This website uses third party cookies exclusively to collect analytics data. If you continue browsing or close this notice, you will accept their use. The EU now requires all sites to display this banner which confuses users and does nothing, actually, to improve your privacy.
Read more on why this law is ignorantLearn about this website's cookiesDisallow cookies
Carlos Fenollosa

Carlos Fenollosa

Engineer, developer, entrepreneur

Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

Basic iPhone security for regular people

August 18, 2016 — Carlos Fenollosa

Real life requires a balance between convenience and security. You might not be a high-profile person, but we all have personal information on our phones which can give us a headache if it falls into the wrong hands.

Here are some options you can enable to harden your iPhone in the case of theft, a targeted attack or just a curious nephew who's messing with your phone.

Even if you don't enable them all, it's always nice to know that these features exist to protect your personal information. This guide is specific for iPhones, but I suppose that most of them can be directly applied to other phones.

Password-protect your phone

Your iPhone must always have a password. Otherwise, anybody with physical access to your phone will get access to all your information: calendar, mail, pictures or *gasp* browser history.

Passwords are inconvenient. However, even a simple 4-digit code will stop casual attackers, though it is not secure against a resourceful attacker

☑ Use a password on your phone: Settings > Touch ID & Passcode

Furthermore, enable the 10-attempt limit, so that people can't brute-force your password.

☑ Erase data after 10 attempts: Settings > Touch ID & Passcode > Erase data (ON)

If your phone has Touch ID, enable it, and use a very long and complicated password to unlock your phone. You will only need to input it on boot and for a few options. It is reasonably secure and has few drawbacks for most users. Unless you have specific reasons not to do it, just go and enable Touch ID.

☑ Enable Touch ID: Settings > Touch ID & Passcode

Regarding password input, and especially if your phone doesn't have Touch ID, using a numeric keyboard is much faster than the QWERTY one. Here's a trick that will help you choose a secure numeric password which is easy to remember.

Think of a word and convert it to numbers as if you were dialing them on a phone, i.e. ABC -> 2, DEF -> 3, ..., WYZ -> 9. For example, if your password is "PASSWORD", the numeric code would be 72779673.

The iPhone will automatically detect that the password contains only numbers and will present a digital keyboard on the lock screen instead of a QWERTY one, making it super easy to remember and type while still keeping a high level of security.

☑ If you must use a numeric password, use a long one: Settings > Touch ID & Passcode

Harden your iPhone when locked

A locked phone can still leak private data. Accessing Siri, the calendar or messages from the lock screen is handy, but depending on your personal case, can give too much information to a thief or attacker.

Siri is a great source of data leaks, and I recommend that you disable it when your phone is locked. It will essentially squeal your personal info, your contacts, tasks or events. A thief can easily know everything about you or harass your family if they get a hand on a phone with Siri enabled on the lock screen.

This setting does not disable Siri completely; it just requires the phone to be unlocked for Siri to work.

☑ Disable Siri when phone is locked: Settings > Touch ID & Passcode > Siri

If you have confidential data on your calendar, you may also want to disable the "today" view which usually includes your calendar, reminders, etc.

☑ Disable Today view: Settings > Touch ID & Passcode > Today

Take a look at the other options there. You may want to turn off the notifications view, or the option to reply with a message. An attacker may spoof your identity by answering messages while the phone is locked, for example, taking advantage from an SMS from "Mom" and tricking her into asking for her maiden name, pet names, etc., which are usually answers to secret questions to recover your password.

☑ Disallow message replies when the phone is locked: Settings > Touch ID & Passcode > Reply with Message

Having your medical information on the emergency screen has pros and cons. Since I don't have any dangerous conditions, I disable it. Your case may be different.

Someone with your phone can use Medical ID to get your name and picture, which may be googled for identity theft or sending you phishing emails. Your name can also be searched for public records or DNS whois information, which may disclose your home phone, address, date of birth, ID number and family members.

In summary, make it sure that somebody who finds your locked phone cannot discover who you are or interact as if they were you.

