Nokia: “You know, we might be in a spot of bother after all”

(All over the internet for the last couple of days, but for best subhead I must link to the Register.)

Nokia 700, iPhone 4 (with bumper), Galaxy NexusBeing a contrary type, I recently bought a Nokia 700. You can see it on the top of the pile in the photo on the right.

It runs Nokia (Symbian) Belle, an unevenly-supported platform that started at a disadvantage and is now to be abandoned by a dying company. The software is not this phone’s high point, though it’s better than you’d expect from that description.

The hardware is fantastic. It’s just the right size, shape, and construction. I resisted the iPhone and friends for years because they were so clumsy, but the 700 is small and thin enough to fit in any jeans pocket while still being entirely manageable with the Swype keyboard. (There are small Android phones, but they’re all horrible.)

And it’s a more beautiful object than any other phone I’ve seen. It isn’t any nicer to hold, or more practical: there are Android and WP7 phones that are better in the hand, and the 700 has no parallel lines in its design and so is impossible to balance satisfactorily on any edge. But it has the air of a weird tablet passed to us by aliens in its thinness, lightness, solidity, and amenability to single-handed hold and operation.

What Nokia Did Back Then

The way Nokia made their mark, back when mobile phones first became popular—in the mid to late 90s—was by producing desirable hardware with a recognisable operating system.

Nokia pioneered the idea of a consistent operating system for phones. They made a series of devices all working in much the same way, at a time when others were producing new interfaces for every device, and they had a sensible and comprehensible structure for information and functions on screen.

Nokia quickly became the phone you could actually understand, while producing the desirable hardware that made them the phone you yearned to own. This is just the combination we see in Apple now, and it’s the combination that Nokia lost sight of during their years of pushing capable but complex Symbian systems.

Of course, Nokia have now managed to pull Symbian back into a position where ordinary people can enjoy it—four or five years too late.

Our Frightful Infrastructure

I had never used Symbian before buying this phone.

I had used Windows Phone 7, and I liked it. So I could see where Nokia were going and why.

I knew that the WP7 ecosystem is entirely owned by Microsoft. You get your new phone and switch it on; you’re asked to register a Windows Live account (or whatever they’re calling it now); and you’re entirely managed within Microsoft’s network of services. Music, games, video, support services, what have you: it’s all Microsoft.

What I hadn’t realised was just how much infrastructure Nokia already had around Symbian. You get your new Nokia 700 and, as soon as you try to do anything acquisitive with it, you’re asked to register a Nokia account. You use entirely Nokia services for music, games, video, support services, and what have you. And they work quite well.

As an ignorant observer, I had thought that Nokia was deferring to Microsoft in these services because they didn’t have them already. I now realise the switch to Microsoft services is simply a change of landscape. They already did have all of these things working fine.

But the way Nokia ran these services was terribly labour-intensive. Their dependency on mobile phone carriers meant they had to organise separate billing and delivery plans several times over for every region. Delivering OS updates appears to be an almost impossible task: my phone is still waiting for updates that Nokia announced, and I know that other editions of the same phone received, over four months ago.

I’ve been in touch with Nokia support several times about failed music downloads and missing OS updates, and they’ve never been able to tell me anything useful about what was really going on. The system has been creeping past its operators on both flanks.

Can Nokia recover?

No. Though everyone is saying that, so I’m hardly original.

Nokia have clearly discarded Symbian, which seems to be both expensive to run and without a place in the market. (I wonder how long the services for my lovely phone will keep running for.)

That means they have only two totally incompatible platforms to manage, instead of three: S40 running Mobile Java, and WP7 running managed .NET code.

WP7 is not going to succeed for Nokia. I like it, but not only does it look like a hard sell for consumers, it’s also an operating system that people talk about more than they talk about the phones.

What I mean by that is: Nokia are trying to sell phones with a nearly two-year-old operating system called Windows Phone 7. Delightful though it is to use, it has no very immediate appeal to consumers in terms of immediate visuals or capabilities so the publicity talks about the operating system rather than simply presenting the phones. We know that the phones are running Windows.

Meanwhile, Microsoft are already talking up Windows 8. Anyone in a position to influence reluctant consumers is probably already thinking of WP7 as a strange and not necessarily compatible predecessor of Windows 8, whatever that turns out to be. (We’ve seen a lot of Windows 8, but it’s proposed that it will run on phones as well as PCs and tablets [isn’t it?], and we haven’t seen any of that yet.)

Nokia are in the awkward position of betting their entire business on explicitly promoting an operating system that seems to have been already superseded by its producers.

No, I think they’ve had it. It’s been a long time coming, but I just don’t see the way out. Let’s hope I’m wrong, because it’s terribly painful to watch a strong European company fall apart because they couldn’t understand the nature of competition from a formerly minor American rival. Damn it.

