Hamm On Wry

After reading about the MacBook Hijact and the resulting commentary from the highly-regarded (by more than me, honestly) John Gruber, the logic-mashing inanity of George Ou and the realistic-yet-still-easily-disproved sub-evaluation by Rich Mogull it’s quite easy to figure out and explain to you, dear reader what is really going on.

Read On for the Answer

First, let’s review what Mogull has to say. Mogull asserts that to “…show the attack on the built-in wireless device you instantly identify the vendor involved” and that’s apparently a bad thing. Mogull conveniently disregards that they made a point of telling everyone they were using a Mac. Um, hello? Apple would be the vendor, and thus, the first major cracks in the lynchpin of Mogull’s argument. The lynchpin breaks when you realize that anyone who shows you a video that can be summed up with “PAY NO ATTENTION TO WHAT’S BEHIND THE CURTAIN!” you’re not in Kansas anymore. So Mogull’s argument doesn’t wash.

To be clear, tho I admire Mogull for his obviously thinking and careful nature, and the fact that he does account for the possibility he might be wrong and doesn’t add flame, just a reasonable possibility to the discussion. I respect him for it, and while I don’t agree, and use a bit of humor to explain why, I in no way mean any disrespect to him.

As for Mr. Ou and his Legal Eagle David Burke, after reading the post four times, all I can hope is that they’ve both developed an immunity to Iocaine Powder, and that neither is ever involved in a land-war in Russia. Dave holds the illogical belief that “‘no’ means ‘yes’.” For example he says:

The statement made by Gruber relating to Fox on behalf of Apple simply indicates that the actual test performed to show the exploit only demonstrates it can be done with the third party drivers and hardware, it does not say that there has never been a claim made to Apple that such an exploit could be shown to them…

Quick review, Gruber said Fox said that Apple hasn’t been shown anything. Right, got it. Apple has no details, no hints, no phone calls, no contact, no nothing.Dave, dude, when are you going to learn that ‘no’ means ‘no’? But he continues:

… it does not say that there has never been a claim made to Apple that such an exploit could be shown to them, or was offered to be shown to them, or was told to them that such an exploit does exist on a stock Apple system, or that Apple had never been made aware of such an exploit on a stock Apple system or Apple never requested such a stock system exploit not be demonstrated at Black hat. Fox’s statement simply says; Maynor and Ellch have not demonstrated such a vulnerability to Apple.

Obviously, Dave needs to learn to check his sources, which would be the, *ahem*, logical thing to do. To whit:

SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship. — Lynn Fox, Director of Mac PR

Again, Dave, ‘no’ means ‘no’. You don’t date much, do you.

He goes on, apparently in full-on mouth-foaming mode:

At no point in Lynn Fox’s statement does she ever claim that Secureworks has never ‘told’ Apple such an exploit could be performed on a stock Apple so Lynn Fox has certainly not lied about what this blogger claimed she might have. Further there is absolutely no evidence shown by this blogger that Secureworks did not tell Apple such an exploit could be demonstrated on a stock Apple system or any denial that Apple asked them not to use a stock Apple system in their demonstration.

Dave, yes she did. If you can reasonably claim that “shared or demonstrated” does not cover “has told” you simultaneously claim the mantel of twit-hood. And George, wow, you suck. Whoever hired you at Z-D needs a good long vacation. As do you.

(Why is there no ‘digression’ element in XHTML?)
To be totally fair, yes a claim could have been made to Apple about a Wi-Fi exploit, but since these two SEs nor the company they work for have not done so it’s immaterial if someone else brought it up to Apple. I can call and leave a voice mail for the technology team at Apple telling them I can send a malformed packet to the Houston Galleria store and make an iPod nano suddenly obey my every command. Apple can safely ignore that issue as well, as it’s part of the business, because the malformed-packet is probably an Amex. (end digression)

And now, the real issue and solution:

DRUMROLL PLEASE!

