James Damore was correct - Apple edition

Some of you may remember the story of James Damore, the Google engineer who suggested that perhaps some of the male/female software engineering disparity was due to the different dominant characteristics of males and females, and got fired for it. Damore's essay Google's Ideological Echo Chamber made a number of points and hypotheses, but one particular point stands out to me in the context of recent news:

Women, on average, have more:

• Openness directed towards feelings and aesthetics rather than ideas[...]
• Extraversion expressed as gregariousness rather than assertiveness. Also, higher agreeableness[...]
• Neuroticism (higher anxiety, lower stress tolerance). This may contribute to the higher levels of anxiety women report on Googlegeist and to the lower number of women in high stress jobs.

A whole bunch of neurotic women (and, to be fair, men) got together to demand that Damore be fired, for contributing to their workplace stress... I guess, proving his point?

Well, there's now a new sacrifice for the Social Justice Wicker Man, and he also appears to have been bundled into the cage on the altar of neuroses: Antonio García Martínez. Martínez had previously written a bestselling book Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley. It was originally published in July 2016, though the most recent paperback reprint on Amazon is from 2018. So, and this is not insignificant, he wrote this 5 years ago.

Mr Martínez recently got hired by Apple. But, it turns out, a few people had read his book and were not happy:

Then, a group of workers wrote a letter calling for an investigation. “Given Mr. García Martínez’s history of publishing overtly racist and sexist remarks about his former colleagues, we are concerned that his presence at Apple will contribute to an unsafe working environment for our colleagues who are at risk of public harassment and private bullying,” they said.
Within hours, the letter had well over 1,000 signatures. It was leaked to The Verge. That evening, García Martínez was fired.

The irony, it burns. (Must be hot irony).

I tried to order the book a couple of weeks ago but - yet more irony - it's now in such demand as a bestseller that I'll be lucky to get it by mid-June. When it finally arrives, dear readers, I promise an in-depth review.

Getting back to my original point, let us summarize: a bunch of Apple employees felt so empowered by Social Justice that they could demand firing of a new company hire based on something completely unconnected with Apple which he wrote 5 years ago, and which Apple must have known about when they hired him - and within the space of a couple of days, he was gone, no appeal

This isn't healthy, and isn't going to end well.

In the meantime, though, Martínez's book is still selling heavily on Amazon. And he's probably earned out his advance, so every sale is another royalty. Perhaps being fired by Apple was one of the better things to happen to him, financially - and I bet there's going to be a financial settlement on the quiet as soon as he hires a lawyer, if he hasn't already done so.

The really interesting information though, would be the names of the Apple employees who are signatories to the letter. Any future employer should think really, really carefully about employing someone so neurotic, self-entitled and bitter that they would hound someone out of a company simply because they didn't like what they wrote.

Prospects for unionizing in Silicon Valley

A topic I've heard increasing buzz about at parties^[1] is the idea that Silicon Valley tech workers should be unionizing. The New York Times was discussing unionization in digital media a month ago:

Daniel Marans, a reporter at HuffPost, said the treatment of employees at digital media companies should not remain stuck in a time when websites were small and scrappy, staffed by younger workers who were happy to see their names in pixels.
"That comes to things like transparency on pay, having a decent pay scale that allows a ladder of sustainability where you can support yourself on such an income, and having due process and a guarantee of severance in the case of layoffs," Mr. Marans said.

Ooh, that looks like a great slate of demands, straight out of the union playbook. Let's unpack it.

The union demands

Transparency on pay

Know what everyone else is paid based on level - no practical scope for varying pay based on the positive or negative impact to the company. Any perceptible skew by race, gender or other minority status gets jumped on. This ties in to the next point very well.

Ladder of sustainability

a.k.a. "pay by seniority". The longer you work here, the more pay you get. No concept of "you haven't materially contributed more - or even as much - this year than you did last year, no rise for you." Per the above point, if you're a mother who's been working short hours to match with your daycare needs then you should be paid as much as a single man who's been employed for the same duration as you but has put in twice the hours. (Also as much as a single woman in the same situation as the man, which is even more invidious, but for some reason the law doesn't care about this situation.) And if you've spent 75% of your working day on Twitter supporting the Resistance Against Trump, or endorsing Chelsea Manning for Senate, that is a perfectly appropriate component of your day job.

