Monday, July 19, 2010

"Antennagate"

So the tech press and bloggers are offering their analysis and meta-analysis about "Antennagate".

Ignoring the fact that these dying publications' revenue model are based on selling more dead trees (or garnering more pageviews in the case of bloggers) and thereby have a vested interest in making mountains of molehills, let's concentrate on their reasoning ability (or lack thereof).

First, some numbers. Spencer Webb, who actually designs antennas for a living has done some independent measurements on his own, and calls out Consumer Reports on their flawed methodology.

From the article, Mr Webb makes some interesting observations, which I shall summarize and include some points of my own.

1) The iPhone 4 is markedly better than the iPhone 3GS at uploading/downloading if both phones are used without covers. Remember this.

2) When both phones are held in the so-called "death grip" (full grip), the iPhone 4 on average is still better than the iPhone 3GS, but with a greater variance as compared to the 3GS. In other words, you may or may not get worse performance in a full grip.

3) What this means is that if you're a current iPhone 3GS owner and have never had problems, it's likely you will not experience problems with the iPhone 4 either, even with a full grip.

4) Assuming that cell tower reception is poor, changing to a half-grip or simply not bridging the iPhone 4's antenna gap may be able to improve the situation significantly. This is what Steve Jobs meant to say.

5) Since the press has decided to make an issue out of it, Apple decided to give out free bumpers up and refund the cost of bumpers for those who bought them, until 30 Sep.

6) With regards to "analysts" jumping on the "less than 1% delta vis-a-vis iPhone 3GS per hundred dropped calls" data point and thereby claiming Apple is playing the numbers game, remember point 1. The iPhone 4 has better reception than 3GS, which means where you could not even make or receive calls with a 3GS, an iPhone 4 can, albeit with a weak signal. Would it be such a surprise that the call subsequently gets dropped?

As can be seen, the large majority of the charges are not backed up with good reasoning whatsoever.

As to why Steve Jobs appears to be defensive about all this, have you ever questioned a Japanese salesman about his company's product quality? You might as well insult his mother. Same thing here.

Monday, July 12, 2010

LeBron's move to Miami

OK so LeBron's going to Miami. Charles Barkley thinks it's a bad move. Bad move? Charles is a compulsive gambler, meaning... he doesn't make rational decisions.

How often does an opportunity present itself where 3 of the most promising young players are on the same team? The last time there was such a powerful trio would be the 60s Lakers of Elgin Baylor, Jerry West and Wilt Chamberlain.

Let me put it this way:

Suppose you have an offer to start in the All-Star Game. Suppose this position is permanent. Would you turn it down for the sake of "loyalty"? Or to "prove a point", that you can "go it alone", be a "man's man"?

Basketball is still a team game. You take every opportunity you have to win it all. That's all that matters at the pro level. Anyone that says otherwise is either plain jealous or hypocritical. Recreational basketball is a different story altogether.

These guys are aiming for the stars. It's an experiment that just might make the NBA interesting for me again.

Wednesday, July 07, 2010

Cause of DBS's banking failure?

DBS, one of the largest banks in this part of the world, experienced massive outage of its online banking and ATM facilities on Monday.

The timing of the failure is interesting, because 5 July 2010 does not seem to be a significant date. So what could've caused the problem?

I have no inside information but the following:

1) The payment card industry (PCI) has data security standards (DSS). Version 1.2 of the standard called for the switchover from SSLv2 to SSLv3, on 1 July 2010.[1][2][3]

2) According to the CNA article, the bank discovered the problem at 3 am. As it turns out, 3 am is exactly 99 hours from midnight, 1 July 2010.

My conjecture is that the terminals have a "heartbeat" and would attempt to connect to the back-end systems on an hourly basis, but would be unable to do so since the protocol switchover happened on 1 July 2010. The data structure logging the re-connect attempts then ran into a buffer overflow when 4 am rolled around since 99+1 = 100.[4] If this exception is left unhandled then it would cause the system to halt.

If this was indeed the root cause of failure then the band-aid fix would probably require a reconfiguration of the terminals to use SSLv3 or TLSv1.2. The real solution is to improve test coverage and perform a code review. At the operations level DBS would have to audit its processes to ensure compliance in future.

[1]http://www.pcicomplianceguide.org/pcifaqs.php#18
[2]http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
[3]http://www.rapid7.com/vulndb/lookup/sslv2-enabled
[4]The offending data type is probably a numeric fixed-point packed decimal declared to 2 decimal places, a.k.a. PIC 99 in COBOL.