The vulnerability does exist, but it has nothing to do with the computers. Nothing even to do with Wi-Fi. The vulnerability lies in the media. Here’s what happened:

1. Persons S&E found a vulnerability in ObjectX
2. Persons S&E attacked ObjectX using technologyQ.
3. ObjectX is vulnerable to TechnologyQ and was therefore controlled by Persons S&E
4. TechnologyQ gave Persons S&E SuperUser access to ObjectX
5. ManufacturerA has no knowledge of TechnologyQ.

With most security holes the next steps would be “ManufacturerA reviews TechnologyQ and releases PatchX.1″ but that won’t happen here. Why? Look at the variables in the list above and review them. I bet you’re not using the right values for the variables.

Persons S&E are the two Security Experts, Maynor and Ellch, obviously. TechnologyQ is the demonstration given and videotaped. (Did you notice I didn’t say the code used in the demo?) ObjectX is not a computer, it’s Krebs, the reporter. ManufacturerA is the WashingtonPost, and the actual breach is that Krebs was easily swayed because he, too, wanted “to stab one of those users in the eye with a lit cigarette or something”.

And thanks to Maynor and Ellch, he did.

Jeff’s follow-on to his previous post is another must-read. And doubly-thanks for the shout out, Jeff, that’s always appreciated.

I have something else to add to this, and it’s part of the discussion that I don’t see defined well, and, the back of my head being the meandering/simmering kind, this took a skosh more time to finish, but it was another epiphanal moments for me:

When working to make something accessible, you have the core audience, the first marginal audience, second marginal, third marginal, etc., ad nauseum. However, those units most likely follow a half-life scale, getting below 10% by the 4th marginal, but never actually reaching zero. Very ‘radial gradient’ if you can visualize it.

Alas the world doesn’t work this way, and what works this member of the core isn’t what she’s used to because her child is deaf. Or his wife is blind. And so core people deliberately choose different ways in, to both share in the emotional side of life, granted, but to also try something new. Don’t think it’s happened? You’ve probably done it yourself by activating the built-in reader for a web-page to hear your structure, I have. (It wasn’t bad, just felt like I was on hold a lot.)

I can think of no site-design situation where I’ve sat down and heard anyone say “let’s define this in terms of the 5 senses.” (Insert your own lame ’stink’ or ‘del.icio.us’ joke here.)

I could be wrong on this, but I just can’t imagine a group saying “our primary goal is to grant access to Group-Y” if only because, for example, having a site for the blind that is inaccessible to the deaf would raise too many hackles, and cut away the core of humanity. I would be very surprised if even the American Society for the Blind, or for the Deaf, think about how their sites are going to be used for the disability, but instead think about how it’s going to be used by ability.

Subtle? Yes. Too subtle? Just wait, there’s more!

You can’t plan for everyone who will reach your site, the potential audience is billions of people. You can plan for groups, but you’ll never know Person X. (unless your name is Dave, apparently, and then Ye Shall Be Known And Smote!. And that’s a good thing, too.

Why on earth would I think it’s a good thing to not know who is at your site? Because accessibility isn’t just about the ways we’ve delivered equal-access to members those of our society who need it. After all, that’s past-tense, in most ways. But we need to keep being creative, keep analyzing the problem, keep pushing the envelope and thinking up new ways. We need to keep learning to help others in our every day lives, keep building new tools and developing new ideas, because each one of those ideas is a building block for another, and another, and, again, ad nauseum. No one should get upset at altruism, but that’s not why it’s important. Society’s growth and continued semblance of well-being are at stake.

While the overall goal of accessibility is to grant everyone access, each person only needs one way. Once it’s found, it’s nirvana, but who finds it the first try? No one. And who stays with that tool for more than a few years? I don’t, and I don’t know anyone who does, either.

Usually because we found a better way, or designed one ourselves.

The devolution of this much-needed discussion to a flame-war is so sad. I don’t want to have to care for someone else’s disability, I want to create for their ability. I don’t want to think in terms of “these can and those can’t” when, by being creative and having a moment to think instead of hearing all the whining over and over about all the sad things in everyone else’s life and I should be grateful and… and … and I am. And if you’ll give me a moment, I may be able to find a common situation so ‘these’ and ‘those’ can all use ‘this’.

