Hackers* use the word “state” to describe “information being maintained in non-permanent memory”, whether that memory is in a human skull or a computer’s RAM chips. In fact, that ambiguity over exactly where the state is being maintained is one of the word’s strengths — as the browser-tabs example shows, there’s getting to be less of a distinction between the two. The stuff in my browser’s tabs is a reflection of what’s in my own brain, and a nearly-seamless extension of it.

Like every other web developer, I recently got a message from Firefox saying it needed to upgrade. (Because security researchers found yet another hole in Adobe Reader.) Despite the fact that I had over a dozen tabs open, I knew I wouldn’t have to worry about performing the upgrade, because Firefox would remember all my tabs and reopen them after restart. It’s basically a momentary hiccup in my workflow; I can start the upgrade and then use that 30-second break to refill my teacup or go to the bathroom. Come back, sit down, close the spare “You’ve just successfully upgraded Firefox” tab, and just keep working.

Compare that with Windows Update.

For one thing, I can no longer in good conscience advise people to allow Windows Update to automatically install things. Not after Microsoft used it to push “Windows Genuine Advantage”. With Firefox, a security update really is just a security update, not an excuse to push crapware on one’s customers. With Windows Update, I need to scroll through the list of updates and make sure they’re not sending me something I don’t want (but which I can never uninstall if I accept it once).

More importantly, though: You never know when a Microsoft security update will include some component that forces a reboot. Sometimes, you’ll just get a message that your update isn’t complete until you restart, and would you like to do that now? Other times, you get the annoyingly insistent dialog box that pops up every five minutes, nagging at you to restart your machine. And it won’t go away until you restart. Trying to get anything useful accomplished between that thing’s interruptions is like trying to concentrate with a Harrison Bergeron-style mental handicapper on. Which means that before you even start the process, you’d better be ready to save and close all your work in every single application.

Is it any wonder people hate installing Windows security patches?

The problem is that if you make security updates annoying, people will try to avoid them. And one of the biggest annoyances these days is breaking people’s train of thought. Now that half of my train of thought is in the computer — in “state” that the software is maintaining for me — making the software continue to maintain it across sessions turns out to be a big win.

The E Text Editor is another example of an application that makes it really easy to leave state in the computer’s memory instead of cluttering up your own wetware with it. E’s philosophy is to never discard data unless the user explicitly requests it. It takes the concept of an Undo history far beyond what most people are used to.

Back in ’90s, people got used to having an “Undo button”: you could reverse one action. Then we got the “Undo history”: you could work backward through multiple steps of undo. Finally, we got the “Undo/Redo history”, which allowed one to step forward as well as back in that timeline… but it was still just a line. If you went back 50 steps, then did something new — something different from stepping forward — those 50 steps were all immediately discarded.

E doesn’t discard information so casually. If you do something new, you now have a new branch in the history of your document. It has an “Undo/Redo tree”. (This results in a lot of data being maintained on your hard drive. So what? Hard drive space is cheap. Way cheaper than human attention, which means trading off a bunch of disk space in order to maintain some human attention is a very good deal.)

And, of course, it maintains this state across sessions. If I’ve been working on a complicated image in Photoshop for a few hours — or for a week or two, without closing the program (and hence not applying any Windows security updates, because they might force a reboot!) — one of the last things I want to do is close that file unless I’m positive that I won’t ever feel like going back to a previous version of it. (This is why graphic artists get so used to hitting “Save a Copy” a whole lot.) The moment I close the file, even if I leave Photoshop itself open, I’ve lost that history.

Not so in E. I can close the program, apply my Windows patches, then reopen E… and it will reopen the files I had open when I exited it, with all that Undo/Redo tree-history still there.

And this also means that shutting down and restarting E is an easy action. It has no ill effects. I can do it any time, and not have to worry about what I’m losing. Which means that if E ever comes out with any security patches, I won’t be at all worried about applying them.

Having nothing to lose by a shutdown makes your program a lot more likely to be upgraded.

