has begun to investigate is hardly the cellphone industry’s only or even most egregious sin. Mr. Pogue identifies five offenses specifically:

1. Text-Messaging Fees
2. Double Billing
3. The Subsidy Game
4. International Calling
5. 15-Second Instructions

Mr. Pogue calls on Congress to act:

Right now, the cell carriers spend about $6 billion a year on advertising. Why doesn’t it occur to them that they’d attract a heck of a lot more customers by making them happy instead of miserable? By being less greedy and obnoxious? By doing what every other industry does: try to please customers instead of entrap and bilk them?

But no. Apparently, persuading cell carriers to treat their customers decently would take an act of Congress.

There certainly is much about the American cellphone industry that requires rectification. And, sadly, it very likely will require an act of Congress to force the American cellphone companies to pay more attention to the needs of their customers. Underlying all of this, however, is another question that deserves just as much, if not more, attention: Just how did we get to this point in the first place?

Mergers and Acquisitions

The big four American cellphone companies have seen plenty of natural growth over the years. Most of this natural growth, however, has come from customers new to the cellphone market, buying a cellphone for the first time. This kind of growth has benefited each of the carriers more or less equally. In order to gain an advantage over the others, these carriers have looked to more artificial means of obtaining new customers: mergers and acquisitions.

The coalescence of companies (including a number of former Baby Bells) that eventually gave rise to the current AT&T was famously parodied by Stephen Colbert. Verizon is similarly rooted in the joint ventures and eventual mergers of former Baby Bell companies. Sprint Nextel, of course, was formed by the 2005 purchase of Nextel by Sprint, two companies that by then were already conglomerations in their own right. T-Mobile was fashioned by the amalgamation of Powertel, Voicestream and Western PCS, among others. These already mammoth corporations have continued to consume whatever remaining regional companies they can get their hands on: In November of 2008, AT&T acquired Centennial Wireless and in January of this year, Verizon acquired Alltel Wireless.

The salient point, here, is that this is exactly the kind of industry consolidation that anti-trust laws were created to prevent. All of the mergers listed above, along with countless others in the industry, have somehow passed muster with various regulatory agencies ranging from the Justice Department to the Federal Trade Commission. Of course, these agencies like to make a show of being tough—of appearing to consider the consequences of such mergers. Usually, this comes in the laughably ineffective form of requiring the acquiring company to sell off operations in certain markets. These sales, quite naturally, are almost always to one of the other major carriers and thus serve to perpetuate consolidation rather than prevent it.

The Resultant Tetrarchy

Today, the American cellphone industry is a near-textbook match for the definition of an oligopoly. Gartner estimated in 2008 that the top four U.S. carriers—AT&T, Verizon, Sprint Nextel and T-Mobile—accounted for 84.4% of the market. The advantage that an oligopoly affords its participants is that of implicit collusion. Of course, these companies generally don’t actually collude; they don’t gather in one of those proverbial smoke-filled rooms to discuss how best to extract money from their hapless customers. That would be illegal. Why risk legal action when a perfectly legal wink and nod will accomplish just as much?

As Mr. Pogue points out, the four major cellphone carriers in the U.S. all raised their text messaging rates at roughly the same time. They almost certainly didn’t agree to do this or even speak about it beforehand. There was no need. All that was required was for one company to announce that it would do so and the rest dutifully followed suit.

In an oligopoly, each company’s self-interest is best served by matching the price increases of the others. Long-term contracts make matters even worse: if any of the major carriers did precipitously drop prices in order to attract new customers, it would have to wait for months or even years to see a significant increase in customers as potential switchers would have to wait for their current contracts to expire. In the mean time, revenues would drop due to the lower prices. No, even for the smaller carriers, Sprint and T-Mobile, it’s best not to rock the boat that much. Their best interest is served by pegging their prices only slightly behind that of their larger competitors and trying not to get too far behind in the acquisition game.

The Call to Action

The cellphone industry’s tetrarchy is now a fait accompli. Only an AT&T-style breakup (ooh, the irony here is rich) could possibly reverse the gains the Big Four have made and such efforts by the government are few and far between for monopolies, let alone oligopolies. More often, regulation is the government’s answer to these situations and cell phone users like me would undoubtedly benefit from some consumer-minded oversight.

As the old saying goes, however, an ounce of prevention is worth a pound of cure. What Congress really needs to do is overhaul our nation’s anti-trust laws. Far too much consolidation happens in the current system and regulators are far too willing to go along with it. Consumers inevitably pay the price. This overhaul needs to happen now, before the next industry degenerates into an oligopoly, duopoly or monopoly.

In my opinion, the default stance of the regulators for any merger should be disapproval, except perhaps in cases of bankruptcy.

Dieter Bohn of precentral.net has uncovered the answer:

The Pre is now telling your computer that the vendor who made it is Apple. The change here is that with previous versions of webOS, the Vendor ID was “0x0830 (Palm Inc.).” So while previously the Pre identified itself as a “mass storage device” called an iPod, now it’s identifying itself as a “mass storage device manufactured by Apple” called an iPod.

This does, of course, violate the USB consortium’s rules about the Vendor ID. Palm, for it’s part, has preemptively filed a complaint with the USB group against Apple, presumably for having the temerity to discriminate among USB devices based on Vendor ID.

Paul Graham on makers vs. managers:

The manager’s schedule is for bosses. It’s embodied in the traditional appointment book, with each day cut into one hour intervals. You can block off several hours for a single task if you need to, but by default you change what you’re doing every hour. […] But there’s another way of using time that’s common among people who make things, like programmers and writers. They generally prefer to use time in units of half a day at least. You can’t write or program well in units of an hour. That’s barely enough time to get started.