Due process

Several states in the USA - including California, home of Silicon Valley - follow employment at will where a company can fire a worker just because they don't like them. They don't have to conduct a specific act of misconduct, it's just "it's not working out between us, goodbye!" There are carefully crafted exceptions in each state's laws, but the basic principle holds true for most employees. This violates one of the fundamental tenets of union laws worldwide - employees should not be fireable except in the most egregious circumstances.

Where you can support yourself on such an income

This refers to the lower-level employees - in practice, contractors - and the minimum wage. The more money union employees earn, the higher the dues that the union can ask for. "You're getting $15/hour? We Fought For Fifteen!" Of course, the employees who lost their jobs because their labor wasn't worth $15/hour don't really benefit from this. But screw them, right?

Guarantee of severance in the case of layoffs

As noted above, unions don't really believe in layoffs unless you're irretrievably conservative or Republican - in which case, fuck you. But if severance is unavoidable, you may be out of luck. I was surprised to learn that even in California, severance pay is not required although in practice it's present in most contracts.

Where is this coming from?

My personal opinion - which you should take with a whole bag of salt - is that this drive is a reaction to the past year's tepid (by Social Justice Warrior standards) reaction by Silicon Valley engineer peons to the cases of "hate speech" by such luminaries as Googler James Damore. The 2014 ousting of Mozilla's Brendon Eich seems to have been a misleading catalyst for social justice organizing: the perception was that the relatively small number of social justice crusaders had disproportionate power to influence media opinions and drive online lynch mobs.

The carefully union-unaffiliated Tech Workers Coalition has been pushing this line for a while:

The Tech Workers Coalition is a home for progressives in tech in the Bay Area. We’re an all-volunteer community organization. Our active participants include workers in the tech industry, members from labor union locals, community organizers, and friends.

"Labor union locals", huh? Why am I not surprised?

And now unions are concerned about the possibility of a nationwide “right-to-work” law which would effectively gut their funding. Tech workers need to stand with service workers in these fights.

Translation: we need tech money to fight the union-gutting right-to-work law. California in particular is not a right to work state - if you want to be a public school teacher, for instance, you're going to pay union dues.

Certain things are safer than others, and safer for different people. An undocumented contract worker is in a very different situation than a salaried citizen worker.

Well, there's the teeny tiny issue that the contract company is clearly breaking the law of the nation, so yes...

For tech, it’d be cool to see the strike weapon on the table. History shows us the tactics that will change the world for the better — the tactics that will not only get rid of Trump, but change the conditions that we’re all forced to live and work under.

Oh, that'll be an interesting one. Tech workers striking - "Facebook will go dark for 24 hours unless FB guarantees contractors the right to employ undocumented workers". How exactly do you expect the tech company leadership to react to this existential threat?

You should also give careful scrutiny to Coworker.org who has been publicly allying with union-oriented Silicon Valley employees. It looks to be funded principally by New Venture Fund (a $315M turnover organization whose turnover doubled from 2014 to 2015, and whose 2016 and 2017 turnover I'd be extremely interested to see. In turn they get "advised" by Arabella Advisors who have a very interesting management team with cited connections to e.g. Barack Obama's secretary of commerce, a company focus on regional food and divestment from fossil fuels.

Will it work?

What do I think? Twitter, Facebook and Google offices in the USA are going to be hit with unionization efforts in the next 12 months, initially as a trial in the most favorable locations but if they succeed then this will be ramped up quickly nationwide. This will be framed as a push to align the companies to approved socially just policies - which their boards mostly favor already - but will be used to leapfrog the activist employees into union-endorsed and -funded positions of influence. That approach neatly nullifies the increasing concern about their lack of material contribution to the company as they spend more time on Twitter and producing social justice memes than actually writing code and making the applications work better.

I wonder, though. The bulk of Silicon Valley engineering employees - who are still the majority of the company - are white, Indian and Chinese males. They are used to ruthless meritocracy from the age of, oh, eight or so. The prospect that some slacker [foreign epithet] could supplant them in promotion or pay just by unfireably hanging around the company while they sweat blood, or block them from a union-favored sinecure by dint of being black / female / transgender / identifying as a dragon is unlikely to be something they'd lie down and accept. I fear that the social justice crusaders are mistaking silence for acceptance, and the settling of accounts after the unionization effort will be (metaphorically) bloody indeed.

