Christian Heilmann

You are currently browsing the Christian Heilmann blog archives for January, 2013.

Archive for January, 2013

An open letter to Sony: your Ultraviolet Film service teaches people to trust malware

Monday, January 14th, 2013

Online piracy is a terrible thing. It is illegal. It does kill jobs and it does prevent products from being released and artists from becoming famous and being able to make a living. This is the truth, although when you hear it from labels and the film industry and seeing what is being promoted and sold it does lose some of its credibility.

Nevertheless, online piracy is a criminal actcivil matter (explanation) and should not be the norm. The best way to fight online piracy is to make it redundant. Purchasing a media and being able to watch it when I want as long as I want and as often as I want should be dead simple. This is what happened in the past when I bought physical media in the time of CDs and Vinyls and VHS tapes.

Even then the film industry made it hard for me to enjoy the things I bought. There were differences in TV formats (NTSC vs. PAL and the wonderful milky display of movies that were badly transferred) and different releases of vinyls in different countries had different tracks. Also, I was punished when I lived outside the US as I had to wait for half a year for a movie my friends on BBSes and later on in Newsgroups and IRC talked about.

I have not bought a CD in a while and I have not downloaded any pirated MP3 in years because of Spotify. I pay my monthly fee and I happily listen to as much music as I want. I download the music to play on my iPod in the gym offline and all is good. I pay, the artists get money, the labels get money, Spotify gets money and I can enjoy my stuff.

Now, on a flight lately I watched Total Recall, the remake (ironically released by “Original Film”) and I was almost ready to watch it on iTunes and buy it there. As it is a cool CGI movie, I thought I get the HD version and – if possible – check it on my Retina MBP. Then I thought that £13.99 is a bit much and as I want to see it next time I am in Sweden with my partner, I want to get it on the computer I take with me on Travels. Google Play was out of the question as it doesn’t let me access my UK account when I am out of the country.

So today I went to the shop and saw the DVD of Total Recall for £15 so I thought, OK, let’s buy a physical DVD. I could do it ironically and be a hipster about it. My plan was to rip the DVD to my computer and watch it with my partner whilst keeping the physical thing at home as none of my laptops have drives any longer.

But, oh wonder! You thought of this and gave me the awesome “Ultra Violet” film collection option. So I could go and get a digital copy of the movie I just bought for my convenience. Amazing! I was ready to download the hell out of this MP4 you’d offer me in a simple download, and went online to get the movie.

Now, the first thing I was asked to do was to fill out a form to sign up for your library. This form didn’t understand my perfectly valid 5 digit UK postcode and told me I need a 6 digit one – how dare I have a working address? It also asked me to have a password in a certain format after I entered mine twice instead of telling me after I entered it once that this will not do in your world of security.

OK, I signed up, giving you a wrong postcode to get in and a wrong birthdate as it is none of your business when I was born.

I then got to the download page which asked me to install Silverlight. Why is this not on the DVD pack? A simple “requires Microsoft Silverlight” would have told me that there is pain ahead.

I downloaded the Silverlight linked from the Download page and installed it. I restarted my Firefox and went to the download page and was asked to install it again. What? OK, I went to Safari, logged in and the login page told me my Silverlight is the wrong version. I installed the one not linked from your “download silverlight” button and hooray, I could now install the Sony Pictures Download Manager which is a secure and trustworthy and wonderful way of downloading movies I paid for. That is if it were a verified program file. As it was my browser told me that the publisher of this file is not verified:

unverified app

Is it yours? Is it malware? Should I be concerned that you tell me as Mac user that I should double-click the icon of the download manager once it is on my Desktop which it never will be? Should I install the .app file that my operating system tells me I downloaded from the internet and could be anything?

unknown application

I did, this is how much I am happy to meet you halfway here. So I installed the download manager and started the download. And I felt the laptop giving off a warm glow when it started, seeing that your download manager sucks up 17% of this very, very beefy computer whilst downloading the movie.

activity detected

I can only imagine what watching the movie will be like.

So here is my advise: hire a few researchers to download and watch pirated movies. Learn from the way pirates distribute and make things available and then make it easier. Today you lost me as a customer. This is the first and last movie I bought from Sony Pictures as your interest is neither safety nor my enjoyment.