☑ Disable Medical ID: Health > Medical ID > Edit > Show When Locked

Some people think that letting anyone find out the owner of the phone is a good idea, since an honest person who finds your lost phone can easily contact you. However, you can always display a personalized message on your lock screen if you report your phone missing on iCloud.

☑ Enable "Find my phone": Settings > iCloud > Find my iPhone > Find My iPhone

Make sure that your phone will send its location just before it runs out of battery

☑ Enable "Find my phone": Settings > iCloud > Find my iPhone > Send Last Location

To finish this section, if you don't have the habit of manually locking your phone after you use it, or before placing it in your pocket, configure your iPhone to do it automatically:

☑ Enable phone locking: Settings > General > Auto-Lock

Harden the hardware

Your phone is now secure and won't sing like a canary when it gets into the wrong hands.

However, your SIM card may. SIMs can contain personal information, like names, phones or addresses, so they must be secured, too.

Enable the SIM lock so that, on boot, it will ask for a 4-digit code besides your phone password. It may sound annoying, but it isn't. It's just an extra step that you only need to perform once every many days, when your phone restarts.

Otherwise, a thief can stick the SIM in another phone and access that information and discover your phone number. With it, you may be googled, or they may attempt phishing attacks weeks later.

Beware that this strategy doesn't allow the phone to ping home after it has been shut down and turned on.

☑ Enable SIM PIN: Settings > Phone > SIM PIN

Enable iCloud. When your phone is associated with an iCloud account, it is impossible for another person to use it, dropping its resale value to almost zero. I've had some friends get their phones back after a casual thief tried to sell them unsuccessfully thanks to the iCloud lock and finally decided to do the good thing and return it.

☑ Enable iCloud: Settings > iCloud

If you have the means, try to upgrade to an iPhone 5S or higher. These phones contain a hardware element called Secure Enclave which encrypts your personal information in a way that can't even be cracked by the FBI. If your phone gets stolen by a professional, they won't be able to solder the flash memory into another device and recover your data.

☑ Upgrade to a phone with a Secure Enclave (iPhone 5S or higher)

Harden your online accounts

In reality, your online data is much more at risk than your physical phone. Botnets constantly try to find vulnerabilities in services and steal user passwords.

The first thing you must do right now is to install a password manager. Your iPhone has one built into the system, which is good enough to generate unique password and auto-fill them when needed.

If you don't like Apple's Keychain, I recommend LastPass and 1Password.

Why do you need a password manager? The main reason is to avoid having a single password for all services. The popular trick of having a weak password for most sites and another strong password for important sites is a dangerous idea.

Your goal is to have a different password for each site/service, so that if it gets attacked or you inadvertently leak it to a phishing attack, it is no big deal and doesn't affect all your accounts.

Just have a different one for each service and let the phone remember all of them. I don't know my passwords: Gmail, Facebook, Twitter, my browser remembers them for me.

☑ Use a password manager: Settings > iCloud > Keychain > iCloud Keychain

There is another system which complements passwords, called "Two-Factor Authentication", or 2FA. You have probably used it in online banking; they send you an SMS with a confirmation code that you have to enter somewhere.

If your password gets stolen, 2FA is a fantastic barrier against an attacker. Without your phone, they can't access your data, even if they have all your passwords.

☑ Use 2FA for your online accounts: manual for different sites

2FA makes it critical to disable SMS previews, because if a thief steals your phone and already has some of your passwords, he can use your locked phone to read 2FA SMS.

If you use iMessage heavily, this may be cumbersome, so decide for yourself.

☑ Disable SMS previews on locked phone: Settings > Notifications > Messages > Show Previews

Make it easy to recover your data

If the worst happens, and you lose your phone, get it stolen or drop it on the Venice canals, plan ahead so that the only loss is the money for a new phone. You don't want to lose your pictures, passwords, phone numbers, events...

Fortunately, iPhones have a phenomenal backup system which can store your phone data in the cloud or your Mac. I have a Mac, but I recommend the iCloud backup nonetheless.