I doubt this will get off the ground with Apple. They are notoriously controlling and will both detect and ruthlessly act on any twitches of unionization.

For Amazon, of course, it's much more simple. Any Amazon employee pushing unionization will be deniably but publically killed by an Amazon warehouse robot. I can't imagine Jeff Bezos taking such a challenge to his authority lying down.

TL;DR - there will be a big unionization push for Silicon Valley companies in 2018, and it will go horribly wrong.

[1] You almost certainly don't want to go to the kind of parties I go to. There are no kegs, vol-au-vents, or mini sausage rolls. There's organic Chardonnay, sushi of dubious provenance, and acceptably ethnic cuisine like Vietnamese bánh cuốn and Mexican chilaquiles. I happen to like bánh cuốn, but am under no illusion that the food and beverages are based on what the guests find appealing.

Ideas that seem attractive but are corporate suicide

A huge loss for popular entertainment when Amazon successfully lured "Top Gear" hosts Clarkson, Hammond and May from the BBC: Apple were trying to hire them too:

Apple is said to have made an unprecedented bid to secure the stars of “Top Gear” when they exited their BBC series earlier this year. But Amazon ended up winning the bidding war for Jeremy Clarkson, James May and Richard Hammond in July.

Can you imagine that? Apple, headquartered in the terminally hip and politically correct city of Cupertino in California, recruiting Mr. Jeremy "Jezza" Clarkson, famous for such quotes as:

• It's very fast and very, very loud. And then in the corners it will get its tail out more readily than George Michael
• The problem is that television executives have got it into their heads that if one presenter on a show is a blond-haired, blue-eyed heterosexual boy, the other must be a black Muslim lesbian.
• Britain's nuclear submarines have been deemed unsafe... probably because they don't have wheel-chair access.

being employed by Apple? Within one week the Apple PR and HR departments would have a "CLARKSON" page, printed on bright red paper bordered with exclamation marks, on the front page of their operational playbooks. The only potential upside for Apple is that Tim Cook, Apple's openly gay CEO, would know with a high degree of certainty what would take up 90% of the allocated time in media interviews, and he's probably got the self assurance to handle it in a relaxed manner - I'm sure he'd rather be asked about Clarkson than about working conditions in Apple's Chinese factories.

It's a crying shame that Amazon, headed by the Dread Pirate Bezos, won the bidding war. When Jezza goes on his next rant to terminally offend half the Western World (and about 0.1% of the rest of the world, who have more pressing and immediate concerns for their welfare than the spoutings of Clarkson), Bezos won't even raise an eyebrow; I can assure you that he doesn't give a bodily functional about the squeals of the masses, as long as Clarkson continues to rake in the dough.

Apple's SSL bug - better code reviews required

There's a great technical discussion by Adam Langley at Imperial Violet on the inadvertent security hole that Apple introduced to iOS 7 and later versions of OS X. They've released a patch for iOS (which is how people noticed) but are still working on the OS X fix. My sympathies are with Apple despite them being panned for the delay - the fix is straight forward, but building, qualifying, canarying and distributing the desktop fix inevitably takes a while, and if you try to speed up this process then you have a high risk of making things much, much worse.

The effect of the bug is that it allows a certain kind of attack ("man in the middle") which intercepts secure web connections, say from a user on an Apple laptop to their online banking system. An attacker with sufficient access and resources can pretend to the user to be their online banking server, and the user will have no practical way to detect this. However in practice it is very difficult to exploit, and is only really a concern for users who believe that they may be targeted by government agencies or well-funded and persistent private parties; it's unlikely that it will be widely exploited. Modern iOS and Safari users are not a large fraction of internet traffic, even if you only look at HTTPS traffic.

The bug itself is probably only interesting to code nerds such as your humble correspondent, but how it came about is quite telling about how software development works at Apple.