What you do right now is:

  • Make legal customers go through a broken sign-up process with strange rules
  • Make legal customers install strange software without verified publishers (with one download linking to the wrong version)
  • Slow down my computer unnecessarily with a heavy download client whilst I already have iTunes and Google Play

You know what that is? The same thing shady download locker sites do to lure people into downloading malware after entering a captcha most likely used to get into another site. Instead of making it easy for end users who just want to legally watch a movie you teach them that nothing on the web can be trusted, so we might as well install whatever promises us movies to watch. As a security conscious person, I consider this bordering on aiding the criminals you so loudly proclaim to fight.

Let me repeat: you only fight piracy by making it unnecessary. All the money you spend on building overly complex and ridiculously locked-in systems like that is what kills movies and hurts artists. Learn from the people who attack your business and you will come out a winner.

A total web recall?

Saturday, January 5th, 2013

I just spent 10 hours on a plane, watching movies and some presentations and thinking about the web, or, to be more precise, our work environment as web developers.

Two things triggered this: watching the remake of Total Recall and watching the first two talks of the Full Frontal conference.

Let’s start with the talks. A good conference organiser knows that opening with a controversial topic and allowing an immediate rebuttal brings good drama and gets the audience thinking. In this respect Remy Sharp landed a bulls-eye with last year’s Full Frontal conference.

The first talk was James Pearce’s All you need is body/

James raises a lot of great points and the one that stuck the most with me is that we are getting complacent about the idea that the web always wins and that the technologies and ideas we used in the past will still be the most important ones in the future. The structure of the presentation is incredibly well done: James starts with advocating a controversial approach to web development that a lot of new developers very much like to embrace and ends with an appeal to reconsider our dogmas when it comes to talking about web standards and development.

As a counterpoint, John Alsopp’s In Defense of HTML explains that using the web stack of HTML, CSS and JavaScript for what they are good at means using a stable set of technologies instead of re-inventing what we have just because we can and because we like to inject idioms of other platforms into the web. It also contains more or less the same passionate appeal to make the web more mature by using what worked but being open to new ideas and needs.

Mike Davies wrote a long and detailed article about these two talks, taking the stand that the web indeed is the right way to go and full reliance on JavaScript for everything is dangerous at best. As he put it, native apps need the web, not the other way around.

Whilst he makes some excellent points, I think that the subject matter is more subtle. As Nicholas Zakas explains being right doesn’t always matter and the how of why the web works is not the main issue here. It is about demands of the market and ideas of the next generation of developers.

Schwarzenegger in Total Recall

Which brings me to the subject of Total Recall. When the original movie came out it was amazing. The make-up and special effects were great and the story’s twists and turns kept it interesting till the end (despite the movie only being very, and I say very, very loosely based on the original “we can remember it for you wholesale” short story). The movie became a classic and people who grew up with it love to defend it as great even though watching it now makes it look rather camp and dated.

Collin Farrel in Total Recall

Fast forward to now where a remake of Total Recall was produced that is visually stunning and less “out there” sci-fi than the original. The reviews of the remake read a lot as “lots of special effects, shootouts and none of the original story”. The movie is very much measured in comparison with the old one. And, more importantly, not with how the movie holds up in nowaday’s competition, but in a more idealised version we have made up based on the great memories we have of the old one.

This is what happens with the web. New developers do not violate best practices of the past because they want to. They violate them because they are not sexy or interesting.

What got us excited in the past seems outdated now and the new and shiny and fast-paced is much more appealing. Talking about build scripts, packaging and making CSS easier by pre-processing it is both closer to what we learn in university and sounds more challenging as an engineering task than separating look and feel from behaviour or using the right semantic HTML that browsers don’t do anything with in the first place.

Web Development is not the disruptive, sexy thing any longer it was in the past. We scoffed at desktop applications and their inflexibility and showed the web can do a lot better, faster and in a much more flexible manner. We hacked and did very random things to browsers to make ends meet. A lot of CSS hacks and JavaScript patches seem incredibly painful and odd now, but were needed back then. Nowadays, as the web is more ubiquitous and browsers offer much more than they did in the past this is not a challenge that is interesting and people are looking for building blocks rather than starting from scratch.

There is a massive demand for engineers out there, and they are expected to hit the ground running. This is why we should not be surprised that using existing libraries and frameworks is what engineers want to do instead of learning the trade from scratch.

Instead of advocating a very idealised and romantic version of what the web is and how to build for it it might just be the time to focus more on the building blocks people use and pool our knowledge and resources to make those better and result in clean code we all can enjoy. This is a big challenge, but I think it makes more sense than condemning what is new as shiny and short-lived considering that a lot we did in the past was exactly that. With more advanced technology we have a chance to make more complex and impressive looking mistakes. Maybe we are doomed to repeat this over and over again until we reach a level of understanding.