* In case it isn’t already obvious, I’m using the word “hacker” to mean “a computer programmer who loves programming for its own sake, not someone who’s just punching a clock to pay the bills”. This is similar to the programmer-enthusiast culture’s classical definitions that include “A person who enjoys exploring the details of programmable systems and stretching their capabilities” and “A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.” It should be very obvious that I don’t mean someone who breaks into computer systems.

Palm’s response to this problem is a single paragraph of corporate PR-speak:

Palm takes privacy very seriously, and offers users ways to turn data collecting services on and off. Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience. For instance, when location based services are used, we collect their information to give them relevant local results in Google Maps. We appreciate the trust that users give us with their information, and have no intention to violate that trust.

The problems with this statement are:

1. There is no indication of how to turn off this particular piece of data collection. Not on Palm’s web site, not in the user manual that came with the Prē, and not in the Prē’s user interface.
2. For all the “detailed language” in Palm’s privacy policy, there is no slightest indication — anywhere — that they collect information about what applications the user runs.

It’s particularly interesting to look at the “On-Device Services” part of the privacy policy: It mentions types of data that will be collected “If you use services we provide” (emphasis added). For example, they say, “When you use a remote diagnostics or software update service, we will collect information related to your device (including serial number, diagnostic information, crash logs, or application configurations)”. This is the only mention of collection data about a user’s applications, and it clearly starts with “when you use a diagnostic service”.

It doesn’t say “once per day, no matter what”.

Other items under “On-Device Services” start with “When you use a back-up and restore service…” and “When you use location based services”.

All of this suggests that users have some sort of control over what gets sent and when. The Palm Prē’s “Location Services” preferences item has a control labeled “Background Data Collection”, with the caption: “Allows Google to automatically collect anonymous location data to improve the quality of location services.” (This is after other controls labeled “Auto Locate”, “Use GPS”, as shown at right. If you turn on Auto Locate, you also get a control labeled “Geotag Photos”.)

It doesn’t say that Google (or anyone else) will collect data on what apps a user is running. And it strongly implies that this data will only be collected when I actually run an app that uses location services — for example, Google Maps, or OpenTable (which wants to know where I am so it can try to find nearby restaurants).

And it blatantly claims that if I turn off that switch, it won’t send my data off to big corporations any more.

So far, I’ve verified a few things:

1. The application data log includes installs, uninstalls, and launch and close times for all apps, not just Palm’s official ones. Homebrew and third-party apps are included.
2. Flipping the Background Data Collection switch does not turn off the contextupload process that’s responsible for sending the information to Palm’s servers.
3. Nor does it stop logging application launch and close times. I’ll repeat that: My Prē is still logging application launch and close times into /var/context/contextfile, even though I have Background Data Collection turned off.

We in the technology business have a technical term for what Palm is doing when it claims that it “offers users ways to turn data collecting services on and off” in the context of this particular data. That term is: lying. Palm is lying to us, pure and simple.

The story is simple: I was tired of seeing “failed password” messages from sshd cluttering up my logs. I was also annoyed at the constant flow of dictionary attacks, even if I knew they’d never get in. So I whipped up a quick Perl script that acted as some glue between Swatch and iptables, and which would also give me some amount of reporting and history on who and what it was blocking.

Then I posted about it in my online journal, and a friend said it sounded useful. So I started getting it ready for release as a package that anyone could use…

And promptly realized that doing a decent, professional job of it would take more time than I had available. Fast-forward to now, when I’m unemployed and can only spend so many hours per day job-hunting — the result is that the world gets more software!

I do recall, however, that my head nearly exploded when I found that the product required the user to turn on ActiveX… and not even restrict it to local execution only! I informed the client (with as little ranting as I could) that this was an extremely bad idea, and strongly advised that he get a different security software suite, and ditch the McAfee product as quickly as he could.

It seems that McAfee has not improved their security practices since then. People are saying that a security company should know better. I agree, but I’m not all that surprised; this just looks like more of the same stuff I saw from them back in ’05.