Some Cognitive Biases

Saw a fantastic quote tweeted the other day, an excerpt from a book entitled Political Animals: How Our Stone-Age Brain Gets in the Way of Smart Politics. While the book has mixed reviews, the biases are worth taking a gander at…

Here are some of the most common cognitive biases identified by social scientists.

Availability Bias
Perseverence Bias
Source Confusion
Projection Bias
Self-Serving Bias
Superiority Bias
Planning Fallacy
Optimism Bias

Do any of them privilege the truth? The answer is no. Not one. They privilege survival.

Here’s the rundown:

  • Availability Bias – overweighting importance based on memorable/dramatic/easily recalled occurrences
  • Perseverence Bias – a type of confirmation bias continuing to believe things that have been proven wrong
  • Source Confusion – misattribution of a source of a memory
  • Projection Bias – projecting your own motivations (priority, attitude, belief) on other actors (including your future self!)
  • Self-Serving Bias – the tendency to see oneself in a favorable light. “It is the belief that individuals tend to ascribe success to their own abilities and efforts, but ascribe failure to external factors”
  • Superiority Bias – the “above average effect” – overrating positives, underrating negatives
  • Planning Fallacy – programmers are probably intimately familiar with; a type of optimism bias where task difficulty/length is underestimated
  • Optimism Bias – believing that you’re less at risk of something bad happening than others

A better book on this stuff might be Kahneman’s Thinking, Fast and Slow. Kahneman is a psychologist that won the Nobel Prize Winner in Economics and collaborated for over a decade with Tversky to do seminal research on cognitive biases.

Chargebacks and CC Fraud for Small Projects

Remy has been posting a series, The toxic side of free. Or: how I lost the love for my side project, on JS Bin, and Part 4 covers how he started Pro Accounts and some of the unexpected costs – that is, carders would use the low price to test newly stolen cards and eventually he’d get chargebacks. The Hacker News discussion includes some advice on using minFraud (Sift and FraudLabs are other alternatives). Amazon DevPay also sounds like a good alternertive to building your own billing system.

Also, VATMOSS sounds terrible.

Apple: Untrustable

As excitement of Apple’s new product announcements dominate today’s press coverage, and the memory of the celebrity iCloud hacks fade to obscurity (already seemingly long forgotten), completely un-remarked and un-addressed at today’s event (a good PR move, to be sure), I felt it might be worth posting some of my personal thoughts on the matter, as the silence from Apple on the issue has been quite disquieting.

To be clear, I’m a long-time fan of Apple design and engineering, and today’s keynote is a reminder of
Apple’s best-in-class in hardware and device software. I also own a not-insignificant amount of AAPL shares, but while I’d like to give them the benefit of the doubt, it seems to be increasingly clear that Apple should not be trusted with my personal information.

It’s famously well known that despite their technical prowess in hardware and software, Apple is just not very good at hosted services. Terrible at it really. From their earliest web-based apps, to their ongoing capacity problems, or their laughable attempts at building social services (Ping, anyone?), Apple’s online components are sometimes passable or on par, but more commonly they are mediocre, not-well thought out, clunky, outdated, or just plain broken; “not serious,” was the phrase a friend used. The problem is that today, the online components are as integral to a product as the device hardware or software. They are bound together, and sadly, the weakest link will cause the chain to break. Also, unfortunately, these traits seem to carry through for security for these services as well, which is definitely serious.

Over two years ago now, a friend, Mat Honan, had his Apple account (and digital life) hacked, in much the same way (via an almost identical vector) as the recent celebrity hacks. He’s a journalist, so he wrote all about it, and got a fair amount of press along the way, appearing on news shows, getting writeups, and generally making a big hubbub about it.

If you’re not familiar with that incident, it’s worth taking a look. Also worth reading is some of the analysis on the latest compromises:

Apple issued a terse official statement last week which denied any “breach” in any Apple systems and claimed that the accounts were compromised due to “targeted attack[s].” From a lawyerly perspective, this is perhaps technically accurate, aimed at deflecting blame and absolving responsibility, if not liability. Of course, like most such statements, especially looked at in context of the afore-mentioned writeups, it is quite misleading.

The attacks used to reset passwords via security questions and acquire iCloud access and backups were so frequent and common-place that discussions and communities had formed not just on the darknet, but on public forums/websites.

Either Apple’s security was so incompetent or negligent that they have not been aware of what was going on, or they knew, but actively ignored the issue and decided that it was not worth fixing. I’ll leave it to the reader to decide which scenario is worse.

Today, Apple announced their “Most Personal Device Ever”. They also announced Apple Pay (the only mentions of “security” and “privacy” in today’s event), and are rolling out health tracking and home automation in iOS 8.

Given their feckless track record, would you really trust Apple with (even more of) your digital life?

