05/01/2020

#58 – COBOL Cowboys

#58 – COBOL Cowboys

As we continue to record from our homes in the time of COVID, we start by chatting about VR once again, even though Adam continues to be unconvinced. From there, the gang talks through Contact Tracing improvements and then how COBOL and technical debt has brought about a new group of superheroes. Check out the transcript for this episode below:

GREPCAST #58 – The COBOL Cowboys

Adam Fisk
What’s up, everyone? You’re listening to the Grepcast from TSP LLC, bringing you a bi-weekly look into the world of technology and technology-adjacent ephemera. My name is Adam Fisk and today we are joined by Michael Oh.

Mike Oh
Hello!

Adam Fisk
And Kelly Ford.

Kelly Ford
Hello.

Adam Fisk
Mike just presented us — it looks like he has 100% oxygen in that blood

Mike Oh
100%. That’s right!

Adam Fisk
Which is great to hear. No early warning signs for us.

Mike Oh
My pulse is like at 30 or something, but it’s fine.

Kelly Ford
It looked like an old flip phone to me. I was like why are we talking about this?

Mike Oh
It’s like the world’s smallest flip phone.

Adam Fisk
Do you remember those? When those were like, super popular?

Mike Oh
Like the super tiny ones? Oh, I loved I [mine], it like rotated. And I was like “small phones is so the future!” And then I was totally wrong.

Mike Oh
And then I look at this behemoth that I have in my hand.

Kelly Ford
It’s a good weapon.

Adam Fisk
Yeah, I can chuck it at someone [laughs]. So in terms of other future things that we thought would come to fruition, we finally found our future and that future is firm in Bitcoin and VR. The two subjects that we love talking about and super didn’t create a moratorium on it. But this is coming to us actually from a Twitter post that Mike found. It is from @Michaelfolkson. This individual hosted a Socratic seminar in VR, talking about Bitcoin. VR Bitcoin. So I hated this and I did not like it at all [laughs].

Mike Oh
And pretty much that’s the only thing to really state about it, in the sense that like, there is really no material or even funny commentary we can make on it other than the fact that it’s Bitcoin and VR together at last.

Adam Fisk
Right!

Kelly Ford
Well I skipped the whole seminar. I was only there for the beginning, when they were like little avatars hovering around and trying to figure out what they were doing. And then the people in the audience being like, do you see me walking around? Can you hear me? And then someone says, I can take a picture of myself. Oh, dope.

Adam Fisk
There was a lot of people wandering around looking at their hands. So you know.

Kelly Ford
I get it though. We had this conversation about virtual reality and using what have you earlier and I don’t know why. But then once I saw it was like, “okay, this is this is pretty dope, dude.” It looked fun. But then I was also like, “whoa, yeah, definitely that Nita Bonnie emotions. During the virtual reality seminar,

Adam Fisk
And I just…I don’t know what I would gain from this, ultimately, as opposed to just watching a normal webinar. Because — so, for those who just honestly don’t even want to click the link, I don’t blame you — it is like a weird brick theater with a large kind of like presentation screen and it just looks like a GitHub [screenshot]. And I could just be watching this on a webinar, somebody could be doing screen-sharing, and I would gain the exact same amount of information and togetherness as being in the VR. But you know, people are bored. Do what you do. It’s great.

Kelly Ford
Well now, maybe it will keep people’s attention. Like I was thinking about —

Adam Fisk
–well, obviously not because people were wandering around looking at their hands [laughs]!

Kelly Ford
Right, that’s true, that’s true. But it has that — I did watch [a video] […] [and] someone was talking about using virtual reality for classrooms and when that might happen. And of course, they’re forward thinking — or, as our friend Crystal says, “future-tripping” [laughs] […] So yeah, he was saying [VR for clasrooms] would be cool. Obviously, there are some, you know, things that need to happen. First: one, not everyone has access to virtual reality. But it could — it is interesting to see, because this is the first version of this, right? So it is interesting to see, or think about, how they could handle that motion sickness. But stabilize this and then get it into a place where being in a classroom actually can be less like being in a video game, but more like being in an actual lecture hall, and how that could go wide and be useful for a lot of people, […] — especially at a time like now when we’re all on quarantine. But thinking, again that “future-tripping” of “oh, this could actually be cool” for online universities even.