Here's a cut-down version of the offending function:

static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                 uint8_t *signature, UInt16 signatureLen)
{
	OSStatus        err;
	[...]
	if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
		goto fail;
	if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
		goto fail;
		goto fail;
	if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
		goto fail;
	[...]

fail:
	SSLFreeBuffer(&signedHashes);
	SSLFreeBuffer(&hashCtx);
	return err;
}

See that third "goto fail;" line in the middle? That's the error. Almost certainly it was the result of a fat-finger in a code editor, it's very unlikely to be a deliberate change. For tedious reasons related to how code blocks work in the C programming language, the effect of the third "goto fail;" is very different to the first two. It isn't tied to a condition, so if the program manages to get past the first two "if" statements successfully (the initial secure connection checks) then it never carries out the third check. When it reaches the end of the code, the result in the variable "err" actually represents whether the first two checks completed successfully, not (as required) whether all three checks completed successfully.

The reason this interests me is that this change made it into an official Apple release without being detected. I claim that if this code change was reviewed by a human being (as it definitely should have been) then anyone paying the slightest attention would have seen the duplicate "goto fail;" line which would have made absolutely no sense. I can fully understand this error not being picked up by automated testing - it's not straight forward to build a test which could cause this particular case to fail - but this is another indicator that Apple are not paying nearly enough attention to developing software reliably. Getting another person to review your code changes is a basic part of the software development process. If it's not being done, or only being conducted in a cursory fashion, you're going to leave your code riddled with bugs. There is no shortage of bad actors waiting for you to make a mistake like this.

I'm really curious about how this got noticed. My money is on someone browsing the code to make an unrelated change, and being drawn to the duplicate line, but that's only speculation.

I've given Apple heat for their sloppy approach to security in the past and I'm concerned that they're not reacting to the clear signs that they have a problem in this area. If code changes to a key security library are not going through human review, they're going to continue to have problems.

Dancing around the Great Firewall of China

It seems a little unfair to give Apple heat over its China policies, given how much employment it creates in China, but apparently Apple have censored a Chinese firewall avoiding-app:

Chinese web users have criticised Apple after the company pulled an iPhone app which enabled users to bypass firewalls and access restricted internet sites. The developers of the free app, OpenDoor, reportedly wrote to Apple protesting against the move. [...] Apple asks iPhone app developers to ensure that their apps "comply with all legal requirements in any location where they are made available to users".

Aha. But the problem here is: China does not acknowledge the existence of the Great Firewall of China (GFW). In fact, any mention of it in a blog post or other social media is enough to get that posting censored. China certainly has strong legal requirements about being able to identify the real person behind an Internet identity on a China-hosted service and foreign firms having to "partner" with a local firm for Internet "compliance", and it freely blocks traffic going outside China (via the GFW) which could retrieve user-generated content relating to sensitive topics, but from a legal perspective the GFW itself cannot be the subject of a legal violation since the GFW does not officially exist because you can't talk about it (and the GFW will censor your traffic if you try to do this across the border). Is your head hurting yet?

This, by the way, is perfectly pragmatic behaviour from Apple. They like being able to do business in China, so it's not enough to satisfy the letter of the law - they want to keep the Chinese government happy. As such, dropping GFW-circumventing apps from the App Store makes perfect business sense. It is, however, particularly weasel-like for them to hide behind "legal requirements", or avoid the topic all together. If they want to play ball with the Chinese government for commercial reasons - and it's their fiduciary duty to improve their commercial prospects - why can't they just say so? (Yes, this is a rhetorical question.)

The OpenDoor app developers purport to be bemused:

"It is unclear to us how a simple browser app could include illegal contents, since it's the user's own choosing of what websites to view," the email says.
"Using the same definition, wouldn't all browser apps, including Apple's own Safari and Google's Chrome, include illegal contents?"

Yes they could, in theory. But browsers use well-known protocols: HTTP, which is clear text, and which the GFW can scan for illegal content like "T1ANANM3N []"; HTTPS, which is secure but can be blocked either based on destination IP or just universally. OpenDoor probably (I haven't looked) does something sneaky to make its traffic look like regular HTTP with innocuous content. The GFW could, with some work, drop OpenDoor traffic based on its characteristics and/or destinations, but they would always be playing catch-up. Instead, Apple "voluntarily" (we don't know if any Chinese government pressure was formally applied) drops it from the App Store in China. Everyone's happy! No-one gets any distressing news about human rights abuses in China, and gatherings of subversives are prevented.

Apple are bending over to help the Chinese government, and that's perfectly acceptable in a capitalist society - let's just be clear that it's voluntary, and in search of profits.