Some notes:

  • Last week, the same day where the big Apple news was the hiring of designer Marc Newson, Mike Hearn published a fascinating writeup of his anti-spam/abuse work at Google. Maybe unfair, but it struck me as an interesting contrast.
  • Over the years that these compromises have been happening, I haven’t heard of anyone that has been informed by Apple of a compromised account, or any information on their customer-facing forensic abuse team. Ignoring the larger issues of systemic security-holes (Apple can talk about “no breaches” but between non rate-limited/info-leaking endpoints, allowing resets via VPNs, lack of device pinning/access notices, they’ve left the door wide open for widely known attack vectors), what kind of support does Apple give you once your information is stolen?
  • Much hoopla has been made on 2FA. iCloud’s 2FA is less useful than you might think.
  • Not Safe For Not Working On – Dan Kaminsky writes about some of the implications of cloud security; also worth a read is What if I was a cloud? by iBrute‘s author. It’s obvious that cloud services need to seriously rethink how they store and authenticate personal information.
  • If you’re not already using fake security answers to security questions, you should. If you are, it may also be worth considering using a password manager to store unique nonsense answers for those questions

Apple’s A7

I don’t spend as much time keeping track of consumer tech these days, but I stumbled on an interesting article on Apple’s new A7 that got me to dig a bit more:

While in the short-term there have been more last-minute leaks from components suppliers, and it may be a losing battle, it looks like Apple is attacking strategic leaks by increased vertical integration: building/buying a fab may only be the first step (keeping in minde that Apple has over $100B in offshore cash).

Plastic cases are one thing, but it’ll be interesting to see how secret Apple can keep its AppleTV and iWatch developments. I think it’s fair to expect the former may end up attacking the living room/XBone a lot more directly than past efforts, and the latter will have a pretty big personal sensing/informatics component. These are both things that are pretty untapped markets for Apple that would benefit from a 360 ecosystem.

Why Automation Is Problematic

It’s Labor Day here in the US, and automation and its implications is something that again, has been weighing on my mind.

Here’s the short, to the point summary in two graphs:

Changes in Productivity and Hourly Compensation since 1948

Change in Productivity and Wages since 1979

To spell it out: the fundamental problem with automation is that when workers (lets call them the “proletariat”) are displaced by automation, they don’t see any of society’s productivity gains – those benefits are instead captured and concentrated by a smaller and smaller set of owners/capitalists (lets call them “bourgeoisie”).

Economic and technological logic is no doubt going to inexorably drive this displacement, but it’s not going to address the resulting social instability creating a massive and literally unsustainable underclass.

Related recent articles/discussion:

Some Notes on Labor, Technology and Economics

I think that we are all aware that advanced capitalism is leading us down a road that as a society, we may not want to travel – constant crisis due to increasingly advanced, complex, and unstable financialization, an increasingly vicious trend toward plutocracy and plutonomy that has obliterated socioeconomic mobility via massively increasing inequality, and of course, as an engine of unsustainability, where environmental, health, and social costs are externalized and reality is subsumed via a twisted economic logic.

All these things really should be teased out into much larger discussions, but a few recently related links/discussions I want to make note of (I’m slowly moving some things back out of Evernote into a way that can be narratized):

  • HN: Confessions of a Job Destroyer – a good essay that highlights what technological “disruption” really means; relevant to software, robotics and all sorts of enabling technologies
  • HN: Unfit for work (npr.org) – NPR is doing a weeklong series on how the disability program is hiding massive collapses in the workforce

Also, this image popped up in my Twitter stream recently…

A quick Google search shows that it’s been floating around for at least a year, and the bottom text references an organization that ceased to exist in 1982 so it is probably quite old, but still resonates as much (if not more) today. Here’s the text transcribed (via)

If you’re unemployed it’s not because there isn’t any work

Just look around: A housing shortage, crime, pollution; we need better schools and parks. Whatever our needs, they all require work. And as long as we have unsatisfied needs, there’s work to be done.

So ask yourself, what kind of world has work but no jobs. It’s a world where work is not related to satisfying our needs, a world where work is only related to satisfying the profit needs of business.

This country was not built by the huge corporations or government bureaucracies. It was built by people who work. And, it is working people who should control the work to be done. Yet, as long as employment is tied to somebody else’s profits, the work won’t get done.

The New American Movement (NAM)

Searching for this led to this interesting article:

KIN Lessons

There’s been a lot of recent reporting on the complete failure of the KIN (and Microsoft in general). Of these, I think that this comment from a Danger employee posted on Mini-Microsoft both sums things up, and serves as an object lesson for anyone in tech, and is worth reposting in full:

To the person who talked about the unprofessional behavior of the Palo Alto Kin (former Danger team), I need to respond because I was one of them.

You are correct, the remaining Danger team was not professional nor did we show off the amazing stuff we had that made Danger such a great place. But the reason for that was our collective disbelief that we were working in such a screwed up place. Yes, we took long lunches and we sat in conference rooms and went on coffee breaks and the conversations always went something like this…”Can you believe that want us to do this?” Or “Did you hear that IM was cut, YouTube was cut? The App store was cut?” “Can you believe how mismanaged this place is?” “Why is this place to dysfunctional??”