Mike Oh
Yeah, I mean, if you think about like, like right now in the era of COVID, right: everybody’s on Zoom calls. We’re using RingCentral Meetings right now to record this podcast, but this is pretty much the app that is up like 50% of the time either this or Zoom for us. But you think about like, what did it take to get here? Like what was the first video conference call? What did that look like? I remember initially like Skype being like a really big deal. “Oh my god, it’s free and you can see each other!” But even before then, like the various iterations of video conference calls and like the devices that people thought we’d have –a phone that was a video-phone and you know, the…you know, the Dick Tracy watch idea and all that stuff.

Adam Fisk
All the giant like, telepresence systems that people had. Yeah. Like to not be as much of a bummer uh, [as usual] — so as a quick aside, it’s great every time we’re doing a conference call from home because I’m sitting in my dining room, I have a big art wall, and there’s one print that’s always over my shoulder that just says “ALWAYS A BUMMER” on it. So it’s very good — but, as of recording, Massachusetts did just officially cancel the school year. School will not go back in session this year.

Mike Oh
Woo-hoo!

Adam Fisk
So all those individuals and all those parents who are now homeschooling their kids that were creating these kind of virtual Zoom environments to get back with their class, I can see a version of this like, nobody ever thought every school child would be given a laptop or an iPad. You know what, who knows in 10 years, which version of the Oculus Quest will just be kind of the standard issue “hey, welcome to your first day of school, we’ll collect right back.”

Mike Oh
And at that point, we’ll say “we were wrong,” but until then…!

Kelly Ford
This is one I’m gonna be… not pessimistic about. And you know that’s rough for me, but —

Mike Oh
— well, you know, but the good thing is on Grepcast, we can be both right and wrong at the same time. So if the VR future comes true, you can just, you know, I’ll just shut up and then Kelly, you can say “I called it!”

Kelly Ford
I would never! Have I ever said I told you so, Mike?

Adam Fisk
Never have!

Kelly Ford
To your face!

Adam Fisk
No, it’s only on Slack! [laughs]

Mike Oh
Just on Twitter. Yeah, exactly.

Kelly Ford
[laughs] I would never!

Adam Fisk
But moving right along: Apple has now acquired another service, another random team to add to their stock lists. This time it is Grepcast’s favorite, Dark Sky. Dark Sky has officially been purchased by Apple, and they will, we presume, be adding that into their stock weather apps down the line. But what this does mean is if you are an Android user? Not anymore! Can’t download it.

Mike Oh
Oops.

Adam Fisk
And to that point, you have only a few more few more months to find your new favorite weather app until July 1, because it will totally stop working.

Kelly Ford
Apparently the app rating in the Android store is quote-unquote, “destroyed,” per [the] Android Police [website]. That’s an actual website.

Adam Fisk
Ugh. I just went blind.

Kelly Ford
The things I do for this podcast! The research I bring [laughs].

Adam Fisk
You find all the various police states, both Android and otherwise, for us. The one benefit of this, echoing kind of the Google Nest API stuff, is they are at least giving till the end of 2021 for various services who use the Dark Sky API for their weather apps to find something new. So I guess some bright signs at the end, but I’m sure everyone is now scrambling to find which other weather app they can find that will let you know it’s about to rain in 10 minutes.

Mike Oh
It is so helpful — when it works [laughs]. And when the radar actually sort of updated. Yeah, I file this one under “things that I really cared a lot about before COVID and now that COVID’s here, I’m like eh”, you know, for about 10 seconds, I was like, “man, that really sucks for all those Android users” and then I was like, “yep, still on my phone!”

Kelly Ford
It’s every man for himself out here!

Mike Oh
I’m not gonna care. I got other things.

Kelly Ford
Screw you Android users!

Mike Oh
[laughs] Yeah exactly.

Adam Fisk
Because the one thing that the COVID lifestyle is [teaching] us is that “got mine” is the appropriate response [laughs]

Mike Oh
Exactly [laughs]

Kelly Ford
100 percent [laughs]

Adam Fisk
But on that point, moving right into our kind of first major topic: Apple and Google — [laughs] weird! — are joining the fight against COVID-19, specifically as it is developing mechanisms for contact-tracing. Contact-tracing is becoming the new buzzword as it pertains to GOVID….as it pertains to *COVID*, specifically in how we’re able to —

Mike Oh
[laughs] You gotta leave that in there.