Oh FFS Apple

It's another lock screen security breach on the iPhone, this time in iOS 7:

The exploit can be initiated by swiping upwards on the device's lock screen to access the Control Center and open the Clock app. Once the clock app is open, holding the phone's sleep button will cause the "Slide to Power Off" option to appear. Tapping on cancel at this juncture and then double clicking on the home button will open the phone's multitasking screen, providing access to the camera and the photos on the device. The key to the trick, however, is to access the camera app from the lock screen first, causing it to appear in the recently used apps list.

This is far from the first lock screen exploit. Have Apple given up entirely on security testing? They know this is a ripe vector of exploits, and they let this through the gates. As I noted back in February for a previous lockscreen exploit:

What the flaw indicates, however, is that Apple is pressuring phone development and skimping on testing and security. This is not going to be an isolated problem.

The Apple tax bandwagon

Noted tax expert[1] Robert Reich lays into Apple's tax affairs in the Guardian:

The same disconnect is breaking out in the US. A Senate report criticises Apple for shifting billions of dollars in profits into Irish affiliates where its tax rate is less than 2%, yet a growing chorus of senators and representatives call for lower corporate taxes in order to make the US more competitive.

Nice strawman, Robbie m' boy. Apple isn't shifting profits out of the US. Apple is making profits outside the US (principally throughout Europe), registering income in its office in the low-tax environment of Eire - as explicitly provisioned in European laws - and is not moving such profits back into the USA because it doesn't want to pay 35% in tax for the privilege. It would rather keep profits abroad and look for opportunities to use them.

If the USA wants to see any tax from this money earned abroad, it will have to be repatriated into the USA in order to be taxable. Apple can't be forced to repatriate that money. In fact, Apple would rather raise $17bn of money via a debt offering than repatriate money from Eire.

Robert Reich also doesn't seem to pay much attention to his tax return:

Individual states in the US have embarked on their own races to the bottom, seeking to lure investments and jobs – often from neighbouring states – with lower taxes, higher subsidies, reduced regulation and lower real wages. Here again, the new generation of information technologies is intensifying the race.

I'd point out that Apple, Facebook, Cisco and Google are all headquartered in California - with one of the highest state tax rates in the USA. Jed Kolko from real estate firm Trulia additionally points out that the race to the bottom for taxes, such as it is, applies to people not firms. A lot of cutting edge IT firms still rise in Silicon Valley due to a combination of people for hire, VC firms and the pleasant environment. Tax competition isn't likely to change this very much.

Here comes the pitch:

Similarly, the EU could be a bargaining agent for its citizens if it were to condition access to its hugely valuable market on paying taxes in proportion to a global corporation's EU earnings, as well as making investments (including research and development, and jobs) in similar proportion.

So as well as paying sales taxes on everything you sell in the EU, you'd have to pay additional income taxes on the profits you make in the EU (which are then taxed again when and if they are repatriated to the USA to pay shareholders.) You'd have to invest in R+D in the EU, no matter whether you can find a good environment for that research. Someone in the government is going to have to decide whether what you're doing is actually R+D and whether you're contributing enough money to your EU research facilities. What could possibly go wrong?

Reich's take on the implications of this are ass-backwards to mine:

As a member of the EU, Britain would have more bargaining leverage than it would if it bargained separately. Hence, an important reason for Britain to remain in the EU: rather than a race to the bottom, the UK would thereby join in a race to the top.

On the other hand, if the EU takes this approach, and the UK makes a more congenial business environment, the UK will benefit from the additional taxes and R+D facilities because they're not burdening the businesses with additional regulation. I'm surprised that Robert Reich hasn't come across the Prisoner's Dilemma and its implications in his academic studies.

[1] Not really; professor of public policy at the University of Berkeley, California. He knows about as much about tax as I do about sewer planning. He was Labor Secretary under Clinton and lobbied for a minimum wage increase, which should calibrate one's expectations about his economic nous.

A tale of two unlocks

Bypassing phone lock screens seems to be the story of the day: first, access to the phone book and photos of an up-to-date iPhone:

By locking the device and enabling the Voice Control feature, it is possible to circumvent the lock screen by ejecting the SIM card from its tray at the moment the device starts dialing.
From here, the phone application remains open, allowing access to recent call logs, contacts, and voicemail (if it isn't protected by a separate PIN code). But also from here, photos and video can also be accessed by creating a new contact. When a new contact is created, it opens up access to the photos application — including Camera Roll and Photo Stream.