Apple only offers 5 GB of storage in iCloud, which is poor, but fortunately, the pricing tiers are fair. For one or two bucks a month, depending on your usage, you can buy the cheapest and most important digital insurance to keep all your data and pictures safe.

iCloud backup can automatically set up a new phone and make it behave exactly like your old phone.

If you own a Mac, once you pay for iCloud storage, you can enable the "iCloud Photo Library" on Settings > iCloud > Photos > iCloud Photo Library for transparent syncing of all your pictures between your phone and your computer.

☑ Enable iCloud backup: Settings > iCloud > Backup > iCloud Backup

If you don't want the iCloud backup, at least add a free iCloud account or any other "sync" account like Google's, and use it to store your contacts, calendars, notes and Keychain.

☑ Enable iCloud: Settings > iCloud

Bonus: disable your phone when showing pictures

Afraid of handing your phone over to show somebody a picture? People have a tendency to swipe around to see other images, which may be a bad idea in some cases.

To save them from seeing things that can't be unseen, you can use a trick with the Guided Access feature to lock all input to the phone, yet still show whatever is on the screen.

☑ Use Guided Access to lock pictures on screen: Read this manual

This is not a thorough guide

As the title mentions, this is an essential blueprint for iPhone users who are not a serious target for digital theft. High-profile people need to take many more steps to secure their data. Still, they all implement these options too.

The usual scenario for a thief who steals your phone at a bar is as follows: they will turn it off or put it in airplane mode and try to unlock it. Once they see that it's locked with iCloud, they can either try to sell it for parts, return it or discard it.

Muggers don't want your data. However, it doesn't hurt to implement some security measures.

In worse scenarios, there are criminal companies specialized in buying stolen phones at a very low price and perform massive simple attacks to unsuspecting users to trick them into unlocking the phone or giving up personal data.

You don't need the same security as Obama or Snowden. Nonetheless, knowing how your phone leaks personal information and the possible attack vectors is important in defending yourself from prying eyes.

You have your whole life on your phone. In the case of an unfortunate theft, make it so the only loss is the cost of a new one.

Tags: security

Comments? Tweet  

Living in a disrupted economy

July 21, 2016 — Carlos Fenollosa

There is this continuing discussion on whether technology destroys more jobs than it creates. Every few years, yet another tech revolution occurs, journalists publish articles, pundits share their opinions, politicians try to catch up, and those affected always voice their concerns. These couple years have been no exception, thanks to Uber, Airbnb, and the called sharing economy.

I'm a technologist and a relatively young person, so I am naturally biased towards technological disruption. After all, it is people like me who are trying to make a living by taking over older jobs.

I suggest that you take a few minutes to read a fantastic article titled The $3500 shirt. That essay reveals how horrible some industries were before they could be automated or replaced by something better. Go on, please read it now, it will only take three minutes.

Now, imagine you had to spend a couple of weeks of your time to make a t-shirt from scratch. Would that be acceptable? I guess we all more or less agree that the textile revolution was a net gain for society. Nevertheless, when it occurred, some Luddites probably complained, arguing that the loom put seamstresses out of work.

History is packed with dead industries. We killed the ice business with the modern fridge. We burn less coal for energy, so miners go unemployed. And let's not forget the basis of modern civilization, the agricultural revolution, which is the only reason us humans can feed ourselves. Without greenhouses, nitrates, tractors, pest protection and advancements in farming, humanity would starve.

Admittedly, it transformed the first sector from a 65% in workforce quota into the current 10%. Isn't it great that most of us don't need to wake up before sunrise to water our crops? In hindsight, can you imagine proclaiming that the 1800s way of farming is better because it preserves farming jobs?

The bottom line is that all economic transformations are a net gain for society. They may not be flawless, but they have allowed us humans to live a better life.

So why do some characters fight against current industry disruptions if history will prove them wrong?


As a European and a social democrat, I believe that States must regulate some economies to avoid monopolies and abuses, supporting the greater good. Furthermore, I sympathize with the affected workforce, both personally and in a macroeconomic level. All taxi drivers suddenly going jobless because of Uber is detrimental to society.

However, it pains me to see that European politicians are taking the opposite stance, brandishing law and tradition as excuses to hinder progress.