Kelly Ford
[laughs]

Adam Fisk
Yeah, GOVID, it’s GoPro’s newest product for you. It’s a streaming service, obviously [laughs]. But yeah, they are together at last to hopefully bring a empowered API for various governments to figure out where you’re going and who you’re talking to.

Kelly Ford
What could go wrong? We haven’t said that in a while.

Adam Fisk
What could go wrong?

Mike Oh
This is such a [complicated] — well, it’s both an interesting story because COVID, but it’s so many layers to peel back on this, and I’ll introduce a couple things and we can talk about probably 10 others. But like, one of the really interesting pieces about contact-tracing, while it’s pretty well covered in a lot of different sources, but you know, Apple needs to get involved in this as well as Google on almost a hardware level. I mean, in the sense that like, there’s a lot of security-level, things that have been put into place to basically not allow contact-tracing to work. And so one of the reasons that this isn’t just an app that people can develop and put on a device like they’ve tried to do in lots of different countries, [is] because those those apps really don’t work because of these sort of like OS-level restrictions that are meant to secure your privacy. So Apple is kind of having to undo some of that stuff in the interest of like, public health and security.

Adam Fisk
Yeah, honestly you probably retweeted it, Mike, there was a really good Twitter thread where somebody was testing a contact-tracing app, and it essentially was unusable because the screen had to be on at all times for the Bluetooth connection to work. And that’s not how people work. So in this case, there are two really, really — or three really good articles — that we can use to dissect. The first one is from CRN. This is written by Joseph Tsidulko. I’m sorry, Joseph, I didn’t [pronounce] that well. But this is really kind of examining the entrance of this. So this has been announced, as of right now they are examining a may release date of this API. The best part of this is that it will be interoperable between Android and iOS which really is kind of a first of its kind, at least of this baseline. Which is very, very interesting from a kind of putting-bygones-away perspective, but it does make me nervous on what happens next. It’s very difficult for APIs, as we can see, to be undone. And we’ll definitely talk about this later on in the episode. But I don’t know. And, Mike, you were in this article, you were quoted a few times.

Mike Oh
Well, and I will say that any Grepcast listeners who’ve listened to a previous episode, where we talked about COVID, and the balance between this sort of data security, public health privacy stuff, will get the reference. Because one of the things I brought up was this Tectonics GEO tweet that we railed on, I think on the last episode, where they talked about the ability to track anonymized data on mobile phones across the country from Fort Lauderdale all over, you know, the United States. And essentially, that’s kind of, you know, […] part of what I was interviewed about was: a) would it work technically? And my sort of point was “yeah!” because like, they’re already doing it, it just happens to be with advertising not with, you know, COVID. But yeah, I mean, if Apple and Google open the API’s up, so you can, you know, kind of subvert some of these security restrictions that they have put in place, which it seems like they’re doing. And then b) like, you know, really [what’re] the implications for privacy and security, and, you know, public health, and it is really kind of an interesting thing that, obviously, a lot of other articles have covered since then.

Adam Fisk
Ultimately, I think the biggest thing that put this into perspective [is this]: […] The idea of contact tracing and why it’s so important [has] been all over the news, to the point where it’s almost that — early in our Grepcast episodes, we landed on a [name], what was it? Disaster fatigue, that’s the name? Where you hear something so many times it kind of starts to lose — not value, but we just kind of start to tune it out. And that’s what this phrase is for me. Contact-tracing. There was a, an accompanying article from the Harvard Business Review that really put it into clear words on how it’s really being used. And this is specifically in kind of East [Asian] countries and how they’ve managed their curves and flattening it. But the best way that I found is an initial quote by Wang Yi, who’s the foreign minister for China, who said “only in China and only under the leadership of President Zi, can there be such effective measures to put this sudden and fast spreading epidemic under control,” which has caused countless pundits and countless people like me on Twitter to say, you know, if only we were an authoritarian regime. We could pull this under. And ultimately what this Harvard Business Review article starts with is [saying] that’s not necessarily true. Because while China was able to flatten their curve fairly quickly, all things considered, South Korea, which is a vibrant democracy did it just as well. Whereas other democracies such as Spain, Italy, France, the US, have been doing a terrible, terrible job. And I think one of the key things that was really interesting is not necessarily the culture, while important to Kelly’s point, there is a more collectivist spirit that encourages people to be more civically minded. [But] they are more willing to comply with government infection control apps.