Why is “password” such a popular password…

… and why wasn’t it popular at LinkedIn?

Studies of databases cracked from various sites over the years have consistently shown the word “password” to be prominent among the world’s most common passwords, usually in the number 1 spot.

Yet in the recently lifted LinkedIn database the most common password appears to have been “link”, with “password” apparently appearing nowhere in the top 25.

 

Once upon a time—over 20 years ago—a friend told me she’d had a great idea. She should set her Unix system password to “password”. Nobody would ever guess it. It would be hiding in plain sight.

I didn’t think it was a good idea, but I do remember thinking it was a novel one. I don’t know how serious she was. Certainly not serious enough to have actually done it: even then we were aware that “password” was a bad password because it was a word and words will be guessed sooner or later.

Since then “password” has repeatedly come up as a common real choice for passwords.

Why so popular?

  • Does everyone have the same great idea as my friend did?
  • Are they wildly casting around for anything they can type in the field, and “password” just happens to be the word sitting next to it?
  • Are they choosing it deliberately in order to maximise their chance of remembering it next time?
  • Is there some cultural thing I’ve missed, maybe a film in which “password” is shown as someone’s password that seeded all the subsequent uses?

I suppose another possibility is that it’s the default password set by some admin tool. I can’t remember ever seeing an admin tool that did that myself, though, and I’ve seen a few.

 

Some years later, a colleague handed me a laptop to use for a demo.

“The user name and password are on a Post-It note on the screen”, he said. “So you mustn’t lose it, or we’ll be stuffed.”

I opened the laptop and there was the Post-It note.

“Username: admin”, it said. “Password: password”.

 

But why doesn’t it appear in the top 25 passwords from the LinkedIn database?

Is the analysis wrong?

I’d like to think that LinkedIn had measures in place to prevent people from setting such simplistic passwords, but, um, most of the other popular choices are equally simplistic.

And a company that loses 6.5m hashed-but-not-salted passwords probably isn’t doing much else for password security.

Besides, “password” does appear in the database, by all accounts. (I haven’t seen the SHA-1 database myself.) It just wasn’t among the popular ones in that particular analysis.

 

2880×1800

The Verge: Apple announces next-generation 15-inch MacBook Pro with Retina Display (nice URL, by the way).

Obligatory grump: Pity it’s not a 4:3 aspect ratio

More rational grump: How come nobody else has been able to do this? I’m not the only person to have been waiting for a machine with a screen like this—and for many years now. It’s not as if Apple even make the screens!

I’m guessing (correct me please?) that in OS/X, this screen will be addressed as a grid of 2×2 pixel squares at an effective 1440×900 with fonts and graphic assets scaled at the native screen resolution.

Would it be safe to assume that Linux running on one of these will simply get the native resolution?

If so, I might even…

No, I wouldn’t buy one—not with my own money.  Too expensive for a machine I have problems with the rest of the design of. But maybe it’s not unreasonable to hope other companies might finally get off their stupid, lazy arses and at the very least get around to copying that screen. Sony, help us out here.

And despite my ob. grump above, much credit to Apple for sticking with a 16:10 resolution even at this sort of scale, instead of going for 16:9.

“Various nifty functions”

Further to the code-literate judge in Oracle v Google, via Groklaw we now have his ruling that the Java APIs are not copyrightable.

It’s an exceptionally clear piece of work and a good introduction to the subject. I certainly couldn’t have written a better technical summary, although I’m sure there are bits that a non-programmer would still struggle with—for example, the judge uses the term “subroutine” without explanation.

I like the jaunty language:

After Java’s introduction in 1996, Sun […] wrote hundreds more programs to carry out various nifty functions

And he is certainly decisive. The section describing the code at issue (rangeCheck) is introduced thus:

Oracle has made much of nine lines of code that crept into both Android and Java. This circumstance is so innocuous and overblown by Oracle that the actual facts, as found herein by the judge, will be set forth below for the benefit of the court of appeals.

And in the closing remark,

[It] is important to step back and take in the breadth of Oracle’s claim. Of the 166 Java packages, 129 were not violated in any way. Of the 37 accused, 97 percent of the Android lines were new from Google and the remaining three percent were freely replicable under the merger and names doctrines. Oracle must resort, therefore, to claiming that it owns, by copyright, the exclusive right to any and all possible implementations of the taxonomy-like command structure for the 166 packages and/or any subpart thereof — even though it copyrighted only one implementation. To accept Oracle’s claim would be to allow anyone to copyright one version of code to carry out a system of commands and thereby bar all others from writing their own different versions to carry out all or part of the same commands. No holding has ever endorsed such a sweeping proposition.

As an aside, nice to see our old friend Sega v Accolade cited again. I haven’t read all that many US legal opinions on software copyright, but I think pretty much all the ones I have seen have referred to Sega v Accolade.

You can read the whole thing on Groklaw.