Note that the iOS version tested (6.1.3) is the release which fixes the previous unlock screen exploit. One wonders how many more of these exploits are going to come around.

The impact of this bug is limited in frequency but severe in impact. Although all modern iOS devices appear to be vulnerable, the actual exploit does not (in general) give a thief much to work with. He can't apparently make calls or send texts with the device, which are the two potentially most expensive acts. Where it does have an impact is situations where the address book or photos data are regarded as valuable - generally, when the thief knows the iPhone owner or knows they are a friend of someone whose address, phone number or data he wishes to steal. Imagine, for instance, if someone got access to Pippa Middleton's iPhone and used this exploit to read contact information and photos of her family and friends.

But let's not just pile on Apple - Samsung is similarly vulnerable:

From the lock screen, an attacker can enter a fake emergency number to call which momentarily bypasses the lock screen, as before. But if these steps are repeated, the attacker has enough time to go into the Google Play application store and voice search for "no locking" apps, which then disables the lock screen altogether.
From there, the device is left wide open.

The interesting point here is that the vulnerability doesn't appear to be present on "stock" (Google-released) Android 4.1.2 phones - it appears to be peculiar to Samsung devices. That implies to me that in Samsung's effort to pile on their customisations to differentiate themselves from J. Random Other Android device provider, they may have sacrificed something in quality and security testing. Unlike Apple, however, I suspect Samsung don't particularly care. They will certainly care about this flaw (since it makes Samsung leading-edge phones even more attractive to tea leafs who wish to burn up their victims' phone bills) but I don't see them slowing down their development velocity. That's their primary differentiator over Apple - new features and innovation - and there's no way they're going to trade that for slightly improved security. Only if the flaws being discovered have substantial negative impact for the average user (phone crashing all the time, corruption of storage, inability to view videos of cats) will they impact sufficiently on Samsung to change their development direction.

Once is bad luck, twice is careless

Rather embarrassing for Apple; even if your iOS 6.1 iPhone is locked, a simple sequence of keys gives the phone holder full calling rights. A thief can lift your locked iPhone from your bag, make and cancel an emergency call - because all smartphones allow 999/911 dialling without unlocking, for public safety reasons - and then press the power button twice to be granted the ability to call any number that your phone can normally call. The thief could spend an hour on a 0900 number with Big Brenda and her Bosoms, or if you have international dialling you will find twenty calls to Romania, Bulgaria and/or Nigeria on your bill. Apple is reportedly working on a fix. If you stand outside their HQ on Infinite Loop, Cupertino, you can probably hear the cracking of whips and the screams of user interface engineers.

Why is this embarrassing? Well, almost exactly the same flaw affected iOS 4.1 back in 2010. What this tells me is that phone security is not systematically tested by Apple. If it were, they would have been looking for precisely this flaw. One of the most basic principles of software testing is that you should never discover the same bug in production twice - after the first discovery you should create a test that reproduces the flaw, then make the fix, and verify that the fix actually addresses the test. The test is then re-run on every single build you make in the future - if the flaw returns, the test will fail.

The only difference between the original and new flaw is that in the original flaw you only had to hit the lock button once, whereas in the new one you need to hit it twice. If I were in charge of security testing in Apple - I'm not, by the way - I would have the emergency calling feature identified as a high-risk gateway to the phone's functionality and I'd be user-testing and code-scrutinising like crazy to try to spot flaws like this.

This flaw is not a big deal in and of itself - Apple will release a fix, the iPhones will auto-update via iTunes and the problem will be solved. Maybe a few thousand people will fall victim to the flaw before it is fixed. What the flaw indicates, however, is that Apple is pressuring phone development and skimping on testing and security. This is not going to be an isolated problem.

Apple Maps - some work required

It was with no great surprise that I read this morning of certain deficiencies in iOS 6's Maps application that had become apparent. It seems that the data sources are not all they might be. I enjoyed thumbing through some side-by-side examples of the Apple Maps vs Google Maps. So who's to blame?

TomTom, which also licenses data to a range of other mobile manufacturers, defended its involvement.
A spokesman told the BBC that its maps provided only a "foundation" to the service.
"The user experience is determined by adding additional features to the map application such as visual imagery," a spokesman said.