Laws must serve people, not the other way around. If we analyze the taxi example, we learn that there is a regulation which requires taxi drivers to pay a huge sum of money up front to operate. Therefore, letting anybody get in that business for free is unfair and breaks the rules of the game. Unsurprisingly, this situation is unfair not because of the new players, but because that regulation is obsolete.

It isn't ethically right that somebody who spent a lot of money to get a license sees their job at risk. But the solution isn't to block other players, especially when it's regulation which is at fault. Let's sit down, think how to establish a transition period, and maybe even reimburse drivers part of that money with the earnings from increased taxes due to a higher employment and economic activity.

There is a middle ground solution: don't change the rules drastically, but don't use these them as an excuse to impede progress.

At the end of the day, some careers are condemned to extinction. That is a real social drama, however, what should we do? Artificially stop innovation to save jobs which are not efficient and, when automated or improved, they make the world better for everyone?


Us millennials have learned that the concept of a single, lifetime profession just does not exist anymore. Previous generations do not want to accept that reality. I understand that reconverting an older person to a new career may be difficult, but if the alternative is letting that person obstruct younger people's opportunities, that's not fair.

Most professions decline organically, by the very nature of society and economy. It is the politicians' responsibility to mediate when this process is accelerated by a new industry or technology. New or automated trades will take their place, usually providing a bigger collective benefit, like healthcare, education, or modern farming.

Our duty as a society is to make sure everyone lives a happy and comfortable life. Artificially blocking new technologies and economic models harms everyone. If it were for some Luddites, we'd be still paying $3500 for a shirt, and that seamstress would never have been a nurse or a scientist.

Tags: law, startups

Comments? Tweet  

The Elixir of concurrency

May 23, 2016 — Carlos Fenollosa

Elixir is a fairly young language that was born when José and a few Rails developers tried to create a modern language optimized for concurrent, distributed, lightweight processes

They wanted a modern Ruby-like syntax with a well-tested process manager, the Erlang VM. The result is Elixir, defined as a dynamic, functional language designed for building scalable and maintainable applications, a correct but vague affirmation which doesn't do justice to its power and elegancy.

I recently compared the move to Elixir from Python as a similar leapfrog to moving to Python from Java. It feels like something new, modern, powerful, with killer features that you don't want to renounce to.

In Python I found a REPL, list comprehensions, a super clean syntax and decorators. Elixir brings lightweight supervised processes, pattern matching, a fully functional programming language, pipes and a terrific build tool: mix

If you've never written functional code, the jump is significant. I took a Scala course a couple years ago and I've needed almost two full weeks to write production code in Elixir. The language is young, Stack Overflow is of no help —no kidding, that is a big deal—, and there are few libraries in Github.

A small community also comes with some upsides: people are more motivated and willing to help, centralized tools like forums and IRC channels are still manageable, and you may even suggest changes to the language for upcoming versions.

What is Elixir for?

I had a middle school teacher who said that you can't define something by stating what is't not. However, in programming, mentioning use cases which are not suitable for the language is a good way to start.

Elixir is probably not the first choice for single core software: math calculus, CPU-intensive apps or desktop applications. Since it's very high level, systems programming is also out of the picture.

Elixir is great for web applications, standalone or using the Phoenix framework —Elixir's Rails—. It really shines for building highly scalable, fault-tolerant network applications, like chats, telecommunications or generic web services.

Why is that? Thanks to the Erlang VM, processes are really tiny, each one is garbage collected with a low latency, they communicate by sending location-independent messages over the network using the VMs (you can run result = Machine2.Module.function(params) on Machine1), and spawning and managing these processes is effortless thanks to some of its abstractions.

Finally, Elixir's basic modules also shine: Plug and Router for managing HTTP requests, Ecto for relational databases and ETS and Mnesia for distributed in-memory databases.

Many recommend Elixir if only for Phoenix, but I found that for most backend applications it is enough to use Plug and Router. Phoenix is impressive but I believe it's a mistake to jump right into it without trying the base modules first, so my recommendation for beginners is to hold on Phoenix until you really need it.