Mike Oh
Infection control sort of measures period. Not just apps.

Kelly Ford
Right. And also the effectiveness of, say, China, and possibly South Korea TBD, is based on what they’re telling us. So there’s part of that. The app also requires user input. So this is also a permission based model, which is great. But it also requires people to participate. And so that’s something — I was looking through articles for this and found the ACLU. […] They were kind of, you know, cautiously optimistic with their usual privacy concerns, but also saying, [that] because Telecom has had such a big issue with privacy, there are a lot of doubts. There’s a lot of fear and anxiety about giving this type of information. And I think that’s a valid fear when you consider things like health information. This is really detailed information, not just with the location-tracking, but with the health information that you’re giving people. And going back to a previous episode about health insurance companies using information from just a social media post to increase your premiums. This is a valid concern, I would say. And of course, I always laugh when they say “anonymize”, because we always put that in quotes and then laugh.

Adam Fisk
Because it doesn’t mean anything!

Kelly Ford
It doesn’t! And of course, you know, the Bloomberg article we’ve been looking at, it […] kind of sounds like it was written by a PR person. I know it’s not, it’s an actual Bloomberg writer, but [it’s about] the idea [that] they’re doing this without compromising privacy. Right? And it’s like “yeah, until…your prices fall and then you’re doing back alley deals with a hostile nation” [laughs]

Mike Oh
Yeah. And it’s like, you know, when Joseph asking me about it, and the privacy issues, I was like, “well, it’s all still a database, right?” So it’s anonymized up to certain point. And it’s like our discussions about encryption. You know, VPNs are encrypted until a certain point, but once that point is reached…[they’re not]. So yeah, it’s anonymized. But you know, in order for it to work, there has to be an association with that device and your personal identity and location at some point, and that’s behind all the locks and all the closed doors and all you know, in this encrypted database, which you know, is only so safe. And it’s both, either that it gets hacked into, which is one fear, or the second thing, like you’re talking about Kelly is somebody chooses to open it up because that data is there. And maybe was under one particular, terms of engagement and like, you signed off on these things, but those things change all the time. And then, you know, in a year or two, suddenly that becomes released to a health insurer, or all that kind of stuff. So, yeah, I mean, maybe that happens, but I am a little bit hopeful on this one.

Kelly Ford
Yeah. There is a website already that’s free. I mean, of course, we also put “free” in quotes, right? [laughs] But it’s run through, […] I believe it’s the Boston Children’s Hospital. Possibly MGH. I apologize. But you basically go in and you tell it how you’re feeling today, and if you’ve had any symptoms, and you can go in and just add your age, and your zip code. Again, it’s location-tracking, you know, my IP. I’m sure someone could find it. But that’s also an option too. And I think part of it for me is also, it’s kind of that frustrating piece of, you know, if we didn’t have, again, that rugged individualism, and we had a collective mindset, and we had strong leadership around preventative measures, we wouldn’t need something like this as much. But here we are, folks!

Mike Oh
Yeah. I mean, I hope that Apple and Google [are] working together. And I think the thing that was really positive for me, and it was something that [I did tell] Joseph, is that it happens so quickly.That it wasn’t like, you know, months in and then Apple and Google sort of figured out and negotiated and you know, they basically whoever made the call, whoever called whoever I mean, I like to think it’s Tim Cook calling up, what’s the guy that runs Google? And, saying like, “look, we just, we want to make this happen.” But yeah, it happened quickly. And it’s the only way at that level with those companies for it to happen in a way that’s even close to private. And so I thought that was a good sign. And I do hope that it does lead to something that really can be a game changer. Because, yeah, if the centralized government isn’t there and isn’t really working, it doesn’t necessarily have to be authoritarian but it has to be functional. Then, you know, let’s hope that there’s something that takes its place and can be effective for all of us.