Right: TomTom data is focused on navigating cars, not people. If you're using your iOS 6 device to guide your driving, all should be well. If you're on foot, less so.

The contrast with the demo images on Apple's site is amusing. At the iPhone 5 / iOS 6 launch everyone was wowed by the 3D images of San Francisco, but didn't note the following:

• 3D display eats battery life like you wouldn't believe;
• 3D display is only useful for large cities where the taller buildings form useful landmarks;
• "San Francisco" and "the world" are very different in size and complexity.

The lack of public transportation data has already been panned by big city dwellers, though I suspect this is not a general user concern. The individual mapping inaccuracies may be correctable, with time and a lot of human effort (and who's going to be motivated to do this? I guess we will be finding out how dedicated Apple fans are). The bad quality satellite images are more interesting; who the hell signed off on all the cloud-covered imagery of Scotland? There's plenty of good-quality modern satellite and aircraft imagery; see Google Maps, or Bing Maps, or Google Earth. Is Apple short of cash to purchase the modern and high quality imagery? If not, are they short of datacenter capacity to store and serve the data, or processing power to merge the various images into relatively seamless tiles?

Steve Jobs must be rotating at 10,000 rpm in his grave. The lack of attention to detail and quality are painful, and not at all what we normally associate with Apple. As far as I can see, Apple have really screwed the pooch here. People are going to back to Google Maps (once they launch an iOS Maps application, if they're so minded - if not, it's the regular website) until Apple seriously improves its data.

Perhaps this is how Apple is protecting its limited Maps serving capacity: make Apple Maps poor enough that not too many people use it...

The landmines of maps serving

I was intrigued by Apple's announcement that it was moving away from Google Maps to its own mapping solution in iOS6. This is a serious step up for Apple. If you do the math that shows that a basic 256-color map view on a 640x960 screen is 610KB, you're looking at having to provision over half a MB of serving capacity for each map query per second. Look at what Apple high-bandwidth content that Apple serves currently: OS updates (say, 100MB/user/week, but really cacheable) and iTunes streaming and sales (say, 2 songs at 5MB per user per week). I can well imagine Apple Maps tripling their traffic levels, which is significant enough, but the other point is that maps data is very user-sensitive in the way that even iTunes sales are not: a delay of 30s in a 1 minute download of a music track is annoying, but delaying interactive map views by 10s will really bug people trying to find their way around a new city.

I foresee a lot of pain for Apple's data centre team in the first month or two after iOS 6 rolls out, and not a little user annoyance.

Update: (20/6/12) as the esteemed Mr. Worstall has linked this, I shall expand on the detail a little. Yes, if you compress the image (e.g. via PNG) you could easily shrink the bandwidth required to 1/2 or 1/3 of the uncompressed, depending on how "busy" the map image is. However, nothing is for free. If you want to serve compressed images, you either have to pre-compute and compress every image you might possibly want to serve (which can turn out to be a big, big storage problem when you consider different zoom levels and image viewing options) or you have to compress on the fly and hope that you get reasonable cache hits. The former strategy takes stupid amounts of disk (which is slow to read); the latter takes stupid amounts of processing power and therefore reduces the number of users that each server in your datacenter can serve.

Compared to this, serving iTunes tracks is easy because everyone gets the same track data and caching the popular tracks (Justin Bieber, Katy Perry, Flanders and Swan) helps you avoid the slow disk reads.

Has Apple quality started to slide?

Over the past month I've noticed a lot more trouble with my OS X machines; networking (especially Airport) being much more reluctant to connect even to perfectly good networks, and several cases where my laptops just won't wake up after being opened. Safari (5.1.2) is also troublesome with various UI glitches and, if open for long enough, it refuses to load any new pages: a close and re-open is required. Notable that Firefox on the same machines doesn't have the same difficulties.

I've seen something analogous at Apple stores during 2011: the "can't do enough for you" attitude can still be found sometimes, but other times it feels like you're just intruding on the employees' time. Perhaps these are the slackers attracted to a successful company like ants to honey.

With Jobs' passing, has the quality mania at Apple started to disappear and be replaced by "just good enough to ship"? Are they going to do a Microsoft? Enquiring minds want to know.

Update: Just after I posted that, my Wifi icon started strobing as if it were trying to find a network, despite being very clearly connected to and posting through a perfectly good one. WTF?