Elixir's novelty, the pipe operator, is a fantastic approach to working with state in a functional manner. Instead of running readlines(fopen(user_input(), "r")).uppercase().split(), try the more readable user_input |> fopen("r") |> readlines |> uppercase |> split.

It is a language which was clearly designed to stand on the shoulders of giants, while providing modern capabilities for developers.

Elixir's abstractions

To store centralized <key, value>-like data, instead of a Singleton, Elixir's provides an Agent. It keeps state in memory and many processes can access and modify it without concurrency issues.

The language can spawn processes much like threads, using spawn_link, but you probably don't want to do that. You'd rather use a Task, which is basically async/await, or a Gen(eric)Server, a very cool abstraction that receives requests from other processes, spawns helper mini-servers and processes the results in parallel, for free.

All tasks can be controlled using the Supervisor, which holds other abstractions as its "children" and automatically restarts them when they crash.

Finally, your code is contained inside a single project which can manage different apps, with modules that hold functions. No packages, no classes, no objects. Modules, functions, structs and basic data types.

Dependency management is straightforward thanks to mix; builds and testing are handled by mix too. As opposed to other multi-tools like gradle, this one is really fast.

Is that too much to process? I felt that at first, too. Give it some time and your brain will eventually think in terms of Supervisors which manage GenServers which spawn Agents and Tasks when needed.

Let it crash

Elixir's mantra is to let processes crash. I found it shocking and counter-intuitive, but with some explanation it makes a lot of sense.

Neither developers want their code to crash nor Elixir promotes writing bad code. However, let's agree that there are many reasons besides bad programming which can make a software crash. If we have a server which runs stuff and at some point we have, say, 100 connections every second, one might crash eventually because of a bug in any component, hardware issues, a cosmic ray, or Murphy's law.

The question is: in the event of an unfortunate, unavoidable crash, how will your system react?

  1. Bring everything down?
  2. Try to capture the error and recover?
  3. Kill the crashed process and launch another one in its place?

For example, C uses approach 1. Most modern languages with Exceptions like Java and Python use 2. Elixir uses 3. This is not suitable for all environments, but it is perfect for those use cases which fit Elixir: concurrent network processes.

With Elixir, a single failure never brings the system down. What's more, it automatically restarts the crashed process, so the client can instantly retry and, unless there is a reproducible bug in your code, the fresh process will finish without an issue.

The bottom line is: a single client may be unlucky and crash at some point, but the rest of the system will never notice.

How to start?

Let's get our hands dirty. After reading many sites, watching hours of video and following a dozen tutorials, here are the resources I found the most valuable. I'd suggest following this order.

Getting started

  1. Madrid Elixir Meetup 2016-03. If you understand Spanish, this is the best intro to Elixir. Otherwise, watch All aboard the Elixir Express! which is a bit outdated but very comprehensive.
  2. Official "Getting Started" guide. It's the best and the most current. Follow it from start to finish, including the advanced chapters.
  3. Elixir School. A nice complement to the official guide. Most things are very similar, but the different approach on OTP will help you understand it better.
  4. Understanding Elixir's GenServer and Elixir's supervisors, a conceptual understanding are two short reads with yet another explanation of OTP features.
  5. Elixir Cheat Sheet. The best one out there

First projects

  1. vim-elixir-ide. Elixir support for vim, not the best plugin but suitable for beginners.
  2. Elixir examples. The Elixir guide covers all these, but it's handy to have common idioms on a single page: "string to list", "concatenate list", "optional function parameters", etc.
  3. Portal Game by José Valim. A complement to the sample project on the official guide.
  4. Elixir Koans and Exercism are mini exercises that you can use to improve your Elixir agility. On the same line, Elixir Golf proposes weekly puzzles to solve.
  5. Learning Elixir. Joseph Kain has a ton of content with mini projects and examples you can follow. Top quality.
  6. Excasts and Elixir sips have short screencasts that you can check out for reference
  7. ElixirConf videos contain very interesting talks which may be overwhelming for beginners, but are worth a look later on.
  8. Install Elixir and Phoenix on OSX. If you want to use Phoenix on OSX, you may need this help
  9. Phoenix Official Guide. Phoenix isn't necessary for simple web services, you can use Plug. But for large projects you'll need a framework. Nothing like the official guide.