Adam Fisk
Totally. And from the five I believe, countries that were outlined in the Harvard Business Review article, we’ll focus on two real quick because they are the most interesting ones. First, Hong Kong, which recently implemented a mandatory 14-day quarantine upon entry. To enforce this, you are required to download an app called Stay Home Safe. And then you are also given a paired wristband that uses geofencing to help catch violators. So that’s one scale. And then we also have Taiwan, which according to the article is believed to be one of the first to use mobile phone tracking to enforce quarantine. They call you twice a day. And you have to answer the phone, because they are using this to enforce and ensure you are not evading tracking through apps by leaving your phone at home. So there are some ways that people are going about this and countries are going about this. The three pieces that in this article they point out of this more technocratic approach, [are] scale, speed, and the degree of compulsion. Which kind of loops back into — even if Apple and Google are doing this, [you] have to have people say yes.

Mike Oh
Well, and I’ll add the fourth factor, which is desperation. I mean, give it another three or four weeks in lockdown. And all three of us are gonna be like, we will sign away for eternity, all like location-tracking and you can have our account numbers and Social Security, just so that we can take a walk outside.

Kelly Ford
Speak for yourself, I have zero cabin fever, I am living my best life! I am staying safe. So I have family in healthcare, and they’re definitely the same people who are saying, “you know what you could do? Stay home. Just stay home, Kelly.” As a kid who got told “get outside and play” my entire life, I am so good at this. So you give it away Mike! But just know that when you’re, you know, running and they’re trying to disappear you because you’ve left your phone, I’m not sure I’m gonna give you my GPS coordinates [laughs].

Mike Oh
Okay, all right.

Adam Fisk
Until you post something on Twitter and it just takes it for you anyways

Mike Oh
Yeah, exactly. Or you post, what was it, the three words? Going back to another [Grepcast episode]?

Adam Fisk
The last thing on this topic, one thing that is really interesting, and I did not think about it previously, is [that] part of the reason potentially some of these more kind of Western countries like the US, France, Spain, are having such difficulty with it is because we’ve never had to deal with it. Whereas a lot of East Asian countries, as outlined in the Harvard Business Review article, have dealt with major outbreaks like this. SARS. What were some of the other ones that they had? Yeah, it is not the first time they’ve had to do this so it is easier for them to put out this type of protection. So moving right alon, as the majority of the US is indoors and looking for some sort of assistance from our government, we have heard more and more calls for this ancient programming language known as COBOL.

Adam Fisk
In an article that was brought out — I believe this was a Medium article written by Dave Gershgorn — during a briefing, the New Jersey Governor Phil Murphy actually pleaded and started seeking volunteers for people who knew what COBOL was, and how to work with it. Because as we were finding out more and more, the majority of our government systems and banking systems run on this outdated system.

Mike Oh
It’s something that like, especially when the press conference in New Jersey came out, and they were talking about, “oh, and by the way, if anyone knows any COBOL programmers, we need to talk to you!” I mean that that was sort of like…Twitter just lit a flame with all kinds of crazy stuff, especially sort of tech Twitter. But it is kind of interesting because it’s not just about old programming languages. I mean, and people talk about y2k and the same sort of people had to come out of hibernation. […] But, you know, there’s so many factors that really kind of play into this. It’s about sort of the defunding of these, you know, governmental institutions that are supposed to be taking care of important functions. I mean, now supremely important, maybe unemployment insurance wasn’t really that important, you know, two months ago, but it is really important now. And it’s all of this stuff that sort of built up over the years, which, effectively we’re paying for now.

Kelly Ford
I’m reminded that the devs I work with 2000 were making fun of COBOL. And so I feel like this comes up all the time. And I like the idea though — it’s almost like this crew of people who just come back out like these superheroes, these old timey superheroes who, like put on [their cloaks], […] they all put on, you know, their superhero suits and they grab their COBOL bags and you know, what was it in the article? It was like “they’re the COBOL cowboys!”