Personally I’m falling behind on my surfing as I’m eye-ball deep in django syntax (MODELS, and URLS, and VIEWS! OH MY!) that I’ve not been out on the rest of the web all day. Perhaps I’ll use another access tool and just dump the text into the vocalizer and let the sultry digital tones of the descendants of Maxx Headroom tell you about the day. Or just crank out some BT.

Blogging is all the rage these days. It seems that everyone is doing it. In fact, it’s so popular that even my mother has picked it up. She’s funny and snarky and quite possibly illegal in 7 states, but there is no one else quite like her. She’s in Montana, pounding away at the insanity of the political process in a state that’s 4th largest in acreage and 4th smallest in population.

She may not win a Pulitzer this year, but she could easily claim a scalp or two, since they’ve got a:

• Democrat for governor who is all about ripping up the land across the state so that all the coal can be used for fuel - very environmental forward, that guy
• Republican Senator facing problems because he:
  1. shoots from the hip (like most Montanas)
  2. but keeps forgetting to remove the gun from his holster (unlike most Montanans), thus
  3. hitting his own foot almost every time
• so his public appearances end with his foot in his mouth
• whining about his wounds
• just as if he was from North Dakota!

Regardless of the goings-on, she’ll have some opinion, usually dripping in her everyday’s-a-holiday-favorites — Frank, Intense and Mirth.

I was over at Jeff’s blog about to comment again when I realized that it was a post I should have it here. For reference you should also read Roger’s diatribe and the comments attached.

A part of the problem of accessibility mavens who whine (and those who piss and moan on their behalf) lies in confusing Accessibility, i.e. being able to access content, with personal comfort.

Let me explain.

I was having problems seeing when driving at night, but not while seeing in the dark, so I went to the eye doc. My night vision is fine. In fact, it’s better than most. Dark or light wasn’t the problem, it was dark AND light. I have problems with high-contrast lighting situations. If I were Roger, I’d have written about headlamps creating high-contrast situations is unacceptable, and, without research backing me up, whine about how this needs to change so that the streets are more comfortable accessible for me.

When reading sites like Veerle’s or Daring Fireball I get the ghosting and retinal residue that he refers to, although neither site is particularly high-contrast (my opinion), they are both inverted. It’s very easy to ’see’ the residue on inverted designs, but dark-on-light causes residue, too. The residue is the entire area and isn’t as noticeable because it covers so much of your eyes own viewport or visible area, and, since it’s the light parts that create lighter residue, the larger area bleeds into the lines of text, making them smaller and less likely to be noticed, thus reducing the overall noticeability of the residue. For the same person in the same ambient light reading the same display, sites that are at contrast ratio but inverse to each other will both create visual residue. Because it’s not a function of the site or the colors, it’s a function of the display.

Contrast is an issue for many, but contrast and inversion aren’t the same thing. Inversion is not an accessibility issue, it’s aesthetics. Contrast can be an accessibility issue, but the solution is usually outside of the scope of web design.

Instead of truly understanding the situation Roger assumes it’s an accessibility problem. Experts should avoid knee-jerk reactions, as those reactions feed the idiocy of reactionaries — like Commenter #14 Danny Hope. Now you have the comments of an accessibility expert being used as an excuse to never bother with accessibility. Danny evidently doesn’t understand accessibility, web standards or how the two relate, yet he’s a professional web designer, so woe to the masses who must go to him for advice!

Roger can help himself by using tools developed for televisions decades prior to the first home computer: ADJUST YOUR DISPLAY! And no, brightness isn’t the only adjustment, you can control the contrast, too, and that’s where your problem lies. I would think it was obvious, but I guess not.

Making something accessible doesn’t begin and end at the web designer, there are many pieces to it. If accessibility ends with the software (browser or OS), Roger might be excused for not knowing about display settings because even tho he can use a browser, he might know next to nothing about his computer. It’s a stretch, but it’s possible. However, since a computer is the primary tool for accessing the internet how can you not know about the basic hardware controls and still claim to be an expert on accessibility? Roger’s understanding of accessibility seems flawed to me, but understanding and accessible are two different things.