Getting help

  1. Awesome Elixir. A list of Elixir resources, where I found many of these.
  2. Elixir Tip and Elixir Status regularly link to Elixir-related articles and videos, and Plataformatec Elixir posts is where the language authors share news and tips.
  3. If you have questions about code, try the Elixir forum first, the IRC channel or Slack. The developers would like to transition all help requests out of the Mailing list, which you can use for language-related discussions.
  4. /r/elixir if you're into Reddit

Closing thoughts

I think that's all for the moment. I hope this post can help some beginners to get their hands on the language and start writing production code as soon as possible.

For anyone who wants to know what's all the Elixir fuss about, it's difficult to explain, especially for somebody like me who has been programming in imperative languages all his life.

When I recommended Elixir to a friend, he replied, "A highly concurrent, functional language using the Erlang VM? Don't you have something more exotic?". That's right. Elixir is exotic and use-case specific.

Unlike Python, which is my favorite imperative language and ecosystem, I can't recommend Elixir for everyone. Not everybody can spare a couple weeks to get started. Many libraries for common use cases are missing: there is nothing equivalent to Numpy or Matplotlib, and modern applications are built on top of dozens of libs, not everyone has the time or will to write library code. Fortunately, at Paradoxa I am my own boss and I make the tech decisions :)

For hackers or tinkerers it's definitely worth a look, it "won't change your perspective" like Lisp, but it will make you see that writing concurrent code doesn't need to be difficult, and that better tooling is definitely possible.

I bet Elixir will be the foundation of most devops stacks in a few years, when developers realize that the future's bottleneck won't be the CPU, but rather the number of concurrent processes and connections your backend can manage. With Elixir you only need to boot another machine in your network and let the exotic Erlang VM handle the rest.

Tags: programming, learning

Comments? Tweet  

Bots lack metaphors, and that is their biggest asset

May 17, 2016 — Carlos Fenollosa

Bots are the hot topic this 2016. They need no presentation, so I'm not going to introduce them. Let's get to the point.

We can all agree that bots are an interesting idea. However, there's this debate regarding whether bots are going to be the user interface of the future.

Many critics argue against a future where bots rule user interaction. Some are philosophical, others are somehow short-sighted, and many are just contrarian per se.

I'm not saying they're wrong, but they overlook some strong arguments that we should have learned by observing the history of computing.

What computer history taught us

The most important thing we learned since the 70s is that people do not want quicker and faster interfaces, they want better interfaces.

In the 80s, during the GUI revolution, they had critics too. GUI detractors claimed that the GUI was just a gimmick, or that real computer users preferred the command line. We should know better by now.

Critics were right in some points: GUIs weren't faster or more potent than the command line. However, this wasn't the winning argument.

GUIs won because the general public will always prefer a tool that is easier to use and understand than one which is more powerful but harder to use.

Are bots a command line?

See how there is a simile, but in fact, bots are the exact opposite from a command line.

Bot critics equate bots with CLIs and thus reach the conclusion that they are a step backward compared to GUIs. The main argument is that bots do not have discoverability, that is, users will not know what they're capable of since they don't have a menu with the available options. Whenever you're presented with a blank sheet, how to start using it?

However, I believe this comparison is wrong. People don't have a post-it note on their forehead stating their available commands, but we manage to work together, don't we?

We've been learning how to interact with people our whole lives; that's the point of living in society. When we walk into a coffee shop, we don't need an instruction manual to know how to ask for an espresso, or the menu, or request further assistance from the barista.

Bots can present buttons and images besides using text so, at the very least, they can emulate a traditional GUI. This is not a killer feature but contributes to refute the discoverability criticism and provide a transition period for users.

Bots lack metaphors, and that is their biggest asset

Bots will win because they speak natural language, even if it is only a dumbed down version. Their goal, at least in the beginning, is to specialize in one use case: ordering a pizza, requesting weather information, managing your agenda. After all, 90% of your interactions with your barista can be reduced to about ten sentences.