Mike Oh
COBOL cowboys, yeah

Adam Fisk
The second I read that it made me think of — there’s two movies: Space Cowboys, which the entire point of it is that old astronauts and flight pilots are going out, but also like Armageddon, this ragtag group walking, Michael Bay, we have explosions. But instead they’re going into a lab to work on, from this article, the department of education system for processing applications, which was implemented in 1973. It needs service, because it still has not been updated. The Government Accountability Office, the GAO, repeatedly warned about this and as recent as 2019, issued a report summarizing “10 federal computing systems that were in desperate need of overhaul,” but it was not the priority. And…oops!

Kelly Ford
[…] But I love that image, Adam, of them coming out. […] Sarah and I always joke that we’re only one old government system hack away from total collapse of society. And this is their, like high stakes thing. Right? So I feel like this is the movie pitch we’re doing right now.

Mike Oh
Definitely. While I think it is nice to sort of romanticize — are we romanticizing the COBOL programmers, the COBOL cowboys?

Kelly Ford
I appreciate the COBOL cowoys!

Mike Oh
I do appreciate them, of course I appreciate them.

Kelly Ford
I have a lot of friends on unemployment right now. So you know what? To me, they are frontline people.

Mike Oh
They’re frontline people that I’m sure are happy not to actually be on the frontlines. But you know, it, does sort of [remind] me of some of the other stuff kind of going on in the tech world right now. So this idea with Zoom, like Zoom is really getting pounded on lately about all these security issues. And a lot of that comes from the fact that Zoom has had tremendous growth —

Adam Fisk
— one could say explosive [growth]

Mike Oh
Yeah, explosive growth. There’s some amazing statistics that I’ll put in my plug about sort of how much growth zoom has had, relative to other platforms. But you know, they are running into issues because they really prioritized ease of use over security. And there’s actually a lot of very similar threads, you know, in this and the COBOL world, this idea of technical debt. You know, you’re sort of prioritizing certain things over others, but essentially landing in the same place, which is that you have to do a ton of catch up in order to actually bring your platform to both be sort of reliable, stable, high performance and be able to scale with what the world needs. And it’s two completely different stories, but very related to each other in terms of that concept.

Adam Fisk
Yeah, to me it is that startup ideal of “work fast and break stuff, but then forget to fix that stuff.” Because now you’re doing more things. I was in a training recently focusing on agile product ownership, whatever. But there was a key piece of that training where they were discussing how technical debt starts to accumulate, because we’re always trying to bring out those new features. We’re always trying to improve. And you know what, sometimes these bugs, they’re really, really difficult to figure out. [And] they’re really difficult and time intensive to fix, but implementing a new feature on top of that? Pretty easy. So we’re always trying to strive for newer, better, bigger, greater, and that debt becomes harder and harder to fix. And that’s — to the point of the COBOL thing– it’s very, very expensive to completely revamp a system. Especially if 80% of the world’s credit card based transactions are using this system. You know what, this hasn’t changed, nothing’s moving. Let’s just keep it going. Let’s keep on using, what is it? The the card punch systems. Because you know what? It’s working.

Kelly Ford
I feel like the Agile process is apropos for this because it does feel like with their exponential growth, they had a beta release, and now they have all these testers giving them feedback. But it is true in software development, it’s like you or at least in my experience, the really hard issues [that] we would always triage as you know, this is a high priority or low priority, high effort, low effort. And what we always worked on because of you know, profit margins and ROI and all that is, what? Low effort, high priority. So you never get around to fixing big problems. And then you have your production team who’s always in there, like in the boat that’s filling up with water and kind of shoveling it out and hoping for the best.

Mike Oh
Well and I think the thing about technical debt is it’s impossible to avoid. Right? It’s, you know, the idea that — and I think it’s easy to not only romanticize the cobalt Cowboys, but romanticize the problem — I mean, in the sense of like, “oh, you know, governments are stupid. Yeah, you know, they’re running on COBOL, which is like so many decades old.” But the reality is that this happens to the best-funded, best-resourced organizations with the smartest people, as well as governmental organizations. You know, the idea that, you know, things are okay because they’re running as they are, and you don’t need to fix the stuff that might break one day because you’re going to be 10 times bigger, or because like, cybersecurity folks are going to be 10 times more more savvy than they were before. Or, you know, COVID might happen. I mean, it’s a very natural human instinct to say, “eh, if it ain’t broke, don’t fix it.” And this is sort of what ends up happening. 50 years later.