When you’re operating on the maker’s schedule, meetings are a disaster. A single meeting can blow a whole afternoon, by breaking it into two pieces each too small to do anything hard in. Plus you have to remember to go to the meeting. That’s no problem for someone on the manager’s schedule. There’s always something coming on the next hour; the only question is what. But when someone on the maker’s schedule has a meeting, they have to think about it.

Jakob Nielsen summarizes his company’s latest mobile Internet usability tests (emphasis in the original):

All of our new research findings support a single conclusion: designing for mobile is hard. Technical accessibility is very far from providing an acceptable user experience. It’s not enough that your site will display on a phone. Even touch phones that offer “full-featured” browsers don’t offer PC-level usability in terms of users’ ability to actually get things done on a website.

When designing for mobile, there’s a tension between (a) making content and navigation salient so that people do not work too hard to get there, and (b) designing for a small screen and for slow downloading speeds. That’s why almost every design decision must be made in the context of the site being designed, and what works for a site may not work for another.

Unless websites are redesigned for the special circumstances of mobile use, the mobile Web will remain a mirage. Users won’t realize the benefits promised by mobile vendors, and site owners won’t reap the profits that would follow from gathering hordes of loyal mobile customers.

Jeff Atwood thinks so (emphasis in the original):

I can publicly acknowledge what I’ve slowly, gradually realized over the last 5 to 10 years of my career as a software developer: what we do is craftsmanship, not engineering. […]

What DeMarco seems to be saying — and, at least, what I am definitely saying — is that control is ultimately illusory on software development projects. If you want to move your project forward, the only reliable way to do that is to cultivate a deep sense of software craftsmanship and professionalism around it.

The guys and gals who show up every day eager to hone their craft, who are passionate about building stuff that matters to them, and perhaps in some small way, to the rest of the world — those are the people and projects that will ultimately succeed.

I think Jeff may be splitting hairs a bit when it comes to the definition of engineering but his overall point is well taken. Burdening software development with too much process and discipline stifles creativity and contributes, I believe, to that unholiest of all (software) abominations, “enterprise” software.

When I first started to pursue a Computer Science degree in college, there were two required texts: C++, an Introduction to Computing and Introduction to the Personal Software Process. The premises of these books, respectively, were (a) in spite of a patently unhealthy obsession with semicolons, C++ is the One True Programming Language™ and (b) programming, if done properly, must produce more paperwork than code. I lost what interest I had in programming at that point and it has taken me a decade to regain that interest.

I first heard of TabViz from Lukas Mathis. TabViz was born of the Mozilla Labs Tab Design Challenge. The Challenge’s premise was to take an already popular and now ubiquitous idea and make it even better: tabbed browsing. The TabViz idea is to display the inherent parent-child relationship between tabs using a radial visual metaphor. Of course, this approach is best demoed rather than described:

Sadly, the demo in that video is preceded by two and a half minutes of background and exposition. If you’re like me, you found the first two and a half minutes of that video to be excruciatingly boring. In fact, I didn’t even make it through those first two and a half minutes; I almost immediately started to skip ahead to find the actual demo. Let this be a lesson to all: the demo should always come first. That’s salesmanship 101. Let’s face it: in life, selling your idea is often as important (if perhaps not even more important) as having a good idea in the first place. TabViz is an excellent idea and it deserves a better video to sell it.

Let’s learn something from the incomparable salesman Billy Mays. In this informercial about the Kaboom cleaner, the demo starts after only 10 seconds:

Fascinating article on tiger moth evolution:

Rates of successful [bat] hunts of moths with intact tymbals [ultrasound-producing organs] were only about a quarter of the rates seen when the tymbal was damaged. Tracking the animal’s hunting patterns in the room shows that, as animals approached a jamming tiger moth, they frequently wound up resetting their approach-track-terminal hunting pattern, going back from tracking a moth to approaching it, or from the terminal attack to tracking.

Google’s appropriately-named effort to infuse Python with more teh snappy has reached its latest development milestone. The performance gains are still relatively modest and come at the cost of a ten-fold increase in memory usage but the plumbing is now in place and it has already achieved compatibility with important Python projects such as Twisted, Django, NumPy and Swig.

In stark contrast to that last poll, a recent survey by the Pew Research Center about the relationship between Science and the American Public gives us some detail about how the poll was conducted:

The survey of opinions about the state of science and its impact on society was conducted by the Pew Research Center for the People & the Press in collaboration with the American Association for the Advancement of Science (AAAS), the world’s largest general scientific society. The survey of the general public was conducted on landlines and cell phones among 2,001 adults April 28-May 12; the online survey of scientists was conducted among a sample of 2,533 members of the AAAS from May 1-June 14. Science knowledge questions were included in a separate survey of the general public, conducted on landlines and cell phones among 1,005 adults June 18-21.

Sections 4 and 5 were the most interesting, I thought. Among the scientists polled, 97% accept evolution, 84% believe that the Earth is warming due to human activity and only 33% believe in God. Among the non-scientists polled, 61% accept evolution, 49% believe that the Earth is warming due to human activity and 83% believe in God. In spite of these marked contrasts, 84% of the non-scientists polled had a positive impression of science generally. While I’m glad that so many view science positively, I can’t help but notice the disconnect between that impression and the willingness to accept what science, based on research and evidence, has to say about evolution and global warming.