Please understand that we went from being a high functioning, extremely passionate and driven organization to a dysfunctional organization where decisions were made by politics rather than logic.

Consider this, in less than 10 years with 1/10 of the budget Microsoft had for PMX, we created a fully multitasking operating system, a powerful service to support it, 12 different device models, and obsessed and supportive fans of our product. While I will grant that we did not shake up the entire wireless world (ala iPhone) we made a really good product and were rewarded by the incredible support of our userbase and our own feelings of accomplishment. If we had had more time and resources, we would of come out with newer versions, supporting touch screens and revamping our UI. But we ran out of time and were acquired and look at the results. A phone that was a complete and total failure. We all knew (Microsoft employees included) that is was a lackluster device, lacked the features the market wanted and was buggy with performance problems on top of it all.

When we were first acquired, we were not taking long lunches and coffee breaks. We were committed to help this Pink project out and show our stuff. But when our best ideas were knocked down over and over and it began to dawn on us that we were not going to have any real affect on the product, we gave up. We began counting down to the 2 year point so we could get our retention bonuses and get out.

I am sorry you had to witness that amazing group behave so poorly. Trust me, they were (and still are) the best group of people ever assembled to fight the cellular battle. But when the leaders are all incompetent, we just wanted out.

(On another note, every time I read the minimsft comments, I just can’t get over how fucked MSFT’s corporate culture is. There’s just so much wrong on every level, it’d pretty much be impossible to succeed.)

And an interesting follow-up comment from another insider on project particulars:

Microsoft is a large enough company that experience in one part of it may not be applicable to other parts. (Duh). In PMX, there was no backstabbing or people out to get people. There was only poor management, a poorly designed and implemented product, and an insane delivery schedule.

Some random thoughts:

PMX was said to be a risky project. You don’t fire people who fail at risky projects, because if you do, eventually nobody will be willing to take a risk. Nobody will get fired and whatever accountability there is will happen behind closed doors.

PMX was very poorly run. One HR manager involved with the Danger onboarding actually described the failure as a ‘cluster f***’. Danger was lied to about the reason for the purchase and that set the tone of the relationship between ex-Danger people and PMX. It would only get worse as the project continued. The onboarding was typical of the quality of management. The MS-Poll results, some of the worst on record, were accurate, even though they were written off as “influenced by disgruntled Danger people.”

The Verizon deal was made by business development folk before engineering had been consulted. There was no way a phone capable of selling in the marketplace could have been developed using Microsoft software management process in the time frame.

In addition, between inception and delivery, the market place changed dramatically but Microsoft was unable to move agilely enough to compensate.

The phone should never have gone to market. It is too poorly designed, too buggy, too incomplete, and too overpriced. When Microsoft became aware of the data plan pricing that Verizon proposed, the project should have been cancelled, saving a couple hundred million in development and advertising.

It did sell more than 500, but I doubt anyone is going to argue against the Wall Street Journal assessment that it sold fewer than 10,000.

The number ‘2 billion’ is floating around as an estimate of the cost of PMX over its life. That number is too high, but ‘1 billion’ is too low.

…Now I Am The Master

From Apple’s 1984 commercial:

Today, we celebrate the first glorious anniversary of the Information Purification Directives. We have created, for the first time in all history, a garden of pure ideology, where each worker may bloom, secure from the pests purveying contradictory truths. Our Unification of Thoughts is more powerful a weapon than any fleet or army on earth. We are one people, with one will, one resolve, one cause. Our enemies shall talk themselves to death and we will bury them with their own confusion. We shall prevail!”

From Apple’s iPhone 4 SDK iPhone Developer Program License Agreement:

3.3.1 — Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs. Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs (e.g., Applications that link to Documented APIs through an intermediary translation or compatibility layer or tool are prohibited).

Some discussion at Boing Boing and Hacker News. (see also)

Paul Graham Nails It

I’m not always in agreement with Paul Graham, but he’s absolutely spot on with his essay on how broken the Apple App Store is and how it’s disastrous.

So I bought it, but I bought it, for the first time, with misgivings. I felt the way I’d feel buying something made in a country with a bad human rights record. That was new. In the past when I bought things from Apple it was an unalloyed pleasure. Oh boy! They make such great stuff. This time it felt like a Faustian bargain. They make such great stuff, but they’re such assholes. Do I really want to support this company?

This essay is just chock full of good stuff and worth a full read.

How would Apple like it if when they discovered a serious bug in OS X, instead of releasing a software update immediately, they had to submit their code to an intermediary who sat on it for a month and then rejected it because it contained an icon they didn’t like?

By breaking software development, Apple gets the opposite of what they intended: the version of an app currently available in the App Store tends to be an old and buggy one.

If your company seems evil, the best programmers won’t work for you. … But the real problem for Microsoft wasn’t the embarrassment of the people they hired. It was the people they never got. And you know who got them? Google and Apple. If Microsoft was the Empire, they were the Rebel Alliance. And it’s largely because they got more of the best people that Google and Apple are doing so much better than Microsoft today.