Kelly Ford
Kind of like democracy! And Capitalism! [all laugh]

Adam Fisk
But yeah, technical debt, it’s a snowball effect [based on] the decision of eight weeks ago because it was the best decision at the time. Sometimes it is because it is 1:00 AM and you’re at a data center and you’re like, “I only have this one cable, I need to make it work! I’ll get back to it.” But then —

Mike Oh
Never made that mistake…

Adam Fisk
No, no, no. But it’s very easy to get stuck. I think we find stories of kind of those superhero moments of “you know what, I through twine and sheer force of will created this program out of nothing.” And things keep on getting stacked on top of it. And you forget until somebody, some researcher, comes out. Some kind of white-hat says, “you know what, this is a major issue I’m going to publicize it.” Not because they’re looking for fame, or that they’re looking to say Zoom is the worst company known to man. No it’s, “hey, we really just need to fix this.” Kind of focused on that — the Citizen Lab, which is a group of “highly respected security researchers at the University of Toronto,” publicized a whole bunch of areas of improvement we’ll call them for Zoom, and said, “The most prominent security issues with zoom surround deliberate features designed to reduce friction in meetings, which also by by design, reduce privacy and security.” Zoom was just trying to make better product. They were just trying to make something easier to use. Make it so that way, it wasn’t as clunky. But we always have to take shortcuts. And the best way to do that is sometimes making things less secure, less private.

Kelly Ford
And it appears that Zoom has been responding to a lot of these issues. Like there was something — I just saw that the attention-tracking has been removed. That was one thing that they were talking about. And the idea of — maybe it was the private text messages being seen by the hosts? Little things. But it sounds like they’re responding well.

Mike Oh
Yeah. I mean, and I think, you know, one of them was like, you could click on a link and if it was sort of formed in a certain way, give access to like credentials on a Windows machine. And people were kind of going back and forth saying, well, that’s the user’s problem for clicking on a link in the chat that they’re not familiar with. And once again, this sort of age-old like, let’s blame the users for doing something —

Mike Oh
— stupid users!

Mike Oh
Yeah [laughs] for doing something that’s clearly just in a blue line in front of them to click on. You know, these types of things. So, I think, yeah, I think you’re right, Kelly, they have actually kind of addressed this technical debt quite quickly in the grand scheme of things. It also helps that Zoom has a very good model for software deployment, which is, every time you have a Zoom call, at the end of the call, it checks to see if there’s an upgrade. And it’s really easy for you to hit Yeah, I’m gonna upgrade that sort of knowing for the next call [that] those improvements will be there. And so I think their rate of deployment, especially nowadays, with so many people using it, is also very rapid as well, which I think kind of helps to, you know, because it’s not just about fixing it. It’s about getting that out in the hands of the users and I think they’re very good at that.

Adam Fisk
I will say, my most-sent link lately — especially as this kind of Zoom boom happened and then all the concern that happened afterwards — is an article which will be in the show notes by Jason Koebler written for Motherboard, with the headline “Zoom has security flaws. It’s still fine to use.” But the kicker is the byline, and the best byline: “It’s not unfair to or fear-mongering to point out Zoom’s security flaws. It’s how the software will get better.” Like, that’s how software development works. You don’t know about issues until someone points it out, because they become blind spots. Technical debt is sometimes hidden. Because why would I like, go into the old code? Sometimes it’s, you have to and that’s how things get better. By pointing out Zoom has these issues…I’ve seen way too many Facebook posts being shared around of like, “why are we using this?” —

Kelly Ford
Because it’s better than WebEx. I was just on one, guys. It’s terrible! [all laugh]

Adam Fisk
It’s like, yeah, like this is how we move as a technology society. Now Zoom has 10 million times the amount of users, so you’ll find stuff much faster.