Being able to use natural language means there is no learning curve. And, for once in the history of computing, users will be able to use a UI that lacks what all other UIs required to function: metaphors.

This is critical since metaphors are what regular people hate about computers.

Who cares if one needs to press seventy buttons to order a pizza with a bot instead of just three with an app. People will use the product which is easier to use, not the one which saves them more keystrokes--not to mention that you can send commands with your voice. Didn't we learn from GUIs?

The death of the metaphor

Every metaphor has been moving both hardware and software towards a more human way of working.

Files, folders, commands, the mouse, windows, disk drives, applications, all these have been bright ideas that emerged at some point and then died when the next thing appeared. We even tried to style apps with leather and linen, buttons and switches to make them more understandable and relatable to the real world.

By definition, metaphors are a compromise. Both users and developers have a love-hate relationship with them, as they have been necessary to operate computers, but they also impose a barrier between thought and action.

Thanks to metaphors, this metallic thing which made funny noises and whose lights blinked continuously in 1975 has now evolved to a very easy to use smartphone. But that smartphone still clearly is a computer, with buttons, windows, and text boxes.

Bots, if done correctly, may be the end of the computing metaphor.

Metaphors have an expiration date

This is not intrinsic of computers.

At some point in time, a watch was a metaphor for counting time. We designed a device with a hand pointing to numbers from 1 to 12 and we matched it to the sun cycle. Advances in technology and culture have converted it in a fashion item and, while it still bears a metaphoric value, both four-year-olds and ninety-year-olds can use it without much thinking.

It's like driving: once you master it, your brain operates the car in the background. Your eyes still look at the road, but unless there is any unexpected issue, your conscious mind does not need to be driving.

I feel like the computing world, in general, is mature enough for this. Bots are a natural progression. They will not replace everything, like bicycles do not replace trucks. For most people, however, interacting with a computer as they do with a person is indeed the clincher

Ultimately, a tool is just a means to an end, and people want to do things, not mess with tools. Some of us engineers do, but we're in the minority.

Can we foresee the future?

So, why bots and not another UI?

I haven't reached this conclusion myself, strong as some arguments may be. I just follow the trend that thinkers have created.

The future is written in cyberpunk novels and philosophical AI movies, in music, in cinema. Not in blogs, not in engineer forums, not in the mind of some visionary CEO.

People will use what people want, and the best demand creation machine is imagination, in the form of art and mass media.

What people will want is what artists have represented: futuristic VR and human-like --but not too human-looking-- software

And now for the final question. Chat bots and expert systems have been around since the 1960s, so why is now the right time?

All paths lead to Rome

First and foremost, now is the right time because we believe it is. Everything is pushing towards chat UIs: big players, money, startups, the media.

Marketing and news articles can make people like things, hate things, and love things. People are told that they will be able to talk to their computers, and they've been baited with Siris and Alexas. Those are not perfect, but hint of a better future.

Consumers imagine a plan for a better future and generate demand. And demand is the driver of innovation. That's why in tech, self-fulfilled prophecies work, and predictions can be incredibly accurate even over hundreds of years

At a technical level, both hardware and software are advanced enough for real-time audio and text processing with natural language. APIs are everywhere, and some IA problems which were too hard ten years ago have been solved by either commercial packages or free software libraries

Finally, the customer's computing environment is as close to bots as it can be. Chat apps are the most used feature of a smartphone because they're straightforward and personal. People write or talk, and they get text or audio back. Not buttons, not forms, just a text box and a sentence.

My contrarian side feels a bit odd by tagging along the current big wave, but both rationally and by intuition I really do believe that now is the right moment. And I feel that I had to share my reasons.

For what it's worth, I'm putting my money where my mouth is, developing bots at Paradoxa. Who knows what will happen anyway. Undeniably, nobody has a crystal ball.

But isn't trying to predict the future enjoyable? Just imagining it is half the fun.