Mike Oh
Well, and I think ultimately, what will end up happening in a world that’s sort of dominated by technology, if you want to look at companies that really will do well, it’s companies that deal with this technical debt issue properly. And some of it is the really boring stuff, where they actually address technical debt before it hits the news and people highlight security issues. They have a system by which they recognize that they’re making a decision that needs to be dealt with later. There’s a great sort of Twitter person called @Swiftonsecurity, who equated technical debt to deferred pain. And that’s exactly what it is. And it’s not just deferred pain, it’s like the pain gets larger over time. The longer you defer it the pain gets larger. And so I think organizations that recognize that these small decisions that are made very early on in the process have deferred pain, and have that pain in the future, and then deal with that not necessarily day one or day two after that decision’s been made, but maybe a few weeks, maybe a few months. YOu know, they react to these things and they adapt and they sort of fix that technical debt and make that go away. Those are the ones that are gonna be creating truly great products. And I would argue that Apple’s very good at that, and that one of the reasons why it’s such a popular platform, is that they don’t let this technical debt, a la some of the android issues around security that have really bit Google in the ass, build up and cause as much problems as others.

Adam Fisk
Totally. And ultimately, the reason why we’re hearing about this so much is…look at the world? Like, if Zoom was still going at the same clip, they may still have found the same issues and security flaws and patched them just as regularly. But ultimately, every single person that I know is using Zoom in some fashion, so it is not cause for concern in the same way. Read the updates, update your software, use your passwords. It’s like that kind of basic — I don’t want to say basic — it is that elevated computer literacy that we all, as a world, are now needing to adopt as we are stuck in homes.

Mike Oh
Yup, the world is changing but, hopefully, companies like Zoom are taking care of the technical debt. I’m less optimistic about the COBOL cowboys. I do hope that they pull through for the states like New Jersey. But there’s a lot — I mean the talked about the ten federal systems that are running on COBOL and that doesn’t even account for all the state ones that are really having trouble.
Kelly Ford
We’re gonna need a real big debrief after all this, guys.

Adam Fisk
[laughs] “What did we do well?” Silent room [all laugh].
Well, that is the time we have this week on the Grepcast. Thank you again for listening to us, and we’ll be back at it again soon. If you have seen any articles, any tweets, any videos that you think are interesting and you want us to lend our impressive thoughts on, please feel free to shoot it over to us over at grepcast@tsp.me. And check out what we’re up to over on our websites, tsp.me and tsp.space, and as always on LinkedIn and Instagram.
In terms of plugs this week — Kelly, what do we got?

Kelly Ford
I am plugging Bookshop.org. So you don’t’ have to go to Amazon. Apparently they’re not prioritizing book shipping anyway, so it’s a great time to break that and get out of the Veruca Salt “I want it now!” attitude. But what’s great too is, because [our] independent bookshops [are] shut down right now because of social distancing — or WFH or what have you — you can find your bookstore, and if they’re signed up, 30% of all sales from Bookshop.org goes to that particular indie bookstore. And if you don’t have an indie bookstore, it goes into a bucket to help independent bookstores, and they’ve already [earned] almost one million dollars for indie bookstores so — do that!

Adam Fisk
Personal plug — it is just as easy as using Amazon. I bought two books myself. Mike how ‘bout you?

Mike Oh
Well, I mean my plug isn’t nearly as good as yours, in that it’s really not plugging anything, but it is a link to — well it is plugging, of all companies, Nokia!

Kelly Ford
That’s a blast from the past!

Mike Oh
I know! […] But apparently they are doing — I mean they’re basically in the business of network traffic analysis and they have some great blogs about, well, the effects of COVID, on the networks of the world, and you know, how you’re getting that Netflix and it still works, how these Zoom calls are still functioning despite huge increases in traffic. So I just found it very interesting.

Adam Fisk
Awesome, well thank you. Well, until we talk to you again — wash your hands. Stay at home. And stay cool.
Bye!

Have an idea for a Grepcast episode? We’d love to hear from you! Contact the Grepcast team via email at grepcast@tsp.me.

Links and Extra Reading

@michaelfolkson: Yesterday I co-hosted a Socratic Seminar in VR

Apple acquires popular weather app Dark Sky and will shut down the Android version

Google And Apple Will Enable Mobile Phones To Trace User Contacts In Coronavirus Fight

How Digital Contact Tracing Slowed Covid-19 in East Asia

Our Government Runs on a 60-Year-Old Coding Language, and Now It’s Falling Apart

Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links

Bookshop

Network traffic insights in the time of COVID-19: March 23-29 update