Tags: internet, startups, AI

Comments? Tweet  

Why the centralization of the Internet is a bad idea

February 29, 2016 — Carlos Fenollosa

You probably know that the Internet was born as a military project. That its goal was to have a computer network that survived a nuclear attack. Therefore, the pipes that make the Internet work are scattered through all the world. Every computer is connected to each other in a grid, more or less.

In theory, it’s easy: to go from computer A to C, go to B. If B is down, you can probably be routed through D and F and reach C nonetheless. To learn which is the best route, you ask a router. Apply recursively, and that’s the Internet!

However, the Internet is a technology, not an application. The applications we use are email, the Web, the Usenet, etc. Many popular services are nothing else than an API running on the Web. And most are centralized: to use Gmail you need to connect to the Gmail server. Makes sense, right?

In fact, that is not necessarily so; it has traditionally been the exact opposite, especially with email.

Email, along with web pages, it is the last bastion of decentralization on the Internet. You can install some software and send a message from your email server to another on the other side of the world without any meddling from third party servers — routers aside.

Most users don’t do that, though. Centralized systems are convenient. Managing a private server is complicated, and it forces you to have a computer running 24/7 at home, or rent one. Why should you handle this? Let the professionals do it, and end users can connect to centralized servers when they need to access a service.

There is a decentralized Facebook, called Diaspora, and a decentralized Twitter called Twister. BitTorrent is a decentralized file sharing system, Aether is a decentralized discussion forum, and there is even a decentralized currency called Bitcoin.

With them, you can have your data on your personal computer, or a machine you trust, and send specific pieces to your friends computers, without going through a central server. These services aren’t very popular at the moment, but due to increasing espionage, data selling, moderation abuse and others, their usage will probably increase, and pave the way for similar solutions soon.

Let’s get back to email for a minute because, unfortunately, its decentralization is jeopardized by a few powerful actors. There are strong reasons to trust big email providers, especially to avoid spam and fraud. Sadly, some of the measures used to filter potentially harmful emails also hurt small, honest servers, who see how their emails get rejected or delivered directly to the spam folder.

I’ve experimented with email servers since I was in college. Back in 2001, you could install an MTA and start sending emails without much trouble. However, for recent projects like Puput, installing and maintaining the email server has been nightmarish.

We are preparing the details for a future post, but to summarize, after installing postfix, no fewer than eight steps were required to get our emails successfully delivered into our users inboxes.

Both startups and the big players offer email delivery services, and I admit that had it not been for my obstinacy, we probably would’ve used some of them.

However, being as we are a bit old-school, used that your server could be a first-class node of the internet, that proved to us a serious ethical dilemma. Either you succumb to using one of the few “trusted email servers” or you essentially risk getting banned from delivering your own email. It is not yet blackmail, but it’s close.

I don’t want to be dishonest, there are genuine reasons for this. Trying to recentralize email may probably be just a measure to combat spam. Probably. Because when the big players have such large incentives to kill their competition and become The One Email Provider in the world, each barrier counts. It is not far-fetched to think that, at least, there are conflicts of interest among these big players.

Some sysadmins capitulate and end up using XYZ Apps for Business, surrendering a bit of the Internet’s decentralization to that company. Again, it makes sense, both technical and economical. Don’t reinvent the wheel. But every small decision we take contributes to create the world we want to live in.

Being a monopoly is tempting, and XYZ already has a history of embracing services like the Usenet, chat and RSS to kill them shortly afterward and force users to move to their proprietary solutions. In the 90s, XYZ was Microsoft. Nowadays, it is the formerly not evil company — ironic value of this left to the reader’s criterion.

With the de-facto death of Jabber, email and The Web are essentially the only popular services that you can still run from your private box and interact with the outside world. IM and social networks have been taken over by a dozen of centralized and isolated services; we can’t let email suffer the same fate.

Maybe the future of communications is just around the corner. When all devices are permanently connected to the Internet in a robust way, we will probably carry an internet node in our pocket. Meanwhile, we will keep using just an internet access device and reaching a central server to get our data, trusting that this machine doesn’t misuse it.

This post was originally posted on Puput blog

Tags: internet

